public static Fortify_Scan mapScanDetails(this Fortify_Scan fortifyScan) { var fvdl = fortifyScan._fvdl; fortifyScan.BuildID = fvdl.Build.BuildID; fortifyScan.Loc = fvdl.Build.LOC; fortifyScan.SourceBasePath = fvdl.Build.SourceBasePath; fortifyScan.ScanTime = fvdl.Build.ScanTime.value; fortifyScan.CreatedDateTime = DateTime.Parse("{0} {1}".format(fortifyScan._fvdl.CreatedTS.date.ToShortDateString(), fortifyScan._fvdl.CreatedTS.time.ToLongTimeString())); fortifyScan.Errors = fvdl.EngineData.Errors.str() != "<Errors xmlns=\"xmlns://www.fortifysoftware.com/schema/fvdl\" />" ? fvdl.EngineData.Errors.str() : ""; foreach (var file in fvdl.Build.SourceFiles.File) { fortifyScan.ScannedFiles.Add(new Fortify_ScannedFile() { Loc = file.loc, Size = file.size, Timestamp = file.timestamp, Type = file.type, Path = file.TypedValue }); } return(fortifyScan); }
public static Fortify_Scan mapSources(this Fortify_Scan fortifyScan) { foreach (var source in fortifyScan._fvdl.ProgramData.Sources.SourceInstance) { try { var fortifySource = new Fortify_Source() { RuleID = source.ruleID.str(), }; if (source.FunctionCall.notNull()) { fortifySource.Function_Call = new Fortify_Function(source.FunctionCall.Function.name, source.FunctionCall.SourceLocation); } if (source.FunctionCall.notNull()) { fortifySource.Function_Entry = new Fortify_Function(source.FunctionCall.Function.name, source.FunctionCall.SourceLocation); } if (source.TaintFlags.notNull()) { fortifySource.TaintFlags = (from taintFlag in source.TaintFlags.TaintFlag select taintFlag.name).toList(); } fortifyScan.Sources.Add(fortifySource); } catch (Exception ex) { "Error Adding Source: {0}".error(ex.Message); } } return(fortifyScan); }
public Fortify_Scan convertToFortifyScan(string fvdlFile) { var scan = new Fortify_Scan(); scan._fvdl = loadFvdl_Raw(fvdlFile); scan.mapFvdlData(); return(scan); }
public static Fortify_Scan mapFvdlData(this Fortify_Scan fortifyScan) { var o2Timer = new O2Timer("Mapped Fvdl Data").start(); fortifyScan.mapScanDetails() .mapContextPool() .mapDescriptions() .mapCalledWithNoDefs() .mapSinks() .mapSources() .mapSnippets() .mapVulnerabilities(); o2Timer.stop(); return(fortifyScan); }
public static Fortify_Scan mapCalledWithNoDefs(this Fortify_Scan fortifyScan) { //have to map this using the xElement because the xsd/cs schema doesn't support it (at the moment) //return _fortifyScan._fvdl.ProgramData.CalledWithNoDef[0].attribute("name").value(); foreach (var function in fortifyScan._fvdl.ProgramData.CalledWithNoDef.xElement().elements()) { fortifyScan.CalledWithNoDefs.Add( new Fortify_CalledWithNoDef() { Name = function.attribute("name").value(), Namespace = function.attribute("namespace").value(), EnclosingClass = function.attribute("enclosingClass").value() }); } return(fortifyScan); }
public static Fortify_Scan mapSnippets(this Fortify_Scan fortifyScan) { foreach (var snippet in fortifyScan._fvdl.Snippets.Snippet) { fortifyScan.Snippets.Add( new Fortify_Snippet() { Id = snippet.id.str(), Text = snippet.Text, CodeLocation = new Fortify_CodeLocation() { Path = snippet.File, Line = snippet.StartLine, LineEnd = snippet.EndLine } }); } return(fortifyScan); }
public static Fortify_Scan mapSinks(this Fortify_Scan fortifyScan) { foreach (var sink in fortifyScan._fvdl.ProgramData.Sinks.SinkInstance) { try { fortifyScan.Sinks.Add( new Fortify_Sink() { RuleID = sink.ruleID.str(), Function_Call = new Fortify_Function(sink.FunctionCall.Function.name, sink.FunctionCall.SourceLocation) }); } catch (Exception ex) { "Error Adding Sink: {0}".error(ex.Message); } } return(fortifyScan); }
