From: Mart Date: Wed, 9 Nov 2016 12:31:43 +0000 (+0100) Subject: push fortify reports and analysis file X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=c1fdfc79abdb34eca075442189f8f8139dcb2f54;p=ssproject1617.git push fortify reports and analysis file --- diff --git a/fortify-reports/ss.fpr b/fortify-reports/ss.fpr new file mode 100644 index 0000000..20103a2 Binary files /dev/null and b/fortify-reports/ss.fpr differ diff --git a/fortify-reports/testcms-final-anon CWESANSTop25.pdf b/fortify-reports/testcms-final-anon CWESANSTop25.pdf new file mode 100644 index 0000000..0408323 Binary files /dev/null and b/fortify-reports/testcms-final-anon CWESANSTop25.pdf differ diff --git a/fortify-reports/testcms-final-anon DISASTIG.pdf b/fortify-reports/testcms-final-anon DISASTIG.pdf new file mode 100644 index 0000000..5d5973f Binary files /dev/null and b/fortify-reports/testcms-final-anon DISASTIG.pdf differ diff --git a/fortify-reports/testcms-final-anon DeveloperWorkbook.pdf b/fortify-reports/testcms-final-anon DeveloperWorkbook.pdf new file mode 100644 index 0000000..e62b9a8 Binary files /dev/null and b/fortify-reports/testcms-final-anon DeveloperWorkbook.pdf differ diff --git a/fortify-reports/testcms-final-anon FISMAComplianceFIPS-200.pdf b/fortify-reports/testcms-final-anon FISMAComplianceFIPS-200.pdf new file mode 100644 index 0000000..036bb34 Binary files /dev/null and b/fortify-reports/testcms-final-anon FISMAComplianceFIPS-200.pdf differ diff --git a/fortify-reports/testcms-final-anon OWASPMobileTop10.pdf b/fortify-reports/testcms-final-anon OWASPMobileTop10.pdf new file mode 100644 index 0000000..b164c0c Binary files /dev/null and b/fortify-reports/testcms-final-anon OWASPMobileTop10.pdf differ diff --git a/fortify-reports/testcms-final-anon PCIDSSComplianceApplicationSecurityRequirements.pdf b/fortify-reports/testcms-final-anon PCIDSSComplianceApplicationSecurityRequirements.pdf new file mode 100644 index 0000000..aad3053 Binary files /dev/null and b/fortify-reports/testcms-final-anon PCIDSSComplianceApplicationSecurityRequirements.pdf differ diff --git a/testcms-final-anon/Fortifytestcms-final-anon.bat b/testcms-final-anon/Fortifytestcms-final-anon.bat new file mode 100644 index 0000000..f8161a7 --- /dev/null +++ b/testcms-final-anon/Fortifytestcms-final-anon.bat @@ -0,0 +1,135 @@ +@echo off +REM ########################################################################### +REM Script generated by HPE Security Fortify SCA Scan Wizard (c) 2011-2016 Hewlett Packard Enterprise Development LP +REM Created on 2016/11/09 09:06:13 +REM ########################################################################### +REM Generated for the following languages: +REM Javascript +REM PHP +REM SQL +REM ########################################################################### +REM DEBUG - if set to true, runs SCA in debug mode +REM SOURCEANALYZER - the name of the SCA executable +REM FPR - the name of analysis result file +REM BUILDID - the SCA build id +REM ARGFILE - the name of the argument file that's extracted and passed to SCA +REM BYTECODE_ARGFILE - the name of the argument file for Java Bytecode translation that's extracted and passed to SCA +REM MEMORY - the memory settings for SCA +REM LAUNCHERSWITCHES - the launcher settings that are used to invoke SCA +REM OLDFILENUMBER - this defines the file which contains the number of files within the project, it is automatically generated +REM FILENOMAXDIFF - this is the percentage of difference between the number of files which will trigger a warning by the script +REM ########################################################################### + +set DEBUG=false +set SOURCEANALYZER=sourceanalyzer +set FPR="Fortifytestcms-final-anon.fpr" +set BUILDID="testcms-final-anon" +set ARGFILE="Fortifytestcms-final-anon.bat.args" +set BYTECODE_ARGFILE="Fortifytestcms-final-anon.bat.bytecode.args" +set MEMORY=-Xmx682M -Xms400M -Xss24M +set LAUNCHERSWITCHES="" +set OLDFILENUMBER=Fortifytestcms-final-anon.bat.fileno +set FILENOMAXDIFF=10 +set ENABLE_BYTECODE=false + +set PROJECTROOT0="C:\Users\mrl\Desktop\ssproject1617\testcms-final-anon" +IF NOT EXIST %PROJECTROOT0% ( + ECHO ERROR: This script is being run on a different machine than it was + ECHO generated