functions/ConvertFrom-SARIFToCodeDx.ps1
|
<#
.SYNOPSIS Converts a SARIF JSON report to a Code Dx report for importing results. .DESCRIPTION Used to convert a SARIF JSON report file to a Code Dx XML format so it can be imported. .EXAMPLE ConvertFrom-SARIFToCodeDX [scan_file_to_process] [output_directory] #> Function ConvertFrom-SARIFToCodeDx { [cmdletbinding()] param( [Parameter(Mandatory=$true)] [string]$SourceScanFilepath, [Parameter(Mandatory=$true)] [string]$OutputDir ) #Setup variables $CDate = Get-Date -format "yyyy-MM-dd-HHmmss" $OutputFilePath = $OutputDir.Trim("""") + "\TS2CDX-" + $CDate + ".xml" # Enable for Debugging # #$SARIFFilePath = "SARIF.json" #$OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code Dx\TS2CDX-" + $CDate + ".xml" $SourceScanFile = $SourceScanFilepath.Trim("""") $ToolName = "SARIF" $NativeIDName = "Scanner uniqueId" $NativeID $cwe $description $locationFile $locationLine $reportDate #Setup Code Dx output doc [xml]$doc = New-Object System.Xml.XmlDocument $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null) $updateXML= $doc.AppendChild($dec) $reportComment = "SARIF to Code Dx - Generated $CDate" $updateXML= $doc.AppendChild($doc.CreateComment($reportComment)) $root = $doc.CreateNode("element","report",$null) #read source SARIF file and create custom PSO $SourceScanData = Get-Content -Encoding UTF8 -Raw -Path $SourceScanFile | ConvertFrom-Json #pull report date attributes and reformat for Code Dx file $reportDate = $SourceScanData.createdTime.SubString(0,10) $reportDate = [datetime]::parseexact($reportDate, 'dd/MM/yyyy', $null) $reportDate = $reportDate.ToString('yyyy-MM-dd') #Set Root attributes $root.SetAttribute("date",$reportDate) $root.SetAttribute("tool",$ToolName) #create findings Element $fds = $doc.CreateNode("element","findings",$null) #Get parent array of results $Results = $SourceScanData.results $Results | ForEach-Object{ #capture language for use in finding metadata $resultLanguage = $_.language #fetch results object from within results object. $subResults = $_.results If ($subResults.Count -gt 0){ $subResults | ForEach-Object{ #fetch vulns $vulns = $_.vulnerabilities If ($vulns.Count -gt 0){ #capture result level information $sev = $_.risk.ToLower() $code = $_.name $resDesc = $_.description $resRec = $_.recommendation #drill into each vulnerability $vulns | ForEach-Object{ #Create Code Dx elements $fd = $doc.CreateNode("element","finding",$null) $id = $doc.CreateNode("element","native-id",$null) $cwe = $doc.CreateNode("element","cwe",$null) $desc = $doc.CreateNode("element","description",$null) $tl = $doc.CreateNode("element","tool",$null) $loc = $doc.CreateNode("element","location",$null) $ln = $doc.CreateNode("element","line",$null) $md = $doc.CreateNode("element","metadata",$null) #Set finding "fd" attributes $fd.SetAttribute("severity", $_.risk.ToLower()) $fd.SetAttribute("type","static") If ($_.vulnerabilities.falsePositive){ $fd.SetAttribute("status", "false-positive") } else { $fd.SetAttribute("status", "new") } #Set Native ID attributes $id.SetAttribute("name",$NativeIDName) $id.SetAttribute("value", $_.uniqueId) #Set CWE attributes $cwe.SetAttribute("id", $_.cwe.SubString(4)) #Set Tool attributes $tl.SetAttribute("name",$ToolName) $tl.SetAttribute("category","Security") $tl.SetAttribute("code", $_.vulnerabilityType) #set line attributes $ln.SetAttribute("end", $_.functionCalls.line) $ln.SetAttribute("start", $_.functionCalls.line) $updateXML= $loc.AppendChild($ln) #build location node and attributes $loc.SetAttribute("type","file") $loc.SetAttribute("path", $_.vulnerableProjectFile) #Set description attributes $desc.SetAttribute("format", "plain-text") $desc.InnerText = $resDesc #Capture current vuln for use later $vo = $_ #Build most of the Metadata Node "vulnerableFunction","vulnerableFunctionCall","inputVariable","functionCalls" | forEach { If($_ -ne "functionCalls"){ $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key",$_) $e.InnerText = $vo.$_ $updateXML= $md.AppendChild($e) } else { $fc = $vo.$_ "name","line","file" | forEach{ $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Function Call $_") $e.InnerText = $fc.$_ $updateXML= $md.AppendChild($e) } } } #Add recommendation element to Metadata $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","Recommendation") $e.InnerText = $resRec $updateXML= $md.AppendChild($e) #Build Dataflow metadata $flow = $_.userInputFlow $e = $doc.CreateNode("element","value",$null) $e.SetAttribute("key","User Input Flow") $dataflowtext = "" for ($i=0; $i -lt $flow.length; $i++) { $dataflowtext = $dataflowtext + $flow[$i].name $dataflowtext = $dataflowtext + " at line " + $flow[$i].line $dataflowtext = $dataflowtext + " in file " + $flow[$i].file if(($i+1) -lt $flow.length){ $dataflowtext = $dataflowtext + " --> " } } $e.InnerText = $dataflowtext $updateXML= $md.AppendChild($e) #append remaining children to finding $updateXML= $fd.AppendChild($id) $updateXML= $fd.AppendChild($cwe) $updateXML= $fd.AppendChild($tl) $updateXML= $fd.AppendChild($loc) $updateXML= $fd.AppendChild($desc) $updateXML= $fd.AppendChild($md) #append finding to findings $updateXML= $fds.AppendChild($fd) } } } } } $updateXML= $root.AppendChild($fds) $updateXML= $doc.AppendChild($root) | Out-Null Write-Host "Outputing file to: $OutputFilePath" $doc.Save($OutputFilePath) } |