mirror of
https://github.com/SAP/jenkins-library.git
synced 2025-02-21 19:48:53 +02:00
feat(sarif): logging improvements (#3727)
* fix(fortifyExecuteScan): check audit data length in all cases * fix(fortifyExecuteScan): check audit data length in all cases * feat(SARIF): logging improvements in debug mode * fix(logging): readability Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
This commit is contained in:
xgoffin
GitHub
parent
2740f00134
commit
0696db5e0d
@ -115,6 +115,7 @@ type Line struct {
|
|||||||
// ConvertCxxmlToSarif is the entrypoint for the Parse function
|
// ConvertCxxmlToSarif is the entrypoint for the Parse function
|
||||||
func ConvertCxxmlToSarif(xmlReportName string) (format.SARIF, error) {
|
func ConvertCxxmlToSarif(xmlReportName string) (format.SARIF, error) {
|
||||||
var sarif format.SARIF
|
var sarif format.SARIF
|
||||||
|
log.Entry().Debug("Reading audit file.")
|
||||||
data, err := ioutil.ReadFile(xmlReportName)
|
data, err := ioutil.ReadFile(xmlReportName)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return sarif, err
|
return sarif, err
|
||||||
@ -155,6 +156,7 @@ func Parse(data []byte) (format.SARIF, error) {
|
|||||||
//CxXML files contain a CxXMLResults > Query object, which represents a broken rule or type of vuln
|
//CxXML files contain a CxXMLResults > Query object, which represents a broken rule or type of vuln
|
||||||
//This Query object contains a list of Result objects, each representing an occurence
|
//This Query object contains a list of Result objects, each representing an occurence
|
||||||
//Each Result object contains a ResultPath, which represents the exact location of the occurence (the "Snippet")
|
//Each Result object contains a ResultPath, which represents the exact location of the occurence (the "Snippet")
|
||||||
|
log.Entry().Debug("[SARIF] Now handling results.")
|
||||||
for i := 0; i < len(cxxml.Query); i++ {
|
for i := 0; i < len(cxxml.Query); i++ {
|
||||||
//add cweid to array
|
//add cweid to array
|
||||||
cweIdsForTaxonomies[cxxml.Query[i].CweID] = cweCounter
|
cweIdsForTaxonomies[cxxml.Query[i].CweID] = cweCounter
|
||||||
@ -263,6 +265,7 @@ func Parse(data []byte) (format.SARIF, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Handle driver object
|
// Handle driver object
|
||||||
|
log.Entry().Debug("[SARIF] Now handling driver object.")
|
||||||
tool := *new(format.Tool)
|
tool := *new(format.Tool)
|
||||||
tool.Driver = *new(format.Driver)
|
tool.Driver = *new(format.Driver)
|
||||||
tool.Driver.Name = "Checkmarx SCA"
|
tool.Driver.Name = "Checkmarx SCA"
|
||||||
|
|||||||
@ -204,6 +204,7 @@ func WriteSarif(sarif format.SARIF) ([]piperutils.Path, error) {
|
|||||||
bufEncoder.SetIndent("", " ")
|
bufEncoder.SetIndent("", " ")
|
||||||
//encode to buffer
|
//encode to buffer
|
||||||
bufEncoder.Encode(sarif)
|
bufEncoder.Encode(sarif)
|
||||||
|
log.Entry().Info("Writing file to disk: ", sarifReportPath)
|
||||||
if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil {
|
if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil {
|
||||||
log.SetErrorCategory(log.ErrorConfiguration)
|
log.SetErrorCategory(log.ErrorConfiguration)
|
||||||
return reportPaths, errors.Wrapf(err, "failed to write Checkmarx SARIF report")
|
return reportPaths, errors.Wrapf(err, "failed to write Checkmarx SARIF report")
|
||||||
|
|||||||
@ -519,6 +519,7 @@ func ConvertFprToSarif(sys System, project *models.Project, projectVersion *mode
|
|||||||
return sarif, err
|
return sarif, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.Entry().Debug("Reading audit file.")
|
||||||
data, err := ioutil.ReadFile(filepath.Join(tmpFolder, "audit.fvdl"))
|
data, err := ioutil.ReadFile(filepath.Join(tmpFolder, "audit.fvdl"))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return sarif, err
|
return sarif, err
|
||||||
@ -572,6 +573,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
|
|||||||
sarif.Runs = append(sarif.Runs, fortifyRun)
|
sarif.Runs = append(sarif.Runs, fortifyRun)
|
||||||
|
|
||||||
// Handle results/vulnerabilities
|
// Handle results/vulnerabilities
|
||||||
|
log.Entry().Debug("[SARIF] Now handling results.")
|
||||||
for i := 0; i < len(fvdl.Vulnerabilities.Vulnerability); i++ {
|
for i := 0; i < len(fvdl.Vulnerabilities.Vulnerability); i++ {
|
||||||
result := *new(format.Results)
|
result := *new(format.Results)
|
||||||
result.RuleID = fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.ClassID
|
result.RuleID = fvdl.Vulnerabilities.Vulnerability[i].ClassInfo.ClassID
|
||||||
@ -748,6 +750,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
|
|||||||
}
|
}
|
||||||
|
|
||||||
//handle the tool object
|
//handle the tool object
|
||||||
|
log.Entry().Debug("[SARIF] Now handling driver object.")
|
||||||
tool := *new(format.Tool)
|
tool := *new(format.Tool)
|
||||||
tool.Driver = *new(format.Driver)
|
tool.Driver = *new(format.Driver)
|
||||||
tool.Driver.Name = "MicroFocus Fortify SCA"
|
tool.Driver.Name = "MicroFocus Fortify SCA"
|
||||||
@ -884,6 +887,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
|
|||||||
sarif.Runs[0].Tool = tool
|
sarif.Runs[0].Tool = tool
|
||||||
|
|
||||||
//handle invocations object
|
//handle invocations object
|
||||||
|
log.Entry().Debug("[SARIF] Now handling invocation.")
