在 Fortify 中编写规则 [英] Writing rules in Fortify
问题描述
有人知道如何在 HP Fortify SCA 中编写规则来检查 XLM 文件中的 XML 标记值吗?
Does anybody know how to write a rule in HP Fortify SCA to check for an XML tag value in an XLM file?
我有一个像这样的带有正则表达式的 XML,想编写一个规则来检查元素是否与正则表达式匹配.
I have an XML like this with a regular expression and want to write a rule which checks whether the element matches a regex.
<xml>
<email>[a-z]@.com]</email>
</xml>
推荐答案
这是通过 XML 样式的 ConfigurationRule 完成的.我不确定您是否想将该值与正则表达式进行匹配,或者确定该值本身就是一个正则表达式.但不管怎样,我都会提供规则的结构,而你自己来决定模式.
This is done with an XML style ConfigurationRule. I'm not sure if you want to match the value against a regular expression, or determine that the value is itself a regular expression. But regardless I will provide the structure of the rule and you are on your own for the pattern.
<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://www.fortifysoftware.com/schema/rules"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="RulePack">
<RulePackID>D1B37203-B532-4F4F-BF1F-BA8796CABF21</RulePackID>
<SKU>SKU-D1B37203-B532-4F4F-BF1F-BA8796CABF21</SKU>
<Name><![CDATA[ rulepack name ]]></Name>
<Version>1.0</Version>
<Description><![CDATA[Description for .xml]]></Description>
<Rules version="3.11">
<RuleDefinitions>
<ConfigurationRule formatVersion="3.11">
<RuleID>1C80C1A2-10DF-40C3-B1B7-FCC3D7BD42F7</RuleID>
<VulnKingdom>Code Quality</VulnKingdom>
<VulnCategory>Email in XYZ Configuration</VulnCategory>
<DefaultSeverity>5.0</DefaultSeverity>
<Description formatVersion="3.2"></Description>
<ConfigFile type="xml">
<Pattern>test.*\.xml</Pattern>
</ConfigFile>
<XPathMatch expression="/xml/email[text()='abc@foo']" reporton="/xml/email" />
</ConfigurationRule>
</RuleDefinitions>
</Rules>
</RulePack>
这篇关于在 Fortify 中编写规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
