mirror of
https://github.com/securego/gosec.git
synced 2024-12-25 12:05:52 +00:00
Fix the file path in the Sonarqube report
Add some test to validate the Sonarqube formatter. Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
This commit is contained in:
parent
04dc713f22
commit
46e55b908d
6 changed files with 172 additions and 9 deletions
|
@ -318,7 +318,11 @@ func main() {
|
|||
os.Exit(0)
|
||||
}
|
||||
|
||||
rootPath := packages[0]
|
||||
rootPath, err := gosec.RootPath(flag.Args()[0])
|
||||
if err != nil {
|
||||
logger.Fatalf("Failed to get the root path of the project: %s", err)
|
||||
}
|
||||
|
||||
// Create output report
|
||||
if err := saveOutput(*flagOutput, *flagFormat, rootPath, issues, metrics, errors); err != nil {
|
||||
logger.Fatal(err)
|
||||
|
|
|
@ -387,3 +387,11 @@ func PackagePaths(root string, exclude *regexp.Regexp) ([]string, error) {
|
|||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
// RootPath returns the absolute root path of a scan
|
||||
func RootPath(root string) (string, error) {
|
||||
if strings.HasSuffix(root, "...") {
|
||||
root = root[0 : len(root)-3]
|
||||
}
|
||||
return filepath.Abs(root)
|
||||
}
|
||||
|
|
|
@ -3,6 +3,7 @@ package gosec_test
|
|||
import (
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
|
@ -53,4 +54,23 @@ var _ = Describe("Helpers", func() {
|
|||
Expect(paths).Should(BeEmpty())
|
||||
})
|
||||
})
|
||||
|
||||
Context("when getting the root path", func() {
|
||||
It("should return the absolute path from relative path", func() {
|
||||
base := "test"
|
||||
cwd, err := os.Getwd()
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
root, err := gosec.RootPath(base)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
Expect(root).Should(Equal(filepath.Join(cwd, base)))
|
||||
})
|
||||
It("should retrun the absolute path from ellipsis path", func() {
|
||||
base := "test"
|
||||
cwd, err := os.Getwd()
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
root, err := gosec.RootPath(filepath.Join(base, "..."))
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
Expect(root).Should(Equal(filepath.Join(cwd, base)))
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
@ -105,19 +105,32 @@ func CreateReport(w io.Writer, format, rootPath string, issues []*gosec.Issue, m
|
|||
}
|
||||
|
||||
func reportSonarqube(rootPath string, w io.Writer, data *reportInfo) error {
|
||||
si, err := convertToSonarIssues(rootPath, data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
raw, err := json.MarshalIndent(si, "", "\t")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = w.Write(raw)
|
||||
return err
|
||||
}
|
||||
|
||||
func convertToSonarIssues(rootPath string, data *reportInfo) (sonarIssues, error) {
|
||||
var si sonarIssues
|
||||
for _, issue := range data.Issues {
|
||||
lines := strings.Split(issue.Line, "-")
|
||||
|
||||
startLine, err := strconv.Atoi(lines[0])
|
||||
if err != nil {
|
||||
return err
|
||||
return si, err
|
||||
}
|
||||
endLine := startLine
|
||||
if len(lines) > 1 {
|
||||
endLine, err = strconv.Atoi(lines[1])
|
||||
if err != nil {
|
||||
return err
|
||||
return si, err
|
||||
}
|
||||
}
|
||||
s := sonarIssue{
|
||||
|
@ -134,12 +147,7 @@ func reportSonarqube(rootPath string, w io.Writer, data *reportInfo) error {
|
|||
}
|
||||
si.SonarIssues = append(si.SonarIssues, s)
