-
Notifications
You must be signed in to change notification settings - Fork 11
/
android.go
64 lines (53 loc) · 1.79 KB
/
android.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
// Package android provides types and functions for working with Android project
// scan reports from MobSF.
package android
import (
"encoding/json"
"fmt"
"path/filepath"
"strings"
"github.com/thought-machine/dracon/api/proto/v1"
mreport "github.com/thought-machine/dracon/producers/mobsf/report"
)
// Report represents a (partial) Android project scan report.
type Report struct {
RootDir string `json:"-"`
CodeAnalysis map[string]mreport.CodeAnalysisFinding `json:"code_analysis"`
CodeAnalysisExclusions map[string]bool `json:"-"`
}
// NewReport instantiates a report
func NewReport(report []byte, exclusions map[string]bool) (mreport.Report, error) {
var r *Report
if err := json.Unmarshal(report, &r); err != nil {
return nil, err
}
r.CodeAnalysisExclusions = exclusions
return r, nil
}
// SetRootDir is a helper method
func (r *Report) SetRootDir(path string) {
r.RootDir = path
}
// AsIssues returns mobsf android findings as dracon issues
func (r *Report) AsIssues() []*v1.Issue {
issues := make([]*v1.Issue, 0)
for id, finding := range r.CodeAnalysis {
if _, exists := r.CodeAnalysisExclusions[id]; exists {
continue
}
for filename, linesList := range finding.Files {
for _, line := range strings.Split(linesList, ",") {
issues = append(issues, &v1.Issue{
Target: fmt.Sprintf("%s:%s", filepath.Join(r.RootDir, filename), line),
Type: id,
Title: finding.Metadata.CWE,
Severity: v1.Severity(v1.Severity_value[fmt.Sprintf("SEVERITY_%s", strings.ToUpper(finding.Metadata.Severity))]),
Cvss: finding.Metadata.CVSS,
Confidence: v1.Confidence_CONFIDENCE_INFO,
Description: finding.Metadata.Description,
})
}
}
}
return issues
}