def parse(self, report_xml):
        try:
            base = minidom.parse(report_xml)
        except Exception as e:
            raise FortifyIntegrationError("Error opening report xml %s Reason: %s" % (report_xml, str(e)))

        self.id = ""
        root = base.documentElement

        if root.tagName != "ReportDefinition":
            raise FortifyIntegrationError("Malformed report detected: ReportDefinition is not found")

        report_sections = root.getElementsByTagName('ReportSection')
        if not report_sections:
            raise FortifyIntegrationError("Malformed report detected: ReportSection not found")

        for report_section in report_sections:
            titles = report_section.getElementsByTagName('Title')
            if not titles:
                raise FortifyIntegrationError("Malformed report detected: Title not found")
            title = titles[0]
            if title.firstChild.data == 'Issue Count by Category':
                issue_listing = report_section.getElementsByTagName('IssueListing')[0]
                grouping_sections = issue_listing.getElementsByTagName('GroupingSection')
                for grouping_section in grouping_sections:
                    self.findings.append(self._make_raw_finding(grouping_section))
            elif title.firstChild.data == 'Project Summary':
                subsection = report_section.getElementsByTagName('SubSection')[0]
                subsection_text = subsection.getElementsByTagName('Text')[0]
                m = re.search('Build Label:\s*(.+)', subsection_text.firstChild.data)
                if m:
                    self.id = m.group(1)
Esempio n. 2
0
    def parse_report_file(self, report_file, report_type):

        if report_type != 'xml' and self.config['integration_mode'] == 'file':
            raise UsageError("Unsupported file type (%s)" % report_type)

        # Caller sent in an XML document
        if report_type == 'xml_dom':
            base = report_file

        #  XML has to be parsed
        else:
            try:
                base = minidom.parse(report_file)
            except Exception as err:
                raise VeracodeIntegrationError("Error opening report xml (%s): %s" % (report_file, str(err)))

        detailed_reports = base.getElementsByTagName('detailedreport')

        if len(detailed_reports) != 1:
            raise VeracodeIntegrationError('An unexpected number of detailedreport nodes found (%d)' %
                                           len(detailed_reports))
        dr = detailed_reports[0]
        report_id = "%s (%s-b%s)" % (
            dr.attributes['app_name'].value,
            dr.attributes['app_id'].value,
            dr.attributes['build_id'].value
        )
        findings = [self._make_raw_finding(node) for node in base.getElementsByTagName('flaw')]

        # Veracode tracks 'fixed' flaws - prune them out
        for flaw in list(findings):
            if flaw['remediation_status'] == 'Fixed':
                findings.remove(flaw)

        return findings, report_id
Esempio n. 3
0
    def load_mapping_from_xml(self, xml_file):
        self.mapping = {}

        try:
            base = minidom.parse(xml_file)
        except Exception as e:
            raise MappingError("An error occurred opening mapping file '%s': %s" % (xml_file, e))

        for task in base.getElementsByTagName('task'):
            confidence = 'low'
            if task.attributes.has_key('confidence'):
                confidence = task.attributes['confidence'].value

            for weakness in task.getElementsByTagName('weakness'):

                self._register_mapping(
                    weakness.attributes[self.weakness_attribute.lower()].value,
                    weakness.attributes['title'].value,
                    task.attributes['id'].value,
                    task.attributes['title'].value,
                    confidence,
                    weakness.attributes['cwe'] if weakness.attributes.has_key('cwe') else None
                )

        if not self.mapping:
            raise MappingError("No mapping was found in file '%s'" % xml_file)
Esempio n. 4
0
 def load_mapping_from_xml(self):
     try:
         base = minidom.parse(self.config['mapping_file'])
     except KeyError, ke:
         raise IntegrationError("Missing configuration option 'mapping_file'")
 def parse(self, report_xml):
     try:
         base = minidom.parse(report_xml)
     except Exception, e:
         raise FortifyIntegrationError("Error opening report xml (%s)" % report_xml)