[Fuego] [PATCH 11/11] vuls: rewrite all parsing related files
Daniel Sangorrin
daniel.sangorrin at toshiba.co.jp
Wed Dec 27 06:32:55 UTC 2017
Before the parser was traversing the vuls report and creating
a test case per CVE found. This was not very efficient and
produced too many information in the run.json.
Instead we can do something more simple: parse only the summary
line that classifies vulnerabilities in 4 groups (HIGH, MEDIUM,
LOW and UNKNOWN) and apply a criteria on them. On Jenkins
we will only show HIGH and MEDIUM as a plot.
Signed-off-by: Daniel Sangorrin <daniel.sangorrin at toshiba.co.jp>
---
engine/tests/Benchmark.vuls/chart_config.json | 3 +-
engine/tests/Benchmark.vuls/criteria.json | 28 ++++++++++++-----
engine/tests/Benchmark.vuls/parser.py | 25 ++++++++-------
engine/tests/Benchmark.vuls/reference.json | 45 +++++++++++++++++++++++++++
4 files changed, 81 insertions(+), 20 deletions(-)
create mode 100644 engine/tests/Benchmark.vuls/reference.json
diff --git a/engine/tests/Benchmark.vuls/chart_config.json b/engine/tests/Benchmark.vuls/chart_config.json
index 1849992..9f51d0f 100644
--- a/engine/tests/Benchmark.vuls/chart_config.json
+++ b/engine/tests/Benchmark.vuls/chart_config.json
@@ -1,3 +1,4 @@
{
- "chart_type": "testset_summary_table"
+ "chart_type": "measure_plot",
+ "measures": ["default.HIGH.Count", "default.MEDIUM.Count"]
}
diff --git a/engine/tests/Benchmark.vuls/criteria.json b/engine/tests/Benchmark.vuls/criteria.json
index 91c0f8a..beaccaf 100644
--- a/engine/tests/Benchmark.vuls/criteria.json
+++ b/engine/tests/Benchmark.vuls/criteria.json
@@ -2,20 +2,32 @@
"schema_version":"1.0",
"criteria":[
{
- "tguid":"HIGH",
- "max_fail": 0
+ "tguid":"default.HIGH.Count",
+ "reference":{
+ "value":0,
+ "operator":"le"
+ }
},
{
- "tguid":"MEDIUM",
- "max_fail": 100
+ "tguid":"default.MEDIUM.Count",
+ "reference":{
+ "value":100,
+ "operator":"le"
+ }
},
{
- "tguid":"LOW",
- "max_fail": 100
+ "tguid":"default.LOW.Count",
+ "reference":{
+ "value":200,
+ "operator":"le"
+ }
},
{
- "tguid":"(unknown)",
- "max_fail": 200
+ "tguid":"default.UNKNOWN.Count",
+ "reference":{
+ "value":100,
+ "operator":"le"
+ }
}
]
}
diff --git a/engine/tests/Benchmark.vuls/parser.py b/engine/tests/Benchmark.vuls/parser.py
index 3bfa196..e287a53 100644
--- a/engine/tests/Benchmark.vuls/parser.py
+++ b/engine/tests/Benchmark.vuls/parser.py
@@ -1,17 +1,20 @@
-#!/bin/python
+#!/usr/bin/python
+# See common.py for description of command-line arguments
-import os, re, sys
+import os, sys
sys.path.insert(0, os.environ['FUEGO_CORE'] + '/engine/scripts/parser')
import common as plib
-results = {}
-with open(plib.TEST_LOG) as f:
- for line in f:
- if line.startswith("CVE-"):
- fields = line.split()
- test_set = fields[2]
- test_case = fields[0]
- results[test_set+'.'+test_case] = "FAIL"
+measurements = {}
-sys.exit(plib.process(results))
+regex_string = '.*\(High:(\d+) Medium:(\d+) Low:(\d+) \?:(\d+)\)'
+matches = plib.parse_log(regex_string)
+
+if matches:
+ measurements['default.HIGH'] = [{"name": "Count", "measure" : float(matches[0][0])}]
+ measurements['default.MEDIUM'] = [{"name": "Count", "measure" : float(matches[0][1])}]
+ measurements['default.LOW'] = [{"name": "Count", "measure" : float(matches[0][2])}]
+ measurements['default.UNKNOWN'] = [{"name": "Count", "measure" : float(matches[0][3])}]
+
+sys.exit(plib.process(measurements))
diff --git a/engine/tests/Benchmark.vuls/reference.json b/engine/tests/Benchmark.vuls/reference.json
new file mode 100644
index 0000000..da279d8
--- /dev/null
+++ b/engine/tests/Benchmark.vuls/reference.json
@@ -0,0 +1,45 @@
+{
+ "test_sets":[
+ {
+ "name":"default",
+ "test_cases":[
+ {
+ "name":"HIGH",
+ "measurements":[
+ {
+ "name":"Count",
+ "unit":"Number of Vulnerabilities"
+ }
+ ]
+ },
+ {
+ "name":"MEDIUM",
+ "measurements":[
+ {
+ "name":"Count",
+ "unit":"Number of Vulnerabilities"
+ }
+ ]
+ },
+ {
+ "name":"LOW",
+ "measurements":[
+ {
+ "name":"Count",
+ "unit":"Number of Vulnerabilities"
+ }
+ ]
+ },
+ {
+ "name":"UNKNOWN",
+ "measurements":[
+ {
+ "name":"Count",
+ "unit":"Number of Vulnerabilities"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
--
2.7.4
More information about the Fuego
mailing list