/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
var tool = new Tool
{
Name = "StaticDriverVerifier",
};
var fileInfoFactory = new FileInfoFactory(null);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List<Notification>();
var results = GetResultsFromStream(input);
var tool = new Tool
{
Name = "Semmle"
};
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
/// <summary>
/// Interface implementation that takes a CppChecker log stream and converts its data to a SARIF json stream.
/// Read in CppChecker data from an input stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a CppChecker log</param>
/// <param name="output">SARIF json stream of the converted CppChecker log</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
NameTable = _nameTable,
XmlResolver = null
};
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
ProcessCppCheckLog(xmlReader, output);
}
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
LogicalLocationsDictionary.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
ISet<Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var tool = new Tool
{
Name = "AndroidStudio"
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
PylintLog log = logReader.ReadLog(input);
var results = new List <Result>();
foreach (PylintLogEntry entry in log)
{
results.Add(CreateResult(entry));
}
PersistResults(output, results);
}
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
try
{
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var results = new List <Result>();
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, results);
}
}
}
PersistResults(output, results);
}
finally
{
_files = null;
}
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw (new ArgumentNullException(nameof(input)));
}
if (output == null)
{
throw (new ArgumentNullException(nameof(output)));
}
LogicalLocationsDictionary.Clear();
var context = new FxCopLogReader.Context();
var results = new List<Result>();
var reader = new FxCopLogReader();
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw (new ArgumentNullException("input"));
}
if (output == null)
{
throw (new ArgumentNullException("output"));
}
LogicalLocationsDictionary.Clear();
var context = new FxCopLogReader.Context();
var results = new List <Result>();
var reader = new FxCopLogReader();
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_fullMessageHashes.Clear();
IList <Result> results = GetResults(input);
PersistResults(output, results);
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
public void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore
};
IList <Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var tool = new Tool
{
Name = "AndroidStudio"
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>Processes an Android Studio log and writes issues therein to an instance of
/// <see cref="IResultLogWriter"/>.</summary>
/// <param name="xmlReader">The XML reader from which AndroidStudio format shall be read.</param>
/// <param name="output">The <see cref="IResultLogWriter"/> to write the output to.</param>
private void ProcessAndroidStudioLog(XmlReader xmlReader, IResultLogWriter output)
{
int problemsDepth = xmlReader.Depth;
xmlReader.ReadStartElement(_strings.Problems);
while (xmlReader.Depth > problemsDepth)
{
var problem = AndroidStudioProblem.Parse(xmlReader, _strings);
if (problem != null)
{
output.WriteResult(AndroidStudioConverter.ConvertProblemToSarifIssue(problem));
}
}
xmlReader.ReadEndElement(); // </problems>
}
/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
PersistResults(output, results);
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_invocation = new Invocation();
_invocation.ToolExecutionNotifications = new List <Notification>();
_invocation.ExecutionSuccessful = true;
_files.Clear();
_rules.Clear();
_ruleIdToIndexMap.Clear();
_cweIds.Clear();
_nodeDictionary.Clear();
_snippetDictionary.Clear();
// Uncomment following Line to fetch FVDL content from any FPR file. This is not needed for conversion.
// However, we keep a copy of FVDL for each test file for debugging purposes.
