def parse(self, report_xml):
try:
base = minidom.parse(report_xml)
except Exception as e:
raise FortifyIntegrationError("Error opening report xml %s Reason: %s" % (report_xml, str(e)))
self.id = ""
root = base.documentElement
if root.tagName != "ReportDefinition":
raise FortifyIntegrationError("Malformed report detected: ReportDefinition is not found")
report_sections = root.getElementsByTagName('ReportSection')
if not report_sections:
raise FortifyIntegrationError("Malformed report detected: ReportSection not found")
for report_section in report_sections:
titles = report_section.getElementsByTagName('Title')
if not titles:
raise FortifyIntegrationError("Malformed report detected: Title not found")
title = titles[0]
if title.firstChild.data == 'Issue Count by Category':
issue_listing = report_section.getElementsByTagName('IssueListing')[0]
grouping_sections = issue_listing.getElementsByTagName('GroupingSection')
for grouping_section in grouping_sections:
self.findings.append(self._make_raw_finding(grouping_section))
elif title.firstChild.data == 'Project Summary':
subsection = report_section.getElementsByTagName('SubSection')[0]
subsection_text = subsection.getElementsByTagName('Text')[0]
m = re.search('Build Label:\s*(.+)', subsection_text.firstChild.data)
if m:
self.id = m.group(1)
def parse_report_file(self, report_file, report_type):
if report_type != 'xml' and self.config['integration_mode'] == 'file':
raise UsageError("Unsupported file type (%s)" % report_type)
# Caller sent in an XML document
if report_type == 'xml_dom':
base = report_file
# XML has to be parsed
else:
try:
base = minidom.parse(report_file)
except Exception as err:
raise VeracodeIntegrationError("Error opening report xml (%s): %s" % (report_file, str(err)))
detailed_reports = base.getElementsByTagName('detailedreport')
if len(detailed_reports) != 1:
raise VeracodeIntegrationError('An unexpected number of detailedreport nodes found (%d)' %
len(detailed_reports))
dr = detailed_reports[0]
report_id = "%s (%s-b%s)" % (
dr.attributes['app_name'].value,
dr.attributes['app_id'].value,
dr.attributes['build_id'].value
)
findings = [self._make_raw_finding(node) for node in base.getElementsByTagName('flaw')]
# Veracode tracks 'fixed' flaws - prune them out
for flaw in list(findings):
if flaw['remediation_status'] == 'Fixed':
findings.remove(flaw)
return findings, report_id
def load_mapping_from_xml(self, xml_file):
self.mapping = {}
try:
base = minidom.parse(xml_file)
except Exception as e:
raise MappingError("An error occurred opening mapping file '%s': %s" % (xml_file, e))
for task in base.getElementsByTagName('task'):
confidence = 'low'
if task.attributes.has_key('confidence'):
confidence = task.attributes['confidence'].value
for weakness in task.getElementsByTagName('weakness'):
self._register_mapping(
weakness.attributes[self.weakness_attribute.lower()].value,
weakness.attributes['title'].value,
task.attributes['id'].value,
task.attributes['title'].value,
confidence,
weakness.attributes['cwe'] if weakness.attributes.has_key('cwe') else None
)
if not self.mapping:
raise MappingError("No mapping was found in file '%s'" % xml_file)
def load_mapping_from_xml(self):
try:
base = minidom.parse(self.config['mapping_file'])
except KeyError, ke:
raise IntegrationError("Missing configuration option 'mapping_file'")
def parse(self, report_xml):
try:
base = minidom.parse(report_xml)
except Exception, e:
raise FortifyIntegrationError("Error opening report xml (%s)" % report_xml)