public static Fortify_Scan mapScanDetails(this Fortify_Scan fortifyScan)
{
var fvdl = fortifyScan._fvdl;
fortifyScan.BuildID = fvdl.Build.BuildID;
fortifyScan.Loc = fvdl.Build.LOC;
fortifyScan.SourceBasePath = fvdl.Build.SourceBasePath;
fortifyScan.ScanTime = fvdl.Build.ScanTime.value;
fortifyScan.CreatedDateTime = DateTime.Parse("{0} {1}".format(fortifyScan._fvdl.CreatedTS.date.ToShortDateString(),
fortifyScan._fvdl.CreatedTS.time.ToLongTimeString()));
fortifyScan.Errors = fvdl.EngineData.Errors.str() != "<Errors xmlns=\"xmlns://www.fortifysoftware.com/schema/fvdl\" />"
? fvdl.EngineData.Errors.str()
: "";
foreach (var file in fvdl.Build.SourceFiles.File)
{
fortifyScan.ScannedFiles.Add(new Fortify_ScannedFile()
{
Loc = file.loc,
Size = file.size,
Timestamp = file.timestamp,
Type = file.type,
Path = file.TypedValue
});
}
return(fortifyScan);
}
public static Fortify_Scan mapSources(this Fortify_Scan fortifyScan)
{
foreach (var source in fortifyScan._fvdl.ProgramData.Sources.SourceInstance)
{
try
{
var fortifySource = new Fortify_Source()
{
RuleID = source.ruleID.str(),
};
if (source.FunctionCall.notNull())
{
fortifySource.Function_Call = new Fortify_Function(source.FunctionCall.Function.name, source.FunctionCall.SourceLocation);
}
if (source.FunctionCall.notNull())
{
fortifySource.Function_Entry = new Fortify_Function(source.FunctionCall.Function.name, source.FunctionCall.SourceLocation);
}
if (source.TaintFlags.notNull())
{
fortifySource.TaintFlags = (from taintFlag in source.TaintFlags.TaintFlag
select taintFlag.name).toList();
}
fortifyScan.Sources.Add(fortifySource);
}
catch (Exception ex)
{
"Error Adding Source: {0}".error(ex.Message);
}
}
return(fortifyScan);
}
public Fortify_Scan convertToFortifyScan(string fvdlFile)
{
var scan = new Fortify_Scan();
scan._fvdl = loadFvdl_Raw(fvdlFile);
scan.mapFvdlData();
return(scan);
}
public static Fortify_Scan mapFvdlData(this Fortify_Scan fortifyScan)
{
var o2Timer = new O2Timer("Mapped Fvdl Data").start();
fortifyScan.mapScanDetails()
.mapContextPool()
.mapDescriptions()
.mapCalledWithNoDefs()
.mapSinks()
.mapSources()
.mapSnippets()
.mapVulnerabilities();
o2Timer.stop();
return(fortifyScan);
}
public static Fortify_Scan mapCalledWithNoDefs(this Fortify_Scan fortifyScan)
{
//have to map this using the xElement because the xsd/cs schema doesn't support it (at the moment)
//return _fortifyScan._fvdl.ProgramData.CalledWithNoDef[0].attribute("name").value();
foreach (var function in fortifyScan._fvdl.ProgramData.CalledWithNoDef.xElement().elements())
{
fortifyScan.CalledWithNoDefs.Add(
new Fortify_CalledWithNoDef()
{
Name = function.attribute("name").value(),
Namespace = function.attribute("namespace").value(),
EnclosingClass = function.attribute("enclosingClass").value()
});
}
return(fortifyScan);
}
public static Fortify_Scan mapSnippets(this Fortify_Scan fortifyScan)
{
foreach (var snippet in fortifyScan._fvdl.Snippets.Snippet)
{
fortifyScan.Snippets.Add(
new Fortify_Snippet()
{
Id = snippet.id.str(),
Text = snippet.Text,
CodeLocation = new Fortify_CodeLocation()
{
Path = snippet.File,
Line = snippet.StartLine,
LineEnd = snippet.EndLine
}
});
}
return(fortifyScan);
}
public static Fortify_Scan mapSinks(this Fortify_Scan fortifyScan)
{
foreach (var sink in fortifyScan._fvdl.ProgramData.Sinks.SinkInstance)
{
try
{
fortifyScan.Sinks.Add(
new Fortify_Sink()
{
RuleID = sink.ruleID.str(),
Function_Call = new Fortify_Function(sink.FunctionCall.Function.name, sink.FunctionCall.SourceLocation)
});
}
catch (Exception ex)
{
"Error Adding Sink: {0}".error(ex.Message);
}
}
return(fortifyScan);
}
public static Fortify_Scan mapContextPool(this Fortify_Scan fortifyScan)
{
foreach (var context in fortifyScan._fvdl.ContextPool.Context)
{
try
{
fortifyScan.Contexts.Add(
new Fortify_Context()
{
Id = context.id.str(),
