mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
fix: make sure that nil Cwe pointer is handled when getting the CWE ID
This commit is contained in:
parent
62fa4b4e9b
commit
19fa856bad
4 changed files with 22 additions and 9 deletions
|
@ -19,7 +19,11 @@ func (w *Weakness) SprintURL() string {
|
|||
|
||||
// SprintID format the CWE ID
|
||||
func (w *Weakness) SprintID() string {
|
||||
return fmt.Sprintf("%s-%s", Acronym, w.ID)
|
||||
id := "0000"
|
||||
if w != nil {
|
||||
id = w.ID
|
||||
}
|
||||
return fmt.Sprintf("%s-%s", Acronym, id)
|
||||
}
|
||||
|
||||
// MarshalJSON print only id and URL
|
||||
|
|
|
@ -15,7 +15,7 @@ func WriteReport(w io.Writer, data *gosec.ReportInfo) error {
|
|||
|
||||
for _, issue := range data.Issues {
|
||||
what := issue.What
|
||||
if issue.Cwe.ID != "" {
|
||||
if issue.Cwe != nil && issue.Cwe.ID != "" {
|
||||
what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What)
|
||||
}
|
||||
|
||||
|
|
|
@ -8,11 +8,15 @@ import (
|
|||
)
|
||||
|
||||
func generatePlaintext(issue *gosec.Issue) string {
|
||||
cweID := "CWE"
|
||||
if issue.Cwe != nil {
|
||||
cweID = issue.Cwe.ID
|
||||
}
|
||||
return "Results:\n" +
|
||||
"[" + issue.File + ":" + issue.Line + "] - " +
|
||||
issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
|
||||
", Severity: " + strconv.Itoa(int(issue.Severity)) +
|
||||
", CWE: " + issue.Cwe.ID + ")\n" + "> " + html.EscapeString(issue.Code)
|
||||
", CWE: " + cweID + ")\n" + "> " + html.EscapeString(issue.Code)
|
||||
}
|
||||
|
||||
// GenerateReport Convert a gosec report to a JUnit Report
|
||||
|
|
|
@ -27,12 +27,14 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
|
|||
weaknesses := make(map[string]*cwe.Weakness)
|
||||
|
||||
for _, issue := range data.Issues {
|
||||
_, ok := weaknesses[issue.Cwe.ID]
|
||||
if !ok {
|
||||
weakness := cwe.Get(issue.Cwe.ID)
|
||||
weaknesses[issue.Cwe.ID] = weakness
|
||||
cweTaxon := parseSarifTaxon(weakness)
|
||||
cweTaxa = append(cweTaxa, cweTaxon)
|
||||
if issue.Cwe != nil {
|
||||
_, ok := weaknesses[issue.Cwe.ID]
|
||||
if !ok {
|
||||
weakness := cwe.Get(issue.Cwe.ID)
|
||||
weaknesses[issue.Cwe.ID] = weakness
|
||||
cweTaxon := parseSarifTaxon(weakness)
|
||||
cweTaxa = append(cweTaxa, cweTaxon)
|
||||
}
|
||||
}
|
||||
|
||||
r, ok := rulesIndices[issue.RuleID]
|
||||
|
@ -97,6 +99,9 @@ func parseSarifRule(issue *gosec.Issue) *ReportingDescriptor {
|
|||
}
|
||||
|
||||
func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship {
|
||||
if weakness == nil {
|
||||
return nil
|
||||
}
|
||||
return &ReportingDescriptorRelationship{
|
||||
Target: &ReportingDescriptorReference{
|
||||
ID: weakness.ID,
|
||||
|
|
Loading…
Reference in a new issue