Beispiel #1
0
def add_region_and_context_region(physical_location, line_number, code):
    """This adds the region information for displaying the code snippet

    :param physical_location: Points to file
    :param line_number: Line number suggested by the tool
    :param code: Source code snippet
    """
    first_line_number, snippet_lines = parse_code(code)
    end_line_number = first_line_number + len(snippet_lines) - 1
    if end_line_number < first_line_number:
        end_line_number = first_line_number + 3
    index = line_number - first_line_number
    snippet_line = ""
    if len(snippet_lines) > index:
        if index > 0:
            snippet_line = snippet_lines[index]
        else:
            snippet_line = snippet_lines[0]
    physical_location.region = om.Region(
        start_line=line_number, snippet=om.ArtifactContent(text=snippet_line))

    physical_location.context_region = om.Region(
        start_line=first_line_number,
        end_line=end_line_number,
        snippet=om.ArtifactContent(text="".join(snippet_lines)),
    )
Beispiel #2
0
def add_region_and_context_region(physical_location, line_number, code):
    """This adds the region information for displaying the code snippet

    :param physical_location: Points to file
    :param line_number: Line number suggested by the tool
    :param code: Source code snippet
    """
    first_line_number, snippet_lines = parse_code(code)
    # Ensure start line is always non-zero
    if first_line_number == 0:
        first_line_number = 1
    end_line_number = first_line_number + len(snippet_lines) - 1
    if end_line_number < first_line_number:
        end_line_number = first_line_number + 3
    index = line_number - first_line_number
    snippet_line = ""
    if line_number == 0:
        line_number = 1
    if snippet_lines and len(snippet_lines) > index:
        if index > 0:
            snippet_line = snippet_lines[index]
        else:
            snippet_line = snippet_lines[0]
    if snippet_line.strip().replace("\n", "") == "":
        snippet_line = ""
    physical_location.region = om.Region(
        start_line=line_number, snippet=om.ArtifactContent(text=snippet_line)
    )

    physical_location.context_region = om.Region(
        start_line=first_line_number,
        end_line=end_line_number,
        snippet=om.ArtifactContent(text="".join(snippet_lines)),
    )
Beispiel #3
0
def create_result(path, rule_id, issue_dict, rules, rule_indices):
    if rule_id in rules:
        rule = rules[rule_id]
        rule_index = rule_indices[rule_id]
    else:
        doc = issue_dict['metadata'].get('reference')
        if not doc:
            doc = ('https://mobile-security.gitbook.io/'
                   'mobile-security-testing-guide/')
        rule = om.ReportingDescriptor(
            id=rule_id,
            name=get_rule_name(rule_id),
            help_uri=doc,
        )
        rule_index = len(rules)
        rules[rule_id] = rule
        rule_indices[rule_id] = rule_index

    locations = []
    for item in issue_dict.get('files', []):
        physical_location = om.PhysicalLocation(
            artifact_location=om.ArtifactLocation(
                uri=to_uri(item['file_path'])),
        )
        physical_location.region = om.Region(
            start_line=item['match_lines'][0],
            end_line=item['match_lines'][1],
            start_column=item['match_position'][0],
            end_column=item['match_position'][1],
            snippet=om.ArtifactContent(text=item['match_string']),
        )
        locations.append(om.Location(physical_location=physical_location))
    if not locations:
        artifact = om.PhysicalLocation(
            artifact_location=om.ArtifactLocation(
                uri=path[0]),
        )
        artifact.region = om.Region(
            start_line=1,
            end_line=1,
            start_column=1,
            end_column=1,
            snippet=om.ArtifactContent(text='Missing Best Practice'),
        )
        locations.append(om.Location(physical_location=artifact))

    return om.Result(
        rule_id=rule.id,
        rule_index=rule_index,
        message=om.Message(text=issue_dict['metadata']['description']),
        level=level_from_severity(issue_dict['metadata']['severity']),
        locations=locations,
        properties={
            'owasp-mobile': issue_dict['metadata']['owasp-mobile'],
            'masvs': issue_dict['metadata']['masvs'],
            'cwe': issue_dict['metadata']['cwe'],
            'reference': issue_dict['metadata']['reference'],
        },
    )
def add_region_and_context_region(physical_location, line_number, code):
    first_line_number, snippet_lines = parse_code(code)
    snippet_line = snippet_lines[line_number - first_line_number]

    physical_location.region = om.Region(
        start_line=line_number, snippet=om.ArtifactContent(text=snippet_line)
    )

