def create_or_find_rule(tool_name, issue_dict, rules, rule_indices):
"""Creates rules object for the rules section. Different tools make up
their own id and names so this is identified on the fly
:param tool_name: tool name
:param issue_dict: Issue object that is normalized and converted
:param rules: List of rules identified so far
:param rule_indices: Rule indices cache
:return rule and index
"""
rule_id = issue_dict["test_id"]
if rule_id in rules:
return rules[rule_id], rule_indices[rule_id]
rule = om.ReportingDescriptor(
id=rule_id,
name=issue_dict["test_name"],
help_uri=get_url(tool_name, rule_id, issue_dict["test_name"],
issue_dict),
)
index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = index
return rule, index
def create_result(path, rule_id, issue_dict, rules, rule_indices):
if rule_id in rules:
rule = rules[rule_id]
rule_index = rule_indices[rule_id]
else:
doc = issue_dict['metadata'].get('reference')
if not doc:
doc = ('https://mobile-security.gitbook.io/'
'mobile-security-testing-guide/')
rule = om.ReportingDescriptor(
id=rule_id,
name=get_rule_name(rule_id),
help_uri=doc,
)
rule_index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = rule_index
locations = []
for item in issue_dict.get('files', []):
physical_location = om.PhysicalLocation(
artifact_location=om.ArtifactLocation(
uri=to_uri(item['file_path'])),
)
physical_location.region = om.Region(
start_line=item['match_lines'][0],
end_line=item['match_lines'][1],
start_column=item['match_position'][0],
end_column=item['match_position'][1],
snippet=om.ArtifactContent(text=item['match_string']),
)
locations.append(om.Location(physical_location=physical_location))
if not locations:
artifact = om.PhysicalLocation(
artifact_location=om.ArtifactLocation(
uri=path[0]),
)
artifact.region = om.Region(
start_line=1,
end_line=1,
start_column=1,
end_column=1,
snippet=om.ArtifactContent(text='Missing Best Practice'),
)
locations.append(om.Location(physical_location=artifact))
return om.Result(
rule_id=rule.id,
rule_index=rule_index,
message=om.Message(text=issue_dict['metadata']['description']),
level=level_from_severity(issue_dict['metadata']['severity']),
locations=locations,
properties={
'owasp-mobile': issue_dict['metadata']['owasp-mobile'],
'masvs': issue_dict['metadata']['masvs'],
'cwe': issue_dict['metadata']['cwe'],
'reference': issue_dict['metadata']['reference'],
},
)
def create_or_find_rule(tool_name, issue_dict, rules, rule_indices):
"""Creates rules object for the rules section. Different tools make up
their own id and names so this is identified on the fly
:param tool_name: tool name
:param issue_dict: Issue object that is normalized and converted
:param rules: List of rules identified so far
:param rule_indices: Rule indices cache
:return rule and index
"""
rule_id = issue_dict["test_id"]
rule_name = issue_dict["test_name"]
if rule_id == rule_name:
rule_name = rule_name.lower().replace("_", " ").capitalize()
if rule_id in rules:
return rules[rule_id], rule_indices[rule_id]
precision = "high"
if rule_id and rule_id.upper().startswith("CWE") or tool_name == "ng-sast":
precision = "very-high"
issue_severity = tweak_severity(tool_name, issue_dict)
rule = om.ReportingDescriptor(
id=rule_id,
name=rule_name,
short_description={
"text":
get_rule_short_description(tool_name, rule_id,
issue_dict["test_name"], issue_dict)
},
full_description={
"text":
get_rule_full_description(tool_name, rule_id,
issue_dict["test_name"], issue_dict)
},
help={
"text":
get_help("text", tool_name, rule_id, issue_dict["test_name"],
issue_dict),
"markdown":
get_help("markdown", tool_name, rule_id, issue_dict["test_name"],
issue_dict),
},
help_uri=get_url(tool_name, rule_id, issue_dict["test_name"],
issue_dict),
properties={
"tags":
["ShiftLeft", "NG SAST" if tool_name == "ng-sast" else "Scan"],
"precision": precision,
},
default_configuration={"level": level_from_severity(issue_severity)},
)
index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = index
return rule, index
def create_or_find_rule(issue_dict, rules, rule_indices):
rule_id = issue_dict["test_id"]
if rule_id in rules:
return rules[rule_id], rule_indices[rule_id]
rule = om.ReportingDescriptor(
id=rule_id, name=issue_dict["test_name"], help_uri=docs_utils.get_url(rule_id)
)
index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = index
return rule, index
def create_or_find_rule(tool_name, issue_dict, rules, rule_indices):
"""Creates rules object for the rules section. Different tools make up
their own id and names so this is identified on the fly
:param tool_name: tool name
:param issue_dict: Issue object that is normalized and converted
:param rules: List of rules identified so far
:param rule_indices: Rule indices cache
:return rule and index
"""
rule_id = issue_dict["test_id"]
if rule_id in rules:
return rules[rule_id], rule_indices[rule_id]
precision = "high"
if rule_id and rule_id.upper().startswith("CWE"):
precision = "very-high"
rule = om.ReportingDescriptor(
id=rule_id,
name=issue_dict["test_name"],
short_description={
"text":
get_rule_short_description(tool_name, rule_id,
issue_dict["test_name"], issue_dict)
},
full_description={
"text":
get_rule_full_description(tool_name, rule_id,
issue_dict["test_name"], issue_dict)
},
help_uri=get_url(tool_name, rule_id, issue_dict["test_name"],
issue_dict),
properties={
"tags": ["ShiftLeft", "Scan"],
"precision": precision
},
)
index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = index
return rule, index
def create_result(rule_id, issue_dict, rules, rule_indices):
if rule_id in rules:
rule = rules[rule_id]
rule_index = rule_indices[rule_id]
else:
doc = 'https://ajinabraham.github.io/nodejsscan/#{}'.format(rule_id)
rule = om.ReportingDescriptor(
id=rule_id,
name=get_rule_name(rule_id),
help_uri=doc,
)
rule_index = len(rules)
rules[rule_id] = rule
rule_indices[rule_id] = rule_index
locations = []
for item in issue_dict['files']:
physical_location = om.PhysicalLocation(
artifact_location=om.ArtifactLocation(
uri=to_uri(item['file_path'])),
)
physical_location.region = om.Region(
start_line=item['match_lines'][0],
end_line=item['match_lines'][1],
start_column=item['match_position'][0],
end_column=item['match_position'][1],
snippet=om.ArtifactContent(text=item['match_string']),
)
locations.append(om.Location(physical_location=physical_location))
return om.Result(
rule_id=rule.id,
rule_index=rule_index,
message=om.Message(text=issue_dict['metadata']['description']),
level=level_from_severity(issue_dict['metadata']['severity']),
locations=locations,
properties={
'owasp-web': issue_dict['metadata']['owasp-web'],
'cwe': issue_dict['metadata']['cwe'],
},
)
def print_matches(self, matches, rules=None, filenames=None):
"""Output all the matches"""
if not rules:
rules = RulesCollection()
# These "base" rules are not passed into formatters
rules.extend([ParseError(), TransformError(), RuleError()])
results = []
for match in matches:
results.append(
sarif.Result(
rule_id=match.rule.id,
message=sarif.Message(text=match.message),
level=self._to_sarif_level(match.rule.severity),
locations=[
sarif.Location(
physical_location=sarif.PhysicalLocation(
artifact_location=sarif.ArtifactLocation(
uri=match.filename,
uri_base_id=self.uri_base_id,
),
region=sarif.Region(
start_column=match.columnnumber,
start_line=match.linenumber,
end_column=match.columnnumberend,
end_line=match.linenumberend,
),
))
],
))
# Output only the rules that have matches
matched_rules = set(r.rule_id for r in results)
rules_map = {r.id: r for r in list(rules)}
rules = [
sarif.ReportingDescriptor(
id=rule_id,
short_description=sarif.MultiformatMessageString(
text=rules_map[rule_id].shortdesc),
full_description=sarif.MultiformatMessageString(
text=rules_map[rule_id].description),
help_uri=rules_map[rule_id].source_url
if rules_map[rule_id] else None) for rule_id in matched_rules
]
run = sarif.Run(
tool=sarif.Tool(driver=sarif.ToolComponent(
name='cfn-lint',
short_description=sarif.MultiformatMessageString(
text=('Validates AWS CloudFormation templates against'
' the resource specification and additional'
' checks.')),
information_uri=
'https://github.com/aws-cloudformation/cfn-lint',
rules=rules,
version=cfnlint.version.__version__,
), ),
original_uri_base_ids={
self.uri_base_id:
sarif.ArtifactLocation(
description=sarif.MultiformatMessageString(
'The directory in which cfn-lint was run.'))
},
results=results,
)
log = sarif.SarifLog(version=self.version,
schema_uri=self.schema,
runs=[run])
# IMPORTANT: 'warning' is the default level in SARIF and will be
# stripped by serialization.
return to_json(log)
