From 6725f547b147a646eb93f4861b16592d57d0b75d Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Mon, 28 Mar 2022 16:31:41 +0100 Subject: [PATCH 01/10] mapping sca-container to sca, fixing severity on sarif and handle new error code for triage --- internal/commands/result.go | 11 +++++++++++ internal/wrappers/predicates-http.go | 8 +++++++- internal/wrappers/results-modifier.go | 2 +- internal/wrappers/results-sarif.go | 1 + 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/internal/commands/result.go b/internal/commands/result.go index 853fa30da..5a50a2875 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -31,6 +31,9 @@ const ( lowSonar = "MINOR" mediumSonar = "MAJOR" highSonar = "CRITICAL" + infoLowSarif = "note" + mediumSarif = "warning" + highSarif = "error" vulnerabilitySonar = "VULNERABILITY" infoCx = "INFO" lowCx = "LOW" @@ -728,7 +731,15 @@ func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappe func findResult(result *wrappers.ScanResult) *wrappers.SarifScanResult { var scanResult wrappers.SarifScanResult + // Match cx severity with sarif severity + level := map[string]string{ + infoCx: infoLowSarif, + lowCx: infoLowSarif, + mediumCx: mediumSarif, + highCx: highSarif, + } scanResult.RuleID = fmt.Sprintf("%v", result.ScanResultData.QueryID) + scanResult.Level = level[result.Severity] scanResult.Message.Text = result.ScanResultData.QueryName scanResult.Locations = []wrappers.SarifLocation{} diff --git a/internal/wrappers/predicates-http.go b/internal/wrappers/predicates-http.go index 9dc90ddca..f2f276df7 100644 --- a/internal/wrappers/predicates-http.go +++ b/internal/wrappers/predicates-http.go @@ -83,7 +83,7 @@ func (r ResultsPredicatesHTTPWrapper) PredicateSeverityAndState(predicate *Predi return nil, err } - PrintIfVerbose(fmt.Sprintf("Response : %s", resp.Status)) + PrintIfVerbose(fmt.Sprintf("Response : %s ", resp.Status)) defer func() { _ = resp.Body.Close() @@ -95,6 +95,10 @@ func (r ResultsPredicatesHTTPWrapper) PredicateSeverityAndState(predicate *Predi case http.StatusOK: fmt.Println("Predicate updated successfully.") return nil, nil + case http.StatusNotModified: + return nil, errors.Errorf("No changes to update.") + case http.StatusForbidden: + return nil, errors.Errorf("No permission to update.") case http.StatusNotFound: return nil, errors.Errorf("Predicate not found.") default: @@ -130,6 +134,8 @@ func handleResponseWithBody(resp *http.Response, err error) (*PredicatesCollecti return responsePredicateParsingFailed(err) } return &model, nil, nil + case http.StatusForbidden: + return nil, nil, errors.Errorf("No permission to update.") case http.StatusNotFound: return nil, nil, errors.Errorf("Predicate not found.") default: diff --git a/internal/wrappers/results-modifier.go b/internal/wrappers/results-modifier.go index f49d6ed71..a6ac915e1 100644 --- a/internal/wrappers/results-modifier.go +++ b/internal/wrappers/results-modifier.go @@ -27,7 +27,7 @@ func (s *ScanResult) UnmarshalJSON(data []byte) error { s.Type = params.KicsType } - if s.Type == "dependency" { + if s.Type == "dependency" || s.Type == "sca-container" { s.Type = params.ScaType } diff --git a/internal/wrappers/results-sarif.go b/internal/wrappers/results-sarif.go index 392a2eff4..c949cbfd9 100644 --- a/internal/wrappers/results-sarif.go +++ b/internal/wrappers/results-sarif.go @@ -36,6 +36,7 @@ type SarifDriverRule struct { type SarifScanResult struct { RuleID string `json:"ruleId"` + Level string `json:"level"` Message SarifMessage `json:"message"` PartialFingerprints *SarifResultFingerprint `json:"partialFingerprints,omitempty"` Locations []SarifLocation `json:"locations,omitempty"` From 226aa28270a36555809fd9d80bedda9df03820c4 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Mon, 28 Mar 2022 17:23:26 +0100 Subject: [PATCH 02/10] fixing messages --- internal/commands/predicates.go | 2 +- internal/wrappers/predicates-http.