Merge pull request #161 from jpbowie/master

Added Import Options

Author: grendel513

docker/sample_data/scans/SampleGenericImport.csv

@@ -0,0 +1,4 @@
+Date,Title,CweId,Url,Severity,Description,Mitigation,Impact,References,Active,Verified,FalsePositive,Duplicate
+11/7/16,Potential XSS Vulnerability,79,,High,"FileName: default.aspx.csDescription: Potential XSS VulnerabilityLine:18Code Line: Response.Write(output);",None,,,TRUE,FALSE,FALSE,FALSE
+11/7/16,Potential SQL Injection,112,,High,"FileName: UserData.csDescription: Potential SQL Injection VulnerabilityLine:42Code Line: strSQL=""SELECT * FROM users WHERE user_id="" + request_user_id",None,,Test Reference,TRUE,FALSE,TRUE,FALSE
+11/7/16,Weak Cryptography,327,https://myserver.mycompany.com/Login.aspx,Low,"Url:https://myserver.mycompany.com/Login.aspxDescription: Using weak crypto algorithm",None,Potential impact,,TRUE,FALSE,FALSE,TRUE

docker/sample_data/scans/VCG-WebGoatNet-Results.csv

@@ -0,0 +1,18 @@
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Core\Cart.cs,16,"TODO: Refactor this. Use LINQ with aggregation to get SUM.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Core\Cart.cs,41,"TODO: Add ability to delete an orderDetail and to change quantities.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Core\Order.cs,27,"TODO: Shipments and Payments should be singular.  Like customer.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Infrastructure\BlogEntryRepository.cs,18,"TODO: should put this in a try/catch",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Infrastructure\BlogResponseRepository.cs,18,"TODO: should put this in a try/catch",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Infrastructure\CustomerRepository.cs,41,"TODO: Add try/catch logic",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\Infrastructure\ShipperRepository.cs,37,"/ TODO: Use the check digit algorithms to make it realistic.",False,"LawnGreen"
+4,Standard,"URL Request Gets Path from Variable","The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.",C:\Projects\WebGoat.Net\WebSite\PackageTracking.aspx.cs,25,"                    Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));",False,"LawnGreen"
+4,Standard,"URL Request Gets Path from Variable","The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.",C:\Projects\WebGoat.Net\WebSite\PackageTracking.aspx.cs,72,"            Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\WebSite\Product.aspx.cs,58,"TODO: Put this in try/catch as well",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\WebSite\Product.aspx.cs,59,"TODO: Feels like this is too much business logic.  Should be moved to OrderDetail constructor?",False,"LawnGreen"
+3,Medium,".NET Debugging Enabled","The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.",C:\Projects\WebGoat.Net\WebSite\Web.config,25,"",False,"LawnGreen"
+4,Standard,"URL Request Gets Path from Variable","The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.",C:\Projects\WebGoat.Net\WebSite\Account\Register.aspx.cs,35,"            Response.Redirect(continueUrl);",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\WebSite\Account\ViewAccountInfo.aspx.cs,22,"ContactName is being repurposed as the foreign key to the user table.  Kludgey, I know.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\WebSite\Checkout\Checkout.aspx.cs,102,"TODO: Throws an error if we don't set the date. Try to set it to null or something.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\WebSite\Checkout\Checkout.aspx.cs,145,"TODO: Uncommenting this line causes EF to throw exception when creating the order.",False,"LawnGreen"
+6,Suspicious Comment,"Comment Indicates Potentially Unfinished Code","The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.",C:\Projects\WebGoat.Net\XtremelyEvilWebApp\StealCookies.aspx.cs,19,"TODO: Mail the cookie in real time.",False,"LawnGreen"
+3,Medium,".NET Debugging Enabled","The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.",C:\Projects\WebGoat.Net\XtremelyEvilWebApp\Web.config,6,"",False,"LawnGreen"

