Update files with PEP8 standards in folder dojo/tools #005

dojo/tools/mozilla_observatory/parser.py

@@ -34,21 +34,25 @@ def get_findings(self, file, test):
         for key in nodes:
             node = nodes[key]
 
-            description = "\n".join([
-                "**Score Description** : `" + node['score_description'] + "`",
-                "**Result** : `" + node['result'] + "`"
-                "**expectation** : " + str(node.get('expectation')) + "`",
-            ])
+            description = "\n".join(
+                [
+                    "**Score Description** : `"
+                    + node["score_description"]
+                    + "`",
+                    "**Result** : `" + node["result"] + "`"
+                    "**expectation** : " + str(node.get("expectation")) + "`",
+                ]
+            )
 
             finding = Finding(
-                title=node['score_description'],
+                title=node["score_description"],
                 test=test,
-                active=not node['pass'],
+                active=not node["pass"],
                 description=description,
-                severity=self.get_severity(int(node['score_modifier'])),
+                severity=self.get_severity(int(node["score_modifier"])),
                 static_finding=False,
                 dynamic_finding=True,
-                vuln_id_from_tool=node.get('name', key)
+                vuln_id_from_tool=node.get("name", key),
             )
 
             findings.append(finding)

dojo/tools/netsparker/parser.py

@@ -7,7 +7,6 @@
 
 
 class NetsparkerParser(object):
-
     def get_scan_types(self):
         return ["Netsparker Scan"]
 
@@ -20,26 +19,27 @@ def get_description_for_scan_types(self, scan_type):
     def get_findings(self, filename, test):
         tree = filename.read()
         try:
-            data = json.loads(str(tree, 'utf-8-sig'))
-        except:
+            data = json.loads(str(tree, "utf-8-sig"))
+        except Exception:
             data = json.loads(tree)
         dupes = dict()
-        scan_date = datetime.datetime.strptime(data["Generated"], "%d/%m/%Y %H:%M %p").date()
+        scan_date = datetime.datetime.strptime(
+            data["Generated"], "%d/%m/%Y %H:%M %p"
+        ).date()
 
         for item in data["Vulnerabilities"]:
-
             title = item["Name"]
             findingdetail = html2text.html2text(item.get("Description", ""))
             if "Cwe" in item["Classification"]:
                 try:
-                    cwe = int(item["Classification"]["Cwe"].split(',')[0])
-                except:
+                    cwe = int(item["Classification"]["Cwe"].split(",")[0])
+                except Exception:
                     cwe = None
             else:
                 cwe = None
             sev = item["Severity"]
-            if sev not in ['Info', 'Low', 'Medium', 'High', 'Critical']:
-                sev = 'Info'
+            if sev not in ["Info", "Low", "Medium", "High", "Critical"]:
+                sev = "Info"
             mitigation = html2text.html2text(item.get("RemedialProcedure", ""))
             references = html2text.html2text(item.get("RemedyReferences", ""))
             url = item["Url"]
@@ -48,16 +48,18 @@ def get_findings(self, filename, test):
             request = item["HttpRequest"]["Content"]
             response = item["HttpResponse"]["Content"]
 
-            finding = Finding(title=title,
-                              test=test,
-                              description=findingdetail,
-                              severity=sev.title(),
-                              mitigation=mitigation,
-                              impact=impact,
-                              date=scan_date,
-                              references=references,
-                              cwe=cwe,
-                              static_finding=True)
+            finding = Finding(
+                title=title,
+                test=test,
+                description=findingdetail,
+                severity=sev.title(),
+                mitigation=mitigation,
+                impact=impact,
+                date=scan_date,
+                references=references,
+                cwe=cwe,
+                static_finding=True,
+            )
 
             if item["State"].find("FalsePositive") != -1:
                 finding.active = False
@@ -69,8 +71,14 @@ def get_findings(self, filename, test):
             if item["State"].find("AcceptedRisk") != -1:
                 finding.risk_accepted = True
 
-            if (item["Classification"] is not None) and (item["Classification"]["Cvss"] is not None) and (item["Classification"]["Cvss"]["Vector"] is not None):
-                cvss_objects = cvss_parser.parse_cvss_from_text(item["Classification"]["Cvss"]["Vector"])
+            if (
+                (item["Classification"] is not None)
+                and (item["Classification"]["Cvss"] is not None)
+                and (item["Classification"]["Cvss"]["Vector"] is not None)
+            ):
+                cvss_objects = cvss_parser.parse_cvss_from_text(
+                    item["Classification"]["Cvss"]["Vector"]
+                )
                 if len(cvss_objects) > 0:
                     finding.cvssv3 = cvss_objects[0].clean_vector()
 

dojo/tools/neuvector/parser.py

@@ -5,9 +5,9 @@
 
 logger = logging.getLogger(__name__)
 
