protected static bool IsRedBall(FortifyIssue issue) { if ( issue.IssueName.Contains("Cross-Site Scripting: DOM", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Cross-Site Scripting: Reflected", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Cross-Site Scripting: Stored", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("XSS: DOM", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("XSS: Reflected", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("XSS: Stored", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Code Injection", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Dynamic Code Evaluation: Script Injection", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("JSON Injection", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Link Injection: Auto Dial", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("SQL injection", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("XML External Entity Injection", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Process Control", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("ASP.NET Misconfiguration: Use of Impersonation Context", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Path Manipulation", StringComparison.InvariantCultureIgnoreCase) || issue.IssueName.Contains("Setting Manipulation", StringComparison.InvariantCultureIgnoreCase) || IsSonaTypeRedBall(issue) ) { return(true); } return(false); }
private static bool IsSonaTypeRedBall(FortifyIssue issue) { if (issue.EngineType.Equals("SONATYPE", StringComparison.InvariantCultureIgnoreCase) && (issue.friority.Equals("Critical", StringComparison.InvariantCultureIgnoreCase) || issue.friority.Equals("High", StringComparison.InvariantCultureIgnoreCase))) { return(true); } return(false); }