From c8c65ea813f75233c6de559a81645ca3c67e564d Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Mon, 18 Sep 2023 07:23:11 -0700
Subject: [PATCH] Delete scripts directory (#587)
* Delete scripts directory
Remove advisory parser script fix #586
* Update Changelog.md
* Update dependencies
* Fix json formatting in rules
---
Changelog.md | 10 ++
.../Microsoft.DevSkim.CLI.csproj | 2 +-
.../Microsoft.DevSkim.LanguageServer.csproj | 1 -
.../Microsoft.DevSkim.Tests.csproj | 2 +-
.../Microsoft.DevSkim.csproj | 2 +-
.../default/security/frameworks/android.json | 4 +-
.../security/xml/external_entities.json | 2 +-
scripts/advisory-parser.py | 125 ------------------
8 files changed, 16 insertions(+), 132 deletions(-)
delete mode 100644 scripts/advisory-parser.py
diff --git a/Changelog.md b/Changelog.md
index f92d4307..07ab0ecf 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [1.0.22] - 2023-09-14
+### Dependencies
+Update dependencies - incorporate a fix for an issue with JSONPath selection used for matching boolean values. https://github.com/microsoft/ApplicationInspector/pull/561
+
+### Rules
+Fix a JSON formatting error in the android debuggable rule
+
+### Miscellaneous
+Delete advisory parser script. #586
+
## [1.0.21] - 2023-09-11
### Dependencies
Update action versions for github workflows.
diff --git a/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj b/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj
index a374ce36..8e7090c3 100644
--- a/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj
+++ b/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj
@@ -37,7 +37,7 @@
-
+
diff --git a/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj b/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj
index 504a60fd..1efe25e2 100644
--- a/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj
+++ b/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj
@@ -13,7 +13,6 @@
-
diff --git a/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj b/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj
index 0b0f858b..f845b2f3 100644
--- a/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj
+++ b/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj
@@ -9,7 +9,7 @@
-
+
diff --git a/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj b/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj
index f1b8f5c0..70930b3a 100644
--- a/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj
+++ b/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj
@@ -24,7 +24,7 @@
-
+
diff --git a/rules/default/security/frameworks/android.json b/rules/default/security/frameworks/android.json
index 2e73c40b..18714dae 100644
--- a/rules/default/security/frameworks/android.json
+++ b/rules/default/security/frameworks/android.json
@@ -15,10 +15,10 @@
"patterns": [
{
"xpaths": ["//default:application/@android:debuggable"],
- "xpathnamespaces": {
+ "xpathnamespaces": {
"default": "http://maven.apache.org/POM/4.0.0",
"android": "http://schemas.android.com/apk/res/android"
- }
+ },
"pattern": "true",
"type": "regex",
"scopes": [
diff --git a/rules/default/security/xml/external_entities.json b/rules/default/security/xml/external_entities.json
index 68141321..bcc40633 100644
--- a/rules/default/security/xml/external_entities.json
+++ b/rules/default/security/xml/external_entities.json
@@ -84,7 +84,7 @@
}
],
"must-match": [
- "shouldResolveExternalEntities=TRUE",
+ "shouldResolveExternalEntities=TRUE"
],
"must-not-match": [
]
diff --git a/scripts/advisory-parser.py b/scripts/advisory-parser.py
deleted file mode 100644
index 48dad4ca..00000000
--- a/scripts/advisory-parser.py
+++ /dev/null
@@ -1,125 +0,0 @@
-from bs4 import BeautifulSoup
-import requests
-import copy
-import json
-import re
-import logging
-import sys
-
-logger = logging.getLogger(__name__)
-out_hdlr = logging.StreamHandler(sys.stderr)
-out_hdlr.setFormatter(logging.Formatter('%(asctime)s %(message)s'))
-out_hdlr.setLevel(logging.DEBUG)
-logger.addHandler(out_hdlr)
-
-RULE_TEMPLATE = {
- 'id': None,
- 'name': 'Vulnerable NuGet Library',
- "tags": [
- "Vulerable-Dependency.Library.NuGet"
- ],
- "severity": "moderate",
- "description": None,
- "replacement": "Upgrade this package to a later, unaffected version.",
- "rule_info": None,
- "applies_to": [
- "packages.config"
- ],
- "patterns": []
-}
-
-rule_number = 300000 # Starting number for rule ids
-
-def parse_top_url(url='https://technet.microsoft.com/en-us/security/advisories'):
- logger.debug('parse_top_url({0})'.format(url))
-
- html = requests.get(url).text
- soup = BeautifulSoup(html, 'html5lib')
-
- rules = []
-
- div = soup.find_all('div', id='sec_advisory')[0]
- for table in div.find_all('table'):
- try:
- for row in table.find_all('tr'):
- try:
- a = row.find_all('td')[2].a
- if not a:
- continue
- href = a['href']
- result = process_advisory(href)
- if result:
- rules.append(result)
-
- except Exception as msg:
- logger.warn('Error parsing advisory list: {0}'.format(msg))
- except Exception as m:
- logger.warn('Error parsing advisory list: {0}'.format(m))
-
- logger.debug('Processing complete, outputting result.')
- print(json.dumps(rules, indent=2))
-
-def is_correct_table(table):
- """Check to ensure we're in an advisory details table."""
- logger.debug('is_correct_table()')
-
- try:
- top_row = table.find_all('tr')[0]
- first_cell = top_row.find_all('td')[0]
- text = first_cell.get_text().strip().lower()
- return 'affected' in text
- except Exception as msg:
- logger.debug('Exception checking table: {0}'.format(msg))
- return False
-
-
-def process_advisory(url):
- """Process an advisory URL."""
- global rule_number, RULE_TEMPLATE
-
- logger.debug('process_advisory({0})'.format(url))
-
- html = requests.get(url).text
- soup = BeautifulSoup(html, 'html5lib')
-
- rule = copy.deepcopy(RULE_TEMPLATE)
- found = False
-
- rule['description'] = soup.find_all('h2')[0].get_text()
- rule['rule_info'] = url
- rule['id'] = 'DS{0}'.format(rule_number)
- rule_number += 1
-
- for table in soup.find_all('table'):
- if not is_correct_table(table):
- continue
-
- for row in table.find_all('tr')[2:]:
- cells = row.find_all('td')
- package_name = cells[0].get_text().strip()
- affected_version = ','.join(cells[1].strings)
-
- if not ('System.' in package_name or 'Microsoft.' in package_name):
- continue
-
- version_regex = []
- for version in re.split(r'[, ;]+', affected_version):
- # Ignore if version is blank / empty
- if version.strip() == '':
- continue
-
- version_regex.append(re.escape(version.strip()))
- found = True
-
- version_regex = '({0})'.format('|'.join(version_regex))
- logger.info('Added {0} {1}'.format(package_name, version_regex))
-
- rule['patterns'].append({
- 'pattern': '