-NEUVECTOR_SCAN_NAME = 'NeuVector (REST)'
-NEUVECTOR_IMAGE_SCAN_ENGAGEMENT_NAME = 'NV image scan'
-NEUVECTOR_CONTAINER_SCAN_ENGAGEMENT_NAME = 'NV container scan'
+NEUVECTOR_SCAN_NAME = "NeuVector (REST)"
+NEUVECTOR_IMAGE_SCAN_ENGAGEMENT_NAME = "NV image scan"
+NEUVECTOR_CONTAINER_SCAN_ENGAGEMENT_NAME = "NV container scan"
 
 
 class NeuVectorJsonParser(object):
@@ -22,82 +22,114 @@ def parse_json(self, json_output):
         try:
             data = json_output.read()
             try:
-                tree = json.loads(str(data, 'utf-8'))
-            except:
+                tree = json.loads(str(data, "utf-8"))
+            except Exception:
                 tree = json.loads(data)
-        except:
+        except Exception:
             raise ValueError("Invalid format")
 
         return tree
 
     def get_items(self, tree, test):
         items = {}
-        if 'report' in tree:
-            vulnerabilityTree = tree.get('report').get('vulnerabilities', [])
+        if "report" in tree:
+            vulnerabilityTree = tree.get("report").get("vulnerabilities", [])
             for node in vulnerabilityTree:
                 item = get_item(node, test)
-                package_name = node.get('package_name')
+                package_name = node.get("package_name")
                 if len(package_name) > 64:
                     package_name = package_name[-64:]
-                unique_key = node.get('name') + str(package_name + str(
-                    node.get('package_version')) + str(node.get('severity')))
+                unique_key = node.get("name") + str(
+                    package_name
+                    + str(node.get("package_version"))
+                    + str(node.get("severity"))
+                )
                 items[unique_key] = item
         return list(items.values())
 
 
 def get_item(vulnerability, test):
-    severity = convert_severity(vulnerability.get('severity')) if 'severity' in vulnerability else "Info"
-    vector = vulnerability.get('vectors_v3') if 'vectors_v3' in vulnerability else "CVSSv3 vector not provided. "
-    fixed_version = vulnerability.get('fixed_version') if 'fixed_version' in vulnerability else "There seems to be no fix yet. Please check description field."
-    score_v3 = vulnerability.get('score_v3') if 'score_v3' in vulnerability else "No CVSSv3 score yet."
-    package_name = vulnerability.get('package_name')
+    severity = (
+        convert_severity(vulnerability.get("severity"))
+        if "severity" in vulnerability
+        else "Info"
+    )
+    vector = (
+        vulnerability.get("vectors_v3")
+        if "vectors_v3" in vulnerability
+        else "CVSSv3 vector not provided. "
+    )
+    fixed_version = (
+        vulnerability.get("fixed_version")
+        if "fixed_version" in vulnerability
+        else "There seems to be no fix yet. Please check description field."
+    )
+    score_v3 = (
+        vulnerability.get("score_v3")
+        if "score_v3" in vulnerability
+        else "No CVSSv3 score yet."
+    )
+    package_name = vulnerability.get("package_name")
     if len(package_name) > 64:
         package_name = package_name[-64:]
-    description = vulnerability.get('description') if 'description' in vulnerability else ""
-    link = vulnerability.get('link') if 'link' in vulnerability else ""
+    description = (
+        vulnerability.get("description")
+        if "description" in vulnerability
+        else ""
+    )
+    link = vulnerability.get("link") if "link" in vulnerability else ""
 
     # create the finding object
     finding = Finding(
-        title=vulnerability.get('name') + ": " + package_name + " - " + vulnerability.get('package_version'),
+        title=vulnerability.get("name")
+        + ": "
+        + package_name
+        + " - "
+        + vulnerability.get("package_version"),
         test=test,
         severity=severity,
-        description=description + "<p> Vulnerable Package: " +
-        package_name + "</p><p> Current Version: " + str(
-            vulnerability['package_version']) + "</p>",
+        description=description
+        + "<p> Vulnerable Package: "
+        + package_name
+        + "</p><p> Current Version: "
+        + str(vulnerability["package_version"])
+        + "</p>",
         mitigation=fixed_version.title(),
         references=link,
         component_name=package_name,
-        component_version=vulnerability.get('package_version'),
+        component_version=vulnerability.get("package_version"),
         false_p=False,
         duplicate=False,
         out_of_scope=False,
         mitigated=None,
-        severity_justification="{} (CVSS v3 base score: {})\n".format(vector, score_v3),
-        impact=severity)
-    finding.unsaved_vulnerability_ids = [vulnerability.get('name')]
+        severity_justification="{} (CVSS v3 base score: {})\n".format(
+            vector, score_v3
+        ),
+        impact=severity,
+    )
+    finding.unsaved_vulnerability_ids = [vulnerability.get("name")]
     finding.description = finding.description.strip()
 
     return finding
 
 
 # see neuvector/share/types.go
 def convert_severity(severity):
-    if severity.lower() == 'critical':
+    if severity.lower() == "critical":
         return "Critical"
-    elif severity.lower() == 'high':
+    elif severity.lower() == "high":
         return "High"
-    elif severity.lower() == 'medium':
+    elif severity.lower() == "medium":
         return "Medium"
-    elif severity.lower() == 'low':
+    elif severity.lower() == "low":
         return "Low"
-    elif severity == '':
+    elif severity == "":
         return "Info"
     else:
         return severity.title()
 
 
 class NeuVectorParser(object):
-
     def get_scan_types(self):
         return [NEUVECTOR_SCAN_NAME]
 
@@ -111,7 +143,7 @@ def get_findings(self, filename, test):
         if filename is None:
             return list()
 
-        if filename.name.lower().endswith('.json'):
+        if filename.name.lower().endswith(".json"):
             return NeuVectorJsonParser().parse(filename, test)
         else:
-            raise ValueError('Unknown File Format')
+            raise ValueError("Unknown File Format")