// string fvdlContent = ExtractFvdl(OpenAuditFvdlReader(input));
// Parse everything except vulnerabilities (building maps to write Results as-we-go next pass)
ParseAuditStream_PassOne(OpenAuditFvdlReader(input));
// Add Snippets to NodePool Nodes which referenced them (Snippets appear after the NodePool in Fortify files)
AddSnippetsToNodes();
// Create the Sarif Run itself to report
Run run = CreateSarifRun();
// Write the Run itself
output.Initialize(run);
output.OpenResults();
// Parse the Vulnerabilities, writing as we go
ParseAuditStream_PassTwo(OpenAuditFvdlReader(input), output);
// Close the Results array
output.CloseResults();
}
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
public void Convert(Stream input, IResultLogWriter output)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
try
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.IgnoreWhitespace = true;
settings.DtdProcessing = DtdProcessing.Ignore;
ToolInfo toolInfo = new ToolInfo();
toolInfo.Name = "Clang";
output.WriteToolAndRunInfo(toolInfo, null);
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
XmlNodeType nodeType = xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, output);
}
}
}
}
finally
{
_files = null;
}
}
protected static Run PersistResults(IResultLogWriter output, IList <Result> results, Run run)
{
output.Initialize(run);
run.Results = results;
var visitor = new AddFileReferencesVisitor();
visitor.VisitRun(run);
if (run.Results != null)
{
output.OpenResults();
output.WriteResults(run.Results);
output.CloseResults();
}
return(run);
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List <Notification>();
var results = GetResultsFromStream(input);
PersistResults(output, results);
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
LogicalLocations.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
IList <Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var run = new Run()
{
Tool = new Tool {
Driver = new ToolComponent {
Name = ToolName
}
},
ColumnKind = ColumnKind.Utf16CodeUnits,
LogicalLocations = this.LogicalLocations,
};
PersistResults(output, results, run);
}
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
output.Initialize(id: null, automationId: null);
var tool = new Tool
{
Name = ToolFormat.PREfast,
FullName = "PREfast Code Analysis"
};
output.WriteTool(tool);
XmlReaderSettings settings = new XmlReaderSettings
{
XmlResolver = null
};
var serializer = new XmlSerializer(typeof(DefectList));
using (var reader = XmlReader.Create(input, settings))
{
var defectList = (DefectList)serializer.Deserialize(reader);
var results = new List <Result>();
foreach (Defect entry in defectList.Defects)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List <Notification>();
var results = GetResultsFromStream(input);
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var tool = new Tool
{
Name = "Semmle QL"
};
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
output.WriteFiles(fileDictionary);
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
LogicalLocations.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var serializer = new XmlSerializer(typeof(DefectList));
using (var reader = XmlReader.Create(input, settings))
{
var defectList = (DefectList)serializer.Deserialize(reader);
var results = new List <Result>();
foreach (Defect entry in defectList.Defects)
{
results.Add(CreateResult(entry));
}
var run = new Run()
{
Tool = new Tool
{
Driver = new ToolComponent
{
Name = ToolName, FullName = "PREfast Code Analysis"
}
},
ColumnKind = ColumnKind.Utf16CodeUnits,
LogicalLocations = LogicalLocations
};
PersistResults(output, results, run);
}
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw (new ArgumentNullException(nameof(input)));
}
if (output == null)
{
throw (new ArgumentNullException(nameof(output)));
}
LogicalLocations.Clear();
var context = new FxCopLogReader.Context();
var results = new List <Result>();
var rules = new List <ReportingDescriptor>();
var reader = new FxCopLogReader();
reader.RuleRead += (FxCopLogReader.Context current) => { rules.Add(CreateRule(current)); };
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
var run = new Run()
{
Tool = new Tool
{
Driver = new ToolComponent
{
Name = ToolName,
Rules = rules
}
},
};
PersistResults(output, results, run);
output.WriteLogicalLocations(LogicalLocations);
}
/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
var tool = new Tool
{
Name = "StaticDriverVerifier",
};
var fileInfoFactory = new FileInfoFactory(null, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
TSLintLog tsLintLog = logReader.ReadLog(input);
Tool tool = new Tool
{
Name = "TSLint"
};
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
var results = new List <Result>();
foreach (TSLintLogEntry entry in tsLintLog)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation that takes a CppChecker log stream and converts its data to a SARIF json stream.
/// Read in CppChecker data from an input stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a CppChecker log</param>
/// <param name="output">SARIF json stream of the converted CppChecker log</param>
public void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
NameTable = _nameTable
};
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
ProcessCppCheckLog(xmlReader, output);
}
}
private void ReadDiagnostics(XmlReader xmlReader, IResultLogWriter output)
{
xmlReader.Read(); // Read past the "array" element start.
while (xmlReader.Read())
{
if (xmlReader.NodeType == XmlNodeType.Element)
{
if (xmlReader.Name.Equals(ClangSchemaStrings.DictionaryName))
{
using (var subTreeReader = xmlReader.ReadSubtree())
{
IDictionary <string, object> dictionary = ReadDictionary(subTreeReader);
this.LogIssue(dictionary, output);
}
}
}
if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name == ClangSchemaStrings.ArrayName)
{
break;
}
}
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
public void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
output.WriteToolAndRunInfo(new ToolInfo
{
Name = "Fortify"
}, null);
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable
};
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
while (Ref.Equal(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
output.WriteResult(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
}
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output)
{
reader.ReadStartElement(_strings.Results);
if (!Ref.Equal(reader.LocalName, _strings.CppCheck))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
string version = reader.GetAttribute(_strings.Version);
if (version != null && !version.IsSemanticVersioningCompatible())
{
// This logic only fixes up simple cases, such as being passed
// 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also
// strips Revision member if passed a complete .NET version.
