in Cli/AttackSurfaceAnalyzerClient.cs [612:759]
public static SarifLog GenerateSarifLog(Dictionary<string, object> output, IEnumerable<AsaRule> rules)
{
var metadata = (Dictionary<string, string>)output["metadata"];
var results = (Dictionary<string, object>)output["results"];
var version = metadata["compare-version"];
var log = new SarifLog();
SarifVersion sarifVersion = SarifVersion.Current;
log.SchemaUri = sarifVersion.ConvertToSchemaUri();
log.Version = sarifVersion;
log.Runs = new List<Run>();
var run = new Run();
var artifacts = new List<Artifact>();
run.Tool = new Tool
{
Driver = new ToolComponent
{
Name = $"Attack Surface Analyzer",
InformationUri = new Uri("https://github.com/microsoft/AttackSurfaceAnalyzer/"),
Organization = "Microsoft",
Version = version,
}
};
var reportingDescriptors = new List<ReportingDescriptor>();
foreach (var rule in rules)
{
if (!reportingDescriptors.Any(r => r.Id == rule.Name))
{
var reportingDescriptor = new ReportingDescriptor()
{
FullDescription = new MultiformatMessageString() { Text = rule.Description },
Id = rule.Name,
};
reportingDescriptor.DefaultConfiguration = new ReportingConfiguration()
{
Level = GetSarifFailureLevel((ANALYSIS_RESULT_TYPE)rule.Severity)
};
reportingDescriptor.SetProperty("ChangeTypes", string.Join(',', rule.ChangeTypes));
reportingDescriptor.SetProperty("Platforms", string.Join(',', rule.Platforms));
reportingDescriptor.SetProperty("ResultType", rule.ResultType.ToString());
reportingDescriptors.Add(reportingDescriptor);
}
}
run.Tool.Driver.Rules = new List<ReportingDescriptor>(reportingDescriptors);
var sarifResults = new List<Result>();
foreach (var item in results)
{
var compareResults = (List<CompareResult>)item.Value;
foreach (var compareResult in compareResults)
{
if (!artifacts.Any(a => a.Location.Description.Text.ToString() == compareResult.Identity))
{
var artifact = new Artifact
{
Location = new ArtifactLocation()
{
Index = artifacts.Count,
Description = new Message() { Text = compareResult.Identity }
}
};
if (Uri.TryCreate(compareResult.Identity, UriKind.RelativeOrAbsolute, out Uri? outUri))
{
artifact.Location.Uri = outUri;
}
artifact.SetProperty("Analysis", compareResult.Analysis.ToString());
if (compareResult.Base != null)
{
artifact.SetProperty("Base", compareResult.Base);
}
if (!string.IsNullOrWhiteSpace(compareResult.BaseRunId))
{
artifact.SetProperty("BaseRunId", compareResult.BaseRunId.ToString());
}
artifact.SetProperty("ChangeType", compareResult.ChangeType.ToString());
if (compareResult.Compare != null)
{
artifact.SetProperty("Compare", compareResult.Compare);
}
if (!string.IsNullOrWhiteSpace(compareResult.CompareRunId))
{
artifact.SetProperty("CompareRunId", compareResult.CompareRunId);
}
if (compareResult.Diffs != null && compareResult.Diffs.Count > 0)
{
artifact.SetProperty("Diffs", compareResult.Diffs);
}
artifact.SetProperty("ResultType", compareResult.ResultType.ToString());
artifacts.Add(artifact);
}
foreach (var rule in compareResult.Rules)
{
var sarifResult = new Result();
int index = artifacts.FindIndex(a => a.Location.Description.Text == compareResult.Identity);
sarifResult.Locations = new List<Location>()
{
new Location() {
PhysicalLocation = new PhysicalLocation()
{
ArtifactLocation = new ArtifactLocation()
{
Index = index
}
}
}
};
sarifResult.Level = GetSarifFailureLevel((ANALYSIS_RESULT_TYPE)rule.Severity);
if (!string.IsNullOrWhiteSpace(rule.Name))
{
sarifResult.RuleId = rule.Name;
}
sarifResult.Message = new Message() { Text = string.Format("{0}: {1} ({2})", rule.Name, compareResult.Identity, compareResult.ChangeType.ToString()) };
sarifResults.Add(sarifResult);
}
}
}
run.Results = sarifResults;
run.Artifacts = artifacts;
run.SetProperty("compare-os", metadata["compare-os"]);
run.SetProperty("compare-osversion", metadata["compare-osversion"]);
run.SetProperty("analyses-hash", metadata["analyses-hash"]);
log.Runs.Add(run);
return log;
}