Skip to main content

parser (Directory)

This directory contains the parser for your scanner to transform the results of your scanner to Findings (see: Finding | secureCodeBox).

Dockerfile#

For the parser we use multi-stage builds (see: Multi-Stage Builds) For our JavaScript Parser SDK the Dockerfile should look like this:

ARG baseImageTagFROM node:14-alpine as buildRUN mkdir -p /home/appWORKDIR /home/appCOPY package.json package-lock.json ./RUN npm ci --production
FROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest}WORKDIR /home/app/parser-wrapper/parser/COPY --from=build --chown=app:app /home/app/node_modules/ ./node_modules/COPY --chown=app:app ./parser.js ./parser.js

If your parser does not require any external dependencies, A multi-stage build is not needed.
Instead, A simpler Dockerfile can be used.

ARG namespaceARG baseImageTagFROM securecodebox/parser-sdk-nodejs:${baseImageTag:-latest}WORKDIR /home/app/parser-wrapper/parser/COPY --chown=app:app ./parser.js ./parser.js

Parsing SDK#

To create a parser for your scanner you will have to execute the following steps in the parser directory:

Create a new package.json (using npm init)#

Your package.json should look something like this:

{  "name": "nmap-parser",  "version": "1.0.0",  "description": "Parses result files for the type: 'nmap-xml'",  "main": "",  "scripts": {},  "keywords": [],  "author": "iteratec GmbH",  "license": "Apache-2.0",  "dependencies": {    "lodash": "^4.17.20",    "xml2js": "^0.4.23"  },  "devDependencies": {}}

Install The Dependencies#

If you need additional dependencies you can install them via npm install

Write Your Parser#

Create a parser.js file and update the parser function of the Parser SDK. A starting point would be:

async function parse(fileContent) {  return [];}
module.exports.parse = parse;

After your scanner has finished, the Parser SDK will retrieve the output results and call your custom parse function parse. The SDK expects a finding object as specified in Finding | secureCodeBox. The id, parsed_at and identified_at fields can be omitted, as they will be added by the Parser SDK.

Write Tests for Your Parser#

Please provide some tests for your parser in the parser.test.js file. To make sure that the output complies with the format specified in Finding | secureCodeBox you should call the method validateParser(parseResult) from the ParserSDK and assert that it must resolve (not throw errors). You can do so e.g. by calling the following code. See the already existing parsers for reference.

const {  validateParser,} = require("@securecodebox/parser-sdk-nodejs/parser-utils");
const findings = await parse(fileContent);await expect(validateParser(findings)).resolves.toBeUndefined();

If you need additional files for your test please save these in the __testFiles__ directory. Please take a look at Integration Tests | secureCodeBox for more information.

Assuming you've set up the scanner makefile, you can run your unit test with make unit-test.