[Fuego] [PATCH 11/11] vuls: rewrite all parsing related files

Daniel Sangorrin daniel.sangorrin at toshiba.co.jp
Wed Dec 27 06:32:55 UTC 2017


Before the parser was traversing the vuls report and creating
a test case per CVE found. This was not very efficient and
produced too many information in the run.json.

Instead we can do something more simple: parse only the summary
line that classifies vulnerabilities in 4 groups (HIGH, MEDIUM,
LOW and UNKNOWN) and apply a criteria on them. On Jenkins
we will only show HIGH and MEDIUM as a plot.

Signed-off-by: Daniel Sangorrin <daniel.sangorrin at toshiba.co.jp>
---
 engine/tests/Benchmark.vuls/chart_config.json |  3 +-
 engine/tests/Benchmark.vuls/criteria.json     | 28 ++++++++++++-----
 engine/tests/Benchmark.vuls/parser.py         | 25 ++++++++-------
 engine/tests/Benchmark.vuls/reference.json    | 45 +++++++++++++++++++++++++++
 4 files changed, 81 insertions(+), 20 deletions(-)
 create mode 100644 engine/tests/Benchmark.vuls/reference.json

diff --git a/engine/tests/Benchmark.vuls/chart_config.json b/engine/tests/Benchmark.vuls/chart_config.json
index 1849992..9f51d0f 100644
--- a/engine/tests/Benchmark.vuls/chart_config.json
+++ b/engine/tests/Benchmark.vuls/chart_config.json
@@ -1,3 +1,4 @@
 {
-    "chart_type": "testset_summary_table"
+    "chart_type": "measure_plot",
+    "measures": ["default.HIGH.Count", "default.MEDIUM.Count"]
 }
diff --git a/engine/tests/Benchmark.vuls/criteria.json b/engine/tests/Benchmark.vuls/criteria.json
index 91c0f8a..beaccaf 100644
--- a/engine/tests/Benchmark.vuls/criteria.json
+++ b/engine/tests/Benchmark.vuls/criteria.json
@@ -2,20 +2,32 @@
     "schema_version":"1.0",
     "criteria":[
         {
-            "tguid":"HIGH",
-            "max_fail": 0
+            "tguid":"default.HIGH.Count",
+            "reference":{
+                "value":0,
+                "operator":"le"
+            }
         },
         {
-            "tguid":"MEDIUM",
-            "max_fail": 100
+            "tguid":"default.MEDIUM.Count",
+            "reference":{
+                "value":100,
+                "operator":"le"
+            }
         },
         {
-            "tguid":"LOW",
-            "max_fail": 100
+            "tguid":"default.LOW.Count",
+            "reference":{
+                "value":200,
+                "operator":"le"
+            }
         },
         {
-            "tguid":"(unknown)",
-            "max_fail": 200
+            "tguid":"default.UNKNOWN.Count",
+            "reference":{
+                "value":100,
+                "operator":"le"
+            }
         }
     ]
 }
diff --git a/engine/tests/Benchmark.vuls/parser.py b/engine/tests/Benchmark.vuls/parser.py
index 3bfa196..e287a53 100644
--- a/engine/tests/Benchmark.vuls/parser.py
+++ b/engine/tests/Benchmark.vuls/parser.py
@@ -1,17 +1,20 @@
-#!/bin/python
+#!/usr/bin/python
+# See common.py for description of command-line arguments
 
-import os, re, sys
+import os, sys
 
 sys.path.insert(0, os.environ['FUEGO_CORE'] + '/engine/scripts/parser')
 import common as plib
 
-results = {}
-with open(plib.TEST_LOG) as f:
-    for line in f:
-        if line.startswith("CVE-"):
-            fields = line.split()
-            test_set = fields[2]
-            test_case = fields[0]
-            results[test_set+'.'+test_case] = "FAIL"
+measurements = {}
 
-sys.exit(plib.process(results))
+regex_string = '.*\(High:(\d+) Medium:(\d+) Low:(\d+) \?:(\d+)\)'
+matches = plib.parse_log(regex_string)
+
+if matches:
+    measurements['default.HIGH']    = [{"name": "Count", "measure" : float(matches[0][0])}]
+    measurements['default.MEDIUM']  = [{"name": "Count", "measure" : float(matches[0][1])}]
+    measurements['default.LOW']     = [{"name": "Count", "measure" : float(matches[0][2])}]
+    measurements['default.UNKNOWN'] = [{"name": "Count", "measure" : float(matches[0][3])}]
+
+sys.exit(plib.process(measurements))
diff --git a/engine/tests/Benchmark.vuls/reference.json b/engine/tests/Benchmark.vuls/reference.json
new file mode 100644
index 0000000..da279d8
--- /dev/null
+++ b/engine/tests/Benchmark.vuls/reference.json
@@ -0,0 +1,45 @@
+{
+    "test_sets":[
+        {
+            "name":"default",
+            "test_cases":[
+                {
+                    "name":"HIGH",
+                    "measurements":[
+                        {
+                            "name":"Count",
+                            "unit":"Number of Vulnerabilities"
+                        }
+                    ]
+                },
+                {
+                    "name":"MEDIUM",
+                    "measurements":[
+                        {
+                            "name":"Count",
+                            "unit":"Number of Vulnerabilities"
+                        }
+                    ]
+                },
+                {
+                    "name":"LOW",
+                    "measurements":[
+                        {
+                            "name":"Count",
+                            "unit":"Number of Vulnerabilities"
+                        }
+                    ]
+                },
+                {
+                    "name":"UNKNOWN",
+                    "measurements":[
+                        {
+                            "name":"Count",
+                            "unit":"Number of Vulnerabilities"
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}
-- 
2.7.4




More information about the Fuego mailing list