Strings from the Fortify XSD used for parsing Fortify logs.
 public void FortifyStrings_ContainsCorrectStrings()
 {
     var nameTable = new NameTable();
     var uut = new FortifyStrings(nameTable);
     Assert.AreSame(nameTable.Add("Issue"), uut.Issue);
     Assert.AreSame(nameTable.Add("iid"), uut.Iid);
     Assert.AreSame(nameTable.Add("ruleID"), uut.RuleId);
     Assert.AreSame(nameTable.Add("Category"), uut.Category);
     Assert.AreSame(nameTable.Add("Folder"), uut.Folder);
     Assert.AreSame(nameTable.Add("Kingdom"), uut.Kingdom);
     Assert.AreSame(nameTable.Add("Abstract"), uut.Abstract);
     Assert.AreSame(nameTable.Add("AbstractCustom"), uut.AbstractCustom);
     Assert.AreSame(nameTable.Add("Friority"), uut.Friority);
     Assert.AreSame(nameTable.Add("Tag"), uut.Tag);
     Assert.AreSame(nameTable.Add("Comment"), uut.Comment);
     Assert.AreSame(nameTable.Add("Primary"), uut.Primary);
     Assert.AreSame(nameTable.Add("Source"), uut.Source);
     Assert.AreSame(nameTable.Add("TraceDiagramPath"), uut.TraceDiagramPath);
     Assert.AreSame(nameTable.Add("ExternalCategory"), uut.ExternalCategory);
     Assert.AreSame(nameTable.Add("type"), uut.Type);
     Assert.AreSame(nameTable.Add("FileName"), uut.FileName);
     Assert.AreSame(nameTable.Add("FilePath"), uut.FilePath);
     Assert.AreSame(nameTable.Add("LineStart"), uut.LineStart);
     Assert.AreSame(nameTable.Add("Snippet"), uut.Snippet);
     Assert.AreSame(nameTable.Add("SnippetLine"), uut.SnippetLine);
     Assert.AreSame(nameTable.Add("TargetFunction"), uut.TargetFunction);
 }
        public void FortifyStrings_ContainsCorrectStrings()
        {
            var nameTable = new NameTable();
            var uut       = new FortifyStrings(nameTable);

            Assert.AreSame(nameTable.Add("Issue"), uut.Issue);
            Assert.AreSame(nameTable.Add("iid"), uut.Iid);
            Assert.AreSame(nameTable.Add("ruleID"), uut.RuleId);
            Assert.AreSame(nameTable.Add("Category"), uut.Category);
            Assert.AreSame(nameTable.Add("Folder"), uut.Folder);
            Assert.AreSame(nameTable.Add("Kingdom"), uut.Kingdom);
            Assert.AreSame(nameTable.Add("Abstract"), uut.Abstract);
            Assert.AreSame(nameTable.Add("AbstractCustom"), uut.AbstractCustom);
            Assert.AreSame(nameTable.Add("Friority"), uut.Friority);
            Assert.AreSame(nameTable.Add("Tag"), uut.Tag);
            Assert.AreSame(nameTable.Add("Comment"), uut.Comment);
            Assert.AreSame(nameTable.Add("Primary"), uut.Primary);
            Assert.AreSame(nameTable.Add("Source"), uut.Source);
            Assert.AreSame(nameTable.Add("TraceDiagramPath"), uut.TraceDiagramPath);
            Assert.AreSame(nameTable.Add("ExternalCategory"), uut.ExternalCategory);
            Assert.AreSame(nameTable.Add("type"), uut.Type);
            Assert.AreSame(nameTable.Add("FileName"), uut.FileName);
            Assert.AreSame(nameTable.Add("FilePath"), uut.FilePath);
            Assert.AreSame(nameTable.Add("LineStart"), uut.LineStart);
            Assert.AreSame(nameTable.Add("Snippet"), uut.Snippet);
            Assert.AreSame(nameTable.Add("SnippetLine"), uut.SnippetLine);
            Assert.AreSame(nameTable.Add("TargetFunction"), uut.TargetFunction);
        }
Beispiel #3
0
        /// <summary>Parses an element as a Fortify PathElement node, consuming the node.</summary>
        /// <param name="xmlReader">The <see cref="XmlReader"/> from which a node shall be parsed. When
        /// this function returns, this reader is placed directly after the element on which it is
        /// currently placed.</param>
        /// <param name="strings">Strings used in processing Fortify logs.</param>
        /// <returns>A <see cref="FortifyPathElement"/> parsed from the element on which
        /// <paramref name="xmlReader"/> is positioned when this method is called.</returns>
        public static FortifyPathElement Parse(XmlReader xmlReader, FortifyStrings strings)
        {
            //<xs:complexType name="PathElement">
            //    <xs:sequence>
            //        <xs:element name="FileName" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="FilePath" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="LineStart" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="Snippet" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //        <xs:element name="SnippetLine" type="xs:int" minOccurs="0" maxOccurs="1"/>
            //        <xs:element name="TargetFunction" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //    </xs:sequence>
            //</xs:complexType>

