Mode:

Compact lists

Showing:

Documentation
Parameters
Used by
References
Source

Table of Contents

Group by:

veracode2rally.xsl - main file

Main stylesheet veracode2rally.xsl
Stylesheet version 1.0
[ top ]
Template /
Documentation

Description

 This xsl file maps Veracode fields to Rally fields when using the veracode2rally application.    
XSLT is performed with a Veracode DetailedReport.xml file. The result is a new file used by the veracode2rally 
application called veracode2rally.xml. 

Mapping more fields or modifying field mapping should be done using this file
 
 
 SECTION ONE  
 A separate veracode2rally.xml file is used for each application being processed.
   Flaw elements from the Veracode detailedreport.xml file are matched and the Section TWO Template is appliced
Namespace No namespace
Match /
Mode #default
Import precedence 0
Source
 
<xsl:template match="/">
  <xsl:text>
</xsl:text>
  <veracode2rally>
    <xsl:text/>
    <flaws>
      <xsl:apply-templates/>
      <xsl:text/>
    </flaws>
  </veracode2rally>
</xsl:template>
[ top ]
Template flaw
Documentation

Description

 SECTION TWO  
 Get all flaws from DetailedReport.xml   
 Header info for each flaw is created in this section. It consists of attributes, followed by Veracode/Rally field mapping in Section THREE
Namespace No namespace
Match flaw
Mode #default
References
Import precedence 0
Source
 
<xsl:template match="flaw">
  <xsl:text/>
  <xsl:element name="flaw">
    <xsl:attribute name="veracode_issueid">
      <xsl:value-of select="@issueid"/>
    </xsl:attribute>
    <xsl:attribute name="veracode_appid">
      <xsl:value-of select="/*/@app_id"/>
    </xsl:attribute>
    <xsl:attribute name="affects_policy_compliance">
      <xsl:value-of select="@affects_policy_compliance"/>
    </xsl:attribute>
    <xsl:attribute name="mitigation_status">
      <xsl:value-of select="@mitigation_status"/>
    </xsl:attribute>
    <xsl:attribute name="remediation_status">
      <xsl:value-of select="@remediation_status"/>
    </xsl:attribute>
    <xsl:attribute name="veracode2rallyid">
      <xsl:value-of select="@issueid"/>
      <xsl:text>_</xsl:text>
      <xsl:value-of select="/*/@app_id"/>
    </xsl:attribute>
    <!-- SECTION THREE  -->
    <!-- Now add Veracode/Rally field mappingThis can be modified to change Veracode/Rally field mapping -->
    <!-- To add a field, add a new attribute. Attribute name is the field name in Rally = the Veracode field located in DetailedReport.xml -->
    <xsl:text/>
    <rally_fields>
      <xsl:element name="rally_field">
        <xsl:attribute name="name">
          <xsl:value-of select="@categoryname"/>
        </xsl:attribute>
      </xsl:element>
      <xsl:element name="rally_field">
        <xsl:variable name="cwelink">
          <xsl:text>http://cwe.mitre.org/data/definitions/</xsl:text>
          <xsl:value-of select="@cweid"/>
          <xsl:text>.html</xsl:text>
        </xsl:variable>
        <xsl:attribute name="description">
          <xsl:call-template name="StaticFlawDescription">
          </xsl:call-template>
        </xsl:attribute>
      </xsl:element>
    </rally_fields>
  </xsl:element>
</xsl:template>
[ top ]
Template StaticFlawDescription
Namespace No namespace
Used by
Template
flaw
References
Template
DescT
Import precedence 0
Source
 
