/// <summary>Initializes a new instance of the <see cref="FortifyIssue"/> class.</summary>
/// <param name="ruleId">The Rule ID stored in the Fortify result.</param>
/// <param name="iid">The Instance ID stored in the Fortify result.</param>
/// <param name="category">The category of Fortify result.</param>
/// <param name="kingdom">The kingdom of the Fortify result.</param>
/// <param name="abs">The abstract (description) message of the Fortify result if present; otherwise, null.</param>
/// <param name="abstractCustom">A custom user-provided abstract (description) message of the Fortify result if it is present;
/// otherwise, null.</param>
/// <param name="priority">The "friority" (which appears to be an intentional misspelling of "priority") of the Fortify
/// result if present; otherwise, null.</param>
/// <param name="primaryOrSink">The primary location for the Fortify result; this will be the sink for data flow rules.</param>
/// <param name="source">Source for the flagged data flow if present; otherwise, null.</param>
/// <param name="cweIds">List of CWE IDs stapled to the Fortify result, if present.</param>
public FortifyIssue(string ruleId, string iid, string category, string kingdom, string abs, string abstractCustom, string priority, FortifyPathElement primaryOrSink, FortifyPathElement source, ImmutableArray<int> cweIds)
{
if (category == null)
{
throw new ArgumentNullException(nameof(category));
}
if (kingdom == null)
{
throw new ArgumentNullException(nameof(kingdom));
}
if (primaryOrSink == null)
{
throw new ArgumentNullException(nameof(primaryOrSink));
}
this.RuleId = ruleId;
this.InstanceId = iid;
this.Category = category;
this.Kingdom = kingdom;
this.Abstract = abs;
this.AbstractCustom = abstractCustom;
this.Priority = priority;
this.PrimaryOrSink = primaryOrSink;
this.Source = source;
this.CweIds = cweIds;
}
/// <summary>Initializes a new instance of the <see cref="FortifyIssue"/> class.</summary>
/// <param name="ruleId">The Rule ID stored in the Fortify result.</param>
/// <param name="iid">The Instance ID stored in the Fortify result.</param>
/// <param name="category">The category of Fortify result.</param>
/// <param name="kingdom">The kingdom of the Fortify result.</param>
/// <param name="abs">The abstract (description) message of the Fortify result if present; otherwise, null.</param>
/// <param name="abstractCustom">A custom user-provided abstract (description) message of the Fortify result if it is present;
/// otherwise, null.</param>
/// <param name="priority">The "friority" (which appears to be an intentional misspelling of "priority") of the Fortify
/// result if present; otherwise, null.</param>
/// <param name="primaryOrSink">The primary location for the Fortify result; this will be the sink for data flow rules.</param>
/// <param name="source">Source for the flagged data flow if present; otherwise, null.</param>
/// <param name="cweIds">List of CWE IDs stapled to the Fortify result, if present.</param>
public FortifyIssue(string ruleId, string iid, string category, string kingdom, string abs, string abstractCustom, string priority, FortifyPathElement primaryOrSink, FortifyPathElement source, ImmutableArray <int> cweIds)
{
if (category == null)
{
throw new ArgumentNullException(nameof(category));
}
if (kingdom == null)
{
throw new ArgumentNullException(nameof(kingdom));
}
if (primaryOrSink == null)
{
throw new ArgumentNullException(nameof(primaryOrSink));
}
this.RuleId = ruleId;
this.InstanceId = iid;
this.Category = category;
this.Kingdom = kingdom;
this.Abstract = abs;
this.AbstractCustom = abstractCustom;
this.Priority = priority;
this.PrimaryOrSink = primaryOrSink;
this.Source = source;
this.CweIds = cweIds;
}
public void FortifyPathElement_CanBeConstructed()