public static Fortify_Scan mapContextPool(this Fortify_Scan fortifyScan) { foreach (var context in fortifyScan._fvdl.ContextPool.Context) { try { fortifyScan.Contexts.Add( new Fortify_Context() { Id = context.id.str(), Function = new Fortify_Function(context.Function.name, context.FunctionDeclarationSourceLocation) }); } catch (Exception ex) { "Error Adding ContextPool Item: {0}".error(ex.Message); } } return(fortifyScan); }
public static Fortify_Scan mapDescriptions(this Fortify_Scan fortifyScan) { foreach (var description in fortifyScan._fvdl.Description) { var fortifyDescription = new Fortify_Description { Abstract = description.Abstract, ClassID = description.classID, ContentType = description.contentType, Explanation = description.Explanation, Recommendations = description.Recommendations, }; if (description.Tips.notNull()) { foreach (var tip in description.Tips.Tip) { fortifyDescription.Tips.Add(tip); } } fortifyScan.Descriptions.add(fortifyDescription); } return(fortifyScan); }
public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan) { foreach (var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability) { if (vulnerability.notNull()) { var fortifyVulnerability = new Fortify_Vulnerability(); //from ClassInfo fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName; fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID; fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity; fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom; fortifyVulnerability.Type = vulnerability.ClassInfo.Type; fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype; //from fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID; fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity; fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence; // //from AnalysisInfo var analysisInfo = vulnerability.AnalysisInfo; if (analysisInfo.Unified.notNull()) { if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull()) { fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name, analysisInfo.Unified.Context.FunctionDeclarationSourceLocation); } if (analysisInfo.Unified.ReplacementDefinitions.notNull()) { foreach (var def in analysisInfo.Unified.ReplacementDefinitions.Def) { fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value); } } foreach (var trace in analysisInfo.Unified.Trace) { foreach (var entry in trace.Primary.Entry) { var traceEntry = new Fortify_TraceEntry(); if (entry.NodeRef.notNull()) { traceEntry.NodeRefId = entry.NodeRef.id; } if (entry.Node.notNull()) { var node = entry.Node; traceEntry.DetailsOnly = node.detailsOnly ?? false; traceEntry.IsDefault = node.isDefault ?? false; traceEntry.Label = node.label ?? ""; if (node.Action.notNull()) { traceEntry.ActionType = node.Action.type; traceEntry.ActionValue = node.Action.TypedValue; } if (node.Knowledge.notNull()) { foreach (var fact in node.Knowledge.Fact) { traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact() { Primary = fact.primary, Type = fact.type, Value = fact.TypedValue }); } } if (node.Reason.notNull()) { traceEntry.Reason_RuleId = node.Reason.Rule.notNull() ? node.Reason.Rule.ruleID : ""; traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull() ? node.Reason.TraceRef.str() : ""; traceEntry.Reason_Internal = node.Reason.Internal.notNull() ? node.Reason.Internal.str() : ""; } if (node.SourceLocation.notNull()) { traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation); traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0; traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet; } if (node.SecondaryLocation.notNull()) { traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation); traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet; } } fortifyVulnerability.Traces.Add(traceEntry); } } } fortifyScan.Vulnerabilities.add(fortifyVulnerability); } } return(fortifyScan); }
public Fortify_Scan convertToFortifyScan(string fvdlFile) { var scan = new Fortify_Scan(); scan._fvdl = loadFvdl_Raw(fvdlFile); scan.mapFvdlData(); return scan; }