public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan)
{
foreach (var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability)
{
if (vulnerability.notNull())
{
var fortifyVulnerability = new Fortify_Vulnerability();
//from ClassInfo
fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName;
fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID;
fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity;
fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom;
fortifyVulnerability.Type = vulnerability.ClassInfo.Type;
fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype;
//from
fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID;
fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity;
fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence;
//
//from AnalysisInfo
var analysisInfo = vulnerability.AnalysisInfo;
if (analysisInfo.Unified.notNull())
{
if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull())
{
fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name,
analysisInfo.Unified.Context.FunctionDeclarationSourceLocation);
}
if (analysisInfo.Unified.ReplacementDefinitions.notNull())
{
foreach (var def in analysisInfo.Unified.ReplacementDefinitions.Def)
{
fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value);
}
}
foreach (var trace in analysisInfo.Unified.Trace)
{
foreach (var entry in trace.Primary.Entry)
{
var traceEntry = new Fortify_TraceEntry();
if (entry.NodeRef.notNull())
{
traceEntry.NodeRefId = entry.NodeRef.id;
}
if (entry.Node.notNull())
{
var node = entry.Node;
traceEntry.DetailsOnly = node.detailsOnly ?? false;
traceEntry.IsDefault = node.isDefault ?? false;
traceEntry.Label = node.label ?? "";
if (node.Action.notNull())
{
traceEntry.ActionType = node.Action.type;
traceEntry.ActionValue = node.Action.TypedValue;
}
if (node.Knowledge.notNull())
{
foreach (var fact in node.Knowledge.Fact)
{
traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact()
{
Primary = fact.primary,
Type = fact.type,
Value = fact.TypedValue
});
}
}
if (node.Reason.notNull())
{
traceEntry.Reason_RuleId = node.Reason.Rule.notNull()
? node.Reason.Rule.ruleID
: "";
traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull()
? node.Reason.TraceRef.str()
: "";
traceEntry.Reason_Internal = node.Reason.Internal.notNull()
? node.Reason.Internal.str()
: "";
}
if (node.SourceLocation.notNull())
{
traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation);
traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0;
traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet;
}
if (node.SecondaryLocation.notNull())
{
traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation);
traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet;
}
}
fortifyVulnerability.Traces.Add(traceEntry);
}
}
}
fortifyScan.Vulnerabilities.add(fortifyVulnerability);
}
}
return(fortifyScan);
}
public static Fortify_Scan mapVulnerabilities(this Fortify_Scan fortifyScan)
{
foreach(var vulnerability in fortifyScan._fvdl.Vulnerabilities.Vulnerability)
if (vulnerability.notNull())
{
var fortifyVulnerability = new Fortify_Vulnerability();
//from ClassInfo
fortifyVulnerability.AnalyzerName = vulnerability.ClassInfo.AnalyzerName;
fortifyVulnerability.ClassId = vulnerability.ClassInfo.ClassID;
fortifyVulnerability.DefaultSeverity = vulnerability.ClassInfo.DefaultSeverity;
fortifyVulnerability.Kingdom = vulnerability.ClassInfo.Kingdom;
fortifyVulnerability.Type = vulnerability.ClassInfo.Type;
fortifyVulnerability.SubType = vulnerability.ClassInfo.Subtype;
//from
fortifyVulnerability.InstanceId = vulnerability.InstanceInfo.InstanceID;
fortifyVulnerability.InstanceSeverity = vulnerability.InstanceInfo.InstanceSeverity;
fortifyVulnerability.Confidence = vulnerability.InstanceInfo.Confidence;
//
//from AnalysisInfo
var analysisInfo = vulnerability.AnalysisInfo;
if (analysisInfo.Unified.notNull())
{
if (analysisInfo.Unified.Context.notNull() && analysisInfo.Unified.Context.Function.notNull())
fortifyVulnerability.Context = new Fortify_Function(analysisInfo.Unified.Context.Function.name,
analysisInfo.Unified.Context.FunctionDeclarationSourceLocation);
if (analysisInfo.Unified.ReplacementDefinitions.notNull())
foreach(var def in analysisInfo.Unified.ReplacementDefinitions.Def)
fortifyVulnerability.ReplacementDefinitions.Definitions.add(def.key, def.value);
foreach(var trace in analysisInfo.Unified.Trace)
foreach(var entry in trace.Primary.Entry)
{
var traceEntry = new Fortify_TraceEntry();
if (entry.NodeRef.notNull())
traceEntry.NodeRefId = entry.NodeRef.id;
if (entry.Node.notNull())
{
var node = entry.Node;
traceEntry.DetailsOnly = node.detailsOnly ?? false;
traceEntry.IsDefault = node.isDefault ?? false;
traceEntry.Label = node.label ?? "";
if (node.Action.notNull())
{
traceEntry.ActionType = node.Action.type;
traceEntry.ActionValue = node.Action.TypedValue;
}
if (node.Knowledge.notNull())
{
foreach(var fact in node.Knowledge.Fact)
traceEntry.KnowledgeFacts.Add(new Fortify_TraceEntryFact()
{
Primary = fact.primary,
Type = fact.type,
Value = fact.TypedValue
});
}
if (node.Reason.notNull())
{
traceEntry.Reason_RuleId = node.Reason.Rule.notNull()
? node.Reason.Rule.ruleID
: "";
traceEntry.Reason_TraceRef = node.Reason.TraceRef.notNull()
? node.Reason.TraceRef.str()
: "";
traceEntry.Reason_Internal = node.Reason.Internal.notNull()
? node.Reason.Internal.str()
: "";
}
if (node.SourceLocation.notNull())
{
traceEntry.SourceLocation = new Fortify_CodeLocation(node.SourceLocation);
traceEntry.SourceLocation_ContextId = node.SourceLocation.contextId ?? 0;
traceEntry.SourceLocation_Snippet = node.SourceLocation.snippet;
}
if (node.SecondaryLocation.notNull())
{
traceEntry.SecundaryLocation = new Fortify_CodeLocation(node.SecondaryLocation);
traceEntry.SecundaryLocation_Snippet = node.SecondaryLocation.snippet;
}
}
fortifyVulnerability.Traces.Add(traceEntry);
}
}
fortifyScan.Vulnerabilities.add(fortifyVulnerability);
}
return fortifyScan;
}