1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-26 20:53:56 +02:00

fix: make sure that nil Cwe pointer is handled when getting the CWE ID

This commit is contained in:
Cosmin Cojocar 2022-08-20 13:20:36 +02:00
parent 62fa4b4e9b
commit 19fa856bad
4 changed files with 22 additions and 9 deletions

View File

@ -19,7 +19,11 @@ func (w *Weakness) SprintURL() string {
// SprintID format the CWE ID
func (w *Weakness) SprintID() string {
return fmt.Sprintf("%s-%s", Acronym, w.ID)
id := "0000"
if w != nil {
id = w.ID
}
return fmt.Sprintf("%s-%s", Acronym, id)
}
// MarshalJSON print only id and URL

View File

@ -15,7 +15,7 @@ func WriteReport(w io.Writer, data *gosec.ReportInfo) error {
for _, issue := range data.Issues {
what := issue.What
if issue.Cwe.ID != "" {
if issue.Cwe != nil && issue.Cwe.ID != "" {
what = fmt.Sprintf("[%s] %s", issue.Cwe.SprintID(), issue.What)
}

View File

@ -8,11 +8,15 @@ import (
)
func generatePlaintext(issue *gosec.Issue) string {
cweID := "CWE"
if issue.Cwe != nil {
cweID = issue.Cwe.ID
}
return "Results:\n" +
"[" + issue.File + ":" + issue.Line + "] - " +
issue.What + " (Confidence: " + strconv.Itoa(int(issue.Confidence)) +
", Severity: " + strconv.Itoa(int(issue.Severity)) +
", CWE: " + issue.Cwe.ID + ")\n" + "> " + html.EscapeString(issue.Code)
", CWE: " + cweID + ")\n" + "> " + html.EscapeString(issue.Code)
}
// GenerateReport Convert a gosec report to a JUnit Report

View File

@ -27,12 +27,14 @@ func GenerateReport(rootPaths []string, data *gosec.ReportInfo) (*Report, error)
weaknesses := make(map[string]*cwe.Weakness)
for _, issue := range data.Issues {
_, ok := weaknesses[issue.Cwe.ID]
if !ok {
weakness := cwe.Get(issue.Cwe.ID)
weaknesses[issue.Cwe.ID] = weakness
cweTaxon := parseSarifTaxon(weakness)
cweTaxa = append(cweTaxa, cweTaxon)
if issue.Cwe != nil {
_, ok := weaknesses[issue.Cwe.ID]
if !ok {
weakness := cwe.Get(issue.Cwe.ID)
weaknesses[issue.Cwe.ID] = weakness
cweTaxon := parseSarifTaxon(weakness)
cweTaxa = append(cweTaxa, cweTaxon)
}
}
r, ok := rulesIndices[issue.RuleID]
@ -97,6 +99,9 @@ func parseSarifRule(issue *gosec.Issue) *ReportingDescriptor {
}
func buildSarifReportingDescriptorRelationship(weakness *cwe.Weakness) *ReportingDescriptorRelationship {
if weakness == nil {
return nil
}
return &ReportingDescriptorRelationship{
Target: &ReportingDescriptorReference{
ID: weakness.ID,