{"id":962,"date":"2019-05-15T18:27:30","date_gmt":"2019-05-16T03:27:30","guid":{"rendered":"\/blog\/?p=962"},"modified":"2023-09-21T09:26:54","modified_gmt":"2023-09-21T00:26:54","slug":"fortify-fpr-report-%ec%8a%a4%ed%81%ac%eb%a6%bd%ed%8a%b8","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=962","title":{"rendered":"[Fortify] FPR Report \uc2a4\ud06c\ub9bd\ud2b8"},"content":{"rendered":"\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">#!\/bin\/bash\n#####################################################################\n#\n# Fortify SCA FPR\ud30c\uc77c \ubd84\uc11d \uc2a4\ud06c\ub9bd\ud2b8\n#\n# \uc774 \uc2a4\ud06c\ub9bd\ud2b8\ub294 FPR\ud30c\uc77c\uc744 \ubd84\uc11d\ud558\uc5ec \uc544\ub798\uc758 \ud30c\uc77c\uc744 \ucd9c\ub825\ud55c\ub2e4.\n# 1. CSV\ud3ec\ub9f7\uc758 \uc694\uc57d,\uc0c1\uc138 \ub9ac\ud3ec\ud2b8\n# 2. TXT\ud3ec\ub9f7\uc758 Suppressed\ub41c \ucde8\uc57d\uc810\uc758 IID \ub9ac\uc2a4\ud2b8\n#\n# \uc708\ub3c4\uc6b0\uc5d0\uc11c \uc2e4\ud589 \uc2dc:\n# bash -c \".\/fpr_report.sh webgoat.fpr\"\n#\n# by \uc774\uc874\uc11d(hasu0707@esvali.com)\n#\n#####################################################################\nDEBUG_ON=1\nVERSION=0.2\nFILTER_SET=\"Security Auditor View\"\n#FILTER_SET=\"Quick View\"\nWIN_MINGW_DIR=\"\/cygdrive\/c\/PortableApps\/cmd_cygwin_x86_64\"\nFPR_TMP_DIR=.\/fpr_tmp\nREPORT_TEMPLATE=.\/my_report_template.xml\nSUPPRESSED_LIST_SUFFIX=suppressed_list.txt\nTMP_FILE1=.\/tmpfile.txt\n\n#####################################################################\n#\n# \uc0ac\uc6a9\ubc29\ubc95 \ucd9c\ub825\n#\n#####################################################################\nfunc_usage() {\n  echo \"$0 ver.${VERSION}\"\n  echo\n  echo \"usage: $0 &lt;FPR file>\"\n}\n\n#####################################################################\n#\n# \ucd08\uae30\ud654\n# $1 : FPR \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_init() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_init()\"\n  fi\n\n  if [ -z \"${WINDIR}\" ]; then\n    IS_WINDOWS=0\n  else\n    IS_WINDOWS=1\n  fi\n\n  if [ ${IS_WINDOWS} -eq 1 ]; then\n    DEVNULL=null.dev\n    WINCMD=\"\/cygdrive\/c\/Windows\/System32\/cmd.exe \/C\"\n    FORTIFY_HOME=\"\/cygdrive\/c\/Program Files\/Fortify\/Fortify_SCA_and_Apps_18.10\"\n    REPORT_GENERATOR=\"ReportGenerator.bat\"\n    PATH=${FORTIFY_HOME}\/bin:${WIN_MINGW_DIR}\/bin:${PATH}\n  else\n    DEVNULL=\/dev\/null\n    WINCMD=\"\"\n    FORTIFY_HOME=\"\/opt\/Fortify\/Fortify_SCA_and_Apps_18.20\"\n    REPORT_GENERATOR=\"ReportGenerator\"\n    PATH=${FORTIFY_HOME}\/bin:${PATH}\n  fi\n\n  BUILD_ID=$(basename $1 .fpr)\n}\n\n#####################################################################\n#\n# \ud544\uc694\ud55c \uc720\ud2f8\ub9ac\ud2f0\uac00 \uc788\ub294\uc9c0 \uac80\uc0ac\n#\n#####################################################################\nfunc_check_utils() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_check_utils()\"\n  fi\n\n  local IS_EXIT=0;\n  UTILNAMES=( \"xmllint\" \"unzip\" \"sed\" \"basename\")\n\n  # \uc708\ub3c4\uc6b0 \uc720\ud2f8\ub9ac\ud2f0 \uccb4\ud0b9\n  if [ ${IS_WINDOWS} -eq 1 ]; then\n    if [ ! -e ${WIN_MINGW_DIR}\/bin\/xmllint ] || [ ! -e ${WIN_MINGW_DIR}\/bin\/unzip ] || [ ! -e ${WIN_MINGW_DIR}\/bin\/sed ] || [ ! -e ${WIN_MINGW_DIR}\/bin\/basename ]; then\n      echo \"ERROR: ${WIN_MINGW_DIR} not found !