Skip to content

Commit

Permalink
Incorporate the rule test cases directly into rules (#400)
Browse files Browse the repository at this point in the history 
* Incorporate api test cases directly into rules.

* Incorporate Outbound Network Tests

* Control flow tests

* Cryptography tests

* Add frameworks tests

* Hygeine tests

* Manual review tests

* Add privacy tests

* Storage tests

* TLS Tests

* Vulnerable libs tests

* Xml tests

* Add output to validate test to show number of rules with self-tests.
  • Loading branch information
@gfs
gfs authored Aug 31, 2022
1 parent ca7d5d1 commit 4a72aec
Show file tree
Hide file tree
Showing 121 changed files with 581 additions and 746 deletions.
4 changes: 4 additions & 0 deletions DevSkim-DotNet/Microsoft.DevSkim.Tests/DefaultRulesTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ public void ValidateDefaultRules()
Console.WriteLine(error);
}
}

Console.WriteLine("{0} of {1} rules have positive self-tests.",result.DevSkimRuleStatuses.Count(x => x.HasPositiveSelfTests),result.DevSkimRuleStatuses.Count());
Console.WriteLine("{0} of {1} rules have negative self-tests.",result.DevSkimRuleStatuses.Count(x => x.HasNegativeSelfTests),result.DevSkimRuleStatuses.Count());

Assert.IsTrue(result.Verified);
Assert.IsFalse(result.DevSkimRuleStatuses.Any(x => x.Errors.Any()));
}
Expand Down
9 changes: 0 additions & 9 deletions DevSkim-DotNet/Microsoft.DevSkim/Microsoft.DevSkim.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,6 @@
<EmbeddedResource Include="..\..\rules\default\security\control_flow\permission_evelation.json">
<Link>rules\default\security\control_flow\permission_evelation.json</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\control_flow\tests\DS113286.TODO">
<Link>rules\default\security\control_flow\tests\DS113286.TODO</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\cryptography\certificate.json">
<Link>rules\default\security\cryptography\certificate.json</Link>
</EmbeddedResource>
Expand All @@ -83,9 +80,6 @@
<EmbeddedResource Include="..\..\rules\default\security\cryptography\random.json">
<Link>rules\default\security\cryptography\random.json</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\cryptography\tests\DS106865.TODO">
<Link>rules\default\security\cryptography\tests\DS106865.TODO</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\cryptography\underhanded.json">
<Link>rules\default\security\cryptography\underhanded.json</Link>
</EmbeddedResource>
Expand Down Expand Up @@ -122,9 +116,6 @@
<EmbeddedResource Include="..\..\rules\default\security\storage\secure_storage.json">
<Link>rules\default\security\storage\secure_storage.json</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\storage\tests\DS191340.TODO">
<Link>rules\default\security\storage\tests\DS191340.TODO</Link>
</EmbeddedResource>
<EmbeddedResource Include="..\..\rules\default\security\TLS\tls_appconfig.json">
<Link>rules\default\security\TLS\tls_appconfig.json</Link>
</EmbeddedResource>
Expand Down
21 changes: 0 additions & 21 deletions rules/default/security/TLS/tests/DS112835.test
View file

This file was deleted.

25 changes: 0 additions & 25 deletions rules/default/security/TLS/tests/DS112836.test
View file

This file was deleted.

8 changes: 0 additions & 8 deletions rules/default/security/TLS/tests/DS112837.test
View file

This file was deleted.

12 changes: 0 additions & 12 deletions rules/default/security/TLS/tests/DS112838.test
View file

This file was deleted.

15 changes: 0 additions & 15 deletions rules/default/security/TLS/tests/DS112839.test
View file

This file was deleted.

16 changes: 12 additions & 4 deletions rules/default/security/TLS/tls_appconfig.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,32 +15,40 @@
"patterns": [
{
"pattern": "Switch.System.Net.DontEnableSchUseStrongCrypto",
"type": "string",
"type": "substring",
"scopes": [
"code"
]
},
{
"pattern": "Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocol",
"type": "string",
"type": "substring",
"scopes": [
"code"
]
},
{
"pattern": "Switch.System.Net.DontEnableSystemDefaultTlsVersions",
"type": "string",
"type": "substring",
"scopes": [
"code"
]
},
{
"pattern": "Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions",
"type": "string",
"type": "substring",
"scopes": [
"code"
]
}
],
"must-match": [
" <AppContextSwitchOverrides value=\"Switch.System.Net.DontEnableSchUseStrongCrypto=true\"/>",
" <AppContextSwitchOverrides value=\"Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=true\"/>",
" <AppContextSwitchOverrides value=\",Switch.System.Net.DontEnableSystemDefaultTlsVersions=true\"/>",
" <AppContextSwitchOverrides value=\",Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions=true\"/>"
],
"must-not-match": [
]
}
]
6 changes: 6 additions & 0 deletions rules/default/security/TLS/tls_appcontext.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@
"code"
]
}
],
"must-match": [
"private const string DisableCachingName = @\"TestSwitch.LocalAppContext.DisableCaching\";",
"private const string DontEnableSchUseStrongCryptoName = @\"Switch.System.Net.DontEnableSchUseStrongCrypto\";"
],
"must-not-match": [
]
}
]
9 changes: 9 additions & 0 deletions rules/default/security/TLS/tls_functioncall.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,15 @@
"code"
]
}
],
"must-match": [
"SslStream.AuthenticateAsClient()",
"SslStream.AuthenticateAsClientAsync()",
"BeginAuthenticateAsClient()",
"SslStream.AuthenticateAsServer()",
"SslStream.AuthenticateAsServerAsync()",
"BeginAuthenticateAsServer()" ],
"must-not-match": [
]
}
]
14 changes: 13 additions & 1 deletion rules/default/security/TLS/tls_securityprotocol.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,19 @@
"code"
]
}

],
"must-match": [
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.SystemDefault;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls13;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls11;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.Tls12;",
"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolTypeExtensions.SystemDefault;"
],
"must-not-match": [
]
}
]
14 changes: 14 additions & 0 deletions rules/default/security/TLS/tls_sslprotocol.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,20 @@
"code"
]
}
],
"must-match": [
"b.Security.Transport.SslProtocols = SslProtocolsExtensions.Tls11;",
"b.Security.Transport.SslProtocols = SslProtocolsExtensions.Tls12;",
"b.Security.Transport.SslProtocols = SslProtocols.Default ;",
"b.Security.Transport.SslProtocols = SslProtocols.None;",
"b.Security.Transport.SslProtocols = SslProtocols.Ssl2 ;",
"b.Security.Transport.SslProtocols = SslProtocols.Ssl3;",
"b.Security.Transport.SslProtocols = SslProtocols.Tls;",
"b.Security.Transport.SslProtocols = SslProtocols.Tls11;",
"b.Security.Transport.SslProtocols = SslProtocols.Tls12;",
"b.Security.Transport.SslProtocols = SslProtocols.Tls13;"
],
"must-not-match": [
]
}
]
28 changes: 26 additions & 2 deletions rules/default/security/api/dangerous_api.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,15 @@
"rule_info": "DS154189.md",
"patterns": [
{
"pattern": " (sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf) *\\(",
"pattern": "(sprintf|_getts|_getws|_snprintf|_sntprintf|_snwprintf|_stprintf|_tcsat|_tcscpy|_tcslen|_tcsncpy|_vsnprintf|_vsntprintf|_vsnwprintf|_vstprintf|alloca|asctime|atof|atoi|atoll|bsearch|ctime|fopen|fprintf|freopen|fscanf|fwprintf|fwscanf|getenv|getwd|gmtime|localtime|lstrcat|lstrcpy|mbsrtowcs|mbstowcs|memmove|mktemp|printf|qsort|rewind|scanf|setbuf|sscanf|strcatbuff|strerror|strtok|swprintf|swscanf|tmpnam|vfprintf|vfscanf|vfwscanf|vprintf|vscanf|vsnprintf|vsprintf|vsscanf|vswprintf|vswscanf|vwprintf|vwscanf|wcrtomb|wcrtombs|wcscat|wcscpy|wcslen|wcsncat|wcsncpy|wcsrtombs|wcstok|wctomb|wmemcpy|wmemmove|wnsprintf|wprintf|wscanf|wsprintf|wvnsprintf|wvsprintf)",
"type": "RegexWord",
"scopes": [
"code"
]
}
],
"must-match": [
"int main ()\n{\n char buffer [50];\n int n, a=5, b=3;\n n=sprintf (buffer, \"%d plus %d is %d\", a, b, a+b);\\n printf (\"[%s] is a string %d chars long\n\",buffer,n);\n return 0;\n}"
]
},
{
Expand Down Expand Up @@ -76,6 +79,14 @@
]
}
}
],
"must-match": [
"strcpy (str2,str1);",
"strcpy (str3,\"copy successful\");"
],
"must-not-match": [
"strcpy_s(string);",
"strlcpy(string);"
]
},
{
Expand Down Expand Up @@ -130,6 +141,9 @@
]
}
}
],
"must-match": [
"int main ()\\n{\\n char str1[]= \"To be or not to be\";\\n char str2[40];\\n char str3[40];\\n \\n strncpy ( str2, str1, sizeof(str2) );\\n\\n return 0;\\n}"
]
},
{
Expand Down Expand Up @@ -184,6 +198,9 @@
]
}
}
],
"must-match": [
"int main ()\n{\n char str[80]; \n strcat (str,\"strings \");\n return 0;\n}"
]
},
{
Expand Down Expand Up @@ -240,7 +257,7 @@
}
],
"must-match": [
"strncat (str1, str2, 6);"
"\\n=====\\nint main ()\\n{\\n char str1[20];\\n char str2[20];\\n strncat (str1, str2, 6);\\n\\n return 0;\\n}"
]
},
{
Expand Down Expand Up @@ -295,6 +312,13 @@
]
}
}
],
"must-match": [
"gets(string); // warning: unsafe (see fgets instead)"
],
"must-not-match": [
"fgets(string);",
"gets_s(string);"
]
}
]
20 changes: 20 additions & 0 deletions rules/default/security/api/deserialization.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,9 @@
"code"
]
}
],
"must-match": [
"favorite_color = pickle.load( open( \"save.p\", \"rb\" ) )"
]
},
{
Expand All @@ -43,6 +46,9 @@
"code"
]
}
],
"must-match": [
"this.author = (String)in.readObject();"
]
},
{
Expand All @@ -66,6 +72,9 @@
"code"
]
}
],
"must-match": [
"$session_data = unserialize($tmp[0]);"
]
},
{
Expand Down Expand Up @@ -96,6 +105,11 @@
"code"
]
}
],
"must-match": [
"thing = YAML.load_file('some.yml')",
"thing = YAML.load_file('some.yml')\nobj = Marshal.load(data)",
"ruby_obj = YAML::load( yaml_obj )"
]
},
{
Expand Down Expand Up @@ -134,6 +148,12 @@
]
}
}
],
"must-match": [
"TypeNameHandling = TypeNameHandling.Auto",
"TypeNameHandling = TypeNameHandling.Objects",
"TypeNameHandling = TypeNameHandling.Arrays",
"TypeNameHandling = TypeNameHandling.All"
]
}
]
Loading

0 comments on commit 4a72aec

Please sign in to comment.