def parse(self):
if self.config['integration_mode'] == 'file':
super(FortifyIntegrator, self).parse()
elif self.config['integration_mode'] == 'ssc':
self.importer = FortifySSCImporter(self.config)
self.importer.run()
self.report_id = self.importer.id
class FortifyIntegrator(BaseIntegrator):
TOOL_NAME = "fortify"
DEFAULT_MAPPING_FILE = 'sde_fortify_map.csv'
def __init__(self, config):
supported_input_types = {
'file': ["xml", "fpr", "fvdl"],
'network': 'https'
}
config.opts.add("import_blacklist", "Do not import issues which have been triaged with these " +
"statuses (i.e. 'Bad Practice, Not an Issue').", "a", "Not an Issue")
config.opts.add('integration_mode', "Integration mode: (ssc or file)", default='file')
config.opts.add('analysis_method', 'http vs https for Fortify SSC server', default='https')
config.opts.add('analysis_server', 'Fortify SSC server name or IP', default='')
config.opts.add('analysis_context_root', 'Context root for Fortify SSC server', default='')
config.opts.add('analysis_user', 'Fortify SSC user', default='')
config.opts.add('analysis_pass', 'Fortify SSC password', default='')
config.opts.add('analysis_api_token', 'Fortify SSC authtoken (AnalysisDownloadToken permission)', default='')
config.opts.add('ssc_project_name', 'Fortify Project name', default='')
config.opts.add('ssc_project_version', 'Fortify Project version', default='')
super(FortifyIntegrator, self).__init__(config, self.TOOL_NAME, supported_input_types)
self.raw_findings = []
self.importer = None
def initialize(self):
self.config.process_list_config('import_blacklist')
if self.config['integration_mode'] == 'ssc':
for config_key in ['analysis_method', 'analysis_server', 'ssc_project_name', 'ssc_project_version']:
if not self.config[config_key]:
raise UsageError("Missing value for option %s" % config_key)
if not self.config['analysis_api_token']:
for config_key in ['analysis_user', 'analysis_pass']:
if not self.config[config_key]:
raise UsageError("Missing value for option %s" % config_key)
# disable file support
self.supported_input_types.pop('file')
super(FortifyIntegrator, self).initialize()
elif self.config['integration_mode'] == 'file':
super(FortifyIntegrator, self).initialize()
else:
raise UsageError("Invalid value for integration_mode. Valid values are: ssc or file")
def parse_report_file(self, report_file, report_type):
if report_type == 'xml':
importer = FortifyReportImporter()
elif report_type == 'fpr':
importer = FortifyFPRImporter(self.config['import_blacklist'])
elif report_type == 'fvdl':
importer = FortifyFVDLImporter()
else:
raise FortifyIntegrationError("Unsupported file type (%s)" % report_type)
importer.parse(report_file)
self.findings = importer.findings
self.report_id = importer.id
return importer.findings, importer.id
def parse(self):
if self.config['integration_mode'] == 'file':
super(FortifyIntegrator, self).parse()
elif self.config['integration_mode'] == 'ssc':
self.importer = FortifySSCImporter(self.config)
self.importer.run()
self.report_id = self.importer.id
def _make_finding(self, item):
return {'weakness_id': item['id'], 'description': item['description'], 'count': item['count']}
def generate_findings(self):
return [self._make_finding(item) for item in self.findings]
