Skip to content
/ fkit Public

A simple library for working with findings.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Jemurai/fkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
cmd
cmd
 
 
examples
examples
 
 
finding
finding
 
 
utils
utils
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
fkit.go
fkit.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

Findings Toolkit

A simple tool and library to make it easier to interact with a standard finding format Open Finding Format.

Installation

go get github.com/jemurai/fkit

Working With FKit

New

New - this creates a finding and drops it in a json array:

fkit new --name "Finding Name" \
         --description "Finding Description" \
         --detail "Finding detail" \
         --severity "High" \
         --fingerprint "xyz" \
         --source "File" \
         --location "Line 50" \
         --cvss 9.3 \
         --tag "abc" \
         --tag "def" \
         --cwe https://cwe.mitre.org/data/definitions/134.html \
         --reference https://github.com/owasp/off \
         > demofinding.json

New Options - see the above. tag, cwe and reference can appear many times.

Read

Reading a file with an array of findings:

fkit read --infile demofindings.json

Read options:

  • --infile <file>
  • --intype fkit|owaspdepcheck - read in JSON from Dependency Check
  • --outtype csv|json - output in json or CSV

Compare

We can compare files with findings.

./fkit compare --fromfile demofindings.json --tofile demofinding.json

Compare options:

  • --fromfile <file>
  • --tofile <otherfile>

Global Options

  • --debug Enables debug messages.
  • --help Prints help information.

Working with the Library

You can interact with the Finding directly.

finding := finding.Finding{
		Name:        viper.GetString("name"),
		Description: viper.GetString("description"),
		Detail:      viper.GetString("detail"),
		Severity:    viper.GetString("severity"),
		Confidence:  viper.GetString("confidence"),
		Fingerprint: viper.GetString("fingerprint"),
		Timestamp:   time.Now(),
		Source:      viper.GetString("source"),
		Location:    viper.GetString("location"),
		Cvss:        viper.GetFloat64("cvss"),
		References:  viper.GetStringSlice("reference"),
		Cwes:        viper.GetStringSlice("cwe"),
		Tags:        viper.GetStringSlice("tag"),
	}

Useful methods include:

  • BuildFindingsFromFile
    • func BuildFindingsFromFile(file string) []finding.Finding
  • finding.GetDetailString
  • Compare
    • func CompareFiles(fromfile string, tofile string) []finding.Finding
    • func CompareFileAndArray(fromfile string, newFindings []finding.Finding) []finding.Finding
    • func Compare(oldFindings []finding.Finding, findings []finding.Finding) []finding.Finding

Pushing Issues To GitHub

We can push issues to GitHub by supplying the file of findings, a repo, an owner and a valid personal access token:

fkit report --debug --file ../crush/newfindings.json --github-repo fkit --github-token <token> --github-owner jemurai

This is useful in conjunction with other tools that produce findings.

About

A simple library for working with findings.

Topics

autom8d

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages