fixed rules and tests

microsoft · Jan 17, 2018 · 5761651 · 5761651
1 parent 8dea226
commit 5761651
Show file tree

Hide file tree

Showing 26 changed files with 172 additions and 346 deletions.
diff --git a/rules/default/security/api/tests/DS108330.test b/rules/default/security/api/tests/DS108330.test
@@ -0,0 +1,10 @@
+line: 5
+=====
+int main ()
+{
+  char str1[20];
+  char str2[20];
+  strncat (str1, str2, 6);
+
+  return 0;
+}
diff --git a/rules/default/security/api/tests/DS111237.test b/rules/default/security/api/tests/DS111237.test
@@ -0,0 +1,12 @@
+line: 7
+====
+int main ()
+{
+  char str1[]= "To be or not to be";
+  char str2[40];
+  char str3[40];
+
+  strncpy ( str2, str1, sizeof(str2) );
+
+  return 0;
+}
diff --git a/rules/default/security/api/tests/DS141863.test b/rules/default/security/api/tests/DS141863.test
@@ -0,0 +1,8 @@
+line: 4
+====
+int main ()
+{
+  char str[80];  
+  strcat (str,"strings ");
+  return 0;
+}
diff --git a/rules/default/security/api/tests/DS154189.test b/rules/default/security/api/tests/DS154189.test
@@ -0,0 +1,11 @@
+line: 5
+line: 6
+=====
+int main ()
+{
+  char buffer [50];
+  int n, a=5, b=3;
+  n=sprintf (buffer, "%d plus %d is %d", a, b, a+b);
+  printf ("[%s] is a string %d chars long\n",buffer,n);
+  return 0;
+}
diff --git a/rules/default/security/api/tests/DS181021.test b/rules/default/security/api/tests/DS181021.test
@@ -0,0 +1,10 @@
+line: 5
+=====
+int main()
+{
+  char string [256];
+
+  gets (string);     // warning: unsafe (see fgets instead)
+
+  return 0;
+}
diff --git a/rules/default/security/api/tests/DS185832.test b/rules/default/security/api/tests/DS185832.test
@@ -0,0 +1,13 @@
+line: 6
+line: 7
+=====
+int main ()
+{
+  char str1[]="Sample string";
+  char str2[40];
+  char str3[40];
+  strcpy (str2,str1);
+  strcpy (str3,"copy successful");
+
+  return 0;
+}
diff --git a/...ecurity/control_flow/tests/DS113286.test1 → ...security/control_flow/tests/DS113286.TODO b/...ecurity/control_flow/tests/DS113286.test1 → ...security/control_flow/tests/DS113286.TODO
diff --git a/rules/default/security/cryptography/certificate.json b/rules/default/security/cryptography/certificate.json
@@ -68,14 +68,6 @@
                 ],
                 "_comment": ""
             },
-            {
-                "pattern": "setValidatesSecureCertificate:\\s*NO",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
             {
                 "pattern": "validatesSecureCertificate\\s*=\\s*NO",
                 "type": "regex",

diff --git a/...y/cryptography/tests/DS106865.investigate → ...security/cryptography/tests/DS106865.TODO b/...y/cryptography/tests/DS106865.investigate → ...security/cryptography/tests/DS106865.TODO
diff --git a/...y/cryptography/tests/DS108647.investigate → ...security/cryptography/tests/DS108647.test b/...y/cryptography/tests/DS108647.investigate → ...security/cryptography/tests/DS108647.test
diff --git a/...y/cryptography/tests/DS181865.investigate → ...security/cryptography/tests/DS181865.test b/...y/cryptography/tests/DS181865.investigate → ...security/cryptography/tests/DS181865.test
diff --git a/...y/cryptography/tests/DS182720.investigate → ...security/cryptography/tests/DS182720.test b/...y/cryptography/tests/DS182720.investigate → ...security/cryptography/tests/DS182720.test
@@ -1,4 +1,5 @@
 line: 3
+line: 3 expect DS175862
 ===============================================
 <?php
 

