Skip to content

merge #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jie-lin merged 26 commits into from
Feb 28, 2020
Merged

merge #1

Changes from 1 commit
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
ec77791
Merge pull request #83 from jie-lin/master
davewichers Sep 19, 2019
7920417
Add scorecard generation support for LGTM SAST.
davewichers Sep 22, 2019
be03bd1
Merge branch 'master' of https://github.com/OWASP/benchmark
davewichers Sep 22, 2019
2b6d779
Minor tweak to README
davewichers Oct 12, 2019
07ba24b
Add KiuwanReader.java and integrate with BenchmarkScore.java
davewichers Nov 2, 2019
0f9ffeb
fix kiuwan reader
mcprol Nov 10, 2019
36f6646
Enhance buildDockerImage script so it pulls ubuntu:latest every time …
davewichers Nov 11, 2019
1d47fd1
Enable the last 2 lines of the script, which I commented out for
davewichers Nov 11, 2019
34bddfd
Update HCLReader.java
Nov 13, 2019
ef29183
Added Checkmrax JSON parser
pnpo Nov 17, 2019
f4c7303
read analysis metadata from threadfix report
mcprol Nov 18, 2019
dc264e7
Merge pull request #85 from mcprol/master
davewichers Nov 18, 2019
5d073fb
Merge pull request #84 from Guluis/master
davewichers Nov 18, 2019
8bfc658
Completed processing of Checkmarx JSON files
pnpo Nov 23, 2019
4957c63
Merge pull request #86 from pnpo/master
davewichers Nov 23, 2019
d2a3ae1
Use CWE in findings list report instead of problem type mapping
jankuehl Dec 3, 2019
dd34136
Use problem type <-> CWE number mapping for older reports
jankuehl Dec 3, 2019
a53ec0a
Merge pull request #87 from RIGS-IT/xanitizer
davewichers Dec 3, 2019
453bc2e
Minor formatting improvements to BenchmarkScore.java
davewichers Dec 6, 2019
330794d
Update VeracodeReader.java
tjarrettveracode Dec 18, 2019
cfa5472
Update VeracodeReader.java
davewichers Dec 26, 2019
fd0a7ee
Merge pull request #89 from tjarrettveracode/master
davewichers Dec 26, 2019
c5cc852
Slight tweak to Dockerfile
davewichers Dec 27, 2019
8c33bae
Merge branch 'master' of https://github.com/OWASP/benchmark
davewichers Dec 27, 2019
f1f0256
Corrected issue with CWE parsing
cx-nuno-oliveira Jan 7, 2020
4d7c7ba
Merge pull request #91 from pnpo/master
davewichers Jan 10, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix kiuwan reader
  • Loading branch information
@mcprol
mcprol committed Nov 10, 2019
commit 0f9ffeb3d66110fbb840e41ef9f52d9570c49a7b
19 changes: 15 additions & 4 deletions src/main/java/org/owasp/benchmark/score/parsers/KiuwanReader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,15 +41,24 @@ public TestResults parse( File f ) throws Exception {
// String resultsFormatVersion = obj.getString( "version" ); // Note: no threadfix version info included in format.

JSONArray findings = obj.getJSONArray("findings");

String source = obj.getString("source");

TestResults tr = new TestResults( "Kiuwan", true, TestResults.ToolType.SAST);
TestResults tr = new TestResults(source, true, TestResults.ToolType.SAST);
// Scan time is not included in the threadfix schema. But scan time is provided on their web site next to results
tr.setTime(f); // This grabs the scan time out of the filename, if provided
// e.g., Benchmark_1.2_Kiuwan-660.threadfix, means the scan took 660 seconds.

// Set the version of Kiuwan used to do the scan (Can't because that info isn't provided)
// It is provided on their web site. Looks like: Engine version master.p561.q11382.a1870.i501
// tr.setToolVersion(driver.getString("version"));
// We will use the created date. format: "created":"2019-11-05T21:24:49Z"
String created = obj.getString("created");
if (null != created) {
created = created.replace("-", "");
created = created.replace(":", "");
created = created.trim();
tr.setToolVersion(created);
}

//System.out.println("Found: " + findings.length() + " findings.");
for (int i = 0; i < findings.length(); i++)
Expand All @@ -68,8 +77,10 @@ public TestResults parse( File f ) throws Exception {
private TestCaseResult parseKiuwanFinding(JSONObject finding) {
try {
TestCaseResult tcr = new TestCaseResult();
JSONObject staticDetails = finding.getJSONObject("staticDetails");
String filename = staticDetails.getJSONArray("dataFlow").getJSONObject(0).getString("file");
JSONObject staticDetails = finding.getJSONObject("staticDetails");
JSONArray dataFlow = staticDetails.getJSONArray("dataFlow");
int propagationPathLength = dataFlow.length()-1;
String filename = dataFlow.getJSONObject(propagationPathLength).getString("file");
filename = filename.substring( filename.lastIndexOf( '/' ) );
if ( filename.contains( BenchmarkScore.BENCHMARKTESTNAME ) ) {
String testNumber = filename.substring( BenchmarkScore.BENCHMARKTESTNAME.length() + 1, filename.length() - 5 );
Expand Down