Skip to content

Commit

Permalink
Add SARIF Taxonomy Support (#727)
Browse files Browse the repository at this point in the history
* add sarif support
  • Loading branch information
cpholguera authored May 15, 2024
1 parent 014a102 commit ef4f364
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .github/workflows/docgenerator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ jobs:
- name: Generate CycloneDX JSON
run: python3 ./tools/generate_masvs_cyclonedx.py

- name: Generate SARIF
run: python3 ./tools/generate_masvs_sarif.py

- name: Upload Artifacts
uses: actions/upload-artifact@v3
with:
Expand Down Expand Up @@ -61,5 +64,6 @@ jobs:
OWASP_MASVS.epub
OWASP_MASVS.yaml
OWASP_MASVS.cdx.json
OWASP_MASVS.sarif
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
64 changes: 64 additions & 0 deletions tools/generate_masvs_sarif.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
import yaml
import json
from datetime import datetime

MASVS_SARIF_GUID = "77cf1749-d61e-4cfe-98f7-a217e3b5448c"

# Re-examining the YAML content for structure
masvs_parsed = yaml.safe_load(open("OWASP_MASVS.yaml"))
version = masvs_parsed["metadata"]["version"]
if version.startswith("v"):
version = version[1:]
current_date_str = datetime.now().strftime("%Y-%m-%d")

# Creating a new SARIF template for the corrected conversion
sarif_corrected_template = {
"$schema": "http://json.schemastore.org/sarif-2.1.0",
"version": "2.1.0",
"runs": [{
"tool": {
"driver": {
"name": "OWASP MASVS",
"fullName": "OWASP Mobile Application Security Verification Standard (MASVS)",
"version": version,
"releaseDateUtc": current_date_str,
"organization": "OWASP",
"informationUri": "https://mas.owasp.org/MASVS/",
"downloadUri": "https://github.com/OWASP/owasp-masvs/releases"
}
},
"taxonomies": [{
"name": "OWASP MASVS",
"guid": MASVS_SARIF_GUID,
"isComprehensive": True,
"taxa": []
}]
}]
}

# Counter to ensure we capture the total number of controls
total_controls_count = 0

# Iterating through groups and their controls
for group in masvs_parsed.get("groups", []):
for control in group.get("controls", []):
total_controls_count += 1
taxa_element = {
"id": control["id"],
"name": control.get("id", ""),
"shortDescription": {
"text": control.get("statement", "")
},
"fullDescription": {
"text": control.get("description", "")
}
}
sarif_corrected_template["runs"][0]["taxonomies"][0]["taxa"].append(taxa_element)

# Verify the total number of taxa elements matches the total number of controls
total_taxa_count = len(sarif_corrected_template["runs"][0]["taxonomies"][0]["taxa"])

# Save the correctly populated SARIF output
sarif_corrected_output_path = 'OWASP_MASVS.sarif'
with open(sarif_corrected_output_path, 'w') as file:
json.dump(sarif_corrected_template, file, indent=2)

0 comments on commit ef4f364

Please sign in to comment.