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/commands/predicates.go b/internal/commands/predicates.go index ad9f166fc..51f2d997a 100644 --- a/internal/commands/predicates.go +++ b/internal/commands/predicates.go @@ -112,7 +112,7 @@ func runTriageShow(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper) f ) if err != nil { - return errors.Wrapf(err, "%s", "Failed getting the predicate.") + return errors.Wrapf(err, "%s", "Failed getting the predicate") } // Checking the response diff --git a/internal/wrappers/predicates-http.go b/internal/wrappers/predicates-http.go index f2f276df7..a8a220ce2 100644 --- a/internal/wrappers/predicates-http.go +++ b/internal/wrappers/predicates-http.go @@ -98,7 +98,7 @@ func (r ResultsPredicatesHTTPWrapper) PredicateSeverityAndState(predicate *Predi case http.StatusNotModified: return nil, errors.Errorf("No changes to update.") case http.StatusForbidden: - return nil, errors.Errorf("No permission to update.") + return nil, errors.Errorf("No permission to update predicate.") case http.StatusNotFound: return nil, errors.Errorf("Predicate not found.") default: @@ -135,7 +135,7 @@ func handleResponseWithBody(resp *http.Response, err error) (*PredicatesCollecti } return &model, nil, nil case http.StatusForbidden: - return nil, nil, errors.Errorf("No permission to update.") + return nil, nil, errors.Errorf("No permission to show predicate.") case http.StatusNotFound: return nil, nil, errors.Errorf("Predicate not found.") default: From dcb7502558dde0be0e84850b4e4ff2b01863615e Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Tue, 29 Mar 2022 18:22:52 +0100 Subject: [PATCH 03/10] removing dates + error message fix --- cmd/main.go | 3 ++- internal/commands/predicates.go | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index b15e93fe7..4b85d422a 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -1,6 +1,7 @@ package main import ( + "fmt" "log" "os" @@ -73,7 +74,7 @@ func exitIfError(err error) { log.Println(e.Err) os.Exit(e.Code) default: - log.Println(e) + fmt.Println(e) os.Exit(failureExitCode) } } diff --git a/internal/commands/predicates.go b/internal/commands/predicates.go index 51f2d997a..591c777b6 100644 --- a/internal/commands/predicates.go +++ b/internal/commands/predicates.go @@ -112,14 +112,14 @@ func runTriageShow(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper) f ) if err != nil { - return errors.Wrapf(err, "%s", "Failed getting the predicate") + return errors.Wrapf(err, "%s", "Failed showing the predicate") } // Checking the response if errorModel != nil { return errors.Errorf( "%s: CODE: %d, %s", - "Failed getting the predicate.", + "Failed showing the predicate.", errorModel.Code, errorModel.Message, ) @@ -154,7 +154,7 @@ func runTriageUpdate(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper) _, err := resultsPredicatesWrapper.PredicateSeverityAndState(predicate) if err != nil { - return err + return errors.Wrapf(err, "%s", "Failed updating the predicate") } return nil From f8c0c07889d08a3a04f049786b6894e5a14ef8d0 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Wed, 30 Mar 2022 09:30:51 +0100 Subject: [PATCH 04/10] removing dates + error message fix --- cmd/main.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 4b85d422a..71eeed7d8 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -2,7 +2,6 @@ package main import ( "fmt" - "log" "os" "github.com/checkmarx/ast-cli/internal/commands" @@ -71,7 +70,7 @@ func exitIfError(err error) { if err != nil { switch e := err.(type) { case *wrappers.AstError: - log.Println(e.Err) + fmt.Println(e.Err) os.Exit(e.Code) default: fmt.Println(e) From 551c4557e29673e5199297c69f366704791b34cf Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Thu, 31 Mar 2022 15:44:43 +0100 Subject: [PATCH 05/10] adding extra info to sarif results --- internal/commands/result.go | 64 +++++++++++++++++++++--------- internal/wrappers/results-sarif.go | 11 +++-- 2 files changed, 54 insertions(+), 21 deletions(-) diff --git a/internal/commands/result.go b/internal/commands/result.go index 5a50a2875..70b049d5d 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -708,15 +708,23 @@ func parseSonarTextRange(results *wrappers.ScanResultNode) wrappers.SonarTextRan func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappers.SarifDriverRule { var sarifRule wrappers.SarifDriverRule - + var sarifDescription wrappers.SarifDescription + sarifDescription.Text = "No description available" if result.ScanResultData.QueryID == nil { - sarifRule.ID = result.ID + sarifRule.ID = fmt.Sprintf("%s (%s)", result.ID, result.Type) } else { - sarifRule.ID = fmt.Sprintf("%v", result.ScanResultData.QueryID) + sarifRule.ID = fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type) } if result.ScanResultData.QueryName != "" { - sarifRule.Name = result.ScanResultData.QueryName + sarifRule.Name = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ") + } + if result.Description != "" { + sarifDescription.Text = result.Description + if result.Type == commonParams.KicsType { + sarifDescription.Text = result.Description + " Value:" + result.ScanResultData.Value + ". Expected value:" + result.ScanResultData.ExpectedValue + } + sarifRule.FullDescription = sarifDescription } sarifRule.HelpURI = wrappers.SarifInformationURI @@ -738,26 +746,46 @@ func findResult(result *wrappers.ScanResult) *wrappers.SarifScanResult { mediumCx: mediumSarif, highCx: highSarif, } - scanResult.RuleID = fmt.Sprintf("%v", result.ScanResultData.QueryID) + if result.ScanResultData.QueryID == nil { + scanResult.RuleID = fmt.Sprintf("%v (%s)", result.ID, result.Type) + } else { + scanResult.RuleID = fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type) + } scanResult.Level = level[result.Severity] - scanResult.Message.Text = result.ScanResultData.QueryName + scanResult.Message.Text = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ") scanResult.Locations = []wrappers.SarifLocation{} - for _, node := range result.ScanResultData.Nodes { + if len(result.ScanResultData.Nodes) == 0 { + var scanLocation wrappers.SarifLocation - scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:] - if node.Line <= 0 { - continue + // to use in kics scan type + if result.Type == commonParams.KicsType { + // Need to remove the first / in kics filename in order to correct in sarif + scanLocation.PhysicalLocation.ArtifactLocation.URI = strings.Replace(result.ScanResultData.Filename, "/", "", 1) + scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{} + scanLocation.PhysicalLocation.Region.StartLine = result.ScanResultData.Line + scanLocation.PhysicalLocation.Region.StartColumn = 1 + scanLocation.PhysicalLocation.Region.EndColumn = 2 + scanResult.Locations = append(scanResult.Locations, scanLocation) + } + } else { + for _, node := range result.ScanResultData.Nodes { + var scanLocation wrappers.SarifLocation + scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:] + if node.Line <= 0 { + continue + } + scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{} + scanLocation.PhysicalLocation.Region.StartLine = node.Line + column := node.Column + length := node.Length + scanLocation.PhysicalLocation.Region.StartColumn = column + scanLocation.PhysicalLocation.Region.EndColumn = column + length + + scanResult.Locations = append(scanResult.Locations, scanLocation) } - scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{} - scanLocation.PhysicalLocation.Region.StartLine = node.Line - column := node.Column - length := node.Length - scanLocation.PhysicalLocation.Region.StartColumn = column - scanLocation.PhysicalLocation.Region.EndColumn = column + length - - scanResult.Locations = append(scanResult.Locations, scanLocation) } + if len(scanResult.Locations) > 0 { return &scanResult } diff --git a/internal/wrappers/results-sarif.go b/internal/wrappers/results-sarif.go index c949cbfd9..4c5a857cf 100644 --- a/internal/wrappers/results-sarif.go +++ b/internal/wrappers/results-sarif.go @@ -29,9 +29,14 @@ type SarifDriver struct { } type SarifDriverRule struct { - ID string `json:"id"` - Name string `json:"name,omitempty"` - HelpURI string `json:"helpUri"` + ID string `json:"id"` + Name string `json:"name,omitempty"` + HelpURI string `json:"helpUri"` + FullDescription SarifDescription `json:"fullDescription"` +} + +type SarifDescription struct { + Text string `json:"text"` } type SarifScanResult struct { From 2f676aa4f3385905106a82db793e3f41f5e212dd Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Thu, 31 Mar 2022 15:46:40 +0100 Subject: [PATCH 06/10] adding extra info to sarif results --- internal/commands/result.