From d040f0725f71a7b1a5cd276f87020ac37b16cae7 Mon Sep 17 00:00:00 2001 From: Matthieu MOREL Date: Thu, 20 May 2021 10:16:42 +0200 Subject: [PATCH] Handle gosec version in SARIF report --- cmd/gosec/main.go | 14 +++++++----- go.mod | 3 ++- renovate.json | 12 +++++----- report.go | 24 ++++++++++++++++++++ report/core/types.go | 12 ---------- report/csv/writer.go | 5 +++-- report/formatter.go | 11 +++------- report/formatter_test.go | 45 +++++++++++++++++++++++--------------- report/golint/writer.go | 5 +++-- report/html/writer.go | 5 +++-- report/json/writer.go | 5 +++-- report/junit/formatter.go | 3 +-- report/junit/writer.go | 5 +++-- report/sarif/builder.go | 12 ++++++++++ report/sarif/formatter.go | 37 +++++++++++++++++++------------ report/sarif/writer.go | 5 +++-- report/sonar/formatter.go | 6 ++--- report/sonar/sonar_test.go | 9 ++++---- report/sonar/writer.go | 5 +++-- report/text/writer.go | 8 +++---- report/yaml/writer.go | 7 +++--- tools/tools.go | 9 ++++++++ 22 files changed, 151 insertions(+), 96 deletions(-) create mode 100644 report.go delete mode 100644 report/core/types.go create mode 100644 tools/tools.go diff --git a/cmd/gosec/main.go b/cmd/gosec/main.go index 5865bfb..7524579 100644 --- a/cmd/gosec/main.go +++ b/cmd/gosec/main.go @@ -216,23 +216,23 @@ func getPrintedFormat(format string, verbose string) string { return fileFormat } -func printReport(format string, color bool, rootPaths []string, issues []*gosec.Issue, metrics *gosec.Metrics, errors map[string][]gosec.Error) error { +func printReport(format string, color bool, rootPaths []string, reportInfo *gosec.ReportInfo) error { - err := report.CreateReport(os.Stdout, format, color, rootPaths, issues, metrics, errors) + err := report.CreateReport(os.Stdout, format, color, rootPaths, reportInfo) if err != nil { return err } return nil } -func saveReport(filename, format string, rootPaths []string, issues []*gosec.Issue, metrics *gosec.Metrics, errors map[string][]gosec.Error) error { +func saveReport(filename, format string, rootPaths []string, reportInfo *gosec.ReportInfo) error { outfile, err := os.Create(filename) if err != nil { return err } defer outfile.Close() // #nosec G307 - err = report.CreateReport(outfile, format, false, rootPaths, issues, metrics, errors) + err = report.CreateReport(outfile, format, false, rootPaths, reportInfo) if err != nil { return err } @@ -383,14 +383,16 @@ func main() { // Create output report rootPaths := getRootPaths(flag.Args()) + reportInfo := gosec.NewReportInfo(issues, metrics, errors).WithVersion(Version) + if *flagOutput == "" || *flagStdOut { var fileFormat = getPrintedFormat(*flagOutput, *flagVerbose) - if err := printReport(fileFormat, *flagColor, rootPaths, issues, metrics, errors); err != nil { + if err := printReport(fileFormat, *flagColor, rootPaths, reportInfo); err != nil { logger.Fatal((err)) } } if *flagOutput != "" { - if err := saveReport(*flagOutput, *flagFormat, rootPaths, issues, metrics, errors); err != nil { + if err := saveReport(*flagOutput, *flagFormat, rootPaths, reportInfo); err != nil { logger.Fatal(err) } } diff --git a/go.mod b/go.mod index 0260bf7..0001e96 100644 --- a/go.mod +++ b/go.mod @@ -3,13 +3,14 @@ module github.com/securego/gosec/v2 require ( github.com/google/uuid v1.1.1 github.com/gookit/color v1.4.2 + github.com/lib/pq v1.9.0 github.com/mozilla/tls-observatory v0.0.0-20210209181001-cf43108d6880 github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 github.com/onsi/ginkgo v1.16.1 github.com/onsi/gomega v1.11.0 golang.org/x/mod v0.4.1 // indirect golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 // indirect - golang.org/x/text v0.3.5 // indirect + golang.org/x/text v0.3.5 golang.org/x/tools v0.1.0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/renovate.json b/renovate.json index 92327e1..f93b8ea 100644 --- a/renovate.json +++ b/renovate.json @@ -1,7 +1,7 @@ { - "extends": [ - "config:semverAllMonthly", - ":enableVulnerabilityAlertsWithLabel(vulnerablity)", - ":docker" - ] -} + "extends": [ + "config:semverAllMonthly", + ":enableVulnerabilityAlertsWithLabel(vulnerablity)", + ":docker" + ] +} \ No newline at end of file diff --git a/report.go b/report.go new file mode 100644 index 0000000..96b1466 --- /dev/null +++ b/report.go @@ -0,0 +1,24 @@ +package gosec + +// ReportInfo this is report information +type ReportInfo struct { + Errors map[string][]Error `json:"Golang errors"` + Issues []*Issue + Stats *Metrics + GosecVersion string +} + +// NewReportInfo instantiate a ReportInfo +func NewReportInfo(issues []*Issue, metrics *Metrics, errors map[string][]Error) *ReportInfo { + return &ReportInfo{ + Errors: errors, + Issues: issues, + Stats: metrics, + } +} + +// WithVersion defines the version of gosec used to generate the report +func (r *ReportInfo) WithVersion(version string) *ReportInfo { + r.GosecVersion = version + return r +} diff --git a/report/core/types.go b/report/core/types.go deleted file mode 100644 index 540891b..0000000 --- a/report/core/types.go +++ /dev/null @@ -1,12 +0,0 @@ -package core - -import ( - "github.com/securego/gosec/v2" -) - -//ReportInfo this is report information -type ReportInfo struct { - Errors map[string][]gosec.Error `json:"Golang errors"` - Issues []*gosec.Issue - Stats *gosec.Metrics -} diff --git a/report/csv/writer.go b/report/csv/writer.go index f1658c9..80eff13 100644 --- a/report/csv/writer.go +++ b/report/csv/writer.go @@ -2,12 +2,13 @@ package csv import ( "encoding/csv" - "github.com/securego/gosec/v2/report/core" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in csv format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { out := csv.NewWriter(w) defer out.Flush() for _, issue := range data.Issues { diff --git a/report/formatter.go b/report/formatter.go index eb1eaa3..e3ea734 100644 --- a/report/formatter.go +++ b/report/formatter.go @@ -15,8 +15,9 @@ package report import ( + "io" + "github.com/securego/gosec/v2" - "github.com/securego/gosec/v2/report/core" "github.com/securego/gosec/v2/report/csv" "github.com/securego/gosec/v2/report/golint" "github.com/securego/gosec/v2/report/html" @@ -26,7 +27,6 @@ import ( "github.com/securego/gosec/v2/report/sonar" "github.com/securego/gosec/v2/report/text" "github.com/securego/gosec/v2/report/yaml" - "io" ) // Format enumerates the output format for reported issues @@ -51,12 +51,7 @@ const ( // CreateReport generates a report based for the supplied issues and metrics given // the specified format. The formats currently accepted are: json, yaml, csv, junit-xml, html, sonarqube, golint and text. -func CreateReport(w io.Writer, format string, enableColor bool, rootPaths []string, issues []*gosec.Issue, metrics *gosec.Metrics, errors map[string][]gosec.Error) error { - data := &core.ReportInfo{ - Errors: errors, - Issues: issues, - Stats: metrics, - } +func CreateReport(w io.Writer, format string, enableColor bool, rootPaths []string, data *gosec.ReportInfo) error { var err error switch format { case "json": diff --git a/report/formatter_test.go b/report/formatter_test.go index f61f797..21a71e8 100644 --- a/report/formatter_test.go +++ b/report/formatter_test.go @@ -10,7 +10,6 @@ import ( . "github.com/onsi/gomega" "github.com/securego/gosec/v2" "github.com/securego/gosec/v2/cwe" - "github.com/securego/gosec/v2/report/core" "github.com/securego/gosec/v2/report/junit" "github.com/securego/gosec/v2/report/sonar" "gopkg.in/yaml.v2" @@ -37,10 +36,10 @@ func createIssue(ruleID string, weakness *cwe.Weakness) gosec.Issue { } } -func createReportInfo(rule string, weakness *cwe.Weakness) core.ReportInfo { +func