    physical_location.context_region = om.Region(
        start_line=first_line_number,
        end_line=first_line_number + len(snippet_lines) - 1,
        snippet=om.ArtifactContent(text="".join(snippet_lines)),
    )
Beispiel #5
0
def add_region_and_context_region(physical_location, line_number, code):
    first_line_number, snippet_lines = parse_code(code)
    end_line_number = first_line_number + len(snippet_lines) - 1
    if end_line_number < first_line_number:
        end_line_number = first_line_number + 3
    index = line_number - first_line_number
    snippet_line = ""
    if len(snippet_lines) > index:
        snippet_line = snippet_lines[index]

    physical_location.region = om.Region(
        start_line=line_number, snippet=om.ArtifactContent(text=snippet_line))

    physical_location.context_region = om.Region(
        start_line=first_line_number,
        end_line=end_line_number,
        snippet=om.ArtifactContent(text="".join(snippet_lines)),
    )
Beispiel #6
0
def create_result(rule_id, issue_dict, rules, rule_indices):
    if rule_id in rules:
        rule = rules[rule_id]
        rule_index = rule_indices[rule_id]
    else:
        doc = 'https://ajinabraham.github.io/nodejsscan/#{}'.format(rule_id)
        rule = om.ReportingDescriptor(
            id=rule_id,
            name=get_rule_name(rule_id),
            help_uri=doc,
        )
        rule_index = len(rules)
        rules[rule_id] = rule
        rule_indices[rule_id] = rule_index

    locations = []
    for item in issue_dict['files']:
        physical_location = om.PhysicalLocation(
            artifact_location=om.ArtifactLocation(
                uri=to_uri(item['file_path'])),
        )
        physical_location.region = om.Region(
            start_line=item['match_lines'][0],
            end_line=item['match_lines'][1],
            start_column=item['match_position'][0],
            end_column=item['match_position'][1],
            snippet=om.ArtifactContent(text=item['match_string']),
        )
        locations.append(om.Location(physical_location=physical_location))

    return om.Result(
        rule_id=rule.id,
        rule_index=rule_index,
        message=om.Message(text=issue_dict['metadata']['description']),
        level=level_from_severity(issue_dict['metadata']['severity']),
        locations=locations,
        properties={
            'owasp-web': issue_dict['metadata']['owasp-web'],
            'cwe': issue_dict['metadata']['cwe'],
        },
    )
Beispiel #7
0
    def print_matches(self, matches, rules=None, filenames=None):
        """Output all the matches"""

        if not rules:
            rules = RulesCollection()

        # These "base" rules are not passed into formatters
        rules.extend([ParseError(), TransformError(), RuleError()])

        results = []
        for match in matches:
            results.append(
                sarif.Result(
                    rule_id=match.rule.id,
                    message=sarif.Message(text=match.message),
                    level=self._to_sarif_level(match.rule.severity),
                    locations=[
                        sarif.Location(
                            physical_location=sarif.PhysicalLocation(
                                artifact_location=sarif.ArtifactLocation(
                                    uri=match.filename,
                                    uri_base_id=self.uri_base_id,
                                ),
                                region=sarif.Region(
                                    start_column=match.columnnumber,
                                    start_line=match.linenumber,
                                    end_column=match.columnnumberend,
                                    end_line=match.linenumberend,
                                ),
                            ))
                    ],
                ))

        # Output only the rules that have matches
        matched_rules = set(r.rule_id for r in results)
        rules_map = {r.id: r for r in list(rules)}

        rules = [
            sarif.ReportingDescriptor(
                id=rule_id,
                short_description=sarif.MultiformatMessageString(
                    text=rules_map[rule_id].shortdesc),
                full_description=sarif.MultiformatMessageString(
                    text=rules_map[rule_id].description),
                help_uri=rules_map[rule_id].source_url
                if rules_map[rule_id] else None) for rule_id in matched_rules
        ]

        run = sarif.Run(
            tool=sarif.Tool(driver=sarif.ToolComponent(
                name='cfn-lint',
                short_description=sarif.MultiformatMessageString(
                    text=('Validates AWS CloudFormation templates against'
                          ' the resource specification and additional'
                          ' checks.')),
                information_uri=
                'https://github.com/aws-cloudformation/cfn-lint',
                rules=rules,
                version=cfnlint.version.__version__,
            ), ),
            original_uri_base_ids={
                self.uri_base_id:
                sarif.ArtifactLocation(
                    description=sarif.MultiformatMessageString(
                        'The directory in which cfn-lint was run.'))
            },
            results=results,
        )

        log = sarif.SarifLog(version=self.version,
                             schema_uri=self.schema,
                             runs=[run])

        # IMPORTANT: 'warning' is the default level in SARIF and will be
        # stripped by serialization.
        return to_json(log)