1
0
mirror of https://github.com/securego/gosec.git synced 2024-12-30 21:19:46 +02:00

Fix sarif formatting issues (#565)

* include tool version

* change declared safix shema version

* dedup rules, fix result locations

* refactor rules collection creation
This commit is contained in:
Dmitry Salakhov 2021-02-05 09:06:04 +00:00 committed by GitHub
parent b6524ce487
commit 6c57ae1628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 10 deletions

View File

@ -180,27 +180,39 @@ func convertToSonarIssues(rootPaths []string, data *reportInfo) (*sonarIssues, e
func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, error) { func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, error) {
sr := buildSarifReport() sr := buildSarifReport()
var rules []*sarifRule type rule struct {
var locations []*sarifLocation index int
rule *sarifRule
}
rules := make([]*sarifRule, 0)
rulesIndices := make(map[string]rule)
lastRuleIndex := -1
results := []*sarifResult{} results := []*sarifResult{}
for index, issue := range data.Issues { for _, issue := range data.Issues {
rules = append(rules, buildSarifRule(issue)) r, ok := rulesIndices[issue.RuleID]
if !ok {
lastRuleIndex++
r = rule{index: lastRuleIndex, rule: buildSarifRule(issue)}
rulesIndices[issue.RuleID] = r
rules = append(rules, r.rule)
}
location, err := buildSarifLocation(issue, rootPaths) location, err := buildSarifLocation(issue, rootPaths)
if err != nil { if err != nil {
return nil, err return nil, err
} }
locations = append(locations, location)
result := &sarifResult{ result := &sarifResult{
RuleID: fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID), RuleID: r.rule.ID,
RuleIndex: index, RuleIndex: r.index,
Level: getSarifLevel(issue.Severity.String()), Level: getSarifLevel(issue.Severity.String()),
Message: &sarifMessage{ Message: &sarifMessage{
Text: issue.What, Text: issue.What,
}, },
Locations: locations, Locations: []*sarifLocation{location},
} }
results = append(results, result) results = append(results, result)
@ -209,6 +221,7 @@ func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, e
tool := &sarifTool{ tool := &sarifTool{
Driver: &sarifDriver{ Driver: &sarifDriver{
Name: "gosec", Name: "gosec",
Version: "2.1.0",
InformationURI: "https://github.com/securego/gosec/", InformationURI: "https://github.com/securego/gosec/",
Rules: rules, Rules: rules,
}, },

View File

@ -2,9 +2,10 @@ package output
import ( import (
"fmt" "fmt"
"github.com/securego/gosec/v2"
"strconv" "strconv"
"strings" "strings"
"github.com/securego/gosec/v2"
) )
type sarifLevel string type sarifLevel string
@ -68,6 +69,7 @@ type sarifResult struct {
type sarifDriver struct { type sarifDriver struct {
Name string `json:"name"` Name string `json:"name"`
Version string `json:"version"`
InformationURI string `json:"informationUri"` InformationURI string `json:"informationUri"`
Rules []*sarifRule `json:"rules,omitempty"` Rules []*sarifRule `json:"rules,omitempty"`
} }
@ -91,7 +93,7 @@ type sarifReport struct {
func buildSarifReport() *sarifReport { func buildSarifReport() *sarifReport {
return &sarifReport{ return &sarifReport{
Version: "2.1.0", Version: "2.1.0",
Schema: "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json", Schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
Runs: []*sarifRun{}, Runs: []*sarifRun{},
} }
} }