{
var uut = new FortifyPathElement("file", 42, "targetFunction");
Assert.AreEqual("file", uut.FilePath);
Assert.AreEqual(42, uut.LineStart);
Assert.AreEqual("targetFunction", uut.TargetFunction);
}
public void FortifyPathElement_CanBeConstructed()
{
var uut = new FortifyPathElement("file", 42, "targetFunction");
Assert.AreEqual("file", uut.FilePath);
Assert.AreEqual(42, uut.LineStart);
Assert.AreEqual("targetFunction", uut.TargetFunction);
}
private static PhysicalLocation ConvertFortifyLocationToPhysicalLocation(FortifyPathElement element)
{
return(new PhysicalLocation
{
Uri = new Uri(element.FilePath, UriKind.RelativeOrAbsolute),
Region = Extensions.CreateRegion(element.LineStart)
});
}
public void FortifyPathElement_Parse_WithAllProperties()
{
const string xml = @"<does_not_matter><FileName>FileName</FileName><FilePath>FilePath</FilePath><LineStart>42</LineStart><Snippet></Snippet><SnippetLine></SnippetLine><TargetFunction>vector<string> example::member(int, int) const&&</TargetFunction></does_not_matter><following />";
FortifyPathElement result = Parse(xml);
Assert.AreEqual("FilePath", result.FilePath);
Assert.AreEqual(42, result.LineStart);
Assert.AreEqual("vector<string> example::member(int, int) const&&", result.TargetFunction);
}
public void FortifyPathElement_Parse_WithSnippetLine()
{
const string xml = @"<does_not_matter><FileName>FileName</FileName><FilePath>FilePath</FilePath><LineStart>42</LineStart><SnippetLine>unused</SnippetLine></does_not_matter><following />";
FortifyPathElement result = Parse(xml);
Assert.AreEqual("FilePath", result.FilePath);
Assert.AreEqual(42, result.LineStart);
Assert.IsNull(result.TargetFunction);
}
public void FortifyPathElement_Parse_MinimalValidElement()
{
const string xml = @"<does_not_matter><FileName>FileName</FileName><FilePath>FilePath</FilePath><LineStart>42</LineStart></does_not_matter><following />";
FortifyPathElement result = Parse(xml);
Assert.Equal("FilePath", result.FilePath);
Assert.Equal(42, result.LineStart);
Assert.Null(result.TargetFunction);
}
private static FortifyPathElement Parse(XmlReader reader)
{
return(FortifyPathElement.Parse(reader, new FortifyStrings(reader.NameTable)));
}
/// <summary>
/// Parses a Fortify Result element from an <see cref="XmlReader"/>.
/// </summary>
/// <param name="xmlReader">The <see cref="XmlReader"/> from which an element containing a Fortify result shall be
/// consumed. When this method returns, this <see cref="XmlReader"/> is positioned on the following element.</param>
/// <param name="strings">Strings used in processing a Fortify report.</param>
/// <returns>A <see cref="FortifyIssue"/> containing data from the node on which <paramref name="xmlReader"/> was
/// placed when this method was called.</returns>
public static FortifyIssue Parse(XmlReader xmlReader, FortifyStrings strings)
{
//<xs:element name="Result">
// <xs:complexType>
// <xs:sequence>
// <!-- Result Description -->
// <xs:element name="Category" type="xs:string" minOccurs="1" maxOccurs="1"/>
// <xs:element name="Folder" type="xs:string" minOccurs="1" maxOccurs="1"/>
// <xs:element name="Kingdom" type="xs:string" minOccurs="1" maxOccurs="1"/>
// <xs:element name="Abstract" type="xs:string" minOccurs="0" maxOccurs="1"/>
// <xs:element name="AbstractCustom" type="xs:string" minOccurs="0" maxOccurs="1"/>
// <xs:element name="Friority" type="xs:string" minOccurs="0" maxOccurs="1"/>
// <!-- custom tags including Analysis -->
// <xs:element name="Tag" minOccurs="0" maxOccurs="unbounded">
// <xs:complexType>
// <xs:sequence>
// <xs:element name="Name" type="xs:string" minOccurs="1" maxOccurs="1"/>
// <xs:element name="Value" type="xs:string" minOccurs="1" maxOccurs="1"/>
// </xs:sequence>
// </xs:complexType>
// </xs:element>