            if (xmlReader.NodeType != XmlNodeType.Element || xmlReader.IsEmptyElement)
            {
                throw xmlReader.CreateException(SarifResources.FortifyNotValidPathElement);
            }

            int pathElementDepth = xmlReader.Depth;

            xmlReader.Read(); // Always true because !IsEmptyElement
            xmlReader.IgnoreElement(strings.FileName, IgnoreOptions.Required);
            string filePath  = xmlReader.ReadElementContentAsString(strings.FilePath, String.Empty);
            int    lineStart = xmlReader.ReadElementContentAsInt(strings.LineStart, String.Empty);

            xmlReader.IgnoreElement(strings.Snippet, IgnoreOptions.Optional);
            xmlReader.IgnoreElement(strings.SnippetLine, IgnoreOptions.Optional);
            string targetFunction = xmlReader.ReadOptionalElementContentAsString(strings.TargetFunction);

            xmlReader.ReadEndElement();

            try
            {
                return(new FortifyPathElement(filePath, lineStart, targetFunction));
            }
            catch (ArgumentException ex)
            {
                throw xmlReader.CreateException(ex.Message);
            }
        }
        /// <summary>Parses an element as a Fortify PathElement node, consuming the node.</summary>
        /// <param name="xmlReader">The <see cref="XmlReader"/> from which a node shall be parsed. When
        /// this function returns, this reader is placed directly after the element on which it is
        /// currently placed.</param>
        /// <param name="strings">Strings used in processing Fortify logs.</param>
        /// <returns>A <see cref="FortifyPathElement"/> parsed from the element on which
        /// <paramref name="xmlReader"/> is positioned when this method is called.</returns>
        public static FortifyPathElement Parse(XmlReader xmlReader, FortifyStrings strings)
        {
            //<xs:complexType name="PathElement">
            //    <xs:sequence>
            //        <xs:element name="FileName" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="FilePath" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="LineStart" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //        <xs:element name="Snippet" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //        <xs:element name="SnippetLine" type="xs:int" minOccurs="0" maxOccurs="1"/>
            //        <xs:element name="TargetFunction" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //    </xs:sequence>
            //</xs:complexType>

            if (xmlReader.NodeType != XmlNodeType.Element || xmlReader.IsEmptyElement)
            {
                throw xmlReader.CreateException(ConverterResources.FortifyNotValidPathElement);
            }

            xmlReader.Read(); // Always true because !IsEmptyElement
            xmlReader.IgnoreElement(strings.FileName, IgnoreOptions.Required);
            string filePath = xmlReader.ReadElementContentAsString(strings.FilePath, String.Empty);
            int lineStart = xmlReader.ReadElementContentAsInt(strings.LineStart, String.Empty);
            xmlReader.IgnoreElement(strings.Snippet, IgnoreOptions.Optional);
            xmlReader.IgnoreElement(strings.SnippetLine, IgnoreOptions.Optional);
            string targetFunction = xmlReader.ReadOptionalElementContentAsString(strings.TargetFunction);
            xmlReader.ReadEndElement();