<xsl:template name="StaticFlawDescription">
  <xsl:variable name="cwelink">
    <xsl:text>http://cwe.mitre.org/data/definitions/</xsl:text>
    <xsl:value-of select="@cweid"/>
    <xsl:text>.html</xsl:text>
  </xsl:variable>
  <xsl:text><br></xsl:text>
  <xsl:text><B>Veracode Flaw ID: </B></xsl:text>
  <xsl:value-of select="@issueid"/>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>CWE: </B></xsl:text>
  <xsl:text><a href="</xsl:text>
  <xsl:value-of select="$cwelink"/>
  <xsl:text>" target="_blank"></xsl:text>
  <xsl:value-of select="@cweid"/>
  <xsl:text></a></xsl:text>
  <xsl:text> </xsl:text>
  <xsl:value-of select="@categoryname"/>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Module: </B></xsl:text>
  <xsl:value-of select="@module"/>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Source: </B></xsl:text>
  <xsl:value-of select="@sourcefile"/>
  <xsl:text>:</xsl:text>
  <xsl:value-of select="@line"/>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Attack Vector: </B></xsl:text>
  <xsl:value-of select="@type"/>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Severity: </B></xsl:text>
  <xsl:choose>
    <xsl:when test="@severity = '0'">Informational</xsl:when>
    <xsl:when test="@severity = '1'">Very Low</xsl:when>
    <xsl:when test="@severity = '2'">Low</xsl:when>
    <xsl:when test="@severity = '3'">Medium</xsl:when>
    <xsl:when test="@severity = '4'">High</xsl:when>
    <xsl:when test="@severity = '5'">Very High</xsl:when>
    <xsl:otherwise>No Data</xsl:otherwise>
  </xsl:choose>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Exploitability: </B></xsl:text>
  <xsl:choose>
    <xsl:when test="@exploitLevel = '-2'">Very Unlikely</xsl:when>
    <xsl:when test="@exploitLevel = '-1'">Unlikely</xsl:when>
    <xsl:when test="@exploitLevel = '0'">Neutral</xsl:when>
    <xsl:when test="@exploitLevel = '1'">Likely</xsl:when>
    <xsl:when test="@exploitLevel = '2'">Very Likely</xsl:when>
    <xsl:otherwise>No Data</xsl:otherwise>
  </xsl:choose>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Effort to Fix: </B></xsl:text>
  <xsl:choose>
    <xsl:when test="@remediationeffort = '1'">1 - Trivial implementation error. Fix is up to 5 lines of code. One hour or less to fix.</xsl:when>
    <xsl:when test="@remediationeffort = '2'">2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.</xsl:when>
    <xsl:when test="@remediationeffort = '3'">3 - Complex implementation error. Fix is approx. 51-500 lines of code. Up to 5 days to fix.</xsl:when>
    <xsl:when test="@remediationeffort = '4'">4 - Simple design error. Requires redesign and up to 5 days to fix.</xsl:when>
    <xsl:when test="@remediationeffort = '5'">5 - Complex design error. Requires significant redesign.</xsl:when>
    <xsl:otherwise>No Data</xsl:otherwise>
  </xsl:choose>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>Description: </B></xsl:text>
  <xsl:call-template name="DescT"/>
  <xsl:text><br></xsl:text>
  <xsl:text><br></xsl:text>
  <xsl:text><br></xsl:text>
  <xsl:text><br></xsl:text>
  <xsl:text>veracode2rally ID: </xsl:text>
  <xsl:value-of select="@issueid"/>
  <xsl:text>_</xsl:text>
  <xsl:value-of select="/*/@app_id"/>
  <xsl:text> (do not delete)</xsl:text>
  <xsl:text><br><br></xsl:text>
</xsl:template>
[ top ]
Template DescT
Documentation

Description

 This template checks flaw/@description, if it contains"References:", 
  then divides it 2 parts with 1 part before "References:", and 2nd part after "References:".
  And formats the 2nd part (i.e. after "References:") to enable Hyperlinks as per Jira format/style.
Namespace No namespace
Used by
References
Template
RefT
Import precedence 0
Source
 
<xsl:template name="DescT">
  <xsl:variable name="desc">
    <xsl:value-of select="@description"/>
  </xsl:variable>
  <xsl:variable name="descFormatted">
    <xsl:choose>
      <xsl:when test="contains($desc, 'References:')">
        <xsl:value-of select="substring-before($desc, 'References:')"/>
        <xsl:call-template name="RefT">
          <xsl:with-param name="var" select="substring-after($desc, 'References:')"/>
        </xsl:call-template>
      </xsl:when>
      <xsl:otherwise>
        <xsl:value-of select="$desc"/>
      </xsl:otherwise>
    </xsl:choose>
  </xsl:variable>
  <!--  Insert a carriage return and Remediation title between the first and second 
    paragraph in the description if there is one
   -->
  <xsl:choose>
    <xsl:when test="contains($descFormatted,'

