/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; var tool = new Tool { Name = "StaticDriverVerifier", }; var fileInfoFactory = new FileInfoFactory(null); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List<Notification>(); var results = GetResultsFromStream(input); var tool = new Tool { Name = "Semmle" }; output.Initialize(id: null, correlationId: null); output.WriteTool(tool); output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
/// <summary> /// Interface implementation that takes a CppChecker log stream and converts its data to a SARIF json stream. /// Read in CppChecker data from an input stream and write Result objects. /// </summary> /// <param name="input">Stream of a CppChecker log</param> /// <param name="output">SARIF json stream of the converted CppChecker log</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, NameTable = _nameTable, XmlResolver = null }; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { ProcessCppCheckLog(xmlReader, output); } }
/// <summary> /// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output. /// </summary> /// <param name="input">The Android Studio formatted log.</param> /// <param name="output">The SarifLog to write the output to.</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } LogicalLocationsDictionary.Clear(); XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true, NameTable = _nameTable, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; ISet<Result> results; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { results = ProcessAndroidStudioLog(xmlReader); } var tool = new Tool { Name = "AndroidStudio" }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); PylintLog log = logReader.ReadLog(input); var results = new List <Result>(); foreach (PylintLogEntry entry in log) { results.Add(CreateResult(entry)); } PersistResults(output, results); }
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } try { XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var results = new List <Result>(); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, results); } } } PersistResults(output, results); } finally { _files = null; } }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw (new ArgumentNullException(nameof(input))); } if (output == null) { throw (new ArgumentNullException(nameof(output))); } LogicalLocationsDictionary.Clear(); var context = new FxCopLogReader.Context(); var results = new List<Result>(); var reader = new FxCopLogReader(); reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); Tool tool = new Tool { Name = "FxCop" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw (new ArgumentNullException("input")); } if (output == null) { throw (new ArgumentNullException("output")); } LogicalLocationsDictionary.Clear(); var context = new FxCopLogReader.Context(); var results = new List <Result>(); var reader = new FxCopLogReader(); reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); Tool tool = new Tool { Name = "FxCop" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _fullMessageHashes.Clear(); IList <Result> results = GetResults(input); PersistResults(output, results); }
/// <summary> /// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output. /// </summary> /// <param name="input">The Android Studio formatted log.</param> /// <param name="output">The SarifLog to write the output to.</param> public void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException("input"); } if (output == null) { throw new ArgumentNullException("output"); } XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true, NameTable = _nameTable, DtdProcessing = DtdProcessing.Ignore }; IList <Result> results; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { results = ProcessAndroidStudioLog(xmlReader); } var tool = new Tool { Name = "AndroidStudio" }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java); Dictionary <string, IList <FileData> > fileDictionary = fileInfoFactory.Create(results); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary>Processes an Android Studio log and writes issues therein to an instance of /// <see cref="IResultLogWriter"/>.</summary> /// <param name="xmlReader">The XML reader from which AndroidStudio format shall be read.</param> /// <param name="output">The <see cref="IResultLogWriter"/> to write the output to.</param> private void ProcessAndroidStudioLog(XmlReader xmlReader, IResultLogWriter output) { int problemsDepth = xmlReader.Depth; xmlReader.ReadStartElement(_strings.Problems); while (xmlReader.Depth > problemsDepth) { var problem = AndroidStudioProblem.Parse(xmlReader, _strings); if (problem != null) { output.WriteResult(AndroidStudioConverter.ConvertProblemToSarifIssue(problem)); } } xmlReader.ReadEndElement(); // </problems> }
/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; PersistResults(output, results); }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _invocation = new Invocation(); _invocation.ToolExecutionNotifications = new List <Notification>(); _invocation.ExecutionSuccessful = true; _files.Clear(); _rules.Clear(); _ruleIdToIndexMap.Clear(); _cweIds.Clear(); _nodeDictionary.Clear(); _snippetDictionary.Clear(); // Uncomment following Line to fetch FVDL content from any FPR file. This is not needed for conversion. // However, we keep a copy of FVDL for each test file for debugging purposes. // string fvdlContent = ExtractFvdl(OpenAuditFvdlReader(input)); // Parse everything except vulnerabilities (building maps to write Results as-we-go next pass) ParseAuditStream_PassOne(OpenAuditFvdlReader(input)); // Add Snippets to NodePool Nodes which referenced them (Snippets appear after the NodePool in Fortify files) AddSnippetsToNodes(); // Create the Sarif Run itself to report Run run = CreateSarifRun(); // Write the Run itself output.Initialize(run); output.OpenResults(); // Parse the Vulnerabilities, writing as we go ParseAuditStream_PassTwo(OpenAuditFvdlReader(input), output); // Close the Results array output.CloseResults(); }
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> public void Convert(Stream input, IResultLogWriter output) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException("input"); } if (output == null) { throw new ArgumentNullException("output"); } try { XmlReaderSettings settings = new XmlReaderSettings(); settings.IgnoreWhitespace = true; settings.DtdProcessing = DtdProcessing.Ignore; ToolInfo toolInfo = new ToolInfo(); toolInfo.Name = "Clang"; output.WriteToolAndRunInfo(toolInfo, null); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { XmlNodeType nodeType = xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, output); } } } } finally { _files = null; } }
protected static Run PersistResults(IResultLogWriter output, IList <Result> results, Run run) { output.Initialize(run); run.Results = results; var visitor = new AddFileReferencesVisitor(); visitor.VisitRun(run); if (run.Results != null) { output.OpenResults(); output.WriteResults(run.Results); output.CloseResults(); } return(run); }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List <Notification>(); var results = GetResultsFromStream(input); PersistResults(output, results); }
/// <summary> /// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output. /// </summary> /// <param name="input">The Android Studio formatted log.</param> /// <param name="output">The SarifLog to write the output to.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } LogicalLocations.Clear(); XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true, NameTable = _nameTable, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; IList <Result> results; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { results = ProcessAndroidStudioLog(xmlReader); } var run = new Run() { Tool = new Tool { Driver = new ToolComponent { Name = ToolName } }, ColumnKind = ColumnKind.Utf16CodeUnits, LogicalLocations = this.LogicalLocations, }; PersistResults(output, results, run); }
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); output.Initialize(id: null, automationId: null); var tool = new Tool { Name = ToolFormat.PREfast, FullName = "PREfast Code Analysis" }; output.WriteTool(tool); XmlReaderSettings settings = new XmlReaderSettings { XmlResolver = null }; var serializer = new XmlSerializer(typeof(DefectList)); using (var reader = XmlReader.Create(input, settings)) { var defectList = (DefectList)serializer.Deserialize(reader); var results = new List <Result>(); foreach (Defect entry in defectList.Defects) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List <Notification>(); var results = GetResultsFromStream(input); var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var tool = new Tool { Name = "Semmle QL" }; var run = new Run() { Tool = tool }; output.Initialize(run); output.WriteFiles(fileDictionary); output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); LogicalLocations.Clear(); XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var serializer = new XmlSerializer(typeof(DefectList)); using (var reader = XmlReader.Create(input, settings)) { var defectList = (DefectList)serializer.Deserialize(reader); var results = new List <Result>(); foreach (Defect entry in defectList.Defects) { results.Add(CreateResult(entry)); } var run = new Run() { Tool = new Tool { Driver = new ToolComponent { Name = ToolName, FullName = "PREfast Code Analysis" } }, ColumnKind = ColumnKind.Utf16CodeUnits, LogicalLocations = LogicalLocations }; PersistResults(output, results, run); } }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw (new ArgumentNullException(nameof(input))); } if (output == null) { throw (new ArgumentNullException(nameof(output))); } LogicalLocations.Clear(); var context = new FxCopLogReader.Context(); var results = new List <Result>(); var rules = new List <ReportingDescriptor>(); var reader = new FxCopLogReader(); reader.RuleRead += (FxCopLogReader.Context current) => { rules.Add(CreateRule(current)); }; reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); var run = new Run() { Tool = new Tool { Driver = new ToolComponent { Name = ToolName, Rules = rules } }, }; PersistResults(output, results, run); output.WriteLogicalLocations(LogicalLocations); }
/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; var tool = new Tool { Name = "StaticDriverVerifier", }; var fileInfoFactory = new FileInfoFactory(null, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); TSLintLog tsLintLog = logReader.ReadLog(input); Tool tool = new Tool { Name = "TSLint" }; var run = new Run() { Tool = tool }; output.Initialize(run); var results = new List <Result>(); foreach (TSLintLogEntry entry in tsLintLog) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation that takes a CppChecker log stream and converts its data to a SARIF json stream. /// Read in CppChecker data from an input stream and write Result objects. /// </summary> /// <param name="input">Stream of a CppChecker log</param> /// <param name="output">SARIF json stream of the converted CppChecker log</param> public void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException("input"); } if (output == null) { throw new ArgumentNullException("output"); } XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, NameTable = _nameTable }; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { ProcessCppCheckLog(xmlReader, output); } }