            try
            {
                return new FortifyPathElement(filePath, lineStart, targetFunction);
            }
            catch (ArgumentException ex)
            {
                throw xmlReader.CreateException(ex.Message);
            }
        }
Beispiel #5
0
 /// <summary>Initializes a new instance of the <see cref="FortifyConverter"/> class.</summary>
 public FortifyConverter()
 {
     _nameTable = new NameTable();
     _strings   = new FortifyStrings(_nameTable);
 }
Beispiel #6
0
        /// <summary>
        /// Parses a Fortify Result element from an <see cref="XmlReader"/>.
        /// </summary>
        /// <param name="xmlReader">The <see cref="XmlReader"/> from which an element containing a Fortify result shall be
        /// consumed. When this method returns, this <see cref="XmlReader"/> is positioned on the following element.</param>
        /// <param name="strings">Strings used in processing a Fortify report.</param>
        /// <returns>A <see cref="FortifyIssue"/> containing data from the node on which <paramref name="xmlReader"/> was
        /// placed when this method was called.</returns>
        public static FortifyIssue Parse(XmlReader xmlReader, FortifyStrings strings)
        {
            //<xs:element name="Result">
            //    <xs:complexType>
            //        <xs:sequence>
            //            <!-- Result Description -->
            //            <xs:element name="Category" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Folder" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Kingdom" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Abstract" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="AbstractCustom" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="Friority" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <!-- custom tags including Analysis -->
            //            <xs:element name="Tag" minOccurs="0" maxOccurs="unbounded">
            //                <xs:complexType>
            //                    <xs:sequence>
            //                        <xs:element name="Name" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                        <xs:element name="Value" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                    </xs:sequence>
            //                </xs:complexType>
            //            </xs:element>
            //            <xs:element name="Comment" minOccurs="0" maxOccurs="unbounded">
            //                <xs:complexType>
            //                    <xs:sequence>
            //                        <xs:element name="UserInfo" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                        <xs:element name="Comment" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                    </xs:sequence>
            //                </xs:complexType>
            //            </xs:element>
            //            <!-- primary or sink -->
            //            <xs:element name="Primary" type="PathElement" minOccurs="1" maxOccurs="1"/>
            //            <!-- source -->
            //            <xs:element name="Source" type="PathElement" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="TraceDiagramPath" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <!-- optional external category (i.e. STIG) -->
            //            <xs:element name="ExternalCategory" minOccurs="0" maxOccurs="1">
            //                <xs:complexType>
            //                    <xs:simpleContent>
            //                        <xs:extension base="xs:string">
            //                            <xs:attribute name="type" type="xs:string" use="required"/>
            //                        </xs:extension>
            //                    </xs:simpleContent>
            //                </xs:complexType>
            //            </xs:element>
            //        </xs:sequence>
            //        <xs:attribute name="iid" type="xs:string" use="optional"/>
            //        <xs:attribute name="ruleID" type="xs:string" use="optional"/>
            //    </xs:complexType>
            //</xs:element>
            if (!xmlReader.IsStartElement(strings.Issue))
            {
                throw xmlReader.CreateException(ConverterResources.FortifyNotValidResult);
            }

            string iid = null;
            string ruleId = null;
            while (xmlReader.MoveToNextAttribute())
            {
                string name = xmlReader.LocalName;
                if (Ref.Equal(name, strings.Iid))
                {
                    iid = xmlReader.Value;
                }
                else if (Ref.Equal(name, strings.RuleId))
                {
                    ruleId = xmlReader.Value;
                }
            }

            xmlReader.MoveToElement();
            xmlReader.Read(); // reads start element

            string category = xmlReader.ReadElementContentAsString(strings.Category, String.Empty);
            xmlReader.IgnoreElement(strings.Folder, IgnoreOptions.Required);
            string kingdom = xmlReader.ReadElementContentAsString(strings.Kingdom, String.Empty);
            string abstract_ = xmlReader.ReadOptionalElementContentAsString(strings.Abstract);
            string abstractCustom = xmlReader.ReadOptionalElementContentAsString(strings.AbstractCustom);
            string friority = xmlReader.ReadOptionalElementContentAsString(strings.Friority);
            xmlReader.IgnoreElement(strings.Tag, IgnoreOptions.Optional | IgnoreOptions.Multiple);
            xmlReader.IgnoreElement(strings.Comment, IgnoreOptions.Optional | IgnoreOptions.Multiple);
            FortifyPathElement primary = FortifyPathElement.Parse(xmlReader, strings);
            FortifyPathElement source;
            if (xmlReader.NodeType == XmlNodeType.Element && Ref.Equal(xmlReader.LocalName, strings.Source))
            {
                source = FortifyPathElement.Parse(xmlReader, strings);
            }
            else
            {
                source = null;
            }

            xmlReader.IgnoreElement(strings.TraceDiagramPath, IgnoreOptions.Optional);
            ImmutableArray<int> cweIds = ImmutableArray<int>.Empty;
            if (xmlReader.NodeType == XmlNodeType.Element && Ref.Equal(xmlReader.LocalName, strings.ExternalCategory))
            {
                if (xmlReader.GetAttribute(strings.Type) == "CWE")
                {
                    cweIds = ParseCweIds(xmlReader.ReadElementContentAsString());
                }
                else
                {
                    xmlReader.Skip();
                }
            }