\"\n      IS_EXIT=1\n    fi\n\n    if [ ${IS_EXIT} -ne 0 ]; then\n      exit 1\n    fi\n    return\n  fi\n\n  # \ub9ac\ub205\uc2a4 \uc720\ud2f8\ub9ac\ud2f0 \uccb4\ud0b9\n  for LOOP1 in \"${UTILNAMES[@]}\"\n  do\n    which ${LOOP1} > ${DEVNULL}\n    if [ $? -ne 0 ]; then\n      echo \"ERROR: ${LOOP1} not found !\"\n      IS_EXIT=1\n    fi\n  done\n\n  # ReportGenerator \uccb4\ud06c\n  if [ ! -e ${FORTIFY_HOME}\/bin\/${REPORT_GENERATOR} ]; then\n    echo \"ERROR: ${REPORT_GENERATOR} not found !\"\n    IS_EXIT=1\n  fi\n\n  # Fortify Report Template \uccb4\ud06c\n  if [ ! -e ${REPORT_TEMPLATE} ]; then\n    echo \"ERROR: ${REPORT_TEMPLATE} not found !\"\n    IS_EXIT=1\n  fi\n\n  # \uc5c6\ub294 \uc720\ud2f8\ub9ac\ud2f0\uac00 \uc788\uc73c\uba74 \uc2a4\ud06c\ub9bd\ud2b8 \uc885\ub8cc\n  if [ ${IS_EXIT} -ne 0 ]; then\n    exit 1\n  fi\n\n  unset UTILNAMES\n}\n\n#####################################################################\n#\n# \uc784\uc2dc \ubc0f \ubd88\ud544\uc694\ud55c \ud30c\uc77c \uc0ad\uc81c\n#\n#####################################################################\nfunc_clean() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_clean()\"\n  fi\n\n  if [ ${IS_WINDOWS} -eq 1 ]; then\n    rm -f ${DEVNULL}\n  fi\n\n  rm -rf ${FPR_TMP_DIR}\n  rm -f ${TMP_FILE1}\n  rm -f ${BUILD_ID}.xml\n}\n\n#####################################################################\n#\n# FPR\ud30c\uc77c unzip\n# $1 : fpr \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_unzip() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_unzip()\"\n  fi\n\n  if [ -d ${FPR_TMP_DIR} ]\n  then\n    rm -rf ${FPR_TMP_DIR}\n  fi\n  mkdir ${FPR_TMP_DIR}\n  unzip $1 -d ${FPR_TMP_DIR} audit.fvdl audit.xml filtertemplate.xml &amp;> ${DEVNULL}\n}\n\n#####################################################################\n#\n# FPR\ud30c\uc77c\uc5d0\uc11c Suppressed\ub41c \ucde8\uc57d\uc810\ub4e4\uc758 IID\ub97c \ubf51\uc544\uc11c \uc800\uc7a5\ud55c\ub2e4.\n# $1 : suppressed \ubaa9\ub85d\uc774 \uae30\ub85d\ub420 \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_write_suppressed_list() {\n  local S_COUNT=1\n  local RET_VAL=0\n\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_write_suppressed_list()\"\n  fi\n\n  rm -f ${1}\n  while [ ${RET_VAL} -eq 0 ]\n  do\n    xmllint \\\n--encode UTF-8 --nowarning --noblanks \\\n--xpath \"\/\/*[local-name()='Audit']\/*[local-name()='IssueList']\/*[local-name()='Issue'][${S_COUNT}]\/@instanceId\" \\\n.\/fpr_tmp\/audit.xml \\\n>> ${1} 2> ${DEVNULL}\n    RET_VAL=$?\n    if [ ${RET_VAL} -eq 0 ]\n    then\n      S_COUNT=$((S_COUNT + 1))\n    fi\n    echo >> ${1}\n  done\n\n  # \ubd88\ud544\uc694\ud55c \ubb38\uc790\uc5f4 \ubc0f \ube48\uc904 \uc0ad\uc81c\n  sed -i \"s\/ instanceId=\\\"\/\/g\" ${1}\n  sed -i \"s\/\\\"$\/\/g\" ${1}\n  sed -i \"\/^$\/d\" ${1}\n\n  # Suppressed\ub41c \uac2f\uc218 \ucd9c\ub825\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> suppressed count: $((S_COUNT - 1))\"\n  fi\n\n  return $((S_COUNT - 1))\n}\n\n#####################################################################\n#\n# ReportGenerator\ub97c \uc0ac\uc6a9\ud558\uc5ec XML \ub9ac\ud3ec\ud2b8\ub97c \ubf51\ub294\ub2e4.