mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 03:55:54 +00:00
Fix rule index reference into sarif report (#934)
This commit is contained in:
parent
e7b896f234
commit
27bf0e4f9b
2 changed files with 94 additions and 21 deletions
|
@ -12,20 +12,13 @@ import (
|
||||||
"github.com/securego/gosec/v2/issue"
|
"github.com/securego/gosec/v2/issue"
|
||||||
)
|
)
|
||||||
|
|
||||||
// GenerateReport Convert a gosec report to a Sarif Report
|
// GenerateReport converts a gosec report into a SARIF report
|
||||||
func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error) {
|
func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error) {
|
||||||
type rule struct {
|
rules := []*ReportingDescriptor{}
|
||||||
index int
|
|
||||||
rule *ReportingDescriptor
|
|
||||||
}
|
|
||||||
|
|
||||||
rules := make([]*ReportingDescriptor, 0)
|
|
||||||
rulesIndices := make(map[string]rule)
|
|
||||||
lastRuleIndex := -1
|
|
||||||
|
|
||||||
results := []*Result{}
|
results := []*Result{}
|
||||||
cweTaxa := make([]*ReportingDescriptor, 0)
|
cweTaxa := []*ReportingDescriptor{}
|
||||||
weaknesses := make(map[string]*cwe.Weakness)
|
weaknesses := map[string]*cwe.Weakness{}
|
||||||
|
|
||||||
for _, issue := range data.Issues {
|
for _, issue := range data.Issues {
|
||||||
if issue.Cwe != nil {
|
if issue.Cwe != nil {
|
||||||
|
@ -38,26 +31,26 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
r, ok := rulesIndices[issue.RuleID]
|
rule := parseSarifRule(issue)
|
||||||
if !ok {
|
ruleIndex := 0
|
||||||
lastRuleIndex++
|
rules, ruleIndex = addRuleInOrder(rules, rule)
|
||||||
r = rule{index: lastRuleIndex, rule: parseSarifRule(issue)}
|
|
||||||
rulesIndices[issue.RuleID] = r
|
|
||||||
rules = append(rules, r.rule)
|
|
||||||
}
|
|
||||||
|
|
||||||
location, err := parseSarifLocation(issue, rootPaths)
|
location, err := parseSarifLocation(issue, rootPaths)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
result := NewResult(r.rule.ID, r.index, getSarifLevel(issue.Severity.String()), issue.What, buildSarifSuppressions(issue.Suppressions)).
|
result := NewResult(
|
||||||
WithLocations(location)
|
issue.RuleID,
|
||||||
|
ruleIndex,
|
||||||
|
getSarifLevel(issue.Severity.String()),
|
||||||
|
issue.What,
|
||||||
|
buildSarifSuppressions(issue.Suppressions),
|
||||||
|
).WithLocations(location)
|
||||||
|
|
||||||
results = append(results, result)
|
results = append(results, result)
|
||||||
}
|
}
|
||||||
|
|
||||||
sort.SliceStable(rules, func(i, j int) bool { return rules[i].ID < rules[j].ID })
|
|
||||||
sort.SliceStable(cweTaxa, func(i, j int) bool { return cweTaxa[i].ID < cweTaxa[j].ID })
|
sort.SliceStable(cweTaxa, func(i, j int) bool { return cweTaxa[i].ID < cweTaxa[j].ID })
|
||||||
|
|
||||||
tool := NewTool(buildSarifDriver(rules, data.GosecVersion))
|
tool := NewTool(buildSarifDriver(rules, data.GosecVersion))
|
||||||
|
@ -72,6 +65,26 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
|
||||||
WithRuns(run), nil
|
WithRuns(run), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// addRuleInOrder inserts a rule into the rules slice keeping the rules IDs order, it returns the new rules
|
||||||
|
// slice and the position where the rule was inserted
|
||||||
|
func addRuleInOrder(rules []*ReportingDescriptor, rule *ReportingDescriptor) ([]*ReportingDescriptor, int) {
|
||||||
