Dynamic report processing

[omerlh]

Instead of integrating each tool separately into Glue, it will be simpler to dynamically parse the tool report. I'm thinking of creating a mapping file in the following format:

{
  "task_name": "MobSF",
  "app_name": "name",
  "mappings": {
    "manifest": {
      "description": "desc",
      "detail": "title",
      "source": "title",
      "severity": "stat",
      "fingerprint": "title"
    }
  }
}

The keys are the fields used by Glue to produce findings, the values are the relevant keys under the report. This is a sample mapping file for MobSF.

Glue can use this mapping to parse a report from any tool. All the is required:

• The tool need to generate JSON report (later we can add support for XML/YAML)
• Create the simple mapping file for the tool

This will allows us to easily integrate new tools into Glue, without changing code - and more important, without the need to wait for a new version of Glue.

What do you think?