mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Process the code snippet before adding it to the SARIF report
Preprocess the code snippet from the issue in order to extract only the line(s) of code where the issue is located. In addition remove the line numbers and whitespaces before writing the code snippet into the SARIF report.
This commit is contained in:
parent
db8d98b571
commit
c0680bb6a3
2 changed files with 72 additions and 1 deletions
|
@ -188,7 +188,24 @@ func parseSarifRegion(issue *gosec.Issue) (*Region, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
snippet := NewArtifactContent(issue.Code)
|
var code string
|
||||||
|
line := startLine
|
||||||
|
codeLines := strings.Split(issue.Code, "\n")
|
||||||
|
for _, codeLine := range codeLines {
|
||||||
|
lineStart := fmt.Sprintf("%d:", line)
|
||||||
|
if strings.HasPrefix(codeLine, lineStart) {
|
||||||
|
code += strings.TrimSpace(
|
||||||
|
strings.TrimPrefix(codeLine, lineStart))
|
||||||
|
if endLine > startLine {
|
||||||
|
code += "\n"
|
||||||
|
}
|
||||||
|
line++
|
||||||
|
if line > endLine {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
snippet := NewArtifactContent(code)
|
||||||
return NewRegion(startLine, endLine, col, col, "go").WithSnippet(snippet), nil
|
return NewRegion(startLine, endLine, col, col, "go").WithSnippet(snippet), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -56,5 +56,59 @@ var _ = Describe("Sarif Formatter", func() {
|
||||||
hasSuppressions, _ := regexp.MatchString(`"suppressions": \[(\s*){`, result)
|
hasSuppressions, _ := regexp.MatchString(`"suppressions": \[(\s*){`, result)
|
||||||
Expect(hasSuppressions).To(BeTrue())
|
Expect(hasSuppressions).To(BeTrue())
|
||||||
})
|
})
|
||||||
|
It("sarif formatted report should contain the formatted one line code snippet", func() {
|
||||||
|
ruleID := "G101"
|
||||||
|
cwe := gosec.GetCweByRule(ruleID)
|
||||||
|
code := "68: \t\t}\n69: \t\tvar data = template.HTML(v.TmplFile)\n70: \t\tisTmpl := true\n"
|
||||||
|
expectedCode := "var data = template.HTML(v.TmplFile)"
|
||||||
|
issue := gosec.Issue{
|
||||||
|
File: "/home/src/project/test.go",
|
||||||
|
Line: "69",
|
||||||
|
Col: "14",
|
||||||
|
RuleID: ruleID,
|
||||||
|
What: "test",
|
||||||
|
Confidence: gosec.High,
|
||||||
|
Severity: gosec.High,
|
||||||
|
Code: code,
|
||||||
|
Cwe: cwe,
|
||||||
|
Suppressions: []gosec.SuppressionInfo{
|
||||||
|
{
|
||||||
|
Kind: "kind",
|
||||||
|
Justification: "justification",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, map[string][]gosec.Error{}).WithVersion("v2.7.0")
|
||||||
|
sarifReport, err := sarif.GenerateReport([]string{}, reportInfo)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
Expect(sarifReport.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.Snippet.Text).Should(Equal(expectedCode))
|
||||||
|
})
|
||||||
|
It("sarif formatted report should contain the formatted multiple line code snippet", func() {
|
||||||
|
ruleID := "G101"
|
||||||
|
cwe := gosec.GetCweByRule(ruleID)
|
||||||
|
code := "68: }\n69: var data = template.HTML(v.TmplFile)\n70: isTmpl := true\n"
|
||||||
|
expectedCode := "var data = template.HTML(v.TmplFile)\nisTmpl := true\n"
|
||||||
|
issue := gosec.Issue{
|
||||||
|
File: "/home/src/project/test.go",
|
||||||
|
Line: "69-70",
|
||||||
|
Col: "14",
|
||||||
|
RuleID: ruleID,
|
||||||
|
What: "test",
|
||||||
|
Confidence: gosec.High,
|
||||||
|
Severity: gosec.High,
|
||||||
|
Code: code,
|
||||||
|
Cwe: cwe,
|
||||||
|
Suppressions: []gosec.SuppressionInfo{
|
||||||
|
{
|
||||||
|
Kind: "kind",
|
||||||
|
Justification: "justification",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, map[string][]gosec.Error{}).WithVersion("v2.7.0")
|
||||||
|
sarifReport, err := sarif.GenerateReport([]string{}, reportInfo)
|
||||||
|
Expect(err).ShouldNot(HaveOccurred())
|
||||||
|
Expect(sarifReport.Runs[0].Results[0].Locations[0].PhysicalLocation.Region.Snippet.Text).Should(Equal(expectedCode))
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue