fortify / fortify-ssc-parser-sample Goto Github PK

This issue is more so for documentation as the repo fortify/sample-parser doesn't have GH issues enabled.

Maybe I'm using it wrong, but I think com.fortify.plugin.api.BasicVulnerabilityBuilder.setVulnerabilityRecommendation(String vulnerabilityRecommendation) does not work.
I notice that when I try to set the recommendatio using this API, I'm unable to show the recommendation even after setting the view template correctly.
As a test, I've also tried calling the SSC REST API and the json being returned is saying that the recommendation is not set.

I'm creating this GH issue as a form of documentation as the fortify/sample-parser repo doesn't have GH Issues enabled and neither repos have the wiki enabled.

For those who are writing parsers where you want to have special formatting by using some HTML, I've tried to test, via trial and error, to determine which HTML tags that the Fortify SSC server will allow.

As of now (Fortify SSC version 23.1), here are the tags that I've been able to get Fortify SSC to render:

<a></a>
<b></b>
<blockquote></blockquote>
<br></br>
<cite></cite>
<code></code>
<dd></dd>
<div></div>
<dl></dl>
<dt></dt>
<em></em>
<h1></h1>
<i></i>
<li></li>
<ol></ol>
<p></p>
<pre></pre>
<q></q>
<small></small>
<span></span>
<strike></strike>
<strong></strong>
<sub></sub>
<sup></sup>
<table/>
<u></u>
<ul></ul>

Below are a list of html tags that I've noticed Fortify SSC to sanitize:

abbr
acronym
address
applet
area
article
aside
audio
base
basefont
bdi
bdo
big
button
canvas
caption
center
col
colgroup
data
datalist
del
details
dfn
dialog
dir
embed
fieldset
figcaption
figure
font
footer
form
frame
frameset
header
hgroup
hr
iframe
input
ins
kbd
label
legend
link
main
map
mark
menu
meta
meter
nav
noframes
noscript
object
rp
rt
ruby
s
samp
search
section
select
source
optgroup
option
output
param
picture
progress
summary
svg
table
tbody
td
template
textarea
tfoot
th
thead
time
title
tr
track
tt
var
video
wbr