public void Convert(PumaLog pumaLog, IResultLogWriter output)
{
pumaLog = pumaLog ?? throw new ArgumentNullException(nameof(pumaLog));
output = output ?? throw new ArgumentNullException(nameof(output));
var run = new Run()
{
Tool = new Tool
{
Name = "Puma Scan"
}
};
output.Initialize(run);
var results = new List <Result>();
foreach (PumaLogEntry entry in pumaLog)
{
results.Add(CreateResult(entry));
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
/// <param name="dataToInsert">Logging options that configure output.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
LogicalLocationsDictionary.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
ISet <Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var tool = new Tool
{
Name = "AndroidStudio"
};
var fileInfoFactory = new FileInfoFactory(null, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
public void Convert(Stream input, IResultLogWriter output)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
try
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.IgnoreWhitespace = true;
settings.DtdProcessing = DtdProcessing.Ignore;
var results = new List <Result>();
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
XmlNodeType nodeType = xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, results);
}
}
}
var tool = new Tool
{
Name = "Clang"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
finally
{
_files = null;
}
}
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
PylintLog log = logReader.ReadLog(input);
Tool tool = new Tool
{
Name = "Pylint"
};
output.Initialize(id: null, automationId: null);
output.WriteTool(tool);
var results = new List <Result>();
foreach (PylintLogEntry entry in log)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
var tool = new Tool
{
Name = "StaticDriverVerifier",
};
var fileInfoFactory = new FileInfoFactory(null);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <param name="loggingOptions">Logging options that configure output.</param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List <Notification>();
var results = GetResultsFromStream(input);
var tool = new Tool
{
Name = "Semmle QL"
};
output.Initialize(id: null, automationId: null);
output.WriteTool(tool);
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
/// <param name="loggingOptions">Logging options that configure output.</param>
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
var tool = new Tool
{
Name = "StaticDriverVerifier",
};
var fileInfoFactory = new FileInfoFactory(null, loggingOptions);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, automationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
/// <param name="dataToInsert">Logging options that configure output.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable,
XmlResolver = null
};
var results = new List <Result>();
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
while (StringReference.AreEqual(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
results.Add(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
var tool = new Tool
{
Name = "Fortify"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="loggingOptions">Logging options that configure output.</param>
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var tool = new Tool
{
Name = FortifyToolName
};
_invocation = new Invocation();
_results.Clear();
_toolNotifications.Clear();
_fileDictionary.Clear();
_ruleDictionary.Clear();
_aclToSnippetIdDictionary.Clear();
_resultToSnippetIdDictionary.Clear();
_snippetIdToSnippetTextDictionary.Clear();
ParseFprFile(input);
AddMessagesToResults();
AddSnippetsToResults();
AddSnippetsToAnnotatedCodeLocations();
output.Initialize(id: _runId, automationId: _automationId);
output.WriteTool(tool);
output.WriteInvocation(_invocation);
if (_fileDictionary.Any())
{
output.WriteFiles(_fileDictionary);
}
output.OpenResults();
output.WriteResults(_results);
output.CloseResults();
if (_ruleDictionary.Any())
{
output.WriteRules(_ruleDictionary);
}
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
LogicalLocationsDictionary.Clear();
var tool = new Tool
{
Name = ToolFormat.PREfast,
FullName = "PREfast Code Analysis"
};
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
XmlReaderSettings settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var serializer = new XmlSerializer(typeof(DefectList));
using (var reader = XmlReader.Create(input, settings))
{
var defectList = (DefectList)serializer.Deserialize(reader);
var results = new List <Result>();
foreach (Defect entry in defectList.Defects)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
LogicalLocationsDictionary.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore
};
ISet <Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var tool = new Tool
{
Name = "AndroidStudio"
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
public void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException("input");
}
if (output == null)
{
throw new ArgumentNullException("output");
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable
};
var results = new List <Result>();
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
while (Ref.Equal(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
results.Add(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
var tool = new Tool
{
Name = "Fortify"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw (new ArgumentNullException(nameof(input)));
}
if (output == null)
{
throw (new ArgumentNullException(nameof(output)));
}
LogicalLocationsDictionary.Clear();
var context = new FxCopLogReader.Context();
var results = new List <Result>();
var reader = new FxCopLogReader();
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw (new ArgumentNullException(nameof(input)));
}
if (output == null)
{
throw (new ArgumentNullException(nameof(output)));
}
LogicalLocationsDictionary.Clear();
var context = new FxCopLogReader.Context();
var results = new List<Result>();
var reader = new FxCopLogReader();
reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_invocation = new Invocation();
_invocation.ToolExecutionNotifications = new List <Notification>();
_invocation.ExecutionSuccessful = true;
_files.Clear();
_rules.Clear();
_ruleIdToIndexMap.Clear();
_cweIds.Clear();
_nodeDictionary.Clear();
_snippetDictionary.Clear();
// Uncomment following Line to fetch FVDL content from any FPR file. This is not needed for conversion.
