diff --git a/pkg/checkmarx/cxxml_to_sarif.go b/pkg/checkmarx/cxxml_to_sarif.go index 8df2d77e6..6bc5018ab 100644 --- a/pkg/checkmarx/cxxml_to_sarif.go +++ b/pkg/checkmarx/cxxml_to_sarif.go @@ -115,6 +115,7 @@ type Line struct { // ConvertCxxmlToSarif is the entrypoint for the Parse function func ConvertCxxmlToSarif(xmlReportName string) (format.SARIF, error) { var sarif format.SARIF + log.Entry().Debug("Reading audit file.") data, err := ioutil.ReadFile(xmlReportName) if err != nil { return sarif, err @@ -155,6 +156,7 @@ func Parse(data []byte) (format.SARIF, error) { //CxXML files contain a CxXMLResults > Query object, which represents a broken rule or type of vuln //This Query object contains a list of Result objects, each representing an occurence //Each Result object contains a ResultPath, which represents the exact location of the occurence (the "Snippet") + log.Entry().Debug("[SARIF] Now handling results.") for i := 0; i < len(cxxml.Query); i++ { //add cweid to array cweIdsForTaxonomies[cxxml.Query[i].CweID] = cweCounter @@ -263,6 +265,7 @@ func Parse(data []byte) (format.SARIF, error) { } // Handle driver object + log.Entry().Debug("[SARIF] Now handling driver object.") tool := *new(format.Tool) tool.Driver = *new(format.Driver) tool.Driver.Name = "Checkmarx SCA" diff --git a/pkg/checkmarx/reporting.go b/pkg/checkmarx/reporting.go index 9ab29da1d..d7fadde04 100644 --- a/pkg/checkmarx/reporting.go +++ b/pkg/checkmarx/reporting.go @@ -204,6 +204,7 @@ func WriteSarif(sarif format.SARIF) ([]piperutils.Path, error) { bufEncoder.SetIndent("", " ") //encode to buffer bufEncoder.Encode(sarif) + log.Entry().Info("Writing file to disk: ", sarifReportPath) if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil { log.SetErrorCategory(log.ErrorConfiguration) return reportPaths, errors.Wrapf(err, "failed to write Checkmarx SARIF report") diff --git a/pkg/fortify/fpr_to_sarif.go b/pkg/fortify/fpr_to_sarif.go index 0c659a9a4..de8fb25f3 100644 --- a/pkg/fortify/fpr_to_sarif.go +++ b/pkg/fortify/fpr_to_sarif.go @@ -519,6 +519,7 @@ func ConvertFprToSarif(sys System, project *models.Project, projectVersion *mode return sarif, err } + log.Entry().Debug("Reading audit file.") data, err := ioutil.ReadFile(filepath.Join(tmpFolder, "audit.fvdl")) if err != nil { return sarif, err @@ -572,6 +573,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe sarif.Runs = append(sarif.Runs, fortifyRun) // Handle results/vulnerabilities + log.Entry().Debug("[SARIF] Now handling results.") for i := 0; i < len(fvdl.Vulnerabilities.Vulnerability); i++ { result := *new(format.Results) result.RuleID = fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.ClassID @@ -748,6 +750,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe } //handle the tool object + log.Entry().Debug("[SARIF] Now handling driver object.") tool := *new(format.Tool) tool.Driver = *new(format.Driver) tool.Driver.Name = "MicroFocus Fortify SCA" @@ -884,6 +887,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe sarif.Runs[0].Tool = tool //handle invocations object + log.Entry().Debug("[SARIF] Now handling invocation.") invocation := *new(format.Invocations) for i := 0; i < len(fvdl.EngineData.Properties); i++ { //i selects the properties type if fvdl.EngineData.Properties[i].PropertiesType == "Fortify" { // This is the correct type, now iterate on props @@ -917,6 +921,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe sarif.Runs[0].OriginalUriBaseIds = oubi //handle artifacts + log.Entry().Debug("[SARIF] Now handling artifacts.") for i := 0; i < len(fvdl.Build.SourceFiles); i++ { //i iterates on source files artifact := *new(format.Artifact) artifact.Location.Uri = fvdl.Build.SourceFiles[i].Name @@ -938,6 +943,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe sarif.Runs[0].AutomationDetails.Id = fvdl.Build.BuildID //handle threadFlowLocations + log.Entry().Debug("[SARIF] Now handling threadFlowLocations.") threadFlowLocationsObject := []format.Locations{} //prepare a check object for i := 0; i < len(fvdl.UnifiedNodePool.Node); i++ { @@ -1073,7 +1079,7 @@ func integrateAuditData(ruleProp *format.SarifProperties, issueInstanceID string } if len(data) != 1 { //issueInstanceID is supposedly unique so len(data) = 1 //log.Entry().Error("not exactly 1 issue found, found " + fmt.Sprint(len(data))) - return errors.New("not exactly 1 issue found, found " + fmt.Sprint(len(data))) + return errors.New("not exactly 1 issue found for instance ID " + issueInstanceID + ", found " + fmt.Sprint(len(data))) } ruleProp.Audited = data[0].Audited ruleProp.ToolSeverity = *data[0].Friority diff --git a/pkg/fortify/fpr_to_sarif_test.go b/pkg/fortify/fpr_to_sarif_test.go index 6edbffe79..779f3224c 100644 --- a/pkg/fortify/fpr_to_sarif_test.go +++ b/pkg/fortify/fpr_to_sarif_test.go @@ -491,7 +491,7 @@ func TestIntegrateAuditData(t *testing.T) { project := models.Project{} projectVersion := models.ProjectVersion{ID: 11037} err := integrateAuditData(&ruleProp, "DUMMYDUMMYDUMMY", sys, &project, &projectVersion, nil, filterSet, false) - assert.Error(t, err, "not exactly 1 issue found, found 0") + assert.Error(t, err, "not exactly 1 issue found for instance ID 11037, found 0") }) t.Run("Successful lookup in oneRequestPerInstance mode", func(t *testing.T) { diff --git a/pkg/fortify/reporting.go b/pkg/fortify/reporting.go index 6871d8d99..2340592ce 100644 --- a/pkg/fortify/reporting.go +++ b/pkg/fortify/reporting.go @@ -154,6 +154,7 @@ func WriteSarif(sarif format.SARIF) ([]piperutils.Path, error) { bufEncoder.SetIndent("", " ") //encode to buffer bufEncoder.Encode(sarif) + log.Entry().Info("Writing file to disk: ", sarifReportPath) if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil { log.SetErrorCategory(log.ErrorConfiguration) return reportPaths, errors.Wrapf(err, "failed to write fortify SARIF report")