private static string BuildLocationsText(Run run)
{
IList <Result> results = run.Results;
var sb = new StringBuilder();
foreach (Result result in results)
{
ArtifactLocation artifactLocation = run.Artifacts[result.Locations[0].PhysicalLocation.ArtifactLocation.Index].Location;
string organization = artifactLocation.GetProperty("OrganizationName");
string buildDefinitionId = artifactLocation.GetProperty <int>("BuildDefinitionId").ToString();
string projectName = artifactLocation.GetProperty("ProjectName");
string pipelineName = organization + "/" + projectName + "." + buildDefinitionId;
string anchorLink = GetLinkText(result.Message.Text);
string jsonPath = GetVariableName(result.Message.Text);
string anchorElement = BuildAnchorElement(anchorLink, jsonPath);
sb.AppendLine(pipelineName + ": " + anchorElement + "<br/>");
}
return(sb.ToString());
}
private static string BuildLocationsText(Run run)
{
IList <Result> results = run.Results;
var sb = new StringBuilder();
foreach (Result result in results)
{
ArtifactLocation artifactLocation = run.Artifacts[result.Locations[0].PhysicalLocation.ArtifactLocation.Index].Location;
string organization = artifactLocation.GetProperty("OrganizationName");
string artifactId = artifactLocation.GetProperty <int>("ArtifactId").ToString();
string projectName = artifactLocation.GetProperty("ProjectName");
string pipelineName = organization + "/" + projectName + "." + artifactId;
string anchorLink = GetLinkText(result.Message.Text);
string jsonPath = result.Locations?[0].LogicalLocations?[0]?.FullyQualifiedName ?? string.Empty;
string anchorElement = BuildAnchorElement(anchorLink, jsonPath);
sb.AppendLine($"{pipelineName}: {anchorElement}<br/>");
}
return(sb.ToString());
}
public static WorkItemFilingMetadata CreateWorkItemFilingMetadata(this SarifLog sarifLog, string workItemProjectName, string templateFilePath)
{
WorkItemFilingMetadata metadata = new WorkItemFilingMetadata()
{
Object = sarifLog,
Attachment = new WorkItemFiling.Attachment
{
Name = "AttachedResults.sarif",
Text = JsonConvert.SerializeObject(sarifLog)
}
};
ArtifactLocation artifactLocation = sarifLog.Runs[0].Artifacts[0].Location;
string organization = artifactLocation.GetProperty("OrganizationName");
string buildDefinitionId = artifactLocation.GetProperty <int>("BuildDefinitionId").ToString();
string projectName = artifactLocation.GetProperty("ProjectName");
// BUG: GetProperty doesn't unencode string values
string areaPath = $@"{workItemProjectName}" + artifactLocation.GetProperty("AreaPath").Replace(@"\\", @"\");
string buildDefinitionName = artifactLocation.GetProperty("BuildDefinitionName");
List <string> customTags = new List <string>();
if (artifactLocation.TryGetProperty("CustomTags", out string customTagsString))
{
metadata.CustomTags = customTagsString.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(t => t.Trim()).ToList();
}
Dictionary <string, string> customFields = new Dictionary <string, string>();
if (artifactLocation.TryGetProperty("CustomFields", out string customFieldsString))
{
string[] fieldKvps = customFieldsString.Split(',');
foreach (string fieldKvp in fieldKvps)
{
string[] kv = fieldKvp.Split(':');
if (kv.Length == 2)
{
customFields.Add(kv[0].Trim(), kv[1].Trim());
}
}
}
metadata.CustomFields = customFields;
Result result = sarifLog.Runs[0].Results[0];
string ruleName = sarifLog.Runs[0].Results[0].RuleId.Split('/')[0];
if (result.RuleIndex > -1)
{
ruleName = sarifLog.Runs[0].Tool.Driver.Rules[result.RuleIndex].Name + ":" + ruleName;
}
metadata.Title = "[" + organization + "/" + projectName + "] " +
ruleName + ": Exposed credential(s) in " +
"build definition: '" + buildDefinitionName + "'";
// TODO: This should come from the SARIF or command line arg in the future.
metadata.Tags = new List <string>(new string[] { "Security" });
metadata.AreaPath = areaPath;
metadata.Description = InjectArguments(
File.ReadAllText(templateFilePath),
organization,
projectName,
buildDefinitionId,
buildDefinitionName,
ruleName,
sarifLog.Runs[0]
);
return(metadata);
}