docker/sample_data/scans/VCG-WebGoatNet-Results.xml

@@ -0,0 +1,202 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--XML Export of VCG Results for directory: C:\Projects\WebGoat.Net. Scanned for C# security issues.-->
+<CodeIssueCollection>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Core\Cart.cs</FileName>
+    <Line>16</Line>
+    <CodeLine>TODO: Refactor this. Use LINQ with aggregation to get SUM.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Core\Cart.cs</FileName>
+    <Line>41</Line>
+    <CodeLine>TODO: Add ability to delete an orderDetail and to change quantities.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Core\Order.cs</FileName>
+    <Line>27</Line>
+    <CodeLine>TODO: Shipments and Payments should be singular.  Like customer.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Infrastructure\BlogEntryRepository.cs</FileName>
+    <Line>18</Line>
+    <CodeLine>TODO: should put this in a try/catch</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Infrastructure\BlogResponseRepository.cs</FileName>
+    <Line>18</Line>
+    <CodeLine>TODO: should put this in a try/catch</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Infrastructure\CustomerRepository.cs</FileName>
+    <Line>41</Line>
+    <CodeLine>TODO: Add try/catch logic</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\Infrastructure\ShipperRepository.cs</FileName>
+    <Line>37</Line>
+    <CodeLine>/ TODO: Use the check digit algorithms to make it realistic.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>4</Priority>
+    <Severity>Standard</Severity>
+    <Title>URL Request Gets Path from Variable</Title>
+    <Description>The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\PackageTracking.aspx.cs</FileName>
+    <Line>25</Line>
+    <CodeLine>                    Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>4</Priority>
+    <Severity>Standard</Severity>
+    <Title>URL Request Gets Path from Variable</Title>
+    <Description>The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\PackageTracking.aspx.cs</FileName>
+    <Line>72</Line>
+    <CodeLine>            Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Product.aspx.cs</FileName>
+    <Line>58</Line>
+    <CodeLine>TODO: Put this in try/catch as well</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Product.aspx.cs</FileName>
+    <Line>59</Line>
+    <CodeLine>TODO: Feels like this is too much business logic.  Should be moved to OrderDetail constructor?</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>3</Priority>
+    <Severity>Medium</Severity>
+    <Title>.NET Debugging Enabled</Title>
+    <Description>The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Web.config</FileName>
+    <Line>25</Line>
+    <CodeLine/>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>4</Priority>
+    <Severity>Standard</Severity>
+    <Title>URL Request Gets Path from Variable</Title>
+    <Description>The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Account\Register.aspx.cs</FileName>
+    <Line>35</Line>
+    <CodeLine>            Response.Redirect(continueUrl);</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Account\ViewAccountInfo.aspx.cs</FileName>
+    <Line>22</Line>
+    <CodeLine>ContactName is being repurposed as the foreign key to the user table.  Kludgey, I know.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Checkout\Checkout.aspx.cs</FileName>
+    <Line>102</Line>
+    <CodeLine>TODO: Throws an error if we don't set the date. Try to set it to null or something.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\WebSite\Checkout\Checkout.aspx.cs</FileName>
+    <Line>145</Line>
+    <CodeLine>TODO: Uncommenting this line causes EF to throw exception when creating the order.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>6</Priority>
+    <Severity>Suspicious Comment</Severity>
+    <Title>Comment Indicates Potentially Unfinished Code</Title>
+    <Description>The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.</Description>
+    <FileName>C:\Projects\WebGoat.Net\XtremelyEvilWebApp\StealCookies.aspx.cs</FileName>
+    <Line>19</Line>
+    <CodeLine>TODO: Mail the cookie in real time.</CodeLine>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+  <CodeIssue>
+    <Priority>3</Priority>
+    <Severity>Medium</Severity>
+    <Title>.NET Debugging Enabled</Title>
+    <Description>The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.</Description>
+    <FileName>C:\Projects\WebGoat.Net\XtremelyEvilWebApp\Web.config</FileName>
+    <Line>6</Line>
+    <CodeLine/>
+    <Checked>False</Checked>
+    <CheckColour>LawnGreen</CheckColour>
+  </CodeIssue>
+</CodeIssueCollection>