mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
147 lines
3.5 KiB
Go
147 lines
3.5 KiB
Go
|
package output
|
||
|
|
||
|
import (
|
||
|
"fmt"
|
||
|
"github.com/securego/gosec/v2"
|
||
|
"strconv"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
type sarifLevel string
|
||
|
|
||
|
const (
|
||
|
sarifNone = sarifLevel("none")
|
||
|
sarifNote = sarifLevel("note")
|
||
|
sarifWarning = sarifLevel("warning")
|
||
|
sarifError = sarifLevel("error")
|
||
|
)
|
||
|
|
||
|
type sarifProperties struct {
|
||
|
Tags []string `json:"tags"`
|
||
|
}
|
||
|
|
||
|
type sarifRule struct {
|
||
|
ID string `json:"id"`
|
||
|
Name string `json:"name"`
|
||
|
ShortDescription *sarifMessage `json:"shortDescription"`
|
||
|
FullDescription *sarifMessage `json:"fullDescription"`
|
||
|
Help *sarifMessage `json:"help"`
|
||
|
Properties *sarifProperties `json:"properties"`
|
||
|
}
|
||
|
|
||
|
type sarifArtifactLocation struct {
|
||
|
URI string `json:"uri"`
|
||
|
}
|
||
|
|
||
|
type sarifRegion struct {
|
||
|
StartLine uint64 `json:"startLine"`
|
||
|
StartColumn uint64 `json:"startColumn"`
|
||
|
EndColumn uint64 `json:"endColumn"`
|
||
|
}
|
||
|
|
||
|
type sarifPhysicalLocation struct {
|
||
|
ArtifactLocation *sarifArtifactLocation `json:"artifactLocation"`
|
||
|
Region *sarifRegion `json:"region"`
|
||
|
}
|
||
|
|
||
|
type sarifLocation struct {
|
||
|
PhysicalLocation *sarifPhysicalLocation `json:"physicalLocation"`
|
||
|
}
|
||
|
|
||
|
type sarifMessage struct {
|
||
|
Text string `json:"text"`
|
||
|
}
|
||
|
|
||
|
type sarifResult struct {
|
||
|
RuleID string `json:"ruleId"`
|
||
|
RuleIndex int `json:"ruleIndex"`
|
||
|
Level sarifLevel `json:"level"`
|
||
|
Message *sarifMessage `json:"message"`
|
||
|
Locations []*sarifLocation `json:"locations"`
|
||
|
}
|
||
|
|
||
|
type sarifDriver struct {
|
||
|
Name string `json:"name"`
|
||
|
InformationURI string `json:"informationUri"`
|
||
|
Rules []*sarifRule `json:"rules,omitempty"`
|
||
|
}
|
||
|
|
||
|
type sarifTool struct {
|
||
|
Driver *sarifDriver `json:"driver"`
|
||
|
}
|
||
|
|
||
|
type sarifRun struct {
|
||
|
Tool *sarifTool `json:"tool"`
|
||
|
Results []*sarifResult `json:"results"`
|
||
|
}
|
||
|
|
||
|
type sarifReport struct {
|
||
|
Schema string `json:"$schema"`
|
||
|
Version string `json:"version"`
|
||
|
Runs []*sarifRun `json:"runs"`
|
||
|
}
|
||
|
|
||
|
// buildSarifReport return SARIF report struct
|
||
|
func buildSarifReport() *sarifReport {
|
||
|
return &sarifReport{
|
||
|
Version: "2.1.0",
|
||
|
Schema: "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
|
||
|
Runs: []*sarifRun{},
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// buildSarifRule return SARIF rule field struct
|
||
|
func buildSarifRule(issue *gosec.Issue) *sarifRule {
|
||
|
return &sarifRule{
|
||
|
ID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
|
||
|
Name: issue.What,
|
||
|
ShortDescription: &sarifMessage{
|
||
|
Text: issue.What,
|
||
|
},
|
||
|
FullDescription: &sarifMessage{
|
||
|
Text: issue.What,
|
||
|
},
|
||
|
Help: &sarifMessage{
|
||
|
Text: fmt.Sprintf("%s\nSeverity: %s\nConfidence: %s\nCWE: %s", issue.What, issue.Severity.String(), issue.Confidence.String(), issue.Cwe.URL),
|
||
|
},
|
||
|
Properties: &sarifProperties{
|
||
|
Tags: []string{fmt.Sprintf("CWE-%s", issue.Cwe.ID), issue.Severity.String()},
|
||
|
},
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// buildSarifLocation return SARIF location struct
|
||
|
func buildSarifLocation(issue *gosec.Issue, rootPaths []string) (*sarifLocation, error) {
|
||
|
var filePath string
|
||
|
|
||
|
line, err := strconv.ParseUint(issue.Line, 10, 64)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
col, err := strconv.ParseUint(issue.Col, 10, 64)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
for _, rootPath := range rootPaths {
|
||
|
if strings.HasPrefix(issue.File, rootPath) {
|
||
|
filePath = strings.Replace(issue.File, rootPath+"/", "", 1)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
location := &sarifLocation{
|
||
|
PhysicalLocation: &sarifPhysicalLocation{
|
||
|
ArtifactLocation: &sarifArtifactLocation{
|
||
|
URI: filePath,
|
||
|
},
|
||
|
Region: &sarifRegion{
|
||
|
StartLine: line,
|
||
|
StartColumn: col,
|
||
|
EndColumn: col,
|
||
|
},
|
||
|
},
|
||
|
}
|
||
|
|
||
|
return location, nil
|
||
|
}
|