// However, we keep a copy of FVDL for each test file for debugging purposes.
// string fvdlContent = ExtractFvdl(OpenAuditFvdlReader(input));
// Parse everything except vulnerabilities (building maps to write Results as-we-go next pass)
ParseAuditStream_PassOne(OpenAuditFvdlReader(input));
// Add Snippets to NodePool Nodes which referenced them (Snippets appear after the NodePool in Fortify files)
AddSnippetsToNodes();
// Create the Sarif Run itself to report
Run run = CreateSarifRun();
// Write the Run itself
output.Initialize(run);
output.OpenResults();
// Parse the Vulnerabilities, writing as we go
ParseAuditStream_PassTwo(OpenAuditFvdlReader(input), output);
// Close the Results array
output.CloseResults();
}
protected static Run PersistResults(IResultLogWriter output, IList <Result> results, Run run)
{
output.Initialize(run);
run.Results = results;
var visitor = new AddFileReferencesVisitor();
visitor.VisitRun(run);
if (run.Results != null)
{
output.OpenResults();
output.WriteResults(run.Results);
output.CloseResults();
}
return(run);
}
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
output.Initialize(id: null, automationId: null);
var tool = new Tool
{
Name = ToolFormat.PREfast,
FullName = "PREfast Code Analysis"
};
output.WriteTool(tool);
XmlReaderSettings settings = new XmlReaderSettings
{
XmlResolver = null
};
var serializer = new XmlSerializer(typeof(DefectList));
using (var reader = XmlReader.Create(input, settings))
{
var defectList = (DefectList)serializer.Deserialize(reader);
var results = new List <Result>();
foreach (Defect entry in defectList.Defects)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List <Notification>();
var results = GetResultsFromStream(input);
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var tool = new Tool
{
Name = "Semmle QL"
};
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
output.WriteFiles(fileDictionary);
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
/// <summary>
/// Interface implementation that takes a Static Driver Verifier log stream and converts
/// its data to a SARIF json stream. Read in Static Driver Verifier data from an input
/// stream and write Result objects.
/// </summary>
/// <param name="input">Stream of a Static Driver Verifier log</param>
/// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
Result result = ProcessSdvDefectStream(input);
var results = new Result[] { result };
var tool = new Tool
{
Name = "StaticDriverVerifier",
};
var fileInfoFactory = new FileInfoFactory(null, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
input = input ?? throw new ArgumentNullException(nameof(input));
output = output ?? throw new ArgumentNullException(nameof(output));
TSLintLog tsLintLog = logReader.ReadLog(input);
Tool tool = new Tool
{
Name = "TSLint"
};
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
var results = new List <Result>();
foreach (TSLintLogEntry entry in tsLintLog)
{
results.Add(CreateResult(entry));
}
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
if (fileDictionary?.Any() == true)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Convert FxCop log to SARIF format stream
/// </summary>
/// <param name="input">FxCop log stream</param>
/// <param name="output">output stream</param>
public void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw (new ArgumentNullException("input"));
}
if (output == null)
{
throw (new ArgumentNullException("output"));
}
var context = new FxCopLogReader.Context();
var results = new List <Result>();
var reader = new FxCopLogReader();
reader.IssueRead += (FxCopLogReader.Context current) => { results.Add(CreateIssue(current)); };
reader.Read(context, input);
Tool tool = new Tool
{
Name = "FxCop"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable,
XmlResolver = null
};
var results = new List<Result>();
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
while (Ref.Equal(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
results.Add(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
var tool = new Tool
{
Name = "Fortify"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output)
{
reader.ReadStartElement(_strings.Results);
if (!Ref.Equal(reader.LocalName, _strings.CppCheck))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
string version = reader.GetAttribute(_strings.Version);
if (version != null && !version.IsSemanticVersioningCompatible())
{
// This logic only fixes up simple cases, such as being passed
// 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also
// strips Revision member if passed a complete .NET version.