diff --git a/...y/cryptography/tests/DS197800.investigate → ...security/cryptography/tests/DS197800.test b/...y/cryptography/tests/DS197800.investigate → ...security/cryptography/tests/DS197800.test
diff --git a/...curity/privacy/tests/DS117838.investigate → ...ault/security/privacy/tests/DS117838.test b/...curity/privacy/tests/DS117838.investigate → ...ault/security/privacy/tests/DS117838.test
diff --git a/rules/default/security/privacy/tests/DS165348.test b/rules/default/security/privacy/tests/DS165348.test
@@ -0,0 +1,3 @@
+line: 1
+=====
+uniqueIdentifier
diff --git a/rules/default/security/storage/tests/DS191340.TODO b/rules/default/security/storage/tests/DS191340.TODO
diff --git a/rules/default/security/vulnerable_libraries/microsoft_nuget.json b/rules/default/security/vulnerable_libraries/microsoft_nuget.json
@@ -192,126 +192,5 @@
                 "_comment": ""
             }
         ]
-    },
-    {
-        "name": "Vulnerable NuGet Library",
-        "id": "DS300006",
-        "description": "Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege",
-        "recommendation": "Upgrade this package to a later, unaffected version.",
-        "applies_to": [
-            "packages.config"
-        ],
-        "tags": [
-            "Vulerable-Dependency.Library.NuGet"
-        ],
-        "severity": "moderate",
-        "_comment": "",
-        "rule_info": "3181759",
-        "patterns": [
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Abstractions\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.ApiExplorer\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Core\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Cors\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.DataAnnotations\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Formatters.Json\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Formatters.Xml\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Localization\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Razor\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.Razor.Host\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.TagHelpers\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.ViewFeatures\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            },
-            {
-                "pattern": "<package id=\"Microsoft.AspNetCore.Mvc.WebApiCompatShim\" version=\"(1\\.0\\.0)\"",
-                "type": "regex",
-                "scopes": [
-                    "code"
-                ],
-                "_comment": ""
-            }
-        ]
     }
 ]
diff --git a/rules/default/security/xml/tests/DS132780.test b/rules/default/security/xml/tests/DS132780.test
@@ -0,0 +1,3 @@
+line: 1
+======
+shouldResolveExternalEntities=TRUE
diff --git a/rules/default/security/xml/tests/DS132790.test b/rules/default/security/xml/tests/DS132790.test
@@ -0,0 +1,3 @@
+line: 1
+=========
+setShouldResolveExternalEntities: YES
diff --git a/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Commands/TestCommand.cs b/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Commands/TestCommand.cs
@@ -17,14 +17,20 @@ public static void Configure(CommandLineApplication command)
             var locationArgument = command.Argument("[path]",
                                                     "Path to rules");
 
+            var coverageOption = command.Option("-c|--coverage",
+                                              "Test coverage information",
+                                              CommandOptionType.NoValue);
+
             command.OnExecute(() => {
-                return (new TestCommand(locationArgument.Value)).Run();
+                return (new TestCommand(locationArgument.Value, 
+                                        coverageOption.HasValue())).Run();
             });
         }
 
-        public TestCommand(string path)            
+        public TestCommand(string path, bool coverage)
         {
             _path = path;
+            _coverage = coverage;
         }
 
         public int Run()
@@ -40,11 +46,11 @@ public int Run()
                 return (int)ExitCode.IssuesExists;
 
             Tester tester = new Tester(verifier.CompiledRuleset);
-            tester.Run(_path);
-
-            return (int)ExitCode.NoIssues;
+            tester.DoCoverage = _coverage;
+            return tester.Run(_path);            
         }
 
         private string _path;
+        private bool _coverage;
     }
 }
diff --git a/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj b/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj
@@ -9,7 +9,7 @@
     <ApplicationIcon />
     <PackageId>Microsoft.DevSkim.CLI</PackageId>
     <Product>Microsoft DevSkim Command Line Interface</Product>
-    <Version>0.1.7</Version>
+    <Version>0.1.8</Version>
     <Authors>Microsoft</Authors>
     <Company>Microsoft</Company>
     <Copyright>(c) Microsoft Corporation. All rights reserved</Copyright>

diff --git a/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Properties/launchSettings.json b/src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Properties/launchSettings.json
@@ -2,7 +2,7 @@
   "profiles": {
     "Microsoft.DevSkim.CLI": {
       "commandName": "Project",
-      "commandLineArgs": "test d:\\projects\\DevSkim\\rules"
+      "commandLineArgs": "test d:\\A\\rules -c"
     }
   }
 }