From c8c65ea813f75233c6de559a81645ca3c67e564d Mon Sep 17 00:00:00 2001 From: Gabe Stocco <98900+gfs@users.noreply.github.com> Date: Mon, 18 Sep 2023 07:23:11 -0700 Subject: [PATCH] Delete scripts directory (#587) * Delete scripts directory Remove advisory parser script fix #586 * Update Changelog.md * Update dependencies * Fix json formatting in rules --- Changelog.md | 10 ++ .../Microsoft.DevSkim.CLI.csproj | 2 +- .../Microsoft.DevSkim.LanguageServer.csproj | 1 - .../Microsoft.DevSkim.Tests.csproj | 2 +- .../Microsoft.DevSkim.csproj | 2 +- .../default/security/frameworks/android.json | 4 +- .../security/xml/external_entities.json | 2 +- scripts/advisory-parser.py | 125 ------------------ 8 files changed, 16 insertions(+), 132 deletions(-) delete mode 100644 scripts/advisory-parser.py diff --git a/Changelog.md b/Changelog.md index f92d4307..07ab0ecf 100644 --- a/Changelog.md +++ b/Changelog.md @@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.22] - 2023-09-14 +### Dependencies +Update dependencies - incorporate a fix for an issue with JSONPath selection used for matching boolean values. https://github.com/microsoft/ApplicationInspector/pull/561 + +### Rules +Fix a JSON formatting error in the android debuggable rule + +### Miscellaneous +Delete advisory parser script. #586 + ## [1.0.21] - 2023-09-11 ### Dependencies Update action versions for github workflows. diff --git a/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj b/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj index a374ce36..8e7090c3 100644 --- a/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj +++ b/DevSkim-DotNet/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj @@ -37,7 +37,7 @@ - + diff --git a/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj b/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj index 504a60fd..1efe25e2 100644 --- a/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj +++ b/DevSkim-DotNet/Microsoft.DevSkim.LanguageServer/Microsoft.DevSkim.LanguageServer.csproj @@ -13,7 +13,6 @@ - diff --git a/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj b/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj index 0b0f858b..f845b2f3 100644 --- a/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj +++ b/DevSkim-DotNet/Microsoft.DevSkim.Tests/Microsoft.DevSkim.Tests.csproj @@ -9,7 +9,7 @@ - + diff --git a/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj b/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj index f1b8f5c0..70930b3a 100644 --- a/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj +++ b/DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj @@ -24,7 +24,7 @@ - + diff --git a/rules/default/security/frameworks/android.json b/rules/default/security/frameworks/android.json index 2e73c40b..18714dae 100644 --- a/rules/default/security/frameworks/android.json +++ b/rules/default/security/frameworks/android.json @@ -15,10 +15,10 @@ "patterns": [ { "xpaths": ["//default:application/@android:debuggable"], - "xpathnamespaces": { + "xpathnamespaces": { "default": "http://maven.apache.org/POM/4.0.0", "android": "http://schemas.android.com/apk/res/android" - } + }, "pattern": "true", "type": "regex", "scopes": [ diff --git a/rules/default/security/xml/external_entities.json b/rules/default/security/xml/external_entities.json index 68141321..bcc40633 100644 --- a/rules/default/security/xml/external_entities.json +++ b/rules/default/security/xml/external_entities.json @@ -84,7 +84,7 @@ } ], "must-match": [ - "shouldResolveExternalEntities=TRUE", + "shouldResolveExternalEntities=TRUE" ], "must-not-match": [ ] diff --git a/scripts/advisory-parser.py b/scripts/advisory-parser.py deleted file mode 100644 index 48dad4ca..00000000 --- a/scripts/advisory-parser.py +++ /dev/null @@ -1,125 +0,0 @@ -from bs4 import BeautifulSoup -import requests -import copy -import json -import re -import logging -import sys - -logger = logging.getLogger(__name__) -out_hdlr = logging.StreamHandler(sys.stderr) -out_hdlr.setFormatter(logging.Formatter('%(asctime)s %(message)s')) -out_hdlr.setLevel(logging.DEBUG) -logger.addHandler(out_hdlr) - -RULE_TEMPLATE = { - 'id': None, - 'name': 'Vulnerable NuGet Library', - "tags": [ - "Vulerable-Dependency.Library.NuGet" - ], - "severity": "moderate", - "description": None, - "replacement": "Upgrade this package to a later, unaffected version.", - "rule_info": None, - "applies_to": [ - "packages.config" - ], - "patterns": [] -} - -rule_number = 300000 # Starting number for rule ids - -def parse_top_url(url='https://technet.microsoft.com/en-us/security/advisories'): - logger.debug('parse_top_url({0})'.format(url)) - - html = requests.get(url).text - soup = BeautifulSoup(html, 'html5lib') - - rules = [] - - div = soup.find_all('div', id='sec_advisory')[0] - for table in div.find_all('table'): - try: - for row in table.find_all('tr'): - try: - a = row.find_all('td')[2].a - if not a: - continue - href = a['href'] - result = process_advisory(href) - if result: - rules.append(result) - - except Exception as msg: - logger.warn('Error parsing advisory list: {0}'.format(msg)) - except Exception as m: - logger.warn('Error parsing advisory list: {0}'.format(m)) - - logger.debug('Processing complete, outputting result.') - print(json.dumps(rules, indent=2)) - -def is_correct_table(table): - """Check to ensure we're in an advisory details table.""" - logger.debug('is_correct_table()') - - try: - top_row = table.find_all('tr')[0] - first_cell = top_row.find_all('td')[0] - text = first_cell.get_text().strip().lower() - return 'affected' in text - except Exception as msg: - logger.debug('Exception checking table: {0}'.format(msg)) - return False - - -def process_advisory(url): - """Process an advisory URL.""" - global rule_number, RULE_TEMPLATE - - logger.debug('process_advisory({0})'.format(url)) - - html = requests.get(url).text - soup = BeautifulSoup(html, 'html5lib') - - rule = copy.deepcopy(RULE_TEMPLATE) - found = False - - rule['description'] = soup.find_all('h2')[0].get_text() - rule['rule_info'] = url - rule['id'] = 'DS{0}'.format(rule_number) - rule_number += 1 - - for table in soup.find_all('table'): - if not is_correct_table(table): - continue - - for row in table.find_all('tr')[2:]: - cells = row.find_all('td') - package_name = cells[0].get_text().strip() - affected_version = ','.join(cells[1].strings) - - if not ('System.' in package_name or 'Microsoft.' in package_name): - continue - - version_regex = [] - for version in re.split(r'[, ;]+', affected_version): - # Ignore if version is blank / empty - if version.strip() == '': - continue - - version_regex.append(re.escape(version.strip())) - found = True - - version_regex = '({0})'.format('|'.join(version_regex)) - logger.info('Added {0} {1}'.format(package_name, version_regex)) - - rule['patterns'].append({ - 'pattern': '