fix for sarif which maps level from issue severity

This commit is contained in:
Mark Wolfe 2021-01-22 03:51:27 +11:00 committed by Cosmin Cojocar
parent 327b2a0841
commit 732f759e4f
2 changed files with 18 additions and 1 deletions

View file

@ -196,7 +196,7 @@ func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, e
result := &sarifResult{
RuleID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
RuleIndex: index,
Level: sarifWarning,
Level: getSarifLevel(issue.Severity.String()),
Message: &sarifMessage{
Text: issue.What,
},

View file

@ -155,3 +155,20 @@ func buildSarifLocation(issue *gosec.Issue, rootPaths []string) (*sarifLocation,
return location, nil
}
// From https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127839
// * "warning": The rule specified by ruleId was evaluated and a problem was found.
// * "error": The rule specified by ruleId was evaluated and a serious problem was found.
// * "note": The rule specified by ruleId was evaluated and a minor problem or an opportunity to improve the code was found.
func getSarifLevel(s string) sarifLevel {
switch s {
case "LOW":
return sarifWarning
case "MEDIUM":
return sarifError
case "HIGH":
return sarifError
default:
return sarifNote
}
}