fix spelling and change medium emoji

portswigger-cloud · Sep 8, 2023 · df34815 · df34815
1 parent 1a15b1b
commit df34815
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 4 deletions.
diff --git a/wrapper/outputters/console.py b/wrapper/outputters/console.py
@@ -11,7 +11,7 @@ def get_severity_emoji(severity: str):
         case "low":
             return "🙈"
         case "medium":
-            return "🔔"
+            return "😱"
         case "high":
             return "🚨"
         case _:
@@ -94,7 +94,7 @@ def output_issue_counts(target_issues: list) -> None:
         medium_count = issue_counts["medium"]
 
         if high_count > 0:
-            print(f"::error ::{high_count} high seeverity issues detected")
+            print(f"::error ::{high_count} high severity issues detected")
 
         if medium_count > 0:
             print(f"::warning ::{medium_count} medium severity issues detected")

diff --git a/wrapper/parsers/junit.py b/wrapper/parsers/junit.py
@@ -11,6 +11,12 @@ class Evidence:
     response: str
 
 
+@dataclass
+class CollaboratorInteraction:
+    message: str
+    evidence: Evidence
+
+
 @dataclass
 class Issue:
     name: str
@@ -25,6 +31,7 @@ class Issue:
     remediation_detail: str = None
     remediation_background: str = None
     evidence: list[Evidence] = None
+    collaborator_interaction: CollaboratorInteraction = None
     static_analysis: str = None
     dynamic_analysis: str = None
     references: list[str] = field(default_factory=list)
@@ -74,11 +81,14 @@ def parse_url_issues_from_junit(junit_file_path: str) -> list[Target]:
                                 "Remediation Background", result.text
                             ),
                             evidence=parse_message_for_field("Evidence", result.text),
+                            collaborator_interaction=parse_message_for_field(
+                                "Collaborator HTTP interaction", result.text
+                            ),
                             static_analysis=parse_message_for_field(
-                                "Static Analysis", result.text
+                                "Static analysis", result.text
                             ),
                             dynamic_analysis=parse_message_for_field(
-                                "Dynamic Analysis", result.text
+                                "Dynamic analysis", result.text
                             ),
                             references=parse_message_for_field(
                                 "References", result.text
@@ -99,6 +109,7 @@ def parse_message_for_field(field: str, message: str):
         "inline": ["Severity", "Confidence", "Host", "Path"],
         "list": ["References", "Vulnerability Classifications"],
         "evidence": ["Evidence"],
+        "collaborator_interaction": ["Collaborator HTTP interaction"],
         "multiline": [
             "Issue Detail",
             "Issue Background",
@@ -188,6 +199,66 @@ def parse_message_for_field(field: str, message: str):
                 )
             return evidence_list
 
+        if field in parse_fields["collaborator_interaction"]:
+            collaborator_interaction_content = "\n".join(result_list).strip()
+            collaborator_interaction_message = True
+            collaborator_interaction_message_list = []
+
+            collaborator_interaction_request = False
+            collaborator_interaction_request_list = []
+
+            collaborator_interaction_response = False
+            collaborator_interaction_response_list = []
+
+            for (
+                collaborator_interaction_line
+            ) in collaborator_interaction_content.splitlines():
+                if collaborator_interaction_line.startswith("Request to collaborator"):
+                    collaborator_interaction_message = False
+                    collaborator_interaction_request = True
+                    collaborator_interaction_response = False
+                    continue
+                elif collaborator_interaction_line.startswith(
+                    "Response from collaborator"
+                ):
+                    collaborator_interaction_message = False
+                    collaborator_interaction_request = False
+                    collaborator_interaction_response = True
+                    continue
+
+                if collaborator_interaction_message:
+                    collaborator_interaction_message_list.append(
+                        collaborator_interaction_line
+                    )
+                elif collaborator_interaction_request:
+                    collaborator_interaction_request_list.append(
+                        collaborator_interaction_line
+                    )
+                elif collaborator_interaction_response:
+                    collaborator_interaction_response_list.append(
+                        collaborator_interaction_line
+                    )
+
+            collaborator_interaction_message_str = "\n".join(
+                collaborator_interaction_message_list
+            ).strip()
+
+            collaborator_interaction_request_str = "\n".join(
+                collaborator_interaction_request_list
+            ).strip()
+
+            collaborator_interaction_response_str = "\n".join(
+                collaborator_interaction_response_list
+            ).strip()
+
+            return CollaboratorInteraction(
+                message=collaborator_interaction_message_str,
+                evidence=Evidence(
+                    request=collaborator_interaction_request_str,
+                    response=collaborator_interaction_response_str,
+                ),
+            )
+
         # List fields should return a list of strings
         elif field in parse_fields["list"]:
             return [