functions/ConvertFrom-HelixQACToCodeDx.ps1
<#
.SYNOPSIS Converts a Helix QAC XML report to a Code Dx report for importing results. .DESCRIPTION Used to convert a Helix QAC XML report file to a Code Dx XML format so it can be imported. .EXAMPLE ConvertFrom-ReadyAPIToCodeDx [scan_file_to_process] [output_directory] #> Function ConvertFrom-HelixQACToCodeDX { [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$SourceScanFilepath, [Parameter(Mandatory=$true)] [string]$TargetEndPoint, [Parameter(Mandatory=$true)] [string]$OutputDir ) #Setup variables $CDate = Get-Date -format "yyyy-MM-dd-HHmmss" #$OutputFilePath = $OutputDir.Trim("""") + "\RA2CDX-" + $CDate + ".xml" #Enable for Debugging # $SourceScanFilepath = "Helix_sample.xml" $OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code Dx\HQAC2CDX-" + $CDate + ".xml" $SourceScanFile = $SourceScanFilepath.Trim("""") $ToolName = "Helix QAC" $cwe $description $location = $TargetEndPoint $reportDate $mdtags = @("duration","start","end","status") $mdname $mdvalue #Setup Code Dx output doc [xml]$doc = New-Object System.Xml.XmlDocument $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null) $updateXML= $doc.AppendChild($dec) $reportComment = "ReadyAPI to Code Dx - Generated $CDate" $updateXML= $doc.AppendChild($doc.CreateComment($reportComment)) $root = $doc.CreateNode("element","report",$null) #read source ThunderScan file and create custom PSO [xml]$SourceScanData = Get-Content -Encoding UTF8 -Raw -Path $SourceScanFile #pull report date attributes and reformat for Code Dx file $reportDate = $CDate.Substring(0,10) #Set Root attributes $root.SetAttribute("date",$reportDate) $root.SetAttribute("tool",$ToolName) #create findings Element $fds = $doc.CreateNode("element","findings",$null) #Get child nodes of results $Results = $SourceScanData.securityScanRequest.securityScanResult.securityScanResults.ChildNodes Foreach($result in $Results){ If($result.status -eq "FAIL"){ $fd = $doc.CreateNode("element","finding",$null) #$cwe = $doc.CreateNode("element","cwe",$null) $desc = $doc.CreateNode("element","description",$null) $tl = $doc.CreateNode("element","tool",$null) $loc = $doc.CreateNode("element","location",$null) $md = $doc.CreateNode("element","metadata",$null) #Set finding "fd" attributes $fd.SetAttribute("severity", "critical") $fd.SetAttribute("type","dynamic") $fd.SetAttribute("status", "new") #Set CWE attributes #$cwe.SetAttribute("id", $result.cwe.SubString(4)) #build location node and attributes $loc.SetAttribute("type","url") $loc.SetAttribute("path", $location) #Set Tool attributes $tl.SetAttribute("name",$ToolName) $tl.SetAttribute("category","Security") $tl.SetAttribute("code", $result.name) #Set description attributes $desc.SetAttribute("format", "plain-text") $desc.InnerText = $result.log #Capture current vuln object for use later $vo = $result #Build the Metadata Node $mdtags | forEach { $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key",$_) $e.InnerText = $vo.$_ $updateXML= $md.AppendChild($e) } #append remaining children to finding #$updateXML= $fd.AppendChild($cwe) $updateXML= $fd.AppendChild($tl) $updateXML= $fd.AppendChild($loc) $updateXML= $fd.AppendChild($desc) $updateXML= $fd.AppendChild($md) #append finding to findings $updateXML= $fds.AppendChild($fd) } } $updateXML= $root.AppendChild($fds) $updateXML= $doc.AppendChild($root) | Out-Null Write-Host "Outputing file to: $OutputFilePath" $doc.Save($OutputFilePath) } |