-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathparser.py
More file actions
52 lines (41 loc) · 1.89 KB
/
parser.py
File metadata and controls
52 lines (41 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
"""Provide classes for parsing Bearer analysis results.
This module defines `BearerFinding` and `BearerAnalysisResult` to process
the JSON output from a Bearer scan, converting it into the standardized
format used by CodeSecTools.
"""
from itertools import chain
import yaml
from codesectools.sasts.core.parser.format.SARIF import Result
from codesectools.sasts.core.parser.format.SARIF.parser import SARIFAnalysisResult
from codesectools.shared.cwe import CWE, CWEs
from codesectools.utils import USER_CACHE_DIR
BEARER_RULES_DIR = USER_CACHE_DIR / "bearer-rules" / "rules"
class BearerAnalysisResult(SARIFAnalysisResult):
"""Represent the complete result of a Bearer analysis from a SARIF file."""
sast_name = "Bearer"
@staticmethod
# @Cache(BEARER_RULES_DIR / ".cstools_cache").memoize(expire=None)
def get_raw_rules() -> dict:
"""Load and return all Bearer rules from the cached YAML files."""
raw_rules = {}
if BEARER_RULES_DIR.is_dir():
rule_paths = chain(
BEARER_RULES_DIR.rglob("*.yml"), BEARER_RULES_DIR.rglob("*.yaml")
)
for rule_path in rule_paths:
try:
data = yaml.safe_load(rule_path.open("r"))
rule_id = data["metadata"]["id"]
raw_rules[rule_id] = data
for aux in data.get("auxiliary", []):
raw_rules[aux["id"]] = data
except (TypeError, KeyError, yaml.composer.ComposerError): # ty:ignore[possibly-missing-submodule]
pass
return raw_rules
def get_cwe(self, result: Result, rule_id: str) -> CWE:
"""Get the CWE for a given rule ID."""
raw_rule = self.raw_rules[rule_id]
if cwe_ids := raw_rule["metadata"].get("cwe_id"):
cwe_id = int(cwe_ids[0])
return CWEs.from_id(cwe_id)
return CWEs.NOCWE