// <xs:element name="Comment" minOccurs="0" maxOccurs="unbounded">
// <xs:complexType>
// <xs:sequence>
// <xs:element name="UserInfo" type="xs:string" minOccurs="1" maxOccurs="1"/>
// <xs:element name="Comment" type="xs:string" minOccurs="1" maxOccurs="1"/>
// </xs:sequence>
// </xs:complexType>
// </xs:element>
// <!-- primary or sink -->
// <xs:element name="Primary" type="PathElement" minOccurs="1" maxOccurs="1"/>
// <!-- source -->
// <xs:element name="Source" type="PathElement" minOccurs="0" maxOccurs="1"/>
// <xs:element name="TraceDiagramPath" type="xs:string" minOccurs="0" maxOccurs="1"/>
// <!-- optional external category (i.e. STIG) -->
// <xs:element name="ExternalCategory" minOccurs="0" maxOccurs="1">
// <xs:complexType>
// <xs:simpleContent>
// <xs:extension base="xs:string">
// <xs:attribute name="type" type="xs:string" use="required"/>
// </xs:extension>
// </xs:simpleContent>
// </xs:complexType>
// </xs:element>
// </xs:sequence>
// <xs:attribute name="iid" type="xs:string" use="optional"/>
// <xs:attribute name="ruleID" type="xs:string" use="optional"/>
// </xs:complexType>
//</xs:element>
if (!xmlReader.IsStartElement(strings.Issue))
{
throw xmlReader.CreateException(ConverterResources.FortifyNotValidResult);
}
string iid = null;
string ruleId = null;
while (xmlReader.MoveToNextAttribute())
{
string name = xmlReader.LocalName;
if (StringReference.AreEqual(name, strings.Iid))
{
iid = xmlReader.Value;
}
else if (StringReference.AreEqual(name, strings.RuleId))
{
ruleId = xmlReader.Value;
}
}
xmlReader.MoveToElement();
xmlReader.Read(); // reads start element
string category = xmlReader.ReadElementContentAsString(strings.Category, String.Empty);
xmlReader.IgnoreElement(strings.Folder, IgnoreOptions.Required);
string kingdom = xmlReader.ReadElementContentAsString(strings.Kingdom, String.Empty);
string abstract_ = xmlReader.ReadOptionalElementContentAsString(strings.Abstract);
string abstractCustom = xmlReader.ReadOptionalElementContentAsString(strings.AbstractCustom);
string friority = xmlReader.ReadOptionalElementContentAsString(strings.Friority);
xmlReader.IgnoreElement(strings.Tag, IgnoreOptions.Optional | IgnoreOptions.Multiple);
xmlReader.IgnoreElement(strings.Comment, IgnoreOptions.Optional | IgnoreOptions.Multiple);
FortifyPathElement primary = FortifyPathElement.Parse(xmlReader, strings);
FortifyPathElement source;
if (xmlReader.NodeType == XmlNodeType.Element && StringReference.AreEqual(xmlReader.LocalName, strings.Source))
{
source = FortifyPathElement.Parse(xmlReader, strings);
}
else
{
source = null;
}
xmlReader.IgnoreElement(strings.TraceDiagramPath, IgnoreOptions.Optional);
ImmutableArray <int> cweIds = ImmutableArray <int> .Empty;
if (xmlReader.NodeType == XmlNodeType.Element && StringReference.AreEqual(xmlReader.LocalName, strings.ExternalCategory))
{
if (xmlReader.GetAttribute(strings.Type) == "CWE")
{
cweIds = ParseCweIds(xmlReader.ReadElementContentAsString());
}
else
{
xmlReader.Skip();
}
}
xmlReader.ReadEndElement(); // </Result>
return(new FortifyIssue(ruleId, iid, category, kingdom, abstract_, abstractCustom, friority, primary, source, cweIds));
}
private static PhysicalLocation ConvertFortifyLocationToPhysicalLocation(FortifyPathElement element)
{
return new PhysicalLocation
{
Uri = new Uri(element.FilePath, UriKind.RelativeOrAbsolute),
Region = Extensions.CreateRegion(element.LineStart)
};
}
private static List <PhysicalLocationComponent> ConvertFortifyLocationToPhysicalLocation(FortifyPathElement element)
{
return(new List <PhysicalLocationComponent>
{
new PhysicalLocationComponent
{
Uri = new Uri(element.FilePath, UriKind.RelativeOrAbsolute),
MimeType = MimeType.DetermineFromFileExtension(element.FilePath),
Region = Extensions.CreateRegion(element.LineStart)
}
});
}