Version dotNetVersion;
if (Version.TryParse(version, out dotNetVersion))
{
version =
Math.Max(0, dotNetVersion.Major) + "." +
Math.Max(0, dotNetVersion.Minor) + "." +
Math.Max(0, dotNetVersion.Build);
}
}
if (String.IsNullOrWhiteSpace(version))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
reader.Skip(); // <cppcheck />
if (!Ref.Equal(reader.LocalName, _strings.Errors))
{
throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing);
}
var results = new List<Result>();
if (reader.IsEmptyElement)
{
reader.Skip(); // <errors />
}
else
{
int errorsDepth = reader.Depth;
reader.Read(); // <errors>
while (reader.Depth > errorsDepth)
{
var parsedError = CppCheckError.Parse(reader, _strings);
results.Add(parsedError.ToSarifIssue());
}
reader.ReadEndElement(); // </errors>
}
reader.ReadEndElement(); // </results>
var tool = new Tool
{
Name = "CppCheck",
Version = version,
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
reader.ReadStartElement(_strings.Results);
if (!StringReference.AreEqual(reader.LocalName, _strings.CppCheck))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
string version = reader.GetAttribute(_strings.Version);
if (version != null && !version.IsSemanticVersioningCompatible())
{
// This logic only fixes up simple cases, such as being passed
// 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also
// strips Revision member if passed a complete .NET version.
Version dotNetVersion;
if (Version.TryParse(version, out dotNetVersion))
{
version =
Math.Max(0, dotNetVersion.Major) + "." +
Math.Max(0, dotNetVersion.Minor) + "." +
Math.Max(0, dotNetVersion.Build);
}
}
if (String.IsNullOrWhiteSpace(version))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
reader.Skip(); // <cppcheck />
if (!StringReference.AreEqual(reader.LocalName, _strings.Errors))
{
throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing);
}
var results = new List <Result>();
if (reader.IsEmptyElement)
{
reader.Skip(); // <errors />
}
else
{
int errorsDepth = reader.Depth;
reader.Read(); // <errors>
while (reader.Depth > errorsDepth)
{
var parsedError = CppCheckError.Parse(reader, _strings);
results.Add(parsedError.ToSarifIssue());
}
reader.ReadEndElement(); // </errors>
}
reader.ReadEndElement(); // </results>
var tool = new Tool
{
Name = "CppCheck",
Version = version,
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
try
{
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var results = new List<Result>();
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, results);
}
}
}
var tool = new Tool
{
Name = "Clang"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
finally
{
_files = null;
}
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_invocation = new Invocation();
_invocation.ToolExecutionNotifications = new List <Notification>();
_results.Clear();
_files.Clear();
_rules.Clear();
_ruleIdToIndexMap.Clear();
_tflToNodeIdDictionary.Clear();
_tflToSnippetIdDictionary.Clear();
_locationToSnippetIdDictionary.Clear();
_resultToSnippetIdDictionary.Clear();
_resultToReplacementDefinitionDictionary.Clear();
_nodeIdToLocationDictionary.Clear();
_nodeIdToActionTypeDictionary.Clear();
_snippetIdToRegionsDictionary.Clear();
ParseFprFile(input);
AddMessagesToResults();
AddSnippetsToResults();
AddNodeLocationsToThreadFlowLocations();
AddSnippetsToThreadFlowLocations();
var run = new Run()
{
Id = new RunAutomationDetails
{
InstanceGuid = _runId,
InstanceId = _automationId + "/"
},
Artifacts = new List <Artifact>(_files),
Tool = new Tool
{
Driver = new ToolComponent
{
Name = ToolName,
RuleDescriptors = _rules
}
},
Invocations = new[] { _invocation },
};
if (!string.IsNullOrWhiteSpace(_originalUriBasePath))
{
if (_originalUriBasePath.StartsWith("/") &&
_invocation.GetProperty("Platform") == "Linux")
{
_originalUriBasePath = "file:/" + _originalUriBasePath;
}
if (Uri.TryCreate(_originalUriBasePath, UriKind.Absolute, out Uri uri))
{
run.OriginalUriBaseIds = new Dictionary <string, ArtifactLocation>
{
