def parse(self): if self.config['integration_mode'] == 'file': super(FortifyIntegrator, self).parse() elif self.config['integration_mode'] == 'ssc': self.importer = FortifySSCImporter(self.config) self.importer.run() self.report_id = self.importer.id
class FortifyIntegrator(BaseIntegrator): TOOL_NAME = "fortify" DEFAULT_MAPPING_FILE = 'sde_fortify_map.csv' def __init__(self, config): supported_input_types = { 'file': ["xml", "fpr", "fvdl"], 'network': 'https' } config.opts.add("import_blacklist", "Do not import issues which have been triaged with these " + "statuses (i.e. 'Bad Practice, Not an Issue').", "a", "Not an Issue") config.opts.add('integration_mode', "Integration mode: (ssc or file)", default='file') config.opts.add('analysis_method', 'http vs https for Fortify SSC server', default='https') config.opts.add('analysis_server', 'Fortify SSC server name or IP', default='') config.opts.add('analysis_context_root', 'Context root for Fortify SSC server', default='') config.opts.add('analysis_user', 'Fortify SSC user', default='') config.opts.add('analysis_pass', 'Fortify SSC password', default='') config.opts.add('analysis_api_token', 'Fortify SSC authtoken (AnalysisDownloadToken permission)', default='') config.opts.add('ssc_project_name', 'Fortify Project name', default='') config.opts.add('ssc_project_version', 'Fortify Project version', default='') super(FortifyIntegrator, self).__init__(config, self.TOOL_NAME, supported_input_types) self.raw_findings = [] self.importer = None def initialize(self): self.config.process_list_config('import_blacklist') if self.config['integration_mode'] == 'ssc': for config_key in ['analysis_method', 'analysis_server', 'ssc_project_name', 'ssc_project_version']: if not self.config[config_key]: raise UsageError("Missing value for option %s" % config_key) if not self.config['analysis_api_token']: for config_key in ['analysis_user', 'analysis_pass']: if not self.config[config_key]: raise UsageError("Missing value for option %s" % config_key) # disable file support self.supported_input_types.pop('file') super(FortifyIntegrator, self).initialize() elif self.config['integration_mode'] == 'file': super(FortifyIntegrator, self).initialize() else: raise UsageError("Invalid value for integration_mode. Valid values are: ssc or file") def parse_report_file(self, report_file, report_type): if report_type == 'xml': importer = FortifyReportImporter() elif report_type == 'fpr': importer = FortifyFPRImporter(self.config['import_blacklist']) elif report_type == 'fvdl': importer = FortifyFVDLImporter() else: raise FortifyIntegrationError("Unsupported file type (%s)" % report_type) importer.parse(report_file) self.findings = importer.findings self.report_id = importer.id return importer.findings, importer.id def parse(self): if self.config['integration_mode'] == 'file': super(FortifyIntegrator, self).parse() elif self.config['integration_mode'] == 'ssc': self.importer = FortifySSCImporter(self.config) self.importer.run() self.report_id = self.importer.id def _make_finding(self, item): return {'weakness_id': item['id'], 'description': item['description'], 'count': item['count']} def generate_findings(self): return [self._make_finding(item) for item in self.findings]