Merge branch 'main' into dependabot/npm_and_yarn/inquirer-9.2.8

README.md

@@ -659,12 +659,13 @@ convert netsparker2hdf        Translate a Netsparker XML results file into a
                               iteration only works with Netsparker Enterprise
                               Vulnerabilities Scan.
   USAGE
-    $ saf convert netsparker2hdf -i <netsparker-xml> -o <hdf-scan-results-json> [-h]
+    $ saf convert netsparker2hdf -i <netsparker-xml> -o <hdf-scan-results-json> [-h] [-w]
 
   FLAGS
     -h, --help                            Show CLI help.
     -i, --input=<netsparker-xml>          (required) Input Netsparker XML File
     -o, --output=<hdf-scan-results-json>  (required) Output HDF JSON File
+    -w, --with-raw                        Include raw input file in HDF JSON file
 
   EXAMPLES
     $ saf convert netsparker2hdf -i netsparker_results.xml -o output-hdf-name.json

src/commands/convert/netsparker2hdf.ts

@@ -4,7 +4,7 @@ import {NetsparkerMapper as Mapper} from '@mitre/hdf-converters'
 import {checkInput, checkSuffix} from '../../utils/global'
 
 export default class Netsparker2HDF extends Command {
-  static usage = 'convert netsparker2hdf -i <netsparker-xml> -o <hdf-scan-results-json> [-h]'
+  static usage = 'convert netsparker2hdf -i <netsparker-xml> -o <hdf-scan-results-json> [-h] [-w]'
 
   static description = 'Translate a Netsparker XML results file into a Heimdall Data Format JSON file\nThe current iteration only works with Netsparker Enterprise Vulnerabilities Scan.'
 
@@ -14,16 +14,17 @@ export default class Netsparker2HDF extends Command {
     help: Flags.help({char: 'h'}),
     input: Flags.string({char: 'i', required: true, description: 'Input Netsparker XML File'}),
     output: Flags.string({char: 'o', required: true, description: 'Output HDF JSON File'}),
+    'with-raw': Flags.boolean({char: 'w', required: false, description: 'Include raw input file in HDF JSON file'}),
   }
 
   async run() {
     const {flags} = await this.parse(Netsparker2HDF)
 
     // Check for correct input type
     const data = fs.readFileSync(flags.input, 'utf8')
-    checkInput({data: data, filename: flags.input}, 'netsparker', 'Netsparker XML results file')
+    checkInput({data, filename: flags.input}, 'netsparker', 'Netsparker XML results file')
 
-    const converter = new Mapper(data)
+    const converter = new Mapper(data, flags['with-raw'])
     fs.writeFileSync(checkSuffix(flags.output), JSON.stringify(converter.toHdf()))
   }
 }

test/commands/convert/netsparker2hdf.test.ts

@@ -0,0 +1,31 @@
+import {expect, test} from '@oclif/test'
+import tmp from 'tmp'
+import path from 'path'
+import fs from 'fs'
+import {omitHDFChangingFields} from '../utils'
+
+describe('Test Netsparker', () => {
+  const tmpobj = tmp.dirSync({unsafeCleanup: true})
+
+  test
+    .stdout()
+    .command(['convert netsparker2hdf', '-i', path.resolve('./test/sample_data/netsparker/sample_input_report/sample-netsparker-invicti.xml'), '-o', `${tmpobj.name}/netsparkertest.json`])
+    .it('hdf-converter output test', () => {
+      const test = JSON.parse(fs.readFileSync(`${tmpobj.name}/netsparkertest.json`, 'utf8'))
+      const sample = JSON.parse(fs.readFileSync(path.resolve('./test/sample_data/netsparker/netsparker-hdf.json'), 'utf8'))
+      expect(omitHDFChangingFields(test)).to.eql(omitHDFChangingFields(sample))
+    })
+})
+
+describe('Test Netsparker using withraw flag', () => {
+  const tmpobj = tmp.dirSync({unsafeCleanup: true})
+
+  test
+    .stdout()
+    .command(['convert netsparker2hdf', '-i', path.resolve('./test/sample_data/netsparker/sample_input_report/sample-netsparker-invicti.xml'), '-o', `${tmpobj.name}/netsparkertest.json`, '-w'])
+    .it('hdf-converter withraw output test', () => {
+      const test = JSON.parse(fs.readFileSync(`${tmpobj.name}/netsparkertest.json`, 'utf8'))
+      const sample = JSON.parse(fs.readFileSync(path.resolve('./test/sample_data/netsparker/netsparker-hdf-withraw.json'), 'utf8'))
+      expect(omitHDFChangingFields(test)).to.eql(omitHDFChangingFields(sample))
+    })
+})