\n# $1 : \uc785\ub825 FPR \ud30c\uc77c\uba85\n# $2 : \ucd9c\ub825 XML \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_reportgenerator() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_reportgenerator()\"\n  fi\n\n  ${WINCMD} \"${REPORT_GENERATOR}\" \\\n-format xml \\\n-template ${REPORT_TEMPLATE} \\\n-filterSet \"${FILTER_SET}\" \\\n-showSuppressed -source $1 -f $2\n}\n\n#####################################################################\n#\n# ReportGenerator\ub85c \ub9cc\ub4e0 XML\uc744 \ud30c\uc2f1\ud558\uc5ec \uc0c1\uc138 CSV \ub9ac\ud3ec\ud2b8\ub97c \ub9cc\ub4e0\ub2e4\n# $1 : \uc785\ub825 XML \ud30c\uc77c\uba85\n# $2 : \ucd9c\ub825 CSV \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_xml_to_csv_detail() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_xml_to_csv_detail()\"\n  fi\n\n  xmllint --encode UTF-8 --xpath \\\n\"\/ReportDefinition\/ReportSection[3]\/SubSection[2]\/IssueListing\/Chart\/GroupingSection\/Issue\/@iid|\/\/Folder|\/\/Kingdom|\/\/Category|\/\/Primary\/FilePath|\/\/Primary\/LineStart\" \\\n$1 > ${TMP_FILE1}\n\n  sed -i \\\n-e \"s\/&lt;\\\/LineStart>\/\\n\/g\" -e \"s\/&lt;LineStart>\/\/g\" \\\n-e \"s\/&lt;\\\/Category>\/,\/g\" -e \"s\/&lt;Category>\/\/g\" \\\n-e \"s\/&lt;\\\/Folder>\/,\/g\" -e \"s\/&lt;Folder>\/\/g\" \\\n-e \"s\/&lt;\\\/Kingdom>\/,\/g\" -e \"s\/&lt;Kingdom>\/\/g\" \\\n-e \"s\/&lt;\\\/FilePath>\/,\/g\" -e \"s\/&lt;FilePath>\/\/g\" \\\n-e \"s\/ iid=\\\"\/\/g\" -e \"s\/&lt;>\/\/g\" \\\n-e 's\/\\\"\/,\/g' \\\n${TMP_FILE1}\n\n  echo \"IID,CATEGORY,FOLDER,KINGDOM,FILE_PATH,LINE_NO\" > $2\n  cat ${TMP_FILE1} >> $2\n  rm -f ${TMP_FILE1}\n}\n\n#####################################################################\n#\n# ReportGenerator\ub85c \ub9cc\ub4e0 XML\uc744 \ud30c\uc2f1\ud558\uc5ec \uc694\uc57d CSV \ub9ac\ud3ec\ud2b8\ub97c \ub9cc\ub4e0\ub2e4\n# $1 : \uc785\ub825 XML \ud30c\uc77c\uba85\n# $2 : \ucd9c\ub825 CSV \ud30c\uc77c\uba85\n#\n#####################################################################\nfunc_xml_to_csv_summary() {\n  if [ ${DEBUG_ON} -eq 1 ]\n  then\n    echo \">> func_xml_to_csv_summary()\"\n  fi\n\n  xmllint --encode UTF-8 --xpath \\\n\"\/ReportDefinition\/ReportSection[1]\/SubSection[2]\/IssueListing\/Chart\/GroupingSection\/groupTitle\" \\\n$1 > ${TMP_FILE1}\n  echo >> ${TMP_FILE1}\n  xmllint --encode UTF-8 --xpath \\\n\"\/ReportDefinition\/ReportSection[1]\/SubSection[2]\/IssueListing\/Chart\/GroupingSection\/@count\" \\\n$1 >> ${TMP_FILE1}\n\n  sed -i \\\n-e \"s\/&lt;\\\/groupTitle>\/,\/g\" -e \"s\/&lt;groupTitle>\/\/g\" \\\n-e 's\/ count=\\\"\/\/g' -e 's\/\\\"\/,\/g' -e \"s\/,$\/\/g\" \\\n${TMP_FILE1}\n\n  cat ${TMP_FILE1} > $2\n  rm -f ${TMP_FILE1}\n}\n\n#####################################################################\n#\n# main\n#\n#####################################################################\n\n# \uba85\ub839\ud589 \uc778\uc218\uac00 \uc5c6\uc73c\uba74 \uc0ac\uc6a9\ubc29\ubc95 \ucd9c\ub825\ud558\uace0 \ub05d\ub0c4\nif [ $# -lt 1 ]; then\n  func_usage\n  exit 3\nfi\n\n# FPR \ud30c\uc77c \uc874\uc7ac \uc5ec\ubd80 \uccb4\ud06c\nif [ ! -e ${1} ]; then\n  echo \"ERROR: ${1} not found !\"\n  func_usage\n  exit 2\nfi\n\nfunc_init ${1}\nfunc_check_utils\nfunc_unzip ${1}\nfunc_write_suppressed_list ${BUILD_ID}_${SUPPRESSED_LIST_SUFFIX}\nfunc_reportgenerator ${1} ${BUILD_ID}.xml\nfunc_xml_to_csv_detail ${BUILD_ID}.xml ${BUILD_ID}_detail.csv\nfunc_xml_to_csv_summary ${BUILD_ID}.xml ${BUILD_ID}_summary.csv\nfunc_clean<\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-962","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=962"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/962\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}