public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan) { foreach (var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability) { if (vulnerability.notNull()) { var fortifyVulnerability = new Fortify_Vulnerability(); //from ClassInfo fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName; fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID; fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity; fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom; fortifyVulnerability.Type = vulnerability.ClassInfo.Type; fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype; //from fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID; fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity; fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence; // //from AnalysisInfo var analysisInfo = vulnerability.AnalysisInfo; if (analysisInfo.Unified.notNull()) { if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull()) { fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name, analysisInfo.Unified.Context.FunctionDeclarationSourceLocation); } if (analysisInfo.Unified.ReplacementDefinitions.notNull()) { foreach (var def in analysisInfo.Unified.ReplacementDefinitions.Def) { fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value); } } foreach (var trace in analysisInfo.Unified.Trace) { foreach (var entry in trace.Primary.Entry) { var traceEntry = new Fortify_TraceEntry(); if (entry.NodeRef.notNull()) { traceEntry.NodeRefId = entry.NodeRef.id; } if (entry.Node.notNull()) { var node = entry.Node; traceEntry.DetailsOnly = node.detailsOnly ?? false; traceEntry.IsDefault = node.isDefault ?? false; traceEntry.Label = node.label ?? ""; if (node.Action.notNull()) { traceEntry.ActionType = node.Action.type; traceEntry.ActionValue = node.Action.TypedValue; } if (node.Knowledge.notNull()) { foreach (var fact in node.Knowledge.Fact) { traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact() { Primary = fact.primary, Type = fact.type, Value = fact.TypedValue }); } } if (node.Reason.notNull()) { traceEntry.Reason_RuleId = node.Reason.Rule.notNull() ? node.Reason.Rule.ruleID : ""; traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull() ? node.Reason.TraceRef.str() : ""; traceEntry.Reason_Internal = node.Reason.Internal.notNull() ? node.Reason.Internal.str() : ""; } if (node.SourceLocation.notNull()) { traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation); traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0; traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet; } if (node.SecondaryLocation.notNull()) { traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation); traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet; } } fortifyVulnerability.Traces.Add(traceEntry); } } } fortifyScan.Vulnerabilities.add(fortifyVulnerability); } } return(fortifyScan); }
public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan) { foreach(var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability) if (vulnerability.notNull()) { var fortifyVulnerability = new Fortify_Vulnerability(); //from ClassInfo fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName; fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID; fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity; fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom; fortifyVulnerability.Type = vulnerability.ClassInfo.Type; fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype; //from fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID; fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity; fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence; // //from AnalysisInfo var analysisInfo = vulnerability.AnalysisInfo; if (analysisInfo.Unified.notNull()) { if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull()) fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name, analysisInfo.Unified.Context.FunctionDeclarationSourceLocation); if (analysisInfo.Unified.ReplacementDefinitions.notNull()) foreach(var def in analysisInfo.Unified.ReplacementDefinitions.Def) fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value); foreach(var trace in analysisInfo.Unified.Trace) foreach(var entry in trace.Primary.Entry) { var traceEntry = new Fortify_TraceEntry(); if (entry.NodeRef.notNull()) traceEntry.NodeRefId = entry.NodeRef.id; if (entry.Node.notNull()) { var node = entry.Node; traceEntry.DetailsOnly = node.detailsOnly ?? false; traceEntry.IsDefault = node.isDefault ?? false; traceEntry.Label = node.label ?? ""; if (node.Action.notNull()) { traceEntry.ActionType = node.Action.type; traceEntry.ActionValue = node.Action.TypedValue; } if (node.Knowledge.notNull()) { foreach(var fact in node.Knowledge.Fact) traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact() { Primary = fact.primary, Type = fact.type, Value = fact.TypedValue }); } if (node.Reason.notNull()) { traceEntry.Reason_RuleId = node.Reason.Rule.notNull() ? node.Reason.Rule.ruleID : ""; traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull() ? node.Reason.TraceRef.str() : ""; traceEntry.Reason_Internal = node.Reason.Internal.notNull() ? node.Reason.Internal.str() : ""; } if (node.SourceLocation.notNull()) { traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation); traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0; traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet; } if (node.SecondaryLocation.notNull()) { traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation); traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet; } } fortifyVulnerability.Traces.Add(traceEntry); } } fortifyScan.Vulnerabilities.add(fortifyVulnerability); } return fortifyScan; }