Skip to content

Commit

Permalink
add SARIF file test
Browse files Browse the repository at this point in the history
  • Loading branch information
@shaopeng-gh
shaopeng-gh committed Mar 16, 2022
1 parent af8f2fc commit e6ee5a0
Show file tree
Hide file tree
Showing 4 changed files with 166 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/ReleaseHistory.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
## UNRELEASED

* BUGFIX: Eliminate dispose of stream and `StreamWriter` arguments passed to `SarifLog.Save` helpers. This would result in `ObjectDisposedException` being raised on attempt to access streams after save.
* BREAKING: `Id` property of `Location` changed from `int`(32bit) to `BigInteger`(unlimited) to fix `error ERR999.UnhandledEngineException : Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.` [#2463](https://github.com/microsoft/sarif-sdk/pull/2463)
* BREAKING: `Id` property of `Location` changed from `int`(32bit) to `BigInteger`(unlimited) to fix `Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.` [#2463](https://github.com/microsoft/sarif-sdk/pull/2463)

## **v2.4.13** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.13) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.13) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.13) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.13) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.13)

Expand Down
13 changes: 13 additions & 0 deletions src/Test.UnitTests.Sarif/Core/LocationTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,19 @@ public void Location_VerifyIdRoundTripFromJson()
shouldSerialize: true, reconstructedLocationId: new BigInteger(ulong.MaxValue) + 1);
}

[Fact]
public void Location_VerifyAbleToDeserializeWithBigIntegerId()
{
string context = new ResourceExtractor(typeof(LocationTests)).GetResourceText("LocationId_BigInteger.sarif");
SarifLog sarifLog = JsonConvert.DeserializeObject<SarifLog>(context);
sarifLog.Runs[0].Results[0].Locations[0].Id.Should().Be(BigInteger.Parse("31197130097450771296369962162453149327732752356239421572342053257324632475324"));
sarifLog.Runs[0].Results[0].Locations[1].Id.Should().Be(new BigInteger(long.MaxValue) + 1);
sarifLog.Runs[0].Results[0].Locations[2].Id.Should().Be(new BigInteger(int.MaxValue) + 1);
sarifLog.Runs[0].Results[0].Locations[3].Id.Should().Be(2);
sarifLog.Runs[0].Results[0].Locations[4].Id.Should().Be(0);
sarifLog.Runs[0].Results[0].Locations[5].Id.Should().Be(-1);
}

private void VerifyIdRoundTripFromObjectHelper(Location location, bool shouldSerialize, BigInteger reconstructedLocationId)
{
location.ShouldSerializeId().Should().Be(shouldSerialize);
Expand Down
6 changes: 4 additions & 2 deletions src/Test.UnitTests.Sarif/Test.UnitTests.Sarif.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
<None Remove="TestData\InsertOptionalDataVisitor\ExpectedOutputs\CoreTests-Relative_Guids.sarif" />
<None Remove="TestData\InsertOptionalDataVisitor\ExpectedOutputs\CoreTests-Relative_VersionControlDetails.sarif" />
<None Remove="TestData\InsertOptionalDataVisitor\Inputs\CoreTests-Absolute.sarif" />
<None Remove="TestData\JsonConverters\LocationId_BigInteger.sarif" />
<None Remove="TestData\JsonConverters\UriConverterTests.json" />
<None Remove="TestData\Map\Sample.json" />
<None Remove="TestData\Map\TinyArray.json" />
Expand Down Expand Up @@ -103,7 +104,7 @@
<EmbeddedResource Include="TestData\GitHubIngestionVisitor\Inputs\WithArtifacts.sarif" />
<EmbeddedResource Include="TestData\GitHubIngestionVisitor\Inputs\TooManyResults.sarif" />
<EmbeddedResource Include="TestData\InsertOptionalDataVisitor\ExpectedOutputs\CoreTests-Relative_VersionControlDetails.sarif" />
<EmbeddedResource Include="TestData\Readers\elfie-arriba-utf8-bom.sarif" />
<EmbeddedResource Include="TestData\Readers\elfie-arriba-utf8-bom.sarif" />
<EmbeddedResource Include="TestData\Baseline\elfie-arriba.sarif" />
<EmbeddedResource Include="TestData\Baseline\SuppressionTestCurrent.sarif" />
<EmbeddedResource Include="TestData\Baseline\SuppressionTestPrevious.sarif" />
Expand All @@ -113,7 +114,8 @@
<EmbeddedResource Include="TestData\InsertOptionalDataVisitor\ExpectedOutputs\TopLevelOriginalUriBaseIdUriMissing_ContextRegionSnippets.sarif" />
<EmbeddedResource Include="TestData\InsertOptionalDataVisitor\Inputs\CoreTests-Absolute.sarif" />
<EmbeddedResource Include="TestData\InsertOptionalDataVisitor\Inputs\TopLevelOriginalUriBaseIdUriMissing.sarif" />
<EmbeddedResource Include="TestData\JsonConverters\UriConverterTests.json" />
<EmbeddedResource Include="TestData\JsonConverters\LocationId_BigInteger.sarif" />
<EmbeddedResource Include="TestData\JsonConverters\UriConverterTests.json" />
<EmbeddedResource Include="TestData\Map\TinyArray.json">
<CopyToOutputDirectory>Never</CopyToOutputDirectory>
</EmbeddedResource>
Expand Down
148 changes: 148 additions & 0 deletions src/Test.UnitTests.Sarif/TestData/JsonConverters/LocationId_BigInteger.sarif
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
{
"runs": [
{
"tool": {
"driver": {
"name": "mobsfscan",
"rules": [
{
"id": "android_detect_tapjacking",
"name": "AndroidDetectTapjacking",
"helpUri": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9"
}
],
"version": "0.0.8",
"informationUri": "https://github.com/MobSF/mobsfscan",
"semanticVersion": "0.0.8"
}
},
"invocations": [
{
"executionSuccessful": true,
"endTimeUtc": "2022-01-16T17:04:25Z"
}
],
"results": [
{
"message": {
"text": "This app does not have capabilities to prevent tapjacking attacks. An attacker can hijack the user's taps and tricks him into performing some critical operations that he did not intend to."
},
"level": "note",
"locations": [
{
"id": 31197130097450771296369962162453149327732752356239421572342053257324632475324,
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
},
{
"id": 9223372036854775808,
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
},
{
"id": 2147483648,
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
},
{
"id": 2,
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
},
{
"id": 0,
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
},
{
"physicalLocation": {
"region": {
"snippet": {
"text": "Missing Best Practice"
},
"endColumn": 1,
"endLine": 1,
"startColumn": 1,
"startLine": 1
},
"artifactLocation": {
"uri": "."
}
}
}
],
"properties": {
"owasp-mobile": "M1: Improper Platform Usage",
"masvs": "MSTG-PLATFORM-9",
"cwe": "CWE-200 Information Exposure",
"reference": "https://github.com/MobSF/owasp-mstg/blob/master/Document/0x05h-Testing-Platform-Interaction.md#testing-for-overlay-attacks-mstg-platform-9"
},
"ruleId": "android_detect_tapjacking",
"ruleIndex": 0
}
]
}
],
"version": "2.1.0",
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json"
}

0 comments on commit e6ee5a0

Please sign in to comment.