createReportInfo(rule string, weakness *cwe.Weakness) gosec.ReportInfo { issue := createIssue(rule, weakness) metrics := gosec.Metrics{} - return core.ReportInfo{ + return gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ &issue, @@ -61,7 +60,7 @@ var _ = Describe("Formatter", func() { }) Context("when converting to Sonarqube issues", func() { It("it should parse the report info", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -109,7 +108,7 @@ var _ = Describe("Formatter", func() { }) It("it should parse the report info with files in subfolders", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -156,7 +155,7 @@ var _ = Describe("Formatter", func() { Expect(*issues).To(Equal(*want)) }) It("it should not parse the report info for files from other projects", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -188,7 +187,7 @@ var _ = Describe("Formatter", func() { }) It("it should parse the report info for multiple projects projects", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -264,7 +263,7 @@ var _ = Describe("Formatter", func() { It("preserves order of issues", func() { issues := []*gosec.Issue{createIssueWithFileWhat("i1", "1"), createIssueWithFileWhat("i2", "2"), createIssueWithFileWhat("i3", "1")} - junitReport := junit.GenerateReport(&core.ReportInfo{Issues: issues}) + junitReport := junit.GenerateReport(&gosec.ReportInfo{Issues: issues}) testSuite := junitReport.Testsuites[0] @@ -290,7 +289,8 @@ var _ = Describe("Formatter", func() { error := map[string][]gosec.Error{} buf := new(bytes.Buffer) - err := CreateReport(buf, "csv", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err := CreateReport(buf, "csv", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n" expect := fmt.Sprintf(pattern, cwe.ID) @@ -304,7 +304,8 @@ var _ = Describe("Formatter", func() { error := map[string][]gosec.Error{} buf := new(bytes.Buffer) - err := CreateReport(buf, "xml", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error) + err := CreateReport(buf, "xml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n > 1: testcode\n\n\n\nSummary:\n Files: 0\n Lines: 0\n Nosec: 0\n Issues: 0\n\n" expect := fmt.Sprintf(pattern, rule, cwe.ID) @@ -324,7 +325,8 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - err = CreateReport(buf, "json", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err = CreateReport(buf, "json", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) expectation := stripString(expect.String()) @@ -344,7 +346,8 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - err = CreateReport(buf, "html", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err = CreateReport(buf, "html", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) expectation := stripString(expect.String()) @@ -364,7 +367,8 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - err = CreateReport(buf, "yaml", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err = CreateReport(buf, "yaml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) expectation := stripString(expect.String()) @@ -384,7 +388,8 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - err = CreateReport(buf, "junit-xml", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID)) result := stripString(buf.String()) @@ -404,7 +409,8 @@ var _ = Describe("Formatter", func() { err := enc.Encode(data) Expect(err).ShouldNot(HaveOccurred()) buf := new(bytes.Buffer) - err = CreateReport(buf, "text", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err = CreateReport(buf, "text", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID)) result := stripString(buf.String()) @@ -417,7 +423,8 @@ var _ = Describe("Formatter", func() { issue := createIssue(rule, cwe) error := map[string][]gosec.Error{} buf := new(bytes.Buffer) - err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) @@ -438,7 +445,8 @@ var _ = Describe("Formatter", func() { error := map[string][]gosec.Error{} buf := new(bytes.Buffer) - err := CreateReport(buf, "golint", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error) + err := CreateReport(buf, "golint", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n" expect := fmt.Sprintf(pattern, cwe.ID, rule) @@ -452,7 +460,8 @@ var _ = Describe("Formatter", func() { error := map[string][]gosec.Error{} buf := new(bytes.Buffer) - err := CreateReport(buf, "sarif", false, []string{}, []*gosec.Issue{&issue}, &gosec.Metrics{}, error) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{&issue}, &gosec.Metrics{}, error).WithVersion("v2.7.0") + err := CreateReport(buf, "sarif", false, []string{}, reportInfo) Expect(err).ShouldNot(HaveOccurred()) result := stripString(buf.String()) diff --git a/report/golint/writer.go b/report/golint/writer.go index ed22f37..633527c 100644 --- a/report/golint/writer.go +++ b/report/golint/writer.go @@ -2,13 +2,14 @@ package golint import ( "fmt" - "github.com/securego/gosec/v2/report/core" "io" "strings" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in golint format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { // Output Sample: // /tmp/main.go:11:14: [CWE-310] RSA keys should be at least 2048 bits (Rule:G403, Severity:MEDIUM, Confidence:HIGH) diff --git a/report/html/writer.go b/report/html/writer.go index 3bdfa44..eb95929 100644 --- a/report/html/writer.go +++ b/report/html/writer.go @@ -1,13 +1,14 @@ package html import ( - "github.com/securego/gosec/v2/report/core" "html/template" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in html format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { t, e := template.New("gosec").Parse(templateContent) if e != nil { return e diff --git a/report/json/writer.go b/report/json/writer.go index 1809569..bfa87da 100644 --- a/report/json/writer.go +++ b/report/json/writer.go @@ -2,12 +2,13 @@ package json import ( "encoding/json" - "github.com/securego/gosec/v2/report/core" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in json format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { raw, err := json.MarshalIndent(data, "", "\t") if err != nil { return err diff --git a/report/junit/formatter.go b/report/junit/formatter.go index 6670b58..a5758de 100644 --- a/report/junit/formatter.go +++ b/report/junit/formatter.go @@ -5,7 +5,6 @@ import ( "strconv" "github.com/securego/gosec/v2" - "github.com/securego/gosec/v2/report/core" ) func generatePlaintext(issue *gosec.Issue) string { @@ -17,7 +16,7 @@ func generatePlaintext(issue *gosec.Issue) string { } //GenerateReport Convert a gosec report to a JUnit Report -func GenerateReport(data *core.ReportInfo) Report { +func GenerateReport(data *gosec.ReportInfo) Report { var xmlReport Report testsuites := map[string]int{} diff --git a/report/junit/writer.go b/report/junit/writer.go index 318f9ec..3b9461e 100644 --- a/report/junit/writer.go +++ b/report/junit/writer.go @@ -2,12 +2,13 @@ package junit import ( "encoding/xml" - "github.com/securego/gosec/v2/report/core" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in JUnit format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { junitXMLStruct := GenerateReport(data) raw, err := xml.MarshalIndent(junitXMLStruct, "", "\t") if err != nil { diff --git a/report/sarif/builder.go b/report/sarif/builder.go index 06ac6c8..a4f9cca 100644 --- a/report/sarif/builder.go +++ b/report/sarif/builder.go @@ -126,6 +126,18 @@ func NewToolComponent(name string, version string, informationURI string) *ToolC } } +//WithLanguage set Language for the current ToolComponent +func (t *ToolComponent) WithLanguage(language string) *ToolComponent { + t.Language = language + return t +} + +//WithSemanticVersion set SemanticVersion for the current