Version dotNetVersion;
if (Version.TryParse(version, out dotNetVersion))
{
version =
Math.Max(0, dotNetVersion.Major) + "." +
Math.Max(0, dotNetVersion.Minor) + "." +
Math.Max(0, dotNetVersion.Build);
}
}
if (String.IsNullOrWhiteSpace(version))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
reader.Skip(); // <cppcheck />
if (!Ref.Equal(reader.LocalName, _strings.Errors))
{
throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing);
}
var results = new List<Result>();
if (reader.IsEmptyElement)
{
reader.Skip(); // <errors />
}
else
{
int errorsDepth = reader.Depth;
reader.Read(); // <errors>
while (reader.Depth > errorsDepth)
{
var parsedError = CppCheckError.Parse(reader, _strings);
results.Add(parsedError.ToSarifIssue());
}
reader.ReadEndElement(); // </errors>
}
reader.ReadEndElement(); // </results>
var tool = new Tool
{
Name = "CppCheck",
Version = version,
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream of Fortify report in XML format to a
/// SARIF json format stream.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream of the Fortify report.</param>
/// <param name="output">Stream of SARIF json.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore,
IgnoreWhitespace = true,
NameTable = _nameTable,
XmlResolver = null
};
string runDescription = null;
var results = new List <Result>();
using (XmlReader reader = XmlReader.Create(input, settings))
{
while (reader.Read())
{
if (runDescription == null)
{
// Find the executive summary <ReportSection> element
if (StringReference.AreEqual(reader.LocalName, _strings.ReportSection) && reader.IsStartElement())
{
reader.Read(); // Move to Title element
if (reader.ReadElementContentAsString(_strings.Title, String.Empty) == "Executive Summary")
{
reader.Read(); // Move to SubSection element
reader.IgnoreElement(_strings.Title, IgnoreOptions.Required);
reader.IgnoreElement(_strings.Description, IgnoreOptions.Required);
runDescription = reader.ReadElementContentAsString(_strings.Text, String.Empty);
}
}
}
else
{
while (StringReference.AreEqual(reader.LocalName, _strings.Issue))
{
FortifyIssue fortify = FortifyIssue.Parse(reader, _strings);
results.Add(ConvertFortifyIssueToSarifIssue(fortify));
}
}
}
}
var tool = new Tool
{
Name = "Fortify"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Description = new Message
{
Text = runDescription
},
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output.
/// </summary>
/// <param name="input">The Android Studio formatted log.</param>
/// <param name="output">The SarifLog to write the output to.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
LogicalLocationsDictionary.Clear();
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
IgnoreProcessingInstructions = true,
NameTable = _nameTable,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
ISet<Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
var tool = new Tool
{
Name = "AndroidStudio"
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Any())
{
output.WriteFiles(fileDictionary);
}
if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any())
{
output.WriteLogicalLocations(LogicalLocationsDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>Convert a Clang plist report into the SARIF format.</summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">CLang log file stream.</param>
/// <param name="output">Result log writer.</param>
public override void Convert(Stream input, IResultLogWriter output)
{
// ToDo remove this comment after all issues are resolved.
// Rodney is tasked with bringing Clang analyzer results into the SARIF fold.
// Once this work is complete, he can close the following task:
// http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
try
{
XmlReaderSettings settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
XmlResolver = null
};
var results = new List<Result>();
using (XmlReader xmlReader = XmlReader.Create(input, settings))
{
xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
if (xmlReader.NodeType == XmlNodeType.Element)
{
using (var pListReader = xmlReader.ReadSubtree())
{
this.ReadPlist(pListReader, results);
}
}
}
var tool = new Tool
{
Name = "Clang"
};
var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension);
Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results);
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); }
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
finally
{
_files = null;
}
}
/// <summary>
/// Converts a Semmle log file in CSV format to a SARIF log file.
/// </summary>
/// <param name="input">
/// Input stream from which to read the Semmle log.
/// </param>
/// <param name="output">
/// Output string to which to write the SARIF log.
/// </param>
/// <exception cref="ArgumentNullException">
/// Thrown when one or more required arguments are null.
/// </exception>
public override void Convert(Stream input, IResultLogWriter output)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
_toolNotifications = new List<Notification>();
var results = GetResultsFromStream(input);
var tool = new Tool
{
Name = "Semmle"
};
output.Initialize(id: null, correlationId: null);
output.WriteTool(tool);
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
reader.ReadStartElement(_strings.Results);
if (!StringReference.AreEqual(reader.LocalName, _strings.CppCheck))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
string version = reader.GetAttribute(_strings.Version);
if (version != null && !version.IsSemanticVersioningCompatible())
{
// This logic only fixes up simple cases, such as being passed
// 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also
// strips Revision member if passed a complete .NET version.
Version dotNetVersion;
if (Version.TryParse(version, out dotNetVersion))
{
version =
Math.Max(0, dotNetVersion.Major) + "." +
Math.Max(0, dotNetVersion.Minor) + "." +
Math.Max(0, dotNetVersion.Build);
}
}
if (String.IsNullOrWhiteSpace(version))
{
throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing);
}
reader.Skip(); // <cppcheck />
if (!StringReference.AreEqual(reader.LocalName, _strings.Errors))
{
throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing);
}
var results = new List <Result>();
if (reader.IsEmptyElement)
{
reader.Skip(); // <errors />
}
else
{
int errorsDepth = reader.Depth;
reader.Read(); // <errors>
while (reader.Depth > errorsDepth)
{
var parsedError = CppCheckError.Parse(reader, _strings);
results.Add(parsedError.ToSarifIssue());
}
reader.ReadEndElement(); // </errors>
}
reader.ReadEndElement(); // </results>
var tool = new Tool
{
Name = "CppCheck",
Version = version,
};
var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp, dataToInsert);
Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results);
var run = new Run()
{
Tool = tool
};
output.Initialize(run);
if (fileDictionary != null && fileDictionary.Count > 0)
{
output.WriteFiles(fileDictionary);
}
output.OpenResults();
output.WriteResults(results);
output.CloseResults();
}
/// <summary>
/// Interface implementation for converting a stream in Fortify FPR format to a stream in
/// SARIF format.
/// </summary>
/// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception>
/// <param name="input">Stream in Fortify FPR format.</param>
/// <param name="output">Stream in SARIF format.</param>
/// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param>
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (output == null)
{
throw new ArgumentNullException(nameof(output));
}
var tool = new Tool
{
Name = FortifyToolName
};
_invocation = new Invocation();
_results.Clear();
_toolNotifications.Clear();
_fileDictionary.Clear();
_ruleDictionary.Clear();
_tflToNodeIdDictionary.Clear();
_tflToSnippetIdDictionary.Clear();
_locationToSnippetIdDictionary.Clear();
_resultToSnippetIdDictionary.Clear();
_resultToReplacementDefinitionDictionary.Clear();
_nodeIdToLocationDictionary.Clear();
_snippetIdToRegionsDictionary.Clear();
ParseFprFile(input);
AddMessagesToResults();
AddSnippetsToResults();
AddNodeLocationsToThreadFlowLocations();
AddSnippetsToThreadFlowLocations();
var run = new Run()
{
InstanceGuid = _runId,
AutomationLogicalId = _automationId,
Tool = tool,
Invocations = new[] { _invocation }
};
output.Initialize(run);
(output as ResultLogJsonWriter).WriteInvocations(run.Invocations);
if (_fileDictionary.Any())
{
output.WriteFiles(_fileDictionary);
}
output.OpenResults();
output.WriteResults(_results);
output.CloseResults();
if (_ruleDictionary.Any())
{
output.WriteRules(_ruleDictionary);
}
if (_toolNotifications.Any())
{
output.WriteToolNotifications(_toolNotifications);
}
}