|
position := 0
|
||||||
|
for i, r := range rules {
|
||||||
|
if r.ID < rule.ID {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if r.ID == rule.ID {
|
||||||
|
return rules, i
|
||||||
|
}
|
||||||
|
position = i
|
||||||
|
break
|
||||||
|
}
|
||||||
|
rules = append(rules, nil)
|
||||||
|
copy(rules[position+1:], rules[position:])
|
||||||
|
rules[position] = rule
|
||||||
|
return rules, position
|
||||||
|
}
|
||||||
|
|
||||||
// parseSarifRule return SARIF rule field struct
|
// parseSarifRule return SARIF rule field struct
|
||||||
func parseSarifRule(i *issue.Issue) *ReportingDescriptor {
|
func parseSarifRule(i *issue.Issue) *ReportingDescriptor {
|
||||||
cwe := issue.GetCweByRule(i.RuleID)
|
cwe := issue.GetCweByRule(i.RuleID)
|
||||||
|
|
|
@ -111,5 +111,65 @@ var _ = Describe("Sarif Formatter", func() {
|
||||||
Expect(err).ShouldNot(HaveOccurred())
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
Expect(sarifReport.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.Snippet.Text).Should(Equal(expectedCode))
|
Expect(sarifReport.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.Snippet.Text).Should(Equal(expectedCode))
|
||||||
})
|
})
|
||||||
|
It("sarif formatted report should have proper rule index", func() {
|
||||||
|
rules := []string{"G404", "G101", "G102", "G103"}
|
||||||
|
issues := []*issue.Issue{}
|
||||||
|
for _, rule := range rules {
|
||||||
|
cwe := issue.GetCweByRule(rule)
|
||||||
|
newissue := issue.Issue{
|
||||||
|
File: "/home/src/project/test.go",
|
||||||
|
Line: "69-70",
|
||||||
|
Col: "14",
|
||||||
|
RuleID: rule,
|
||||||
|
What: "test",
|
||||||
|
Confidence: issue.High,
|
||||||
|
Severity: issue.High,
|
||||||
|
Cwe: cwe,
|
||||||
|
Suppressions: []issue.SuppressionInfo{
|
||||||
|
{
|
||||||
|
Kind: "kind",
|
||||||
|
Justification: "justification",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
issues = append(issues, &newissue)
|
||||||
|
|
||||||
|
}
|
||||||
|
dupRules := []string{"G102", "G404"}
|
||||||
|
for _, rule := range dupRules {
|
||||||
|
cwe := issue.GetCweByRule(rule)
|
||||||
|
newissue := issue.Issue{
|
||||||
|
File: "/home/src/project/test.go",
|
||||||
|
Line: "69-70",
|
||||||
|
Col: "14",
|
||||||
|
RuleID: rule,
|
||||||
|
What: "test",
|
||||||
|
Confidence: issue.High,
|
||||||
|
Severity: issue.High,
|
||||||
|
Cwe: cwe,
|
||||||
|
Suppressions: []issue.SuppressionInfo{
|
||||||
|
{
|
||||||
|
Kind: "kind",
|
||||||
|
Justification: "justification",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
issues = append(issues, &newissue)
|
||||||
|
}
|
||||||
|
reportInfo := gosec.NewReportInfo(issues, &gosec.Metrics{}, map[string][]gosec.Error{}).WithVersion("v2.7.0")
|
||||||
|
|
||||||
|
sarifReport, err := sarif.GenerateReport([]string{}, reportInfo)
|
||||||
|
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
resultRuleIdexes := map[string]int{}
|
||||||
|
for _, result := range sarifReport.Runs[0].Results {
|
||||||
|
resultRuleIdexes[result.RuleID] = result.RuleIndex
|
||||||
|
}
|
||||||
|
driverRuleIndexes := map[string]int{}
|
||||||
|
for ruleIndex, rule := range sarifReport.Runs[0].Tool.Driver.Rules {
|
||||||
|
driverRuleIndexes[rule.ID] = ruleIndex
|
||||||
|
}
|
||||||
|
Expect(resultRuleIdexes).Should(Equal(driverRuleIndexes))
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue