feat(imports): add nmap XML importer#184
Open
rachit367 wants to merge 1 commit into
Open
Conversation
Adds support for importing an existing nmap (or naabu nmap-XML) scan into a sketch, so analysts can bring scans they ran manually instead of re-scanning or adding ports by hand (reconurge#107). - New parser `parse_nmap_xml` (flowsint_core/imports/nmap) that turns an nmap XML report into Ip + Port entities and IP-[HAS_PORT]->Port edges, matching the existing two-phase import contract (returns FileParseResult with typed objects; the pipeline persists them). Down hosts are skipped; port banner is composed from service product/version/extrainfo. - Wired into the extension dispatcher: `.xml` added to ALLOWED_EXTENSIONS in file_parser.py and to the analyze route's filename validation, and to the frontend import sheet's accepted extensions. - XML is parsed with defusedxml to guard against XXE / billion-laughs in untrusted import files (new flowsint-core dependency). Tests cover IP/port extraction, port fields + banner, HAS_PORT edges, down-host skipping, IPv6, invalid-port skipping, empty/invalid XML, and dispatch through parse_import_file. No DB required. Closes reconurge#107
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds an nmap XML importer so an existing scan can be imported into a sketch, instead of re-scanning a target or adding ports by hand.
Closes #107
Why
From the issue: during assessments people often run nmap manually with specific flags, and naabu can also export in nmap XML. Letting Flowsint ingest that XML enriches a sketch with the hosts/ports already discovered. This reuses the existing two-phase import pipeline (analyze → execute) — no new infrastructure.
How it plugs in
The import pipeline dispatches parsers by file extension (
flowsint_core/imports/file_parser.py) and each parser is a function returning aFileParseResultof typed entities + edges, which the pipeline persists. The new parser follows that exact contract (same shape as the existing JSON parser).flowsint_core/imports/nmap/parse_nmap.py(new) —parse_nmap_xml()turns an nmap report into:Ipentities (one per up host; down hosts skipped; IPv4 preferred, IPv6 supported, MAC ignored)Portentities (number,protocol,state,service, and abannercomposed from serviceproduct/version/extrainfo)IP -[HAS_PORT]-> Portedges (the same relationship label theip_to_portsenricher uses).xmladded toALLOWED_EXTENSIONS(core dispatcher) + the analyze route's filename validation (flowsint-api/.../sketches.py) + the import sheet's accepted extensions (flowsint-app/.../import-sheet.tsx).IpandPortalready exist, so no type changes were needed.Security
Import files are untrusted, so the XML is parsed with
defusedxml(newflowsint-coredependency) to prevent XXE / billion-laughs attacks. Element type hints still come from the stdlib (identical types, not a parsing path).Testing
New tests (pure-parse, no DB): IP/port extraction, port fields + banner composition,
HAS_PORTedges, down-host skipping, IPv6, invalid-port skipping, empty/invalid XML handling, and dispatch throughparse_import_file.