|
||||||
invocation := *new(format.Invocations)
|
invocation := *new(format.Invocations)
|
||||||
for i := 0; i < len(fvdl.EngineData.Properties); i++ { //i selects the properties type
|
for i := 0; i < len(fvdl.EngineData.Properties); i++ { //i selects the properties type
|
||||||
if fvdl.EngineData.Properties[i].PropertiesType == "Fortify" { // This is the correct type, now iterate on props
|
if fvdl.EngineData.Properties[i].PropertiesType == "Fortify" { // This is the correct type, now iterate on props
|
||||||
@ -917,6 +921,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
|
|||||||
sarif.Runs[0].OriginalUriBaseIds = oubi
|
sarif.Runs[0].OriginalUriBaseIds = oubi
|
||||||
|
|
||||||
//handle artifacts
|
//handle artifacts
|
||||||
|
log.Entry().Debug("[SARIF] Now handling artifacts.")
|
||||||
for i := 0; i < len(fvdl.Build.SourceFiles); i++ { //i iterates on source files
|
for i := 0; i < len(fvdl.Build.SourceFiles); i++ { //i iterates on source files
|
||||||
artifact := *new(format.Artifact)
|
artifact := *new(format.Artifact)
|
||||||
artifact.Location.Uri = fvdl.Build.SourceFiles[i].Name
|
artifact.Location.Uri = fvdl.Build.SourceFiles[i].Name
|
||||||
@ -938,6 +943,7 @@ func Parse(sys System, project *models.Project, projectVersion *models.ProjectVe
|
|||||||
sarif.Runs[0].AutomationDetails.Id = fvdl.Build.BuildID
|
sarif.Runs[0].AutomationDetails.Id = fvdl.Build.BuildID
|
||||||
|
|
||||||
//handle threadFlowLocations
|
//handle threadFlowLocations
|
||||||
|
log.Entry().Debug("[SARIF] Now handling threadFlowLocations.")
|
||||||
threadFlowLocationsObject := []format.Locations{}
|
threadFlowLocationsObject := []format.Locations{}
|
||||||
//prepare a check object
|
//prepare a check object
|
||||||
for i := 0; i < len(fvdl.UnifiedNodePool.Node); i++ {
|
for i := 0; i < len(fvdl.UnifiedNodePool.Node); i++ {
|
||||||
@ -1073,7 +1079,7 @@ func integrateAuditData(ruleProp *format.SarifProperties, issueInstanceID string
|
|||||||
}
|
}
|
||||||
if len(data) != 1 { //issueInstanceID is supposedly unique so len(data) = 1
|
if len(data) != 1 { //issueInstanceID is supposedly unique so len(data) = 1
|
||||||
//log.Entry().Error("not exactly 1 issue found, found " + fmt.Sprint(len(data)))
|
//log.Entry().Error("not exactly 1 issue found, found " + fmt.Sprint(len(data)))
|
||||||
return errors.New("not exactly 1 issue found, found " + fmt.Sprint(len(data)))
|
return errors.New("not exactly 1 issue found for instance ID " + issueInstanceID + ", found " + fmt.Sprint(len(data)))
|
||||||
}
|
}
|
||||||
ruleProp.Audited = data[0].Audited
|
ruleProp.Audited = data[0].Audited
|
||||||
ruleProp.ToolSeverity = *data[0].Friority
|
ruleProp.ToolSeverity = *data[0].Friority
|
||||||
|
|||||||
@ -491,7 +491,7 @@ func TestIntegrateAuditData(t *testing.T) {
|
|||||||
project := models.Project{}
|
project := models.Project{}
|
||||||
projectVersion := models.ProjectVersion{ID: 11037}
|
projectVersion := models.ProjectVersion{ID: 11037}
|
||||||
err := integrateAuditData(&ruleProp, "DUMMYDUMMYDUMMY", sys, &project, &projectVersion, nil, filterSet, false)
|
err := integrateAuditData(&ruleProp, "DUMMYDUMMYDUMMY", sys, &project, &projectVersion, nil, filterSet, false)
|
||||||
assert.Error(t, err, "not exactly 1 issue found, found 0")
|
assert.Error(t, err, "not exactly 1 issue found for instance ID 11037, found 0")
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("Successful lookup in oneRequestPerInstance mode", func(t *testing.T) {
|
t.Run("Successful lookup in oneRequestPerInstance mode", func(t *testing.T) {
|
||||||
|
|||||||
@ -154,6 +154,7 @@ func WriteSarif(sarif format.SARIF) ([]piperutils.Path, error) {
|
|||||||
bufEncoder.SetIndent("", " ")
|
bufEncoder.SetIndent("", " ")
|
||||||
//encode to buffer
|
//encode to buffer
|
||||||
bufEncoder.Encode(sarif)
|
bufEncoder.Encode(sarif)
|
||||||
|
log.Entry().Info("Writing file to disk: ", sarifReportPath)
|
||||||
if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil {
|
if err := utils.FileWrite(sarifReportPath, buffer.Bytes(), 0666); err != nil {
|
||||||
log.SetErrorCategory(log.ErrorConfiguration)
|
log.SetErrorCategory(log.ErrorConfiguration)
|
||||||
return reportPaths, errors.Wrapf(err, "failed to write fortify SARIF report")
|
return reportPaths, errors.Wrapf(err, "failed to write fortify SARIF report")
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user