Does anybody know how to write a rule in HP Fortify SCA to check for an XML tag value in an XLM file?
I have an XML like this with a regular expression and want to write a rule which checks whether the element matches a regex.
This is done with an XML style ConfigurationRule. I'm not sure if you want to match the value against a regular expression, or determine that the value is itself a regular expression. But regardless I will provide the structure of the rule and you are on your own for the pattern.
<?xml version="1.0" encoding="UTF-8"?>
<RulePack xmlns="xmlns://"
xmlns:xsi="" xsi:type="RulePack">
<Name><![CDATA[ rulepack name ]]></Name>
<Description><![CDATA[Description for .xml]]></Description>
<Rules version="3.11">
<ConfigurationRule formatVersion="3.11">
<VulnKingdom>Code Quality</VulnKingdom>
<VulnCategory>Email in XYZ Configuration</VulnCategory>
<Description formatVersion="3.2"></Description>
<ConfigFile type="xml">
<XPathMatch expression="/xml/email[text()='abc@foo']" reporton="/xml/email" />