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/commands/result.go b/internal/commands/result.go index 70b049d5d..fa28849fe 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -756,7 +756,6 @@ func findResult(result *wrappers.ScanResult) *wrappers.SarifScanResult { scanResult.Locations = []wrappers.SarifLocation{} if len(result.ScanResultData.Nodes) == 0 { - var scanLocation wrappers.SarifLocation // to use in kics scan type if result.Type == commonParams.KicsType { From 4fb340fe5f28b46bcab4c35e5690bca1c58fc312 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Thu, 31 Mar 2022 16:07:05 +0100 Subject: [PATCH 07/10] improving coverage --- internal/commands/result.go | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/internal/commands/result.go b/internal/commands/result.go index fa28849fe..b76c2aceb 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -715,17 +715,13 @@ func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappe } else { sarifRule.ID = fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type) } + sarifRule.Name = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ") - if result.ScanResultData.QueryName != "" { - sarifRule.Name = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ") - } - if result.Description != "" { - sarifDescription.Text = result.Description - if result.Type == commonParams.KicsType { - sarifDescription.Text = result.Description + " Value:" + result.ScanResultData.Value + ". Expected value:" + result.ScanResultData.ExpectedValue - } - sarifRule.FullDescription = sarifDescription + sarifDescription.Text = result.Description + if result.Type == commonParams.KicsType { + sarifDescription.Text = result.Description + " Value:" + result.ScanResultData.Value + ". Expected value:" + result.ScanResultData.ExpectedValue } + sarifRule.FullDescription = sarifDescription sarifRule.HelpURI = wrappers.SarifInformationURI From 19bc05a968eb98f6cd993fdf2d27f77e85324e60 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Fri, 1 Apr 2022 09:23:59 +0100 Subject: [PATCH 08/10] adding starts with verification to result type --- internal/wrappers/results-modifier.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/internal/wrappers/results-modifier.go b/internal/wrappers/results-modifier.go index a6ac915e1..3027fb775 100644 --- a/internal/wrappers/results-modifier.go +++ b/internal/wrappers/results-modifier.go @@ -3,6 +3,7 @@ package wrappers import ( "bytes" "encoding/json" + "strings" "github.com/checkmarx/ast-cli/internal/params" ) @@ -23,11 +24,11 @@ func (s *ScanResult) UnmarshalJSON(data []byte) error { return err } - if s.Type == "infrastructure" { + if strings.HasPrefix(s.Type, "infrastructure") { s.Type = params.KicsType } - if s.Type == "dependency" || s.Type == "sca-container" { + if strings.HasPrefix(s.Type,"dependency") || strings.HasPrefix(s.Type, "sca-container") { s.Type = params.ScaType } From 3081c0852edfc61c9e8ec1fbaa4dca5f0f1a58ec Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Fri, 1 Apr 2022 09:36:31 +0100 Subject: [PATCH 09/10] adding starts with verification to result type --- internal/wrappers/results-modifier.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/wrappers/results-modifier.go b/internal/wrappers/results-modifier.go index 3027fb775..1c49404fc 100644 --- a/internal/wrappers/results-modifier.go +++ b/internal/wrappers/results-modifier.go @@ -28,7 +28,7 @@ func (s *ScanResult) UnmarshalJSON(data []byte) error { s.Type = params.KicsType } - if strings.HasPrefix(s.Type,"dependency") || strings.HasPrefix(s.Type, "sca-container") { + if strings.HasPrefix(s.Type, "dependency") || strings.HasPrefix(s.Type, "sca-container") { s.Type = params.ScaType } From 69635502604ca18a7bf8e494d55e11a0293bcbe7 Mon Sep 17 00:00:00 2001 From: tiagobcx Date: Fri, 1 Apr 2022 09:56:52 +0100 Subject: [PATCH 10/10] improve coverage --- test/integration/result_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/test/integration/result_test.go b/test/integration/result_test.go index e4f103510..b4838fb17 100644 --- a/test/integration/result_test.go +++ b/test/integration/result_test.go @@ -70,6 +70,17 @@ func assertResultFilesCreated(t *testing.T) { }() } +func TestResultsShowParamFailed(t *testing.T) { + + args := []string{ + "results", + "show", + } + + err, _ := executeCommand(t, args...) + assertError(t, err, "Failed listing results: Please provide a scan ID") +} + func TestCodeBashingParamFailed(t *testing.T) { args := []string{