private void ParseAuditXmlWithXmlReader(ZipArchiveEntry zipArchiveEntry)
{
try
{
XmlReaderSettings xmlReaderSettings = GenerateXmlReaderSettings();
using (XmlReader xmlReader = XmlReader.Create(zipArchiveEntry.Open(), xmlReaderSettings))
{
string instanceId = string.Empty;
string analysisValue = string.Empty;
List <FprVulnerability.AuditComment> auditComments = new List <FprVulnerability.AuditComment>();
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Name)
{
case "ns2:Issue":
{
instanceId = xmlReader.GetAttribute("instanceId");
analysisValue = ObtainAnalysisValue(xmlReader);
break;
}
case "ns2:ThreadedComments":
{
auditComments = PopulateCommentsList(xmlReader);
break;
}
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("ns2:Issue"))
{
FprVulnerability fprVulnerability =
fprVulnerabilityList.FirstOrDefault(x => x.InstanceId.Equals(instanceId));
if (fprVulnerability != null)
{
fprVulnerability.Status = analysisValue.ToVulneratorStatus();
fprVulnerability.AuditComments = auditComments;
}
auditComments = new List <FprVulnerability.AuditComment>();
instanceId = string.Empty;
analysisValue = string.Empty;
}
}
}
}
catch (Exception exception)
{
LogWriter.LogError("Unable to read FPR 'audit.xml' file.");
throw exception;
}
}
private string InjectDefinitionValues(string input, FprVulnerability fprVulnerability)
{
try
{
string output = input;
string placeholder = string.Empty;
foreach (string key in fprVulnerability.ReplacementDefinitions.Keys)
{
string[] locationDefArray = new string[] { "SourceFunction", "SinkFunction", "PrimaryCall.name" };
placeholder = "<Replace key=\"" + key + "\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
if (locationDefArray.Contains(key))
{
switch (key)
{
case "SourceFunction":
{
placeholder = "<Replace key=\"" + key + "\" link=\"SourceLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
case "SinkFunction":
{
placeholder = "<Replace key=\"" + key + "\" link=\"SinkLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
case "PrimaryCall.name":
{
placeholder = "<Replace key=\"" + key + "\" link=\"PrimaryLocation\"/>";
if (output.Contains(placeholder))
{
output = output.Replace(placeholder, fprVulnerability.ReplacementDefinitions[key]);
}
break;
}
default:
{
break;
}
}
}
}
return(output);
}
catch (Exception exception)
{
LogWriter.LogError("Unable to inject definition values into FPR vulnerability.");
throw exception;
}
}
private void ParseFvdlVulnerablityNode(XmlReader xmlReader)
{
try
{
FprVulnerability fprVulnerability = new FprVulnerability();
fprVulnerability.Status = "Not Reviewed";
while (xmlReader.Read())
{
if (xmlReader.IsStartElement())
{
switch (xmlReader.Name)
{
case "ClassID":
{
fprVulnerability.ClassId = xmlReader.ObtainCurrentNodeValue(false).ToString();
break;
}
case "Kingdom":
{
fprVulnerability.Kingdom = xmlReader.ObtainCurrentNodeValue(false).ToString();
break;
}
case "Type":
{
fprVulnerability.Type = xmlReader.ObtainCurrentNodeValue(false).ToString();
break;
}
case "Subtype":
{
fprVulnerability.SubType = xmlReader.ObtainCurrentNodeValue(false).ToString();
break;
}
case "InstanceID":
{
fprVulnerability.InstanceId = xmlReader.ObtainCurrentNodeValue(false).ToString();
break;
}
case "Def":
{
fprVulnerability.ReplacementDefinitions.Add(xmlReader.GetAttribute("key"),
xmlReader.GetAttribute("value"));
break;
}
case "LocationDef":
{
FprVulnerability.LocationDef locationDef = new FprVulnerability.LocationDef();
locationDef.Path = xmlReader.GetAttribute("path");
locationDef.Line = xmlReader.GetAttribute("line");
locationDef.LineEnd = xmlReader.GetAttribute("lineEnd");
locationDef.ColumnStart = xmlReader.GetAttribute("colStart");
locationDef.ColumnEnd = xmlReader.GetAttribute("colEnd");
fprVulnerability.LocationDefinitions.Add(locationDef);
break;
}
default:
{
break;
}
}
}
else if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name.Equals("Vulnerability"))
{
fprVulnerabilityList.Add(fprVulnerability);
return;
}
}
}
catch (Exception exception)
{
LogWriter.LogError("Unable to parse the FPR FVDL 'Vulnerability' node.");
throw exception;
}
}