            xmlReader.ReadEndElement(); // </Result>

            return new FortifyIssue(ruleId, iid, category, kingdom, abstract_, abstractCustom, friority, primary, source, cweIds);
        }
Beispiel #7
0
        /// <summary>
        /// Parses a Fortify Result element from an <see cref="XmlReader"/>.
        /// </summary>
        /// <param name="xmlReader">The <see cref="XmlReader"/> from which an element containing a Fortify result shall be
        /// consumed. When this method returns, this <see cref="XmlReader"/> is positioned on the following element.</param>
        /// <param name="strings">Strings used in processing a Fortify report.</param>
        /// <returns>A <see cref="FortifyIssue"/> containing data from the node on which <paramref name="xmlReader"/> was
        /// placed when this method was called.</returns>
        public static FortifyIssue Parse(XmlReader xmlReader, FortifyStrings strings)
        {
            //<xs:element name="Result">
            //    <xs:complexType>
            //        <xs:sequence>
            //            <!-- Result Description -->
            //            <xs:element name="Category" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Folder" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Kingdom" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //            <xs:element name="Abstract" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="AbstractCustom" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="Friority" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <!-- custom tags including Analysis -->
            //            <xs:element name="Tag" minOccurs="0" maxOccurs="unbounded">
            //                <xs:complexType>
            //                    <xs:sequence>
            //                        <xs:element name="Name" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                        <xs:element name="Value" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                    </xs:sequence>
            //                </xs:complexType>
            //            </xs:element>
            //            <xs:element name="Comment" minOccurs="0" maxOccurs="unbounded">
            //                <xs:complexType>
            //                    <xs:sequence>
            //                        <xs:element name="UserInfo" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                        <xs:element name="Comment" type="xs:string" minOccurs="1" maxOccurs="1"/>
            //                    </xs:sequence>
            //                </xs:complexType>
            //            </xs:element>
            //            <!-- primary or sink -->
            //            <xs:element name="Primary" type="PathElement" minOccurs="1" maxOccurs="1"/>
            //            <!-- source -->
            //            <xs:element name="Source" type="PathElement" minOccurs="0" maxOccurs="1"/>
            //            <xs:element name="TraceDiagramPath" type="xs:string" minOccurs="0" maxOccurs="1"/>
            //            <!-- optional external category (i.e. STIG) -->
            //            <xs:element name="ExternalCategory" minOccurs="0" maxOccurs="1">
            //                <xs:complexType>
            //                    <xs:simpleContent>
            //                        <xs:extension base="xs:string">
            //                            <xs:attribute name="type" type="xs:string" use="required"/>
            //                        </xs:extension>
            //                    </xs:simpleContent>
            //                </xs:complexType>
            //            </xs:element>
            //        </xs:sequence>
            //        <xs:attribute name="iid" type="xs:string" use="optional"/>
            //        <xs:attribute name="ruleID" type="xs:string" use="optional"/>
            //    </xs:complexType>
            //</xs:element>
            if (!xmlReader.IsStartElement(strings.Issue))
            {
                throw xmlReader.CreateException(ConverterResources.FortifyNotValidResult);
            }

            string iid    = null;
            string ruleId = null;

            while (xmlReader.MoveToNextAttribute())
            {
                string name = xmlReader.LocalName;
                if (StringReference.AreEqual(name, strings.Iid))
                {
                    iid = xmlReader.Value;
                }
                else if (StringReference.AreEqual(name, strings.RuleId))
                {
                    ruleId = xmlReader.Value;
                }
            }

            xmlReader.MoveToElement();
            xmlReader.Read(); // reads start element

            string category = xmlReader.ReadElementContentAsString(strings.Category, String.Empty);

            xmlReader.IgnoreElement(strings.Folder, IgnoreOptions.Required);
            string kingdom        = xmlReader.ReadElementContentAsString(strings.Kingdom, String.Empty);
            string abstract_      = xmlReader.ReadOptionalElementContentAsString(strings.Abstract);
            string abstractCustom = xmlReader.ReadOptionalElementContentAsString(strings.AbstractCustom);
            string friority       = xmlReader.ReadOptionalElementContentAsString(strings.Friority);

            xmlReader.IgnoreElement(strings.Tag, IgnoreOptions.Optional | IgnoreOptions.Multiple);
            xmlReader.IgnoreElement(strings.Comment, IgnoreOptions.Optional | IgnoreOptions.Multiple);
            FortifyPathElement primary = FortifyPathElement.Parse(xmlReader, strings);
            FortifyPathElement source;

            if (xmlReader.NodeType == XmlNodeType.Element && StringReference.AreEqual(xmlReader.LocalName, strings.Source))
            {
                source = FortifyPathElement.Parse(xmlReader, strings);
            }
            else
            {
                source = null;
            }

            xmlReader.IgnoreElement(strings.TraceDiagramPath, IgnoreOptions.Optional);
            ImmutableArray <int> cweIds = ImmutableArray <int> .Empty;

            if (xmlReader.NodeType == XmlNodeType.Element && StringReference.AreEqual(xmlReader.LocalName, strings.ExternalCategory))
            {
                if (xmlReader.GetAttribute(strings.Type) == "CWE")
                {
                    cweIds = ParseCweIds(xmlReader.ReadElementContentAsString());
                }
                else
                {
                    xmlReader.Skip();
                }
            }

            xmlReader.ReadEndElement(); // </Result>

            return(new FortifyIssue(ruleId, iid, category, kingdom, abstract_, abstractCustom, friority, primary, source, cweIds));
        }
 /// <summary>Initializes a new instance of the <see cref="FortifyConverter"/> class.</summary>
 public FortifyConverter()
 {
     _nameTable = new NameTable();
     _strings = new FortifyStrings(_nameTable);
 }