feat(sarif): add GUID as part of properties, change ruleID (#3838)

2024-12-12 10:55:20 +02:00 · 2022-06-17 08:53:44 +02:00 · 2022-06-17 08:53:44 +02:00 · 0457601efd
commit 0457601efd
parent c11110d791
3 changed files with 7 additions and 4 deletions
--- a/pkg/checkmarx/cxxml_to_sarif.go
+++ b/pkg/checkmarx/cxxml_to_sarif.go
@ -193,7 +193,7 @@ func Parse(sys System, data []byte, scanID int) (format.SARIF, error) {
 			}*/

 			//General
-			result.RuleID = "checkmarx-" + cxxml.Query[i].ID
+			result.RuleID = "checkmarx-" + cxxml.Query[i].Language + "/" + cxxml.Query[i].ID
 			result.RuleIndex = cweIdsForTaxonomies[cxxml.Query[i].CweID]
 			result.Level = "none"
 			msg := new(format.Message)
@ -282,6 +282,7 @@ func Parse(sys System, data []byte, scanID int) (format.SARIF, error) {
 				}
 				props.ToolAuditMessage = strings.Join(messageCandidates, " \n ")
 			}
+			props.RuleGUID = cxxml.Query[i].ID
 			props.UnifiedAuditState = ""
 			result.Properties = props

@ -291,7 +292,7 @@ func Parse(sys System, data []byte, scanID int) (format.SARIF, error) {

 		//handle the rules array
 		rule := *new(format.SarifRule)
-		rule.ID = "checkmarx-" + cxxml.Query[i].ID
+		rule.ID = "checkmarx-" + cxxml.Query[i].Language + "/" + cxxml.Query[i].ID
 		words := strings.Split(cxxml.Query[i].Name, "_")
 		for w := 0; w < len(words); w++ {
 			words[w] = piperutils.Title(strings.ToLower(words[w]))
--- a/pkg/format/sarif.go
+++ b/pkg/format/sarif.go
@ -87,6 +87,7 @@ type PartialFingerprints struct {

 // SarifProperties adding additional information/context to the finding
 type SarifProperties struct {
+	RuleGUID              string `json:"ruleGUID,omitempty"`
 	InstanceID            string `json:"instanceID,omitempty"`
 	InstanceSeverity      string `json:"instanceSeverity,omitempty"`
 	Confidence            string `json:"confidence,omitempty"`
--- a/pkg/fortify/fpr_to_sarif.go
+++ b/pkg/fortify/fpr_to_sarif.go
@ -578,9 +578,9 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
 		//result.RuleID = fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.ClassID
 		// Handle ruleID the same way than in Rule
 		idArray := []string{}
-		if fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.Kingdom != "" {
+		/*if fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.Kingdom != "" {
 			idArray = append(idArray, fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.Kingdom)
-		}
+		}*/
 		if fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.Type != "" {
 			idArray = append(idArray, fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.Type)
 		}
@ -791,6 +791,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
 		prop.InstanceSeverity = strconv.FormatFloat(fvdl.Vulnerabilities.Vulnerability[i].InstanceInfo.InstanceSeverity, 'f', 1, 64)
 		prop.Confidence = fvdl.Vulnerabilities.Vulnerability[i].InstanceInfo.Confidence
 		prop.InstanceID = fvdl.Vulnerabilities.Vulnerability[i].InstanceInfo.InstanceID
+		prop.RuleGUID = fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.ClassID
 		//Get the audit data
 		if err := integrateAuditData(prop, fvdl.Vulnerabilities.Vulnerability[i].InstanceInfo.InstanceID, sys, project, projectVersion, auditData, filterSet, oneRequestPerIssueMode, maxretries); err != nil {
 			log.Entry().Debug(err)