public void Convert(PumaLog pumaLog, IResultLogWriter output) { pumaLog = pumaLog ?? throw new ArgumentNullException(nameof(pumaLog)); output = output ?? throw new ArgumentNullException(nameof(output)); var run = new Run() { Tool = new Tool { Name = "Puma Scan" } }; output.Initialize(run); var results = new List <Result>(); foreach (PumaLogEntry entry in pumaLog) { results.Add(CreateResult(entry)); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; var tool = new Tool { Name = "StaticDriverVerifier", }; var fileInfoFactory = new FileInfoFactory(null); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output. /// </summary> /// <param name="input">The Android Studio formatted log.</param> /// <param name="output">The SarifLog to write the output to.</param> /// <param name="dataToInsert">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } LogicalLocationsDictionary.Clear(); XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true, NameTable = _nameTable, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; ISet <Result> results; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { results = ProcessAndroidStudioLog(xmlReader); } var tool = new Tool { Name = "AndroidStudio" }; var fileInfoFactory = new FileInfoFactory(null, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); PylintLog log = logReader.ReadLog(input); Tool tool = new Tool { Name = "Pylint" }; output.Initialize(id: null, automationId: null); output.WriteTool(tool); var results = new List <Result>(); foreach (PylintLogEntry entry in log) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <param name="loggingOptions">Logging options that configure output.</param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List <Notification>(); var results = GetResultsFromStream(input); var tool = new Tool { Name = "Semmle QL" }; output.Initialize(id: null, automationId: null); output.WriteTool(tool); output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> /// <param name="loggingOptions">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; var tool = new Tool { Name = "StaticDriverVerifier", }; var fileInfoFactory = new FileInfoFactory(null, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, automationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation for converting a stream of Fortify report in XML format to a /// SARIF json format stream. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream of the Fortify report.</param> /// <param name="output">Stream of SARIF json.</param> /// <param name="dataToInsert">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, IgnoreWhitespace = true, NameTable = _nameTable, XmlResolver = null }; var results = new List <Result>(); using (XmlReader reader = XmlReader.Create(input, settings)) { while (reader.Read()) { while (StringReference.AreEqual(reader.LocalName, _strings.Issue)) { FortifyIssue fortify = FortifyIssue.Parse(reader, _strings); results.Add(ConvertFortifyIssueToSarifIssue(fortify)); } } } var tool = new Tool { Name = "Fortify" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); LogicalLocationsDictionary.Clear(); var tool = new Tool { Name = ToolFormat.PREfast, FullName = "PREfast Code Analysis" }; var run = new Run() { Tool = tool }; output.Initialize(run); XmlReaderSettings settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var serializer = new XmlSerializer(typeof(DefectList)); using (var reader = XmlReader.Create(input, settings)) { var defectList = (DefectList)serializer.Deserialize(reader); var results = new List <Result>(); foreach (Defect entry in defectList.Defects) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="loggingOptions">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var tool = new Tool { Name = FortifyToolName }; _invocation = new Invocation(); _results.Clear(); _toolNotifications.Clear(); _fileDictionary.Clear(); _ruleDictionary.Clear(); _aclToSnippetIdDictionary.Clear(); _resultToSnippetIdDictionary.Clear(); _snippetIdToSnippetTextDictionary.Clear(); ParseFprFile(input); AddMessagesToResults(); AddSnippetsToResults(); AddSnippetsToAnnotatedCodeLocations(); output.Initialize(id: _runId, automationId: _automationId); output.WriteTool(tool); output.WriteInvocation(_invocation); if (_fileDictionary.Any()) { output.WriteFiles(_fileDictionary); } output.OpenResults(); output.WriteResults(_results); output.CloseResults(); if (_ruleDictionary.Any()) { output.WriteRules(_ruleDictionary); } if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw (new ArgumentNullException(nameof(input))); } if (output == null) { throw (new ArgumentNullException(nameof(output))); } LogicalLocationsDictionary.Clear(); var context = new FxCopLogReader.Context(); var results = new List <Result>(); var reader = new FxCopLogReader(); reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); Tool tool = new Tool { Name = "FxCop" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Convert FxCop log to SARIF format stream /// </summary> /// <param name="input">FxCop log stream</param> /// <param name="output">output stream</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw (new ArgumentNullException(nameof(input))); } if (output == null) { throw (new ArgumentNullException(nameof(output))); } LogicalLocationsDictionary.Clear(); var context = new FxCopLogReader.Context(); var results = new List<Result>(); var reader = new FxCopLogReader(); reader.ResultRead += (FxCopLogReader.Context current) => { results.Add(CreateResult(current)); }; reader.Read(context, input); Tool tool = new Tool { Name = "FxCop" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _invocation = new Invocation(); _invocation.ToolExecutionNotifications = new List <Notification>(); _invocation.ExecutionSuccessful = true; _files.Clear(); _rules.Clear(); _ruleIdToIndexMap.Clear(); _cweIds.Clear(); _nodeDictionary.Clear(); _snippetDictionary.Clear(); // Uncomment following Line to fetch FVDL content from any FPR file. This is not needed for conversion. // However, we keep a copy of FVDL for each test file for debugging purposes. // string fvdlContent = ExtractFvdl(OpenAuditFvdlReader(input)); // Parse everything except vulnerabilities (building maps to write Results as-we-go next pass) ParseAuditStream_PassOne(OpenAuditFvdlReader(input)); // Add Snippets to NodePool Nodes which referenced them (Snippets appear after the NodePool in Fortify files) AddSnippetsToNodes(); // Create the Sarif Run itself to report Run run = CreateSarifRun(); // Write the Run itself output.Initialize(run); output.OpenResults(); // Parse the Vulnerabilities, writing as we go ParseAuditStream_PassTwo(OpenAuditFvdlReader(input), output); // Close the Results array output.CloseResults(); }
protected static Run PersistResults(IResultLogWriter output, IList <Result> results, Run run) { output.Initialize(run); run.Results = results; var visitor = new AddFileReferencesVisitor(); visitor.VisitRun(run); if (run.Results != null) { output.OpenResults(); output.WriteResults(run.Results); output.CloseResults(); } return(run); }
public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); output.Initialize(id: null, automationId: null); var tool = new Tool { Name = ToolFormat.PREfast, FullName = "PREfast Code Analysis" }; output.WriteTool(tool); XmlReaderSettings settings = new XmlReaderSettings { XmlResolver = null }; var serializer = new XmlSerializer(typeof(DefectList)); using (var reader = XmlReader.Create(input, settings)) { var defectList = (DefectList)serializer.Deserialize(reader); var results = new List <Result>(); foreach (Defect entry in defectList.Defects) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List <Notification>(); var results = GetResultsFromStream(input); var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var tool = new Tool { Name = "Semmle QL" }; var run = new Run() { Tool = tool }; output.Initialize(run); output.WriteFiles(fileDictionary); output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
/// <summary> /// Interface implementation that takes a Static Driver Verifier log stream and converts /// its data to a SARIF json stream. Read in Static Driver Verifier data from an input /// stream and write Result objects. /// </summary> /// <param name="input">Stream of a Static Driver Verifier log</param> /// <param name="output">SARIF json stream of the converted Static Driver Verifier log</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } Result result = ProcessSdvDefectStream(input); var results = new Result[] { result }; var tool = new Tool { Name = "StaticDriverVerifier", }; var fileInfoFactory = new FileInfoFactory(null, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { input = input ?? throw new ArgumentNullException(nameof(input)); output = output ?? throw new ArgumentNullException(nameof(output)); TSLintLog tsLintLog = logReader.ReadLog(input); Tool tool = new Tool { Name = "TSLint" }; var run = new Run() { Tool = tool }; output.Initialize(run); var results = new List <Result>(); foreach (TSLintLogEntry entry in tsLintLog) { results.Add(CreateResult(entry)); } var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); if (fileDictionary?.Any() == true) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output) { reader.ReadStartElement(_strings.Results); if (!Ref.Equal(reader.LocalName, _strings.CppCheck)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } string version = reader.GetAttribute(_strings.Version); if (version != null && !version.IsSemanticVersioningCompatible()) { // This logic only fixes up simple cases, such as being passed // 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also // strips Revision member if passed a complete .NET version. Version dotNetVersion; if (Version.TryParse(version, out dotNetVersion)) { version = Math.Max(0, dotNetVersion.Major) + "." + Math.Max(0, dotNetVersion.Minor) + "." + Math.Max(0, dotNetVersion.Build); } } if (String.IsNullOrWhiteSpace(version)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } reader.Skip(); // <cppcheck /> if (!Ref.Equal(reader.LocalName, _strings.Errors)) { throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing); } var results = new List<Result>(); if (reader.IsEmptyElement) { reader.Skip(); // <errors /> } else { int errorsDepth = reader.Depth; reader.Read(); // <errors> while (reader.Depth > errorsDepth) { var parsedError = CppCheckError.Parse(reader, _strings); results.Add(parsedError.ToSarifIssue()); } reader.ReadEndElement(); // </errors> } reader.ReadEndElement(); // </results> var tool = new Tool { Name = "CppCheck", Version = version, }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation for converting a stream of Fortify report in XML format to a /// SARIF json format stream. