mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
fix: make sure that nil Cwe pointer is handled when getting the CWE ID
This commit is contained in:
parent
62fa4b4e9b
commit
19fa856bad
4 changed files with 22 additions and 9 deletions
|
@ -19,7 +19,11 @@ func (w *Weakness) SprintURL() string {
|
||||||
|
|
||||||
// SprintID format the CWE ID
|
// SprintID format the CWE ID
|
||||||
func (w *Weakness) SprintID() string {
|
func (w *Weakness) SprintID() string {
|
||||||
return fmt.Sprintf("%s-%s", Acronym, w.ID)
|
id := "0000"
|
||||||
|
if w != nil {
|
||||||
|
id = w.ID
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("%s-%s", Acronym, id)
|
||||||
}
|
}
|
||||||
|
|
||||||
// MarshalJSON print only id and URL
|
// MarshalJSON print only id and URL
|
||||||
|
|
|
@ -15,7 +15,7 @@ func WriteReport(w io.Writer, data *gosec.ReportInfo) error {
|
||||||
|
|
||||||
for _, issue := range data.Issues {
|
for _, issue := range data.Issues {
|
||||||
what := issue.What
|
what := issue.What
|
||||||
if issue.Cwe.ID != "" {
|
if issue.Cwe != nil && issue.Cwe.ID != "" {
|
||||||
what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What)
|
what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,11 +8,15 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func generatePlaintext(issue *gosec.Issue) string {
|
func generatePlaintext(issue *gosec.Issue) string {
|
||||||
|
cweID := "CWE"
|
||||||
|
if issue.Cwe != nil {
|
||||||
|
cweID = issue.Cwe.ID
|
||||||
|
}
|
||||||
return "Results:\n" +
|
return "Results:\n" +
|
||||||
"[" + issue.File + ":" + issue.Line + "] - " +
|
"[" + issue.File + ":" + issue.Line + "] - " +
|
||||||
issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
|
issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
|
||||||
", Severity: " + strconv.Itoa(int(issue.Severity)) +
|
", Severity: " + strconv.Itoa(int(issue.Severity)) +
|
||||||
", CWE: " + issue.Cwe.ID + ")\n" + "> " + html.EscapeString(issue.Code)
|
", CWE: " + cweID + ")\n" + "> " + html.EscapeString(issue.Code)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateReport Convert a gosec report to a JUnit Report
|
// GenerateReport Convert a gosec report to a JUnit Report
|
||||||
|
|
|
@ -27,12 +27,14 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
|
||||||
weaknesses := make(map[string]*cwe.Weakness)
|
weaknesses := make(map[string]*cwe.Weakness)
|
||||||
|
|
||||||
for _, issue := range data.Issues {
|
for _, issue := range data.Issues {
|
||||||
_, ok := weaknesses[issue.Cwe.ID]
|
if issue.Cwe != nil {
|
||||||
if !ok {
|
_, ok := weaknesses[issue.Cwe.ID]
|
||||||
weakness := cwe.Get(issue.Cwe.ID)
|
if !ok {
|
||||||
weaknesses[issue.Cwe.ID] = weakness
|
weakness := cwe.Get(issue.Cwe.ID)
|
||||||
cweTaxon := parseSarifTaxon(weakness)
|
weaknesses[issue.Cwe.ID] = weakness
|
||||||
cweTaxa = append(cweTaxa, cweTaxon)
|
cweTaxon := parseSarifTaxon(weakness)
|
||||||
|
cweTaxa = append(cweTaxa, cweTaxon)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r, ok := rulesIndices[issue.RuleID]
|
r, ok := rulesIndices[issue.RuleID]
|
||||||
|
@ -97,6 +99,9 @@ func parseSarifRule(issue *gosec.Issue) *ReportingDescriptor {
|
||||||
}
|
}
|
||||||
|
|
||||||
func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship {
|
func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship {
|
||||||
|
if weakness == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
return &ReportingDescriptorRelationship{
|
return &ReportingDescriptorRelationship{
|
||||||
Target: &ReportingDescriptorReference{
|
Target: &ReportingDescriptorReference{
|
||||||
ID: weakness.ID,
|
ID: weakness.ID,
|
||||||
|
|
Loading…
Reference in a new issue