private void ParseAuditXmlWithXmlReader(ZipArchiveEntry zipArchiveEntry) { try { XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings(); using (XmlReader xmlReader = XmlReader.Create(zipArchiveEntry.Open(), xmlReaderSettings)) { string instanceId = string.Empty; string analysisValue = string.Empty; List <FprVulnerability.AuditComment> auditComments = new List <FprVulnerability.AuditComment>(); while (xmlReader.Read()) { if (xmlReader.IsStartElement()) { switch (xmlReader.Name) { case "ns2:Issue": { instanceId = xmlReader.GetAttribute("instanceId"); analysisValue = ObtainAnalysisValue(xmlReader); break; } case "ns2:ThreadedComments": { auditComments = PopulateCommentsList(xmlReader); break; } } } else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("ns2:Issue")) { FprVulnerability fprVulnerability = fprVulnerabilityList.FirstOrDefault(x => x.InstanceId.Equals(instanceId)); if (fprVulnerability != null) { fprVulnerability.Status = analysisValue.ToVulneratorStatus(); fprVulnerability.AuditComments = auditComments; } auditComments = new List <FprVulnerability.AuditComment>(); instanceId = string.Empty; analysisValue = string.Empty; } } } } catch (Exception exception) { LogWriter.LogError("Unable to read FPR 'audit.xml' file."); throw exception; } }
private string InjectDefinitionValues(string input, FprVulnerability fprVulnerability) { try { string output = input; string placeholder = string.Empty; foreach (string key in fprVulnerability.ReplacementDefinitions.Keys) { string[] locationDefArray = new string[] { "SourceFunction", "SinkFunction", "PrimaryCall.name" }; placeholder = "<Replace key=\"" + key + "\"/>"; if (output.Contains(placeholder)) { output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]); } if (locationDefArray.Contains(key)) { switch (key) { case "SourceFunction": { placeholder = "<Replace key=\"" + key + "\" link=\"SourceLocation\"/>"; if (output.Contains(placeholder)) { output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]); } break; } case "SinkFunction": { placeholder = "<Replace key=\"" + key + "\" link=\"SinkLocation\"/>"; if (output.Contains(placeholder)) { output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]); } break; } case "PrimaryCall.name": { placeholder = "<Replace key=\"" + key + "\" link=\"PrimaryLocation\"/>"; if (output.Contains(placeholder)) { output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]); } break; } default: { break; } } } } return(output); } catch (Exception exception) { LogWriter.LogError("Unable to inject definition values into FPR vulnerability."); throw exception; } }
private void ParseFvdlVulnerablityNode(XmlReader xmlReader) { try { FprVulnerability fprVulnerability = new FprVulnerability(); fprVulnerability.Status = "Not Reviewed"; while (xmlReader.Read()) { if (xmlReader.IsStartElement()) { switch (xmlReader.Name) { case "ClassID": { fprVulnerability.ClassId = xmlReader.ObtainCurrentNodeValue(false).ToString(); break; } case "Kingdom": { fprVulnerability.Kingdom = xmlReader.ObtainCurrentNodeValue(false).ToString(); break; } case "Type": { fprVulnerability.Type = xmlReader.ObtainCurrentNodeValue(false).ToString(); break; } case "Subtype": { fprVulnerability.SubType = xmlReader.ObtainCurrentNodeValue(false).ToString(); break; } case "InstanceID": { fprVulnerability.InstanceId = xmlReader.ObtainCurrentNodeValue(false).ToString(); break; } case "Def": { fprVulnerability.ReplacementDefinitions.Add(xmlReader.GetAttribute("key"), xmlReader.GetAttribute("value")); break; } case "LocationDef": { FprVulnerability.LocationDef locationDef = new FprVulnerability.LocationDef(); locationDef.Path = xmlReader.GetAttribute("path"); locationDef.Line = xmlReader.GetAttribute("line"); locationDef.LineEnd = xmlReader.GetAttribute("lineEnd"); locationDef.ColumnStart = xmlReader.GetAttribute("colStart"); locationDef.ColumnEnd = xmlReader.GetAttribute("colEnd"); fprVulnerability.LocationDefinitions.Add(locationDef); break; } default: { break; } } } else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("Vulnerability")) { fprVulnerabilityList.Add(fprVulnerability); return; } } } catch (Exception exception) { LogWriter.LogError("Unable to parse the FPR FVDL 'Vulnerability' node."); throw exception; } }