mirror of
https://github.com/securego/gosec.git
synced 2024-11-05 19:45:51 +00:00
fix for sarif which maps level from issue severity
This commit is contained in:
Mark Wolfe
Cosmin Cojocar
parent
327b2a0841
commit
732f759e4f
2 changed files with 18 additions and 1 deletions
|
|
@ -196,7 +196,7 @@ func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, e
|
||||||
result := &sarifResult{
|
result := &sarifResult{
|
||||||
RuleID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
|
RuleID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
|
||||||
RuleIndex: index,
|
RuleIndex: index,
|
||||||
Level: sarifWarning,
|
Level: getSarifLevel(issue.Severity.String()),
|
||||||
Message: &sarifMessage{
|
Message: &sarifMessage{
|
||||||
Text: issue.What,
|
Text: issue.What,
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -155,3 +155,20 @@ func buildSarifLocation(issue *gosec.Issue, rootPaths []string) (*sarifLocation,
|
||||||
|
|
||||||
return location, nil
|
return location, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// From https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127839
|
||||||
|
// * "warning": The rule specified by ruleId was evaluated and a problem was found.
|
||||||
|
// * "error": The rule specified by ruleId was evaluated and a serious problem was found.
|
||||||
|
// * "note": The rule specified by ruleId was evaluated and a minor problem or an opportunity to improve the code was found.
|
||||||
|
func getSarifLevel(s string) sarifLevel {
|
||||||
|
switch s {
|
||||||
|
case "LOW":
|
||||||
|
return sarifWarning
|
||||||
|
case "MEDIUM":
|
||||||
|
return sarifError
|
||||||
|
case "HIGH":
|
||||||
|
return sarifError
|
||||||
|
default:
|
||||||
|
return sarifNote
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue