import logging
colors = {"CWE190": "0xBBBBBB",
"CWE215": None,
"CWE243": None,
"CWE332": None,
"CWE367": "0xFF15AA",
"CWE426": "0xAA15FF",
"CWE457": "0x4286F4",
"CWE467": "0xFFD400",
"CWE476": "0x2AFF00",
"CWE676": "0x8833FF",
"CWE-782": "0xCC00BB",
}
class CweWarning(object):
def __init__(self, name, plugin_version, warning):
self.name = name
self.plugin_version = plugin_version
self.warning = warning
self.color = None
self.address = None
self.cwe_number = None
self.highlight = True
class CweWarningParser(object):
'''
Parses a CWE warning emitted by the BAP plugin CweChecker
'''
@staticmethod
def _remove_color(s):
'''
Removes 'color' from string
See https://stackoverflow.com/questions/287871/print-in-terminal-with-colors/293633#293633
'''
return s.replace('\x1b[0m', '').strip()
def parse(self, warning):
try:
splitted_line = warning.split('WARN')
cwe_warning = splitted_line[1].replace(
'u32', '').replace("64u", '').replace(':', '')
cwe_name = self._remove_color(cwe_warning.split(')')[0]) + ')'
cwe_name = cwe_name.split('{')[0].strip() + ' ' + cwe_name.split('}')[1].strip()
plugin_version = cwe_warning.split('{')[1].split('}')[0]
cwe_message = ')'.join(cwe_warning.split(')')[1:])
cwe_message = cwe_message.replace('.', '').replace('32u', '')
return CweWarning(cwe_name, plugin_version, cwe_message)
except Exception as e:
logging.error('[CweWarningParser] Error while parsing CWE warning: %s.' % str(e))
return None
class Parser(object):
def __init__(self, result_path):
self._result_path = result_path
self._parsers = {"CWE190": self._parse_cwe190,
"CWE215": self._not_highlighted,
"CWE243": self._not_highlighted,
"CWE332": self._not_highlighted,
"CWE367": self._parse_at,
"CWE426": self._parse_at,
"CWE457": self._parse_cwe457,
"CWE467": self._parse_cwe467,
"CWE476": self._parse_cwe476,
"CWE676": self._parse_cwe676,
"CWE782": self._parse_cwe782,
}
def _read_in_config(self):
lines = None
with open(self._result_path, "r") as f:
lines = f.readlines()
if not lines:
print("[Parser] Could not read in file %s" % self._result_path)
raise Exception()
return lines
@staticmethod
def _not_highlighted(warning):
warning.highlight = False
return warning
@staticmethod
def _parse_at(warning):
warning.address = warning.warning.split("at ")[-1].split()[0].strip()
return warning
@staticmethod
def _parse_cwe190(warning):
if "multiplication" in warning.warning:
warning.address = warning.warning.split("multiplication ")[1].split()[0]
else:
warning.address = warning.warning.split("addition ")[1].split()[0]
return warning
@staticmethod
def _parse_cwe457(warning):
warning.address = warning.warning.split("at ")[-1].split(":")[0].strip()
return warning
@staticmethod
def _parse_cwe467(warning):
warning.address = warning.warning.split("at ")[1].split()[0]
return warning
@staticmethod
def _parse_cwe476(warning):
warning.address = warning.warning.split("at ")[1].split()[0]
return warning
@staticmethod
def _parse_cwe676(warning):
warning.address = warning.warning.split("(")[1].split(")")[0].split(":")[0]
return warning
@staticmethod
def _parse_cwe782(warning):
warning.address = warning.warning.spit("(")[1].split(")")[0].strip()
return warning
@staticmethod
def _extract_cwe_number(name):
tmp = name.split("]")[0]
return tmp[1:]
def parse(self):
result = []
cwe_parser = CweWarningParser()
lines = self._read_in_config()
for line in lines:
line = line.strip()
if 'WARN' in line:
try:
warning = cwe_parser.parse(line)
cwe_number = self._extract_cwe_number(warning.name)
warning.cwe_number = cwe_number
if cwe_number in self._parsers:
warning = self._parsers[cwe_number](warning)
warning.color = colors[warning.cwe_number]
if warning.address != "UNKNOWN":
result.append(warning)
else:
print("Warning: %s not supported." % cwe_number)
except Exception as e:
print('Error while parsing: %s' % str(e))
print(line)
return result