|
||||
}
|
||||
raw, err := json.MarshalIndent(si, "", "\t")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
_, err = w.Write(raw)
|
||||
return err
|
||||
return si, nil
|
||||
}
|
||||
|
||||
func reportJSON(w io.Writer, data *reportInfo) error {
|
||||
|
|
13
output/formatter_suite_test.go
Normal file
13
output/formatter_suite_test.go
Normal file
|
@ -0,0 +1,13 @@
|
|||
package output
|
||||
|
||||
import (
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestRules(t *testing.T) {
|
||||
RegisterFailHandler(Fail)
|
||||
RunSpecs(t, "Formatters Suite")
|
||||
}
|
110
output/formatter_test.go
Normal file
110
output/formatter_test.go
Normal file
|
@ -0,0 +1,110 @@
|
|||
package output
|
||||
|
||||
import (
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"github.com/securego/gosec"
|
||||
)
|
||||
|
||||
var _ = Describe("Formatter", func() {
|
||||
BeforeEach(func() {
|
||||
})
|
||||
Context("when converting to Sonarqube issues", func() {
|
||||
It("it should parse the report info", func() {
|
||||
data := &reportInfo{
|
||||
Errors: map[string][]gosec.Error{},
|
||||
Issues: []*gosec.Issue{
|
||||
&gosec.Issue{
|
||||
Severity: 2,
|
||||
Confidence: 0,
|
||||
RuleID: "test",
|
||||
What: "test",
|
||||
File: "/home/src/project/test.go",
|
||||
Code: "",
|
||||
Line: "1-2",
|
||||
},
|
||||
},
|
||||
Stats: &gosec.Metrics{
|
||||
NumFiles: 0,
|
||||
NumLines: 0,
|
||||
NumNosec: 0,
|
||||
NumFound: 0,
|
||||
},
|
||||
}
|
||||
want := sonarIssues{
|
||||
SonarIssues: []sonarIssue{
|
||||
{
|
||||
EngineID: "gosec",
|
||||
RuleID: "test",
|
||||
PrimaryLocation: location{
|
||||
Message: "test",
|
||||
FilePath: "test.go",
|
||||
TextRange: textRange{
|
||||
StartLine: 1,
|
||||
EndLine: 2,
|
||||
},
|
||||
},
|
||||
Type: "VULNERABILITY",
|
||||
Severity: "BLOCKER",
|
||||
EffortMinutes: SonarqubeEffortMinutes,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
rootPath := "/home/src/project"
|
||||
|
||||
issues, err := convertToSonarIssues(rootPath, data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
Expect(issues).To(Equal(want))
|
||||
})
|
||||
|
||||
It("it should parse the report info with files in subfolders", func() {
|
||||
data := &reportInfo{
|
||||
Errors: map[string][]gosec.Error{},
|
||||
Issues: []*gosec.Issue{
|
||||
&gosec.Issue{
|
||||
Severity: 2,
|
||||
Confidence: 0,
|
||||
RuleID: "test",
|
||||
What: "test",
|
||||
File: "/home/src/project/subfolder/test.go",
|
||||
Code: "",
|
||||
Line: "1-2",
|
||||
},
|
||||
},
|
||||
Stats: &gosec.Metrics{
|
||||
NumFiles: 0,
|
||||
NumLines: 0,
|
||||
NumNosec: 0,
|
||||
NumFound: 0,
|
||||
},
|
||||
}
|
||||
want := sonarIssues{
|
||||
SonarIssues: []sonarIssue{
|
||||
{
|
||||
EngineID: "gosec",
|
||||
RuleID: "test",
|
||||
PrimaryLocation: location{
|
||||
Message: "test",
|
||||
FilePath: "subfolder/test.go",
|
||||
TextRange: textRange{
|
||||
StartLine: 1,
|
||||
EndLine: 2,
|
||||
},
|
||||
},
|
||||
Type: "VULNERABILITY",
|
||||
Severity: "BLOCKER",
|
||||
EffortMinutes: SonarqubeEffortMinutes,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
rootPath := "/home/src/project"
|
||||
|
||||
issues, err := convertToSonarIssues(rootPath, data)
|
||||
Expect(err).ShouldNot(HaveOccurred())
|
||||
Expect(issues).To(Equal(want))
|
||||
})
|
||||
})
|
||||
})
|
Loading…
Reference in a new issue