def test_phptaint_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"taint-php",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "taint-php-report.json",
)
assert issues
assert len(issues) == 7
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8",
delete=True) as cfile:
data = convertLib.report(
"taint-php",
[],
".",
{},
{},
issues,
cfile.name,
)
jsondata = json.loads(data)
assert (
jsondata["runs"][0]["results"][0]["message"]["text"] ==
"Detected tainted shell in path: $_GET -> $_GET['username'] (CommandExecution/CommandExec-1.php:25:23) -> call to shell_exec (CommandExecution/CommandExec-1.php:25:23) -> shell_exec#1: ."
)
assert jsondata["runs"][0]["properties"]["metrics"] == {
"critical": 7,
"total": 7,
"high": 0,
"medium": 0,
"low": 0,
}
issues, metrics, skips = convertLib.extract_from_file(
"taint-php",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "taint-php-report2.json",
)
assert issues
assert len(issues) == 130
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8",
delete=True) as cfile:
data = convertLib.report(
"taint-php",
[],
".",
{},
{},
issues,
cfile.name,
)
jsondata = json.loads(data)
assert jsondata["runs"][0]["properties"]["metrics"] == {
"critical": 130,
"total": 130,
"high": 0,
"medium": 0,
"low": 0,
}
def test_njsscan_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"source-js",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "njsscan-report.json",
)
assert issues
assert len(issues) == 7
assert issues[0] == {
"rule_id": "a1-injection",
"title":
"CWE-601: URL Redirection to Untrusted Site ('Open Redirect')",
"description":
"Untrusted user input in redirect() can result in Open Redirect vulnerability.",
"severity": "ERROR",
"line_number": 72,
"filename": "/Users/prabhu/work/NodeGoat/app/routes/index.js",
"issue_confidence": "HIGH",
}
issues, metrics, skips = convertLib.extract_from_file(
"source-js",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "njs2.json",
)
assert issues
assert len(issues) == 26
assert issues[0] == {
"rule_id": "a9-usingcomponentswithknownvulnerabilities",
"title": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"description":
"crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.",
"severity": "WARNING",
"line_number": 7,
"filename": "vendor/ckeditor/ckeditor/vendor/promise.js",
"issue_confidence": "HIGH",
}
assert issues[-1] == {
"rule_id": "a1-injection",
"title":
"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"description":
"The Vue.js template has an unescaped variable. Untrusted user input passed to this variable results in Cross Site Scripting (XSS).",
"severity": "ERROR",
"line_number": 0,
"filename":
"src/layouts/basic/modules/Chat/components/ChatPanelRight.vue",
"issue_confidence": "HIGH",
}
def test_pytaint_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"taint-python",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "taint-python-report.json",
)
assert issues
assert len(issues) == 27
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8",
delete=True) as cfile:
data = convertLib.report(
"taint-python",
[],
".",
{},
{},
issues,
cfile.name,
)
jsondata = json.loads(data)
assert (
jsondata["runs"][0]["results"][0]["message"]["text"] ==
"Cross-site scripting (XSS) vulnerability with data reaching from the source `views.py:21` to the sink `views.py:24`."
)
assert jsondata["runs"][0]["properties"]["metrics"] == {
"critical": 6,
"total": 27,
"high": 21,
"medium": 0,
"low": 0,
}
def test_phpstan_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"phpstan",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "source-php-report.json",
)
assert issues
assert len(issues) == 670
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8",
delete=True) as cfile:
data = convertLib.report(
"phpstan",
[],
".",
{},
{},
issues,
cfile.name,
)
jsondata = json.loads(data)
assert (jsondata["runs"][0]["results"][0]["message"]["text"] ==
"Unsafe usage of new static().")
assert jsondata["runs"][0]["properties"]["metrics"] == {
"critical": 0,
"total": 470,
"high": 0,
"medium": 0,
"low": 470,
}
def test_psalm_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"audit-php",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "audit-php.json",
)
assert issues
assert len(issues) == 317
with tempfile.NamedTemporaryFile(mode="w", encoding="utf-8",
delete=True) as cfile:
data = convertLib.report(
"psalm",
[],
".",
{},
{},
issues,
cfile.name,
)
jsondata = json.loads(data)
assert (
jsondata["runs"][0]["results"][0]["message"]["text"] ==
"Too many arguments for method PhpParser \\ NodeVisitor::enternode - saw 2."