Function = new Fortify_Function(context.Function.name, context.FunctionDeclarationSourceLocation)
});
}
catch (Exception ex)
{
"Error Adding ContextPool Item: {0}".error(ex.Message);
}
}
return(fortifyScan);
}
public static Fortify_Scan mapDescriptions(this Fortify_Scan fortifyScan)
{
foreach (var description in fortifyScan._fvdl.Description)
{
var fortifyDescription = new Fortify_Description
{
Abstract = description.Abstract,
ClassID = description.classID,
ContentType = description.contentType,
Explanation = description.Explanation,
Recommendations = description.Recommendations,
};
if (description.Tips.notNull())
{
foreach (var tip in description.Tips.Tip)
{
fortifyDescription.Tips.Add(tip);
}
}
fortifyScan.Descriptions.add(fortifyDescription);
}
return(fortifyScan);
}
public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan)
{
foreach (var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability)
{
if (vulnerability.notNull())
{
var fortifyVulnerability = new Fortify_Vulnerability();
//from ClassInfo
fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName;
fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID;
fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity;
fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom;
fortifyVulnerability.Type = vulnerability.ClassInfo.Type;
fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype;
//from
fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID;
fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity;
fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence;
//
//from AnalysisInfo
var analysisInfo = vulnerability.AnalysisInfo;
if (analysisInfo.Unified.notNull())
{
if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull())
{
fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name,
analysisInfo.Unified.Context.FunctionDeclarationSourceLocation);
}
if (analysisInfo.Unified.ReplacementDefinitions.notNull())
{
foreach (var def in analysisInfo.Unified.ReplacementDefinitions.Def)
{
fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value);
}
}
foreach (var trace in analysisInfo.Unified.Trace)
{
foreach (var entry in trace.Primary.Entry)
{
var traceEntry = new Fortify_TraceEntry();
if (entry.NodeRef.notNull())
{
traceEntry.NodeRefId = entry.NodeRef.id;
}
if (entry.Node.notNull())
{
var node = entry.Node;
traceEntry.DetailsOnly = node.detailsOnly ?? false;
traceEntry.IsDefault = node.isDefault ?? false;
traceEntry.Label = node.label ?? "";
if (node.Action.notNull())
{
traceEntry.ActionType = node.Action.type;
traceEntry.ActionValue = node.Action.TypedValue;
}
if (node.Knowledge.notNull())
{
foreach (var fact in node.Knowledge.Fact)
{
traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact()
{
Primary = fact.primary,
Type = fact.type,
Value = fact.TypedValue
});
}
}
if (node.Reason.notNull())
{
traceEntry.Reason_RuleId = node.Reason.Rule.notNull()
? node.Reason.Rule.ruleID
: "";
traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull()
? node.Reason.TraceRef.str()
: "";
traceEntry.Reason_Internal = node.Reason.Internal.notNull()
? node.Reason.Internal.str()
: "";
}
if (node.SourceLocation.notNull())
{
traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation);
traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0;
traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet;
}
if (node.SecondaryLocation.notNull())
{
traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation);
traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet;
}
}
fortifyVulnerability.Traces.Add(traceEntry);
}
}
}
fortifyScan.Vulnerabilities.add(fortifyVulnerability);
}
}
return(fortifyScan);
}
public Fortify_Scan convertToFortifyScan(string fvdlFile)
{
var scan = new Fortify_Scan();
scan._fvdl = loadFvdl_Raw(fvdlFile);
scan.mapFvdlData();
return scan;
}
