From 78216eeb6d1cd34819f9c0097e2e1f919401a3aa Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Thu, 14 Sep 2023 15:38:52 -0700
Subject: [PATCH 1/5] Fixes JSONPath boundary finding for booleans
Boundary detection for boolean values was off because proper JSON requires booleans to be lower case in the raw text, but JsonElement.ToString() returns capitalized boolean names.
---
AppInspector.RulesEngine/TextContainer.cs | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/AppInspector.RulesEngine/TextContainer.cs b/AppInspector.RulesEngine/TextContainer.cs
index a67e0088..1b631e68 100644
--- a/AppInspector.RulesEngine/TextContainer.cs
+++ b/AppInspector.RulesEngine/TextContainer.cs
@@ -155,7 +155,8 @@ public TextContainer(string content, string language, Languages languages, ILogg
// The idx field is the start of the JSON element, including markup that isn't directly part of the element itself
if (field.GetValue(ele) is int idx)
{
- var eleString = ele.ToString();
+ // ele.ToString doesn't return the raw string from the json for booleans, it returns a capitalized False/True but JSON requires lower case false/true to parse
+ var eleString = ele.ValueKind is JsonValueKind.False ? "false" : ele.ValueKind is JsonValueKind.True ? "true" : ele.ToString();
if (eleString is { } denulledString)
{
var location = new Boundary
From 553b17f055617662830fb83768d6b2d0818084a5 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Thu, 14 Sep 2023 15:48:19 -0700
Subject: [PATCH 2/5] Adds a test case
---
.../RuleProcessor/XmlAndJsonTests.cs | 52 +++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs b/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
index 2a4d11a6..bf66b956 100644
--- a/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
+++ b/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
@@ -1,4 +1,5 @@
using System.IO;
+using System.Linq;
using Microsoft.ApplicationInspector.RulesEngine;
using Microsoft.CST.RecursiveExtractor;
using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -289,6 +290,57 @@ public void XmlStringRule(string rule)
}
}
+ [TestMethod]
+ public void JsonBooleanRule()
+ {
+ var testContent = @"{
+ ""list"":
+ [
+ {
+ ""field1"": ""Foo"",
+ ""field2"": ""Bar"",
+ ""field3"": false
+ },
+ {
+ ""field1"": ""Contoso"",
+ ""field2"": ""Elephant"",
+ ""field3"": true
+ }
+ ]
+}";
+ var testRule = @"[
+ {
+ ""id"": ""Field3true"",
+ ""name"": ""Testing.Rules.JSON"",
+ ""tags"": [
+ ""Testing.Rules.JSON""
+ ],
+ ""severity"": ""Critical"",
+ ""confidence"": ""High"",
+ ""description"": ""This rule finds field3 is true"",
+ ""patterns"": [
+ {
+ ""pattern"": ""true"",
+ ""type"": ""regex"",
+ ""confidence"": ""High"",
+ ""jsonpaths"" : [""$.list[*].field3""]
+ }
+ ]
+ }
+]";
+ RuleSet rules = new();
+ var originalSource = "TestRules";
+ rules.AddString(testRule, originalSource);
+ var analyzer = new Microsoft.ApplicationInspector.RulesEngine.RuleProcessor(rules,
+ new RuleProcessorOptions { Parallel = false, AllowAllTagsInBuildFiles = true });
+ if (_languages.FromFileNameOut("test.json", out var info))
+ {
+ var matches = analyzer.AnalyzeFile(testContent, new FileEntry("test.json", new MemoryStream()), info);
+ Assert.AreEqual(1, matches.Count);
+ Assert.AreEqual(237, matches.First().Boundary.Index);
+ }
+ }
+
[TestMethod]
public void TestYml()
{
From bb9f96b5d5fa9da5d40068dbd3bb290e1fbd6a31 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Thu, 14 Sep 2023 15:48:45 -0700
Subject: [PATCH 3/5] Update XmlAndJsonTests.cs
---
AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs b/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
index bf66b956..d942cf04 100644
--- a/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
+++ b/AppInspector.Tests/RuleProcessor/XmlAndJsonTests.cs
@@ -1,5 +1,4 @@
using System.IO;
-using System.Linq;
using Microsoft.ApplicationInspector.RulesEngine;
using Microsoft.CST.RecursiveExtractor;
using Microsoft.VisualStudio.TestTools.UnitTesting;
@@ -337,7 +336,7 @@ public void JsonBooleanRule()
{
var matches = analyzer.AnalyzeFile(testContent, new FileEntry("test.json", new MemoryStream()), info);
Assert.AreEqual(1, matches.Count);
- Assert.AreEqual(237, matches.First().Boundary.Index);
+ Assert.AreEqual(237, matches[0].Boundary.Index);
}
}
From 85f6fb77ef2da956b72568ff58c259ca42b43287 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Thu, 14 Sep 2023 16:40:48 -0700
Subject: [PATCH 4/5] Bump dependencies
---
AppInspector.Benchmarks/AppInspector.Benchmarks.csproj | 4 ++--
AppInspector.CLI/AppInspector.CLI.csproj | 2 +-
AppInspector.RulesEngine/AppInspector.RulesEngine.csproj | 6 +++---
AppInspector.Tests/AppInspector.Tests.csproj | 2 +-
AppInspector/AppInspector.Commands.csproj | 4 ++--
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/AppInspector.Benchmarks/AppInspector.Benchmarks.csproj b/AppInspector.Benchmarks/AppInspector.Benchmarks.csproj
index c42e366b..17ae054f 100644
--- a/AppInspector.Benchmarks/AppInspector.Benchmarks.csproj
+++ b/AppInspector.Benchmarks/AppInspector.Benchmarks.csproj
@@ -10,8 +10,8 @@
-
-
+
+
diff --git a/AppInspector.CLI/AppInspector.CLI.csproj b/AppInspector.CLI/AppInspector.CLI.csproj
index 1532f320..903b72b2 100644
--- a/AppInspector.CLI/AppInspector.CLI.csproj
+++ b/AppInspector.CLI/AppInspector.CLI.csproj
@@ -67,7 +67,7 @@
-
+
diff --git a/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj b/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
index 1b51ca30..13f3f40d 100644
--- a/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
+++ b/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
@@ -32,10 +32,10 @@
-
-
+
+
-
+
diff --git a/AppInspector.Tests/AppInspector.Tests.csproj b/AppInspector.Tests/AppInspector.Tests.csproj
index dc849ff4..32566694 100644
--- a/AppInspector.Tests/AppInspector.Tests.csproj
+++ b/AppInspector.Tests/AppInspector.Tests.csproj
@@ -18,7 +18,7 @@
-
+
diff --git a/AppInspector/AppInspector.Commands.csproj b/AppInspector/AppInspector.Commands.csproj
index 7eda50f7..831106da 100644
--- a/AppInspector/AppInspector.Commands.csproj
+++ b/AppInspector/AppInspector.Commands.csproj
@@ -55,8 +55,8 @@
-
-
+
+
From a81f29f6e9e629d0579ac53315619a59cec16a9c Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Fri, 15 Sep 2023 13:15:43 -0700
Subject: [PATCH 5/5] Update OAT
---
AppInspector.RulesEngine/AppInspector.RulesEngine.csproj | 2 +-
AppInspector/AppInspector.Commands.csproj | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj b/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
index 13f3f40d..3371c076 100644
--- a/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
+++ b/AppInspector.RulesEngine/AppInspector.RulesEngine.csproj
@@ -32,7 +32,7 @@
-
+
diff --git a/AppInspector/AppInspector.Commands.csproj b/AppInspector/AppInspector.Commands.csproj
index 831106da..d394f269 100644
--- a/AppInspector/AppInspector.Commands.csproj
+++ b/AppInspector/AppInspector.Commands.csproj
@@ -55,7 +55,7 @@
-
+