)
assert jsondata["runs"][0]["properties"]["metrics"] == {
"critical": 0,
"total": 7,
"high": 0,
"medium": 7,
"low": 0,
}
def test_static_suppress_issue():
issues, metrics, skips = convertLib.extract_from_file(
"staticcheck",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "staticcheck-ignore-report.json",
)
assert issues
assert len(issues) == 76
filtered_issues, suppress_list = convertLib.suppress_issues(issues)
assert suppress_list
def test_go_suppress_issue():
issues, metrics, skips = convertLib.extract_from_file(
"source-go",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "source-go-ignore.json",
)
assert issues
assert len(issues) == 5
filtered_issues, suppress_list = convertLib.suppress_issues(issues)
assert suppress_list
assert len(suppress_list) == len(issues)
assert not filtered_issues
def test_inspect_extract_issue():
issues, metrics, skips = convertLib.extract_from_file(
"inspect",
Path(__file__).parent / "data" / "inspect-report.json")
assert issues
assert len(issues) == 99
assert issues[0] == {
"rule_id": "a1-injection",
"title":
"Remote Code Execution: Command Injection through attacker-controlled data via `foo` in `SearchController.doGetSearch`",
"description":
"Attacker controlled data is used in a shell command without undergoing escaping or validation. This could allow an attacker to execute code on the server. Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. By injecting hostile data, an attacker may trick the interpreter into executing unintended commands or accessing data without authorization which can result in data loss, corruption, or disclosure to unauthorized parties, loss of accountability, denial of access or even a complete host takeover.\n\n\n## Countermeasures\n\nThis vulnerability can be prevented by using parameterized queries or by validating HTTP data (preferably on server-side by means of common input sanitation libraries or whitelisting) before using it.\n\n## Additional information\n\n**[CWE-77](https://cwe.mitre.org/data/definitions/77.html)**\n\n**[CWE-78](https://cwe.mitre.org/data/definitions/78.html)**\n\n**[CWE-917](https://cwe.mitre.org/data/definitions/917.html)**\n\n**[OWASP-A1](https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection)**",
"score": 9,
"severity": "SEVERITY_HIGH_IMPACT",
"line_number": 21,
"filename": "io/shiftleft/controller/SearchController.java",
}
def test_inspect_extract_issue_nodejs():
issues, metrics, skips = convertLib.extract_from_file(
"ng-sast",
[],
Path(__file__).parent,
Path(__file__).parent / "data" / "inspect-nodejs.json",
)
assert issues
assert len(issues) == 9
assert issues[0] == {
"rule_id": "a1-injection",
"title": "Remote Code Execution: Command Injection through HTTP via `req` in `:=>`",
"description": "HTTP data is used in a shell command without undergoing escaping or validation. This could allow an attacker to execute code on the server. Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. By injecting hostile data, an attacker may trick the interpreter into executing unintended commands or accessing data without authorization which can result in data loss, corruption, or disclosure to unauthorized parties, loss of accountability, denial of access or even a complete host takeover.\n\n\n## Countermeasures\n\nThis vulnerability can be prevented by using parameterized queries or by validating HTTP data (preferably on server-side by means of common input sanitation libraries or whitelisting) before using it.\n\n## Additional information\n\n**[CWE-77](https://cwe.mitre.org/data/definitions/77.html)**\n\n**[CWE-78](https://cwe.mitre.org/data/definitions/78.html)**\n\n**[CWE-917](https://cwe.mitre.org/data/definitions/917.html)**\n\n**[OWASP-A1](https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A1-Injection)**",
"score": 9,
"severity": "SEVERITY_HIGH_IMPACT",
"line_number": 11,
"filename": "src/views.js",
"first_found": "e1ca1d72ed01311eee71a6f0110b789263815a5c5ac442dd7db65f985f57e7e3",
"issue_confidence": "HIGH",
}
