OWASP O2 Platform Blog

Exporting Checkmarx SAST Database into XML files

Once I added VistaDB support to O2, I was able to export the CWE content from CheckMarx database into TeamMentor  (see videos at PoC of integrating TeamMentor with Checkmarx),

This post covers the part where we export the entire Checkmark database into flat XML files (for the script that consumed the CWE.xml see Case Study – Creating a CWE Library from CheckMarx data )

Viewing table data: Configurations

var vistaDB = new API_VistaDB();
vistaDB.ConnectionString = @"data source='C:\Program Files\Checkmarx\Checkmarx Application Server\CxDB.vdb3'";

var dataTable = vistaDB.table("Configurations").dataTable();
panel.clear().add_DataGridView().dataSource(dataTable);

//O2File:API_VistaDB.cs

Viewing table data: CWE

var vistaDB = new API_VistaDB();
var dataTable = vistaDB.table("CWE").dataTable();
panel.clear().add_DataGridView().dataSource(dataTable);

//O2File:API_VistaDB.cs

Get table as XML

var vistaDB = new API_VistaDB();
var xml = vistaDB.table("Configurations").xml();
return xml;

//O2File:API_VistaDB.cs
//O2Tag_DontAddExtraO2Files.

View table in DataGridView

var vistaDB = new API_VistaDB();

var dataTable = vistaDB.table("Configurations").dataTable();
panel.clear().add_DataGridView().dataSource(dataTable);

//O2File:API_VistaDB.cs
//O2Tag_DontAddExtraO2Files

Saving one table as XML file

var vistaDB = new API_VistaDB();
var checkMark_XmlDumps = "_CheckMark_XmlDumps".tempDir(false);
var tables = vistaDB.tables();

var table = tables[0];
var targetFile = checkMark_XmlDumps.pathCombine(table.Name + ".xml");

return table.xml().saveAs(targetFile);

//O2File:API_VistaDB.cs
//O2Tag_DontAddExtraO2Files

Saving all tables

var vistaDB = new API_VistaDB();
var checkMark_XmlDumps = "_CheckMark_XmlDumps".tempDir(false);
foreach(var table in vistaDB.tables())
{
 "saving table: {0}".info(table);
 var targetFile = checkMark_XmlDumps.pathCombine(table.Name + ".xml");
 table.xml().saveAs(targetFile);
}
return "done";

//O2File:API_VistaDB.cs
//O2Tag_DontAddExtraO2Files

Consuming  Saved CWE.xml

var checkMark_XmlDumps = "_CheckMark_XmlDumps".tempDir(false);
var cwe = checkMark_XmlDumps.pathCombine("CWE.xml").xRoot();

return cwe.elements().size();

Consuming saved CWE.Xml via cache: (faster)

var checkMark_XmlDumps = "_CheckMark_XmlDumps".tempDir(false);var cwe = "cweData".o2Cache<XElement>(()=> checkMark_XmlDumps.pathCombine("CWE.xml").xRoot());
return cwe.elements().size();
Tool to visualize the CWE data as HTML pages
var vistaDB = new API_VistaDB();
var checkMark_XmlDumps = "_CheckMark_XmlDumps".tempDir(false);
var xRoot = "cweData".o2Cache<XElement>(()=> checkMark_XmlDumps.pathCombine("CWE.xml").xRoot());

var topPanel = panel.clear().add_Panel();
var webBrowser = topPanel.add_WebBrowser_Control();
var treeView= webBrowser.insert_Left(200).add_TreeView();
var codeViewer = webBrowser.insert_Below().add_SourceCodeViewer();

treeView.afterSelect<string>(
 (text) =>
 {
 webBrowser.open(text.saveWithExtension(".html") );
 codeViewer.set_Text(text.htmlDecode().tidyHtml() , ".html");
 });

foreach(var cweEntry in xRoot.elements().remove(0))
{
 var entryData = cweEntry.elements();
 treeView.add_Node(entryData[0].value(),entryData[1].value());
}

treeView.selectFirst();
//O2File:API_VistaDB.cs
//O2File:HtmlAgilityPack_ExtensionMethods.cs

//O2Ref:O2_Misc_Microsoft_MPL_Libs.dll

April 13, 2012 - Posted by | CheckMarx

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: