1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-28 21:08:22 +02:00

Fix sarif formatting issues (#565)

* include tool version

* change declared safix shema version

* dedup rules, fix result locations

* refactor rules collection creation
This commit is contained in:
Dmitry Salakhov 2021-02-05 09:06:04 +00:00 committed by GitHub
parent b6524ce487
commit 6c57ae1628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 10 deletions

View File

@ -180,27 +180,39 @@ func convertToSonarIssues(rootPaths []string, data *reportInfo) (*sonarIssues, e
func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, error) {
sr := buildSarifReport()
var rules []*sarifRule
var locations []*sarifLocation
type rule struct {
index int
rule *sarifRule
}
rules := make([]*sarifRule, 0)
rulesIndices := make(map[string]rule)
lastRuleIndex := -1
results := []*sarifResult{}
for index, issue := range data.Issues {
rules = append(rules, buildSarifRule(issue))
for _, issue := range data.Issues {
r, ok := rulesIndices[issue.RuleID]
if !ok {
lastRuleIndex++
r = rule{index: lastRuleIndex, rule: buildSarifRule(issue)}
rulesIndices[issue.RuleID] = r
rules = append(rules, r.rule)
}
location, err := buildSarifLocation(issue, rootPaths)
if err != nil {
return nil, err
}
locations = append(locations, location)
result := &sarifResult{
RuleID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
RuleIndex: index,
RuleID: r.rule.ID,
RuleIndex: r.index,
Level: getSarifLevel(issue.Severity.String()),
Message: &sarifMessage{
Text: issue.What,
},
Locations: locations,
Locations: []*sarifLocation{location},
}
results = append(results, result)
@ -209,6 +221,7 @@ func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, e
tool := &sarifTool{
Driver: &sarifDriver{
Name: "gosec",
Version: "2.1.0",
InformationURI: "https://github.com/securego/gosec/",
Rules: rules,
},

View File

@ -2,9 +2,10 @@ package output
import (
"fmt"
"github.com/securego/gosec/v2"
"strconv"
"strings"
"github.com/securego/gosec/v2"
)
type sarifLevel string
@ -68,6 +69,7 @@ type sarifResult struct {
type sarifDriver struct {
Name string `json:"name"`
Version string `json:"version"`
InformationURI string `json:"informationUri"`
Rules []*sarifRule `json:"rules,omitempty"`
}
@ -91,7 +93,7 @@ type sarifReport struct {
func buildSarifReport() *sarifReport {
return &sarifReport{
Version: "2.1.0",
Schema: "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
Schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
Runs: []*sarifRun{},
}
}