actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: make sure that nil Cwe pointer is handled when getting the CWE ID

Browse source
This commit is contained in:
Cosmin Cojocar 2022-08-20 13:20:36 +02:00
parent 62fa4b4e9b
commit 19fa856bad
4 changed files with 22 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cwe/types.go
View file

@ -19,7 +19,11 @@ func (w *Weakness) SprintURL() string {
// SprintID format the CWE ID // SprintID format the CWE ID
func (w *Weakness) SprintID() string { func (w *Weakness) SprintID() string {
return fmt.Sprintf("%s-%s", Acronym, w.ID) id := "0000"
if w != nil {
id = w.ID
}
return fmt.Sprintf("%s-%s", Acronym, id)
} }
// MarshalJSON print only id and URL // MarshalJSON print only id and URL

2
report/golint/writer.go
View file

@ -15,7 +15,7 @@ func WriteReport(w io.Writer, data *gosec.ReportInfo) error {
for _, issue := range data.Issues { for _, issue := range data.Issues {
what := issue.What what := issue.What
if issue.Cwe.ID != "" { if issue.Cwe != nil && issue.Cwe.ID != "" {
what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What) what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What)
} }

6
report/junit/formatter.go
View file

@ -8,11 +8,15 @@ import (
) )
func generatePlaintext(issue *gosec.Issue) string { func generatePlaintext(issue *gosec.Issue) string {
cweID := "CWE"
if issue.Cwe != nil {
cweID = issue.Cwe.ID
}
return "Results:\n" + return "Results:\n" +
"[" + issue.File + ":" + issue.Line + "] - " + "[" + issue.File + ":" + issue.Line + "] - " +
issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) + issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
", Severity: " + strconv.Itoa(int(issue.Severity)) + ", Severity: " + strconv.Itoa(int(issue.Severity)) +
", CWE: " + issue.Cwe.ID + ")\n" + "> " + html.EscapeString(issue.Code) ", CWE: " + cweID + ")\n" + "> " + html.EscapeString(issue.Code)
} }
// GenerateReport Convert a gosec report to a JUnit Report // GenerateReport Convert a gosec report to a JUnit Report

17
report/sarif/formatter.go
View file

@ -27,12 +27,14 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
weaknesses := make(map[string]*cwe.Weakness) weaknesses := make(map[string]*cwe.Weakness)
for _, issue := range data.Issues { for _, issue := range data.Issues {
_, ok := weaknesses[issue.Cwe.ID] if issue.Cwe != nil {
if !ok { _, ok := weaknesses[issue.Cwe.ID]
weakness := cwe.Get(issue.Cwe.ID) if !ok {
weaknesses[issue.Cwe.ID] = weakness weakness := cwe.Get(issue.Cwe.ID)
cweTaxon := parseSarifTaxon(weakness) weaknesses[issue.Cwe.ID] = weakness
cweTaxa = append(cweTaxa, cweTaxon) cweTaxon := parseSarifTaxon(weakness)
cweTaxa = append(cweTaxa, cweTaxon)
}
} }
r, ok := rulesIndices[issue.RuleID] r, ok := rulesIndices[issue.RuleID]
@ -97,6 +99,9 @@ func parseSarifRule(issue *gosec.Issue) *ReportingDescriptor {
} }
func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship { func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship {
if weakness == nil {
return nil
}
return &ReportingDescriptorRelationship{ return &ReportingDescriptorRelationship{
Target: &ReportingDescriptorReference{ Target: &ReportingDescriptorReference{
ID: weakness.ID, ID: weakness.ID,