1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2025-01-18 05:18:24 +02:00

feat(checkmarxExecuteScan): remove some useless SARIF code, added security-severity (#3857)

This commit is contained in:
xgoffin 2022-06-28 15:39:17 +02:00 committed by GitHub
parent 31f4435352
commit 51138cfb49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -205,10 +205,6 @@ func Parse(sys System, data []byte, scanID int) (format.SARIF, error) {
}
result.Message = msg
if cxxml.Query[i].Name != "" {
msg := new(format.Message)
msg.Text = cxxml.Query[i].Name
}
//Locations
codeflow := *new(format.CodeFlow)
threadflow := *new(format.ThreadFlow)
@ -335,6 +331,18 @@ func Parse(sys System, data []byte, scanID int) (format.SARIF, error) {
rule.Properties.Tags = append(rule.Properties.Tags, cats[cat])
}
}
switch cxxml.Query[i].SeverityIndex {
case 0:
rule.Properties.SecuritySeverity = "0.0"
case 1:
rule.Properties.SecuritySeverity = "2.0"
case 2:
rule.Properties.SecuritySeverity = "5.0"
case 3:
rule.Properties.SecuritySeverity = "7.0"
default:
rule.Properties.SecuritySeverity = "10.0"
}
if cxxml.Query[i].CweID != "" {
rule.Properties.Tags = append(rule.Properties.Tags, "external/cwe/cwe-"+cxxml.Query[i].CweID)