private void ReadDiagnostics(XmlReader xmlReader, IResultLogWriter output) { xmlReader.Read(); // Read past the "array" element start. while (xmlReader.Read()) { if (xmlReader.NodeType == XmlNodeType.Element) { if (xmlReader.Name.Equals(ClangSchemaStrings.DictionaryName)) { using (var subTreeReader = xmlReader.ReadSubtree()) { IDictionary <string, object> dictionary = ReadDictionary(subTreeReader); this.LogIssue(dictionary, output); } } } if (xmlReader.NodeType == XmlNodeType.EndElement && xmlReader.Name == ClangSchemaStrings.ArrayName) { break; } } }
/// <summary> /// Interface implementation for converting a stream of Fortify report in XML format to a /// SARIF json format stream. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream of the Fortify report.</param> /// <param name="output">Stream of SARIF json.</param> public void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException("input"); } if (output == null) { throw new ArgumentNullException("output"); } output.WriteToolAndRunInfo(new ToolInfo { Name = "Fortify" }, null); var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, IgnoreWhitespace = true, NameTable = _nameTable }; using (XmlReader reader = XmlReader.Create(input, settings)) { while (reader.Read()) { while (Ref.Equal(reader.LocalName, _strings.Issue)) { FortifyIssue fortify = FortifyIssue.Parse(reader, _strings); output.WriteResult(ConvertFortifyIssueToSarifIssue(fortify)); } } } }
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output) { reader.ReadStartElement(_strings.Results); if (!Ref.Equal(reader.LocalName, _strings.CppCheck)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } string version = reader.GetAttribute(_strings.Version); if (version != null && !version.IsSemanticVersioningCompatible()) { // This logic only fixes up simple cases, such as being passed // 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also // strips Revision member if passed a complete .NET version. Version dotNetVersion; if (Version.TryParse(version, out dotNetVersion)) { version = Math.Max(0, dotNetVersion.Major) + "." + Math.Max(0, dotNetVersion.Minor) + "." + Math.Max(0, dotNetVersion.Build); } } if (String.IsNullOrWhiteSpace(version)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } reader.Skip(); // <cppcheck /> if (!Ref.Equal(reader.LocalName, _strings.Errors)) { throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing); } var results = new List<Result>(); if (reader.IsEmptyElement) { reader.Skip(); // <errors /> } else { int errorsDepth = reader.Depth; reader.Read(); // <errors> while (reader.Depth > errorsDepth) { var parsedError = CppCheckError.Parse(reader, _strings); results.Add(parsedError.ToSarifIssue()); } reader.ReadEndElement(); // </errors> } reader.ReadEndElement(); // </results> var tool = new Tool { Name = "CppCheck", Version = version, }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output, OptionallyEmittedData dataToInsert) { reader.ReadStartElement(_strings.Results); if (!StringReference.AreEqual(reader.LocalName, _strings.CppCheck)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } string version = reader.GetAttribute(_strings.Version); if (version != null && !version.IsSemanticVersioningCompatible()) { // This logic only fixes up simple cases, such as being passed // 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also // strips Revision member if passed a complete .NET version. Version dotNetVersion; if (Version.TryParse(version, out dotNetVersion)) { version = Math.Max(0, dotNetVersion.Major) + "." + Math.Max(0, dotNetVersion.Minor) + "." + Math.Max(0, dotNetVersion.Build); } } if (String.IsNullOrWhiteSpace(version)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } reader.Skip(); // <cppcheck /> if (!StringReference.AreEqual(reader.LocalName, _strings.Errors)) { throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing); } var results = new List <Result>(); if (reader.IsEmptyElement) { reader.Skip(); // <errors /> } else { int errorsDepth = reader.Depth; reader.Read(); // <errors> while (reader.Depth > errorsDepth) { var parsedError = CppCheckError.Parse(reader, _strings); results.Add(parsedError.ToSarifIssue()); } reader.ReadEndElement(); // </errors> } reader.ReadEndElement(); // </results> var tool = new Tool { Name = "CppCheck", Version = version, }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> public override void Convert(Stream input, IResultLogWriter output) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } try { XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var results = new List<Result>(); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, results); } } } var tool = new Tool { Name = "Clang" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } finally { _files = null; } }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _invocation = new Invocation(); _invocation.ToolExecutionNotifications = new List <Notification>(); _results.Clear(); _files.Clear(); _rules.Clear(); _ruleIdToIndexMap.Clear(); _tflToNodeIdDictionary.Clear(); _tflToSnippetIdDictionary.Clear(); _locationToSnippetIdDictionary.Clear(); _resultToSnippetIdDictionary.Clear(); _resultToReplacementDefinitionDictionary.Clear(); _nodeIdToLocationDictionary.Clear(); _nodeIdToActionTypeDictionary.Clear(); _snippetIdToRegionsDictionary.Clear(); ParseFprFile(input); AddMessagesToResults(); AddSnippetsToResults(); AddNodeLocationsToThreadFlowLocations(); AddSnippetsToThreadFlowLocations(); var run = new Run() { Id = new RunAutomationDetails { InstanceGuid = _runId, InstanceId = _automationId + "/" }, Artifacts = new List <Artifact>(_files), Tool = new Tool { Driver = new ToolComponent { Name = ToolName, RuleDescriptors = _rules } }, Invocations = new[] { _invocation }, }; if (!string.IsNullOrWhiteSpace(_originalUriBasePath)) { if (_originalUriBasePath.StartsWith("/") && _invocation.GetProperty("Platform") == "Linux") { _originalUriBasePath = "file:/" + _originalUriBasePath; } if (Uri.TryCreate(_originalUriBasePath, UriKind.Absolute, out Uri uri)) { run.OriginalUriBaseIds = new Dictionary <string, ArtifactLocation> { { FileLocationUriBaseId, new ArtifactLocation { Uri = uri } } }; } } PersistResults(output, _results, run); }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw (new ArgumentNullException(nameof(input))); } if (output == null) { throw (new ArgumentNullException(nameof(output))); } LogicalLocationsDictionary.Clear(); var context = new FxCopLogReader.Context(); var results = new List<Result>(); var rules = new List<Rule>(); var reader = new FxCopLogReader(); reader.RuleRead += (FxCopLogReader.Context current) => { rules.Add(CreateRule(current)); }; reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); Tool tool = new Tool { Name = "FxCop" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (rules.Count > 0) { var rulesDictionary = new Dictionary<string, IRule>(); foreach (Rule rule in rules) { rulesDictionary[rule.Id] = rule; } output.WriteRules(rulesDictionary); } }
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _invocation = new Invocation(); _invocation.ToolExecutionNotifications = new List <Notification>(); _invocation.ExecutionSuccessful = true; _results.Clear(); _files.Clear(); _rules.Clear(); _ruleIdToIndexMap.Clear(); _cweIds.Clear(); _tflToNodeIdDictionary.Clear(); _tflToSnippetIdDictionary.Clear(); _locationToSnippetIdDictionary.Clear(); _resultToSnippetIdDictionary.Clear(); _resultToReplacementDefinitionDictionary.Clear(); _nodeIdToLocationDictionary.Clear(); _nodeIdToActionTypeDictionary.Clear(); _snippetIdToRegionsDictionary.Clear(); ParseFprFile(input); AddMessagesToResults(); AddSnippetsToResults(); AddNodeLocationsToThreadFlowLocations(); AddSnippetsToThreadFlowLocations(); var run = new Run() { AutomationDetails = new RunAutomationDetails { Guid = _runId, Id = _automationId + "/" }, Artifacts = _files.OrderBy(d => d.Value.Item2) .Select(p => p.Value) .Select(t => t.Item1) .ToList() as IList <Artifact>, Tool = new Tool { Driver = new ToolComponent { Name = ToolName, Rules = _rules, SupportedTaxonomies = new List <ToolComponentReference> { new ToolComponentReference { Name = "CWE", Index = 0, Guid = "2B841697-D0DE-45DD-9F19-1EEE1312429" } } } }, Taxonomies = new List <ToolComponent> { CweToolComponent }, Invocations = new[] { _invocation }, }; if (_cweIds.Count > 0) { run.Taxonomies[0].Taxa = _cweIds.Select(c => new ReportingDescriptor { Id = c }).ToList(); } if (!string.IsNullOrWhiteSpace(_originalUriBasePath)) { if (_originalUriBasePath.StartsWith("/") && _invocation.GetProperty("Platform") == "Linux") { _originalUriBasePath = "file:/" + _originalUriBasePath; } if (Uri.TryCreate(_originalUriBasePath, UriKind.Absolute, out Uri uri)) { run.OriginalUriBaseIds = new Dictionary <string, ArtifactLocation> { { FileLocationUriBaseId, new ArtifactLocation { Uri = uri } } }; } } PersistResults(output, _results, run); }
/// <summary> /// Interface implementation for converting a stream of Fortify report in XML format to a /// SARIF json format stream. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream of the Fortify report.</param> /// <param name="output">Stream of SARIF json.</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, IgnoreWhitespace = true, NameTable = _nameTable, XmlResolver = null }; var results = new List<Result>(); using (XmlReader reader = XmlReader.Create(input, settings)) { while (reader.Read()) { while (Ref.Equal(reader.LocalName, _strings.Issue)) { FortifyIssue fortify = FortifyIssue.Parse(reader, _strings); results.Add(ConvertFortifyIssueToSarifIssue(fortify)); } } } var tool = new Tool { Name = "Fortify" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public abstract void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions);
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> /// <param name="loggingOptions">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } try { XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var results = new List <Result>(); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, results); } } } var tool = new Tool { Name = "Clang" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, automationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } finally { _files = null; } }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { }
public abstract void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert);
public override void Convert(Stream input, IResultLogWriter output) { throw new NotImplementedException(); }
public abstract void Convert(Stream input, IResultLogWriter output);