ToolComponent +func (t *ToolComponent) WithSemanticVersion(semanticVersion string) *ToolComponent { + t.SemanticVersion = semanticVersion + return t +} + //WithReleaseDateUtc set releaseDateUtc for the current ToolComponent func (t *ToolComponent) WithReleaseDateUtc(releaseDateUtc string) *ToolComponent { t.ReleaseDateUtc = releaseDateUtc diff --git a/report/sarif/formatter.go b/report/sarif/formatter.go index 6e4464a..38d19b3 100644 --- a/report/sarif/formatter.go +++ b/report/sarif/formatter.go @@ -2,18 +2,18 @@ package sarif import ( "fmt" - "github.com/google/uuid" - "runtime/debug" + "sort" "strconv" "strings" + "github.com/google/uuid" + "github.com/securego/gosec/v2" "github.com/securego/gosec/v2/cwe" - "github.com/securego/gosec/v2/report/core" ) //GenerateReport Convert a gosec report to a Sarif Report -func GenerateReport(rootPaths []string, data *core.ReportInfo) (*Report, error) { +func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error) { type rule struct { index int @@ -56,7 +56,10 @@ func GenerateReport(rootPaths []string, data *core.ReportInfo) (*Report, error) results = append(results, result) } - tool := NewTool(buildSarifDriver(rules)) + sort.SliceStable(rules, func(i, j int) bool { return rules[i].ID < rules[j].ID }) + sort.SliceStable(cweTaxa, func(i, j int) bool { return cweTaxa[i].ID < cweTaxa[j].ID }) + + tool := NewTool(buildSarifDriver(rules, data.GosecVersion)) cweTaxonomy := buildCWETaxonomy(cweTaxa) @@ -108,6 +111,7 @@ func buildCWETaxonomy(taxa []*ReportingDescriptor) *ToolComponent { WithOrganization(cwe.Organization). WithShortDescription(NewMultiformatMessageString(cwe.Description)). WithIsComprehensive(true). + WithLanguage("en"). WithMinimumRequiredLocalizedDataSemanticVersion(cwe.Version). WithTaxa(taxa...) } @@ -115,22 +119,27 @@ func buildCWETaxonomy(taxa []*ReportingDescriptor) *ToolComponent { func parseSarifTaxon(weakness *cwe.Weakness) *ReportingDescriptor { return &ReportingDescriptor{ ID: weakness.ID, - Name: weakness.Name, GUID: uuid3(weakness.SprintID()), HelpURI: weakness.SprintURL(), - ShortDescription: NewMultiformatMessageString(weakness.Description), + FullDescription: NewMultiformatMessageString(weakness.Description), + ShortDescription: NewMultiformatMessageString(weakness.Name), } } -func buildSarifDriver(rules []*ReportingDescriptor) *ToolComponent { - buildInfo, ok := debug.ReadBuildInfo() - var gosecVersion string - if ok { - gosecVersion = buildInfo.Main.Version[1:] - } else { - gosecVersion = "devel" +func parseSemanticVersion(version string) string { + if len(version) == 0 { + return "devel" } + if strings.HasPrefix(version, "v") { + return version[1:] + } + return version +} + +func buildSarifDriver(rules []*ReportingDescriptor, gosecVersion string) *ToolComponent { + semanticVersion := parseSemanticVersion(gosecVersion) return NewToolComponent("gosec", gosecVersion, "https://github.com/securego/gosec/"). + WithSemanticVersion(semanticVersion). WithSupportedTaxonomies(NewToolComponentReference(cwe.Acronym)). WithRules(rules...) } diff --git a/report/sarif/writer.go b/report/sarif/writer.go index 5e70dd6..cad6b9b 100644 --- a/report/sarif/writer.go +++ b/report/sarif/writer.go @@ -2,12 +2,13 @@ package sarif import ( "encoding/json" - "github.com/securego/gosec/v2/report/core" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in SARIF format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo, rootPaths []string) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo, rootPaths []string) error { sr, err := GenerateReport(rootPaths, data) if err != nil { return err diff --git a/report/sonar/formatter.go b/report/sonar/formatter.go index 8dcbf72..4cae178 100644 --- a/report/sonar/formatter.go +++ b/report/sonar/formatter.go @@ -1,10 +1,10 @@ package sonar import ( - "github.com/securego/gosec/v2" - "github.com/securego/gosec/v2/report/core" "strconv" "strings" + + "github.com/securego/gosec/v2" ) const ( @@ -13,7 +13,7 @@ const ( ) //GenerateReport Convert a gosec report to a Sonar Report -func GenerateReport(rootPaths []string, data *core.ReportInfo) (*Report, error) { +func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error) { si := &Report{Issues: []*Issue{}} for _, issue := range data.Issues { sonarFilePath := parseFilePath(issue, rootPaths) diff --git a/report/sonar/sonar_test.go b/report/sonar/sonar_test.go index 4d08a16..122d63c 100644 --- a/report/sonar/sonar_test.go +++ b/report/sonar/sonar_test.go @@ -4,7 +4,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/securego/gosec/v2" - "github.com/securego/gosec/v2/report/core" "github.com/securego/gosec/v2/report/sonar" ) @@ -13,7 +12,7 @@ var _ = Describe("Sonar Formatter", func() { }) Context("when converting to Sonarqube issues", func() { It("it should parse the report info", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -61,7 +60,7 @@ var _ = Describe("Sonar Formatter", func() { }) It("it should parse the report info with files in subfolders", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -108,7 +107,7 @@ var _ = Describe("Sonar Formatter", func() { Expect(*issues).To(Equal(*want)) }) It("it should not parse the report info for files from other projects", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { @@ -140,7 +139,7 @@ var _ = Describe("Sonar Formatter", func() { }) It("it should parse the report info for multiple projects projects", func() { - data := &core.ReportInfo{ + data := &gosec.ReportInfo{ Errors: map[string][]gosec.Error{}, Issues: []*gosec.Issue{ { diff --git a/report/sonar/writer.go b/report/sonar/writer.go index ca49516..74fda43 100644 --- a/report/sonar/writer.go +++ b/report/sonar/writer.go @@ -2,12 +2,13 @@ package sonar import ( "encoding/json" - "github.com/securego/gosec/v2/report/core" "io" + + "github.com/securego/gosec/v2" ) //WriteReport write a report in sonar format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo, rootPaths []string) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo, rootPaths []string) error { si, err := GenerateReport(rootPaths, data) if err != nil { return err diff --git a/report/text/writer.go b/report/text/writer.go index 43dfc65..840b738 100644 --- a/report/text/writer.go +++ b/report/text/writer.go @@ -4,13 +4,13 @@ import ( "bufio" "bytes" "fmt" - "github.com/gookit/color" - "github.com/securego/gosec/v2" - "github.com/securego/gosec/v2/report/core" "io" "strconv" "strings" "text/template" + + "github.com/gookit/color" + "github.com/securego/gosec/v2" ) var ( @@ -20,7 +20,7 @@ var ( ) //WriteReport write a (colorized) report in text format -func WriteReport(w io.Writer, data *core.ReportInfo, enableColor bool) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo, enableColor bool) error { t, e := template. New("gosec"). Funcs(plainTextFuncMap(enableColor)). diff --git a/report/yaml/writer.go b/report/yaml/writer.go index a67f851..1617f08 100644 --- a/report/yaml/writer.go +++ b/report/yaml/writer.go @@ -1,13 +1,14 @@ package yaml import ( - "github.com/securego/gosec/v2/report/core" - "gopkg.in/yaml.v2" "io" + + "github.com/securego/gosec/v2" + "gopkg.in/yaml.v2" ) //WriteReport write a report in yaml format to the output writer -func WriteReport(w io.Writer, data *core.ReportInfo) error { +func WriteReport(w io.Writer, data *gosec.ReportInfo) error { raw, err := yaml.Marshal(data) if err != nil { return err diff --git a/tools/tools.go b/tools/tools.go new file mode 100644 index 0000000..ad72c2d --- /dev/null +++ b/tools/tools.go @@ -0,0 +1,9 @@ +// +build tools + +package tools + +// nolint +import ( + _ "github.com/lib/pq" + _ "golang.org/x/text" +)