def test_flawfinder_interfacev2(self):
testfile = open(path.join(path.dirname(__file__), "../scans/sarif/flawfinder.sarif"))
parser = SarifParser()
tests = parser.get_tests(parser.get_scan_types()[0], testfile)
self.assertEqual(1, len(tests))
findings = tests[0].findings
self.assertEqual(53, len(findings))
for finding in findings:
self.common_checks(finding)
with self.subTest(i=0):
finding = findings[0]
self.assertEqual(
"random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).",
finding.title,
)
self.assertEqual("Critical", finding.severity)
description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).
**Snippet:**
``` is.setstate(std::ios::failbit);```
**Rule name:** random/setstate
**Rule short description:** This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327)."""
self.assertEqual(description, finding.description)
self.assertEqual("src/tree/param.cc", finding.file_path)
self.assertEqual(29, finding.line)
self.assertEqual(327, finding.cwe)
self.assertEqual("FF1048", finding.vuln_id_from_tool)
self.assertEqual("https://cwe.mitre.org/data/definitions/327.html", finding.references)
with self.subTest(i=20):
finding = findings[20]
self.assertEqual(
"buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120).",
finding.title,
)
self.assertEqual("Info", finding.severity)
description = """**Result message:** buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120).
**Snippet:**
``` std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);```
**Rule name:** buffer/memcpy
**Rule short description:** Does not check for buffer overflows when copying to destination (CWE-120)."""
self.assertEqual(description, finding.description)
self.assertEqual("src/common/io.cc", finding.file_path)
self.assertEqual(31, finding.line)
self.assertEqual(120, finding.cwe)
self.assertEqual("FF1004", finding.vuln_id_from_tool)
self.assertEqual('https://cwe.mitre.org/data/definitions/120.html', finding.references)
with self.subTest(i=52):
finding = findings[52]
self.assertEqual("buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).", finding.title)
self.assertEqual("Critical", finding.severity)
description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).
**Snippet:**
``` if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {```
**Rule name:** buffer/sscanf
**Rule short description:** The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)."""
self.assertEqual(description, finding.description)
self.assertEqual("src/cli_main.cc", finding.file_path)
self.assertEqual(482, finding.line)
self.assertEqual("FF1021", finding.vuln_id_from_tool)
self.assertEqual("https://cwe.mitre.org/data/definitions/120.html", finding.references)
def test_appendix_k1_double_interfacev2(self):
testfile = open(path.join(path.dirname(__file__), "../scans/sarif/appendix_k1_double.sarif"))
parser = SarifParser()
tests = parser.get_tests(parser.get_scan_types()[0], testfile)
self.assertEqual(2, len(tests))
with self.subTest(test=0):
test = tests[0]
self.assertEqual("CodeScanner", test.type)
findings = test.findings
self.assertEqual(0, len(findings))
with self.subTest(test=1):
test = tests[1]
self.assertEqual("OtherScanner", test.type)
findings = test.findings
self.assertEqual(0, len(findings))