public void Error(Span span, ErrorInfo info, params string[] argsOpt) { Errors.Add(new ErrorInstance() { Span = span, Error = info, Args = argsOpt, }); AuditEnvironment.Debug("Error written to PHP parser sink."); }
public override async Task <bool> ReportPackageSourceAudit() { HttpClient.DefaultRequestHeaders.Accept.Clear(); HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); var r = await HttpClient.GetStringAsync("/api/v2/applications?publicId=" + IQServerAppId); var apps = JsonConvert.DeserializeObject <IQServerApplications>(r); if (apps.Applications.Length == 0) { AuditEnvironment.Error("The app id {0} does not exist on the IQ Server at {1}.", IQServerAppId, IQServerUrl.ToString()); return(false); } IQServerInternalAppId = apps.Applications.First().Id; SBom.AppendFormat("<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<bom xmlns=\"http://cyclonedx.org/schema/bom/1.1\" version=\"1\" serialNumber=\"urn:uuid:{0}\"\nxmlns:v=\"http://cyclonedx.org/schema/ext/vulnerability/1.0\">\n\t<components>\n", Guid.NewGuid().ToString("D")); int packages_count = Source.Vulnerabilities.Count; int packages_processed = 0; int c = 0; foreach (var pv in Source.Vulnerabilities.OrderByDescending(sv => sv.Value.Count(v => v.PackageVersionIsInRange))) { IPackage package = pv.Key; List <IVulnerability> package_vulnerabilities = pv.Value; var purl = string.IsNullOrEmpty(package.Group) ? string.Format("pkg:nuget/{0}@{1}", package.Name, package.Version) : string.Format("pkg:nuget/{0}/{1}@{2}", package.Group, package.Name, package.Version); SBom.AppendLine("\t\t<component type =\"library\">"); if (!string.IsNullOrEmpty(package.Group)) { SBom.AppendFormat("\t\t\t<group>{0}</group>\n", package.Group); } SBom.AppendFormat("\t\t\t<name>{0}</name>\n", package.Name); SBom.AppendFormat("\t\t\t<version>{0}</version>\n", package.Version); SBom.AppendFormat("\t\t\t<purl>{0}</purl>\n", purl); if ((package_vulnerabilities.Count() != 0) && (package_vulnerabilities.Count(v => v.PackageVersionIsInRange) > 0)) { SBom.AppendLine("\t\t\t<v:vulnerabilities>"); var matched_vulnerabilities = package_vulnerabilities.Where(v => v.PackageVersionIsInRange).ToList(); int matched_vulnerabilities_count = matched_vulnerabilities.Count; matched_vulnerabilities.ForEach(v => { SBom.AppendFormat("\t\t\t\t<v:vulnerability ref=\"{0}\">\n", purl); SBom.AppendFormat("\t\t\t\t\t<v:id>{0}</v:id>\n", v.CVE != null && v.CVE.Length > 0 ? v.CVE.First() : v.Id); SBom.AppendLine("\t\t\t\t</v:vulnerability>"); c++; }); SBom.AppendLine("\t\t\t</v:vulnerabilities>"); } SBom.AppendLine("\t\t</component>"); packages_processed++; } SBom.AppendLine("\t</components>\n</bom>"); AuditEnvironment.Debug("SBOM:\n{0}", SBom.ToString()); HttpClient.DefaultRequestHeaders.Accept.Clear(); //HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/xml")); var req = string.Format("/api/v2/scan/applications/{0}/sources/devaudit", IQServerInternalAppId); var content = new StringContent(SBom.ToString(), Encoding.UTF8, "application/xml"); var response = await HttpClient.PostAsync(req, content); if (!response.IsSuccessStatusCode) { return(false); } string json = await response.Content.ReadAsStringAsync(); AuditEnvironment.Debug("JSON response from IQ Server at {0}: {1}", IQServerUrl.ToString(), json); var status = JsonConvert.DeserializeObject <IQServerStatus>(json); AuditEnvironment.Info("IQ Server report complete. {0} components with {1} vulnerabilities submitted. Scan status is at: {2}{3}", packages_count, c, IQServerUrl.ToString(), status.statusUrl); return(true); }