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream of the Fortify report.</param> /// <param name="output">Stream of SARIF json.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, IgnoreWhitespace = true, NameTable = _nameTable, XmlResolver = null }; string runDescription = null; var results = new List <Result>(); using (XmlReader reader = XmlReader.Create(input, settings)) { while (reader.Read()) { if (runDescription == null) { // Find the executive summary <ReportSection> element if (StringReference.AreEqual(reader.LocalName, _strings.ReportSection) && reader.IsStartElement()) { reader.Read(); // Move to Title element if (reader.ReadElementContentAsString(_strings.Title, String.Empty) == "Executive Summary") { reader.Read(); // Move to SubSection element reader.IgnoreElement(_strings.Title, IgnoreOptions.Required); reader.IgnoreElement(_strings.Description, IgnoreOptions.Required); runDescription = reader.ReadElementContentAsString(_strings.Text, String.Empty); } } } else { while (StringReference.AreEqual(reader.LocalName, _strings.Issue)) { FortifyIssue fortify = FortifyIssue.Parse(reader, _strings); results.Add(ConvertFortifyIssueToSarifIssue(fortify)); } } } } var tool = new Tool { Name = "Fortify" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Description = new Message { Text = runDescription }, Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Converts an Android Studio formatted log as input into a SARIF SarifLog using the output. /// </summary> /// <param name="input">The Android Studio formatted log.</param> /// <param name="output">The SarifLog to write the output to.</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } LogicalLocationsDictionary.Clear(); XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, IgnoreComments = true, IgnoreProcessingInstructions = true, NameTable = _nameTable, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; ISet<Result> results; using (XmlReader xmlReader = XmlReader.Create(input, settings)) { results = ProcessAndroidStudioLog(xmlReader); } var tool = new Tool { Name = "AndroidStudio" }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Java); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Any()) { output.WriteFiles(fileDictionary); } if (LogicalLocationsDictionary != null && LogicalLocationsDictionary.Any()) { output.WriteLogicalLocations(LogicalLocationsDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> public override void Convert(Stream input, IResultLogWriter output) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } try { XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var results = new List<Result>(); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, results); } } } var tool = new Tool { Name = "Clang" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } finally { _files = null; } }
/// <summary> /// Converts a Semmle log file in CSV format to a SARIF log file. /// </summary> /// <param name="input"> /// Input stream from which to read the Semmle log. /// </param> /// <param name="output"> /// Output string to which to write the SARIF log. /// </param> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } _toolNotifications = new List<Notification>(); var results = GetResultsFromStream(input); var tool = new Tool { Name = "Semmle" }; output.Initialize(id: null, correlationId: null); output.WriteTool(tool); output.OpenResults(); output.WriteResults(results); output.CloseResults(); if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }
private void ProcessCppCheckLog(XmlReader reader, IResultLogWriter output, OptionallyEmittedData dataToInsert) { reader.ReadStartElement(_strings.Results); if (!StringReference.AreEqual(reader.LocalName, _strings.CppCheck)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } string version = reader.GetAttribute(_strings.Version); if (version != null && !version.IsSemanticVersioningCompatible()) { // This logic only fixes up simple cases, such as being passed // 1.66, where Semantic Versioning 2.0 requires 1.66.0. Also // strips Revision member if passed a complete .NET version. Version dotNetVersion; if (Version.TryParse(version, out dotNetVersion)) { version = Math.Max(0, dotNetVersion.Major) + "." + Math.Max(0, dotNetVersion.Minor) + "." + Math.Max(0, dotNetVersion.Build); } } if (String.IsNullOrWhiteSpace(version)) { throw reader.CreateException(ConverterResources.CppCheckCppCheckElementMissing); } reader.Skip(); // <cppcheck /> if (!StringReference.AreEqual(reader.LocalName, _strings.Errors)) { throw reader.CreateException(ConverterResources.CppCheckErrorsElementMissing); } var results = new List <Result>(); if (reader.IsEmptyElement) { reader.Skip(); // <errors /> } else { int errorsDepth = reader.Depth; reader.Read(); // <errors> while (reader.Depth > errorsDepth) { var parsedError = CppCheckError.Parse(reader, _strings); results.Add(parsedError.ToSarifIssue()); } reader.ReadEndElement(); // </errors> } reader.ReadEndElement(); // </results> var tool = new Tool { Name = "CppCheck", Version = version, }; var fileInfoFactory = new FileInfoFactory(uri => MimeType.Cpp, dataToInsert); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); var run = new Run() { Tool = tool }; output.Initialize(run); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary>Convert a Clang plist report into the SARIF format.</summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">CLang log file stream.</param> /// <param name="output">Result log writer.</param> /// <param name="loggingOptions">Logging options that configure output.</param> public override void Convert(Stream input, IResultLogWriter output, LoggingOptions loggingOptions) { // ToDo remove this comment after all issues are resolved. // Rodney is tasked with bringing Clang analyzer results into the SARIF fold. // Once this work is complete, he can close the following task: // http://twcsec-tfs01:8080/tfs/DefaultCollection/SecDevTools/_workitems#_a=edit&id=13409 if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } try { XmlReaderSettings settings = new XmlReaderSettings { IgnoreWhitespace = true, DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; var results = new List <Result>(); using (XmlReader xmlReader = XmlReader.Create(input, settings)) { xmlReader.MoveToContent(); xmlReader.ReadStartElement(ClangSchemaStrings.PlistName); if (xmlReader.NodeType == XmlNodeType.Element) { using (var pListReader = xmlReader.ReadSubtree()) { this.ReadPlist(pListReader, results); } } } var tool = new Tool { Name = "Clang" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension, loggingOptions); Dictionary <string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, automationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); } finally { _files = null; } }
/// <summary> /// Interface implementation for converting a stream of Fortify report in XML format to a /// SARIF json format stream. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream of the Fortify report.</param> /// <param name="output">Stream of SARIF json.</param> public override void Convert(Stream input, IResultLogWriter output) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var settings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Ignore, IgnoreWhitespace = true, NameTable = _nameTable, XmlResolver = null }; var results = new List<Result>(); using (XmlReader reader = XmlReader.Create(input, settings)) { while (reader.Read()) { while (Ref.Equal(reader.LocalName, _strings.Issue)) { FortifyIssue fortify = FortifyIssue.Parse(reader, _strings); results.Add(ConvertFortifyIssueToSarifIssue(fortify)); } } } var tool = new Tool { Name = "Fortify" }; var fileInfoFactory = new FileInfoFactory(MimeType.DetermineFromFileExtension); Dictionary<string, FileData> fileDictionary = fileInfoFactory.Create(results); output.Initialize(id: null, correlationId: null); output.WriteTool(tool); if (fileDictionary != null && fileDictionary.Count > 0) { output.WriteFiles(fileDictionary); } output.OpenResults(); output.WriteResults(results); output.CloseResults(); }
/// <summary> /// Interface implementation for converting a stream in Fortify FPR format to a stream in /// SARIF format. /// </summary> /// <exception cref="ArgumentNullException">Thrown when one or more required arguments are null.</exception> /// <param name="input">Stream in Fortify FPR format.</param> /// <param name="output">Stream in SARIF format.</param> /// <param name="dataToInsert">Optionally emitted properties that should be written to log.</param> public override void Convert(Stream input, IResultLogWriter output, OptionallyEmittedData dataToInsert) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (output == null) { throw new ArgumentNullException(nameof(output)); } var tool = new Tool { Name = FortifyToolName }; _invocation = new Invocation(); _results.Clear(); _toolNotifications.Clear(); _fileDictionary.Clear(); _ruleDictionary.Clear(); _tflToNodeIdDictionary.Clear(); _tflToSnippetIdDictionary.Clear(); _locationToSnippetIdDictionary.Clear(); _resultToSnippetIdDictionary.Clear(); _resultToReplacementDefinitionDictionary.Clear(); _nodeIdToLocationDictionary.Clear(); _snippetIdToRegionsDictionary.Clear(); ParseFprFile(input); AddMessagesToResults(); AddSnippetsToResults(); AddNodeLocationsToThreadFlowLocations(); AddSnippetsToThreadFlowLocations(); var run = new Run() { InstanceGuid = _runId, AutomationLogicalId = _automationId, Tool = tool, Invocations = new[] { _invocation } }; output.Initialize(run); (output as ResultLogJsonWriter).WriteInvocations(run.Invocations); if (_fileDictionary.Any()) { output.WriteFiles(_fileDictionary); } output.OpenResults(); output.WriteResults(_results); output.CloseResults(); if (_ruleDictionary.Any()) { output.WriteRules(_ruleDictionary); } if (_toolNotifications.Any()) { output.WriteToolNotifications(_toolNotifications); } }