def test_flawfinder_interfacev2(self): testfile = open(path.join(path.dirname(__file__), "../scans/sarif/flawfinder.sarif")) parser = SarifParser() tests = parser.get_tests(parser.get_scan_types()[0], testfile) self.assertEqual(1, len(tests)) findings = tests[0].findings self.assertEqual(53, len(findings)) for finding in findings: self.common_checks(finding) with self.subTest(i=0): finding = findings[0] self.assertEqual( "random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).", finding.title, ) self.assertEqual("Critical", finding.severity) description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). **Snippet:** ``` is.setstate(std::ios::failbit);``` **Rule name:** random/setstate **Rule short description:** This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).""" self.assertEqual(description, finding.description) self.assertEqual("src/tree/param.cc", finding.file_path) self.assertEqual(29, finding.line) self.assertEqual(327, finding.cwe) self.assertEqual("FF1048", finding.vuln_id_from_tool) self.assertEqual("https://cwe.mitre.org/data/definitions/327.html", finding.references) with self.subTest(i=20): finding = findings[20] self.assertEqual( "buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120).", finding.title, ) self.assertEqual("Info", finding.severity) description = """**Result message:** buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). **Snippet:** ``` std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);``` **Rule name:** buffer/memcpy **Rule short description:** Does not check for buffer overflows when copying to destination (CWE-120).""" self.assertEqual(description, finding.description) self.assertEqual("src/common/io.cc", finding.file_path) self.assertEqual(31, finding.line) self.assertEqual(120, finding.cwe) self.assertEqual("FF1004", finding.vuln_id_from_tool) self.assertEqual('https://cwe.mitre.org/data/definitions/120.html', finding.references) with self.subTest(i=52): finding = findings[52] self.assertEqual("buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).", finding.title) self.assertEqual("Critical", finding.severity) description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). **Snippet:** ``` if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {``` **Rule name:** buffer/sscanf **Rule short description:** The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).""" self.assertEqual(description, finding.description) self.assertEqual("src/cli_main.cc", finding.file_path) self.assertEqual(482, finding.line) self.assertEqual("FF1021", finding.vuln_id_from_tool) self.assertEqual("https://cwe.mitre.org/data/definitions/120.html", finding.references)
def test_appendix_k1_double_interfacev2(self): testfile = open(path.join(path.dirname(__file__), "../scans/sarif/appendix_k1_double.sarif")) parser = SarifParser() tests = parser.get_tests(parser.get_scan_types()[0], testfile) self.assertEqual(2, len(tests)) with self.subTest(test=0): test = tests[0] self.assertEqual("CodeScanner", test.type) findings = test.findings self.assertEqual(0, len(findings)) with self.subTest(test=1): test = tests[1] self.assertEqual("OtherScanner", test.type) findings = test.findings self.assertEqual(0, len(findings))