{ FileLocationUriBaseId, new ArtifactLocation {
Uri = uri
} }
};
}
}
PersistResults(output, _results, run);
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw (new ArgumentNullException(nameof(input)));
}
if (output == null)
{
throw (new ArgumentNullException(nameof(output)));
}
LogicalLocationsDictionary.Clear();
var context = new FxCopLogReader.Context();
var results = new List<Result>();
var rules = new List<Rule>();
var reader = new FxCopLogReader();
reader.RuleRead += (FxCopLogReader.Context current) => { rules.Add(CreateRule(current)); };
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (rules.Count > 0)
{
var rulesDictionary = new Dictionary<string, IRule>();
foreach (Rule rule in rules)
{
rulesDictionary[rule.Id] = rule;
}
output.WriteRules(rulesDictionary);
}
}
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_invocation = new Invocation();
_invocation.ToolExecutionNotifications = new List <Notification>();
_invocation.ExecutionSuccessful = true;
_results.Clear();
_files.Clear();
_rules.Clear();
_ruleIdToIndexMap.Clear();
_cweIds.Clear();
_tflToNodeIdDictionary.Clear();
_tflToSnippetIdDictionary.Clear();
_locationToSnippetIdDictionary.Clear();
_resultToSnippetIdDictionary.Clear();
_resultToReplacementDefinitionDictionary.Clear();
_nodeIdToLocationDictionary.Clear();
_nodeIdToActionTypeDictionary.Clear();
_snippetIdToRegionsDictionary.Clear();
ParseFprFile(input);
AddMessagesToResults();
AddSnippetsToResults();
AddNodeLocationsToThreadFlowLocations();
AddSnippetsToThreadFlowLocations();
var run = new Run()
{
AutomationDetails = new RunAutomationDetails
{
Guid = _runId,
Id = _automationId + "/"
},
Artifacts = _files.OrderBy(d => d.Value.Item2)
.Select(p => p.Value)
.Select(t => t.Item1)
.ToList() as IList <Artifact>,
Tool = new Tool
{
Driver = new ToolComponent
{
Name = ToolName,
Rules = _rules,
SupportedTaxonomies = new List <ToolComponentReference>
{
new ToolComponentReference
{
Name = "CWE",
Index = 0,
Guid = "2B841697-D0DE-45DD-9F19-1EEE1312429"
}
}
}
},
Taxonomies = new List <ToolComponent>
{
CweToolComponent
},
Invocations = new[] { _invocation },
};
if (_cweIds.Count > 0)
{
run.Taxonomies[0].Taxa = _cweIds.Select(c => new ReportingDescriptor {
Id = c
}).ToList();
}
if (!string.IsNullOrWhiteSpace(_originalUriBasePath))
{
if (_originalUriBasePath.StartsWith("/") &&
_invocation.GetProperty("Platform") == "Linux")
{
_originalUriBasePath = "file:/" + _originalUriBasePath;
}
if (Uri.TryCreate(_originalUriBasePath, UriKind.Absolute, out Uri uri))
{
run.OriginalUriBaseIds = new Dictionary <string, ArtifactLocation>
{
{ FileLocationUriBaseId, new ArtifactLocation {
Uri = uri
} }
};
}
}
PersistResults(output, _results, run);
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable,
XmlResolver = null
};
var results = new List<Result>();
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
while (Ref.Equal(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
results.Add(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
var tool = new Tool
{
Name = "Fortify"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
public abstract void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions);
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
/// <param name="loggingOptions">Logging options that configure output.</param>
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
try
{
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var results = new List <Result>();
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, results);
}
}
}
var tool = new Tool
{
Name = "Clang"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, automationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
finally
{
_files = null;
}
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
}
public abstract void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert);
public override void Convert(Stream input, IResultLogWriter output)
{
throw new NotImplementedException();
}
public abstract void Convert(Stream input, IResultLogWriter output);