on or the targeted project has been moved. This script is + ECHO configured to locate files at + ECHO %PROJECTROOT0% + ECHO Please modify the %%PROJECTROOT0%% variable found + ECHO at the top of this script to point to the corresponding directory + ECHO located on this machine. + GOTO :FINISHED +) + +IF %DEBUG%==true set LAUNCHERSWITCHES=-debug %LAUNCHERSWITCHES% +echo Extracting Arguments File + + +echo. >%ARGFILE% +echo. >%BYTECODE_ARGFILE% +SETLOCAL ENABLEDELAYEDEXPANSION +IF EXIST %0 ( + set SCAScriptFile=%0 +) ELSE ( + set SCAScriptFile=%0.bat +) + +set PROJECTROOT0=%PROJECTROOT0:)=^)% +FOR /f "delims=" %%a IN ('findstr /B /C:"REM ARGS" %SCAScriptFile%' ) DO ( + set argVal=%%a + set argVal=!argVal:PROJECTROOT0_MARKER=%PROJECTROOT0:~1,-1%! + echo !argVal:~9! >> %ARGFILE% +) +set PROJECTROOT0=%PROJECTROOT0:)=^)% +FOR /f "delims=" %%a IN ('findstr /B /C:"REM BYTECODE_ARGS" %SCAScriptFile%' ) DO ( + set ENABLE_BYTECODE=true + set argVal=%%a + set argVal=!argVal:PROJECTROOT0_MARKER=%PROJECTROOT0:~1,-1%! + echo !argVal:~18! >> %BYTECODE_ARGFILE% +) +ENDLOCAL && set ENABLE_BYTECODE=%ENABLE_BYTECODE% + +REM ########################################################################### +echo Cleaning previous scan artifacts +%SOURCEANALYZER% %MEMORY% %LAUNCHERSWITCHES% -b %BUILDID% -clean +IF %ERRORLEVEL%==1 ( +echo Sourceanalyzer failed, exiting +GOTO :FINISHED +) +REM ########################################################################### +echo Translating files +%SOURCEANALYZER% %MEMORY% %LAUNCHERSWITCHES% -b %BUILDID% @%ARGFILE% +IF %ERRORLEVEL%==1 ( +echo Sourceanalyzer failed, exiting +GOTO :FINISHED +) +REM ########################################################################### +IF %ENABLE_BYTECODE%==true ( +echo Translating Java bytecode files +%SOURCEANALYZER% %MEMORY% %LAUNCHERSWITCHES% -b %BUILDID% @%BYTECODE_ARGFILE% +IF %ERRORLEVEL%==1 ( +echo Sourceanalyzer failed, exiting +GOTO :FINISHED +) +) +REM ########################################################################### +echo Testing Difference between Translations +SETLOCAL +FOR /F "delims=" %%A in ('%SOURCEANALYZER% -b %BUILDID% -show-files ^| findstr /R /N "^" ^| find /C ":" ') DO SET FILENUMBER=%%A +IF NOT EXIST %OLDFILENUMBER% ( + ECHO It appears to be the first time running this script, setting %OLDFILENUMBER% to %FILENUMBER% + ECHO %FILENUMBER% > %OLDFILENUMBER% + GOTO TESTENDED +) + +FOR /F "delims=" %%i IN (%OLDFILENUMBER%) DO SET OLDFILENO=%%i +set /a DIFF=%OLDFILENO% * %FILENOMAXDIFF% +set /a DIFF /= 100 +set /a MAX=%OLDFILENO% + %DIFF% +set /a MIN=%OLDFILENO% - %DIFF% + +IF %FILENUMBER% LSS %MIN% set SHOWWARNING=true +IF %FILENUMBER% GTR %MAX% set SHOWWARNING=true + +IF DEFINED SHOWWARNING ( + ECHO WARNING: The number of files has changed by over %FILENOMAXDIFF%%%, it is recommended + ECHO that this script is regenerated with the ScanWizard +) +:TESTENDED +ENDLOCAL + +REM ########################################################################### +echo Starting scan +%SOURCEANALYZER% %MEMORY% %LAUNCHERSWITCHES% -b %BUILDID% -scan -f %FPR% +IF %ERRORLEVEL%==1 ( +echo Sourceanalyzer failed, exiting +GOTO :FINISHED +) +REM ########################################################################### +echo Finished +:FINISHED +REM ARGS "-Dcom.fortify.sca.fileextensions.sql=PLSQL" +REM ARGS "PROJECTROOT0_MARKER" diff --git a/testcms-final-anon/Fortifytestcms-final-anon.bat.args b/testcms-final-anon/Fortifytestcms-final-anon.bat.args new file mode 100644 index 0000000..4023a99 --- /dev/null +++ b/testcms-final-anon/Fortifytestcms-final-anon.bat.args @@ -0,0 +1,3 @@ + +"-Dcom.fortify.sca.fileextensions.sql=PLSQL" +"C:\Users\mrl\Desktop\ssproject1617\testcms-final-anon" diff --git a/testcms-final-anon/Fortifytestcms-final-anon.bat.bytecode.args b/testcms-final-anon/Fortifytestcms-final-anon.bat.bytecode.args new file mode 100644 index 0000000..8d1c8b6 --- /dev/null +++ b/testcms-final-anon/Fortifytestcms-final-anon.bat.bytecode.args @@ -0,0 +1 @@ + diff --git a/testcms-final-anon/Fortifytestcms-final-anon.bat.fileno b/testcms-final-anon/Fortifytestcms-final-anon.bat.fileno new file mode 100644 index 0000000..d58bbba --- /dev/null +++ b/testcms-final-anon/Fortifytestcms-final-anon.bat.fileno @@ -0,0 +1 @@ +91