Initial commit of cwe_checker plugin. #163
Conversation
| cwe_message = cwe_message.replace('.', '').replace('32u', '') | ||
|
|
||
| return CweWarning(cwe_name, plugin_version, cwe_message) | ||
| except Exception as e: |
There was a problem hiding this comment.
a less general exception handling would be preferred (i.e. catching only expected exceptions like IndexError, etc.)
| @@ -0,0 +1,50 @@ | |||
| import os | |||
|
|
|||
| from common_helper_files import get_dir_of_file | |||
There was a problem hiding this comment.
imports seem to be redundant
|
|
||
| return CweWarning(cwe_name, plugin_version, cwe_message) | ||
| except Exception as e: | ||
| logging.error('[CweWarningParser] Error while parsing CWE warning: %s.' % str(e)) |
There was a problem hiding this comment.
according to our coding guidelines, the .format() function should be used for string formatting
| output, return_code = execute_shell_command_get_return_code(bap_command) | ||
| if return_code != 0: | ||
| logging.error('[%s] Could not get module versions from Bap plugin: %i (%s). I tried the following command %s', | ||
| self.NAME, return_code, output, bap_command) |
| arch_type = file_object.processed_analysis['file_type']['full'].lower() | ||
| for supported_arch in self.SUPPORTED_ARCHS: | ||
| if supported_arch in arch_type: | ||
| return True |
There was a problem hiding this comment.
the builtins any and all are handy for cases like this, e.g.
if any(supported_arch in arch_type for supported_arch in self.SUPPORTED_ARCHS):
return True(just a suggestion)
| bap_command) | ||
| if return_code != 0: | ||
| logging.error('[%s] Could not communicate with Bap plugin: %i (%s).', | ||
| self.NAME, return_code, output) |
| ''' | ||
| if not self._is_supported_file_type(file_object): | ||
| logging.debug('[%s] %s is not an ELF executable.', | ||
| self.NAME, file_object.file_path) |
| elif not self._is_supported_arch(file_object): | ||
| logging.debug('[%s] %s\'s arch is not supported (%s)', | ||
| self.NAME, file_object.file_path, | ||
| file_object.processed_analysis['cpu_architecture']['summary']) |
|
Also, it would be nice if you could add some more tests because the coverage is relatively low: |
dorpvom
left a comment
There was a problem hiding this comment.
Tests crash with [Errno 12] Cannot allocate memory. Please check where that is coming from.
|
I've pushed the required changes. |
| bap_command = self._build_bap_command_for_modules_versions() | ||
| output, return_code = execute_shell_command_get_return_code(bap_command) | ||
| if return_code != 0: | ||
| logging.error('Could not get module versions from Bap plugin: {} ({}). I tried the following command %s'.format( |
There was a problem hiding this comment.
forgot one %s when fixing the string format style
Codecov Report
@@ Coverage Diff @@
## master #163 +/- ##
==========================================
- Coverage 95.79% 95.72% -0.07%
==========================================
Files 309 311 +2
Lines 15326 15480 +154
==========================================
+ Hits 14682 14819 +137
- Misses 644 661 +17
Continue to review full report at Codecov.
|
weidenba
left a comment
There was a problem hiding this comment.
Please increase the test coverage.
| return bap_command | ||
|
|
||
| @staticmethod | ||
| def _parse_bap_output(output): |
There was a problem hiding this comment.
This is a static method. It should be easy to test it?
|
|
||
| return res | ||
|
|
||
| def _is_supported_arch(self, file_object): |
There was a problem hiding this comment.
This should be easy to test as well.
| This function handles only ELF executable. Otherwise it returns an empty dictionary. | ||
| It calls the external BAP plugin cwe_checker. | ||
| ''' | ||
| if not self._is_supported_file_type(file_object): |
There was a problem hiding this comment.
Please use the Whitlist functionality
| bap_command = '{} {} --pass=cwe-checker --cwe-checker-module_versions=true'.format(PATH_TO_BAP, '/bin/true') | ||
| return bap_command | ||
|
|
||
| def _build_bap_command(self, file_object): |
There was a problem hiding this comment.
This should be easy to test?
|
|
||
| class MockFileObject(object): | ||
|
|
||
| def __init__(self, file_path): |
There was a problem hiding this comment.
This Mock is not used at all?
No description provided.