')">
      <xsl:value-of select="concat(substring-before($descFormatted,'

'),'<br><br><B>Remediation: </B>',substring-after($descFormatted,'

'))"/>
    </xsl:when>
    <xsl:otherwise>
      <xsl:value-of select="$descFormatted"/>
    </xsl:otherwise>
  </xsl:choose>
</xsl:template>
[ top ]
Template RefT
Documentation

Description

 This template takes the "References:", part and checks if it contains "links" with
    format "(link)" eg: CWE (http://cwe.mitre.org/data/definitions/89.html),
   then it will be displayed as CWE hyperlinked to appropriate page
Namespace No namespace
Used by
Template
DescT
References
Template
refFormat
Parameters
QName Namespace
var No namespace
Import precedence 0
Source
 
<xsl:template name="RefT">
  <xsl:param name="var"/>
  <xsl:variable name="var1">
    <xsl:value-of select="normalize-space($var)"/>
  </xsl:variable>
  <xsl:text><br><br></xsl:text>
  <xsl:text><B>References: </B></xsl:text>
  <xsl:choose>
    <xsl:when test="(contains($var1, 'http')) and (contains($var1, ')')) and contains($var1, '(')">
      <xsl:variable name="refToken">
        <xsl:value-of select="translate($var1, '()', '|]')"/>
      </xsl:variable>
      <xsl:variable name="refFinal">
      </xsl:variable>
      <xsl:call-template name="refFormat">
        <xsl:with-param name="refTokenLength" select="string-length($refToken)"/>
        <xsl:with-param name="refStr" select="$refToken"/>
        <xsl:with-param name="refFinal" select="$refFinal"/>
      </xsl:call-template>
    </xsl:when>
    <xsl:otherwise>
      <xsl:value-of select="$var1"/>
    </xsl:otherwise>
  </xsl:choose>
</xsl:template>
[ top ]
Template refFormat
Namespace No namespace
Used by
Templates
RefT;
refFormat
References
Template
refFormat
Parameters
QName Namespace
refFinal No namespace
refStr No namespace
refTokenLength No namespace
Import precedence 0
Source
 
<xsl:template name="refFormat">
  <xsl:param name="refTokenLength"/>
  <xsl:param name="refStr"/>
  <xsl:param name="refFinal"/>
  <xsl:if test="($refTokenLength > 0)">
    <xsl:variable name="refTokenBef">
      <xsl:value-of select="substring-before($refStr, ']')"/>
    </xsl:variable>
    <xsl:variable name="refTokenAft">
      <xsl:value-of select="substring-after($refStr, ']')"/>
    </xsl:variable>
    <xsl:variable name="refToken3">
      <xsl:text>  </xsl:text>
      <xsl:text><a href="</xsl:text>
      <xsl:value-of select="substring-after($refTokenBef, ' |')"/>
      <xsl:text>" target="_blank"></xsl:text>
      <xsl:value-of select="substring-before($refTokenBef, ' |')"/>
      <xsl:text></a></xsl:text>
      <xsl:text>  </xsl:text>
    </xsl:variable>
    <xsl:variable name="refToken4">
      <xsl:value-of select="concat($refFinal, $refToken3 )"/>
    </xsl:variable>
    <xsl:choose>
      <xsl:when test="(string-length($refTokenAft) > 0)">
        <xsl:call-template name="refFormat">
          <xsl:with-param name="refTokenLength" select="string-length($refTokenAft)"/>
          <xsl:with-param name="refStr" select="normalize-space($refTokenAft)"/>
          <xsl:with-param name="refFinal" select="$refToken4"/>
        </xsl:call-template>
      </xsl:when>
      <xsl:otherwise>
        <xsl:value-of select="$refToken4"/>
      </xsl:otherwise>
    </xsl:choose>
  </xsl:if>
</xsl:template>
[ top ]
Output (default)
Namespace No namespace
Output properties
method encoding indent omit-xml-declaration
xml UTF-8 yes no
Source
 
<xsl:output method="xml" version="1.0" omit-xml-declaration="no" encoding="UTF-8" indent="yes"/>
[ top ]