New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Fluid Attacks parser #146
Conversation
Are you able to provide a FluidAttacks results file so I can test this? You can email it to me directly at: dave.wichers@owasp.org. |
We just checked in changes that add spotless to the pom, and have reformatted all the code in the entire project to adopt this format. Can you merge these changes into your branch, and then push out new updates to BenchmarkScore and your new tool parser with spotless applied? The pom is now set up to automatically run spotless:apply whenever you run mvn compile. So it should be pretty automatic. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
updated PR to comply new formatting and configure the spotless plugin for the CI |
@davewichers Is there anything else to do in order to get this PR accepted? |
Yes - The spare time to review it! I'm about to leave for vacation so was sprinting at work to wrap some things up. I should get to this next week sometime. |
I'm trying to follow the directions here: https://docs.fluidattacks.com/machine/scanner/reproducibility/ to produce my own copy of the full benchmark results.csv file you provided to me but this page doesn't describe how. Can you explain to me how I can do this? And I'd like to be able to run the scanner on a local copy of Benchmark, not have it pull the code from git, can you explain how I do that too? |
This comment has been minimized.
This comment has been minimized.
- This pull request is regarding issue: https://github.com/OWASP/Benchmark/issues/144 - Work done: - Add FluidAttacks.java parser for CSV results - Update BenchmarkScore to identify when a CSV should be parsed with it - It is a commercial-tool - This is how `mvn compile && ./createScorecards.sh` renders: - ![image](https://user-images.githubusercontent.com/47480384/115255764-336a4900-a0f4-11eb-91d7-e0f079364300.png) - Fix spotless plugin so it works in github CI
@davewichers Hi! Are there any updates on this? |
@dsalaza4 - Dan - I'm actually working on a major refactor for managing CWE categories via configuration (and other things) that is basically done and I plan to check that in today. Then I'm going to tackle #150 first, as that one is more straightforward, then I'll work on this one. I was also out all last week so focusing on these issues now. |
@davewichers can this PR somehow be moved to BenchmarkUtils? |
No. You can move issues to other projects, but not pull requests. So to deal with this, you'd have to grab the proposed code changes, and simply submit them in a new PR to BenchmarkUtils. As you can see, this is 6+ months old and I haven't had time to deal with it yet. If you can, that would be super awesome. |
https://github.com/OWASP/Benchmark/issues/144
be parsed with it
mvn compile && ./createScorecards.sh
renders: