Skip to content

Added new filed to sarif output #382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
cx-pedro-lopes merged 5 commits into from
Apr 8, 2022
Merged

Added new filed to sarif output #382

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
1eeb814
Added new filed to sarif output
cx-pedro-lopes Apr 7, 2022
2040ea6
Added tags
cx-pedro-lopes Apr 8, 2022
f201984
update link
cx-pedro-lopes Apr 8, 2022
5c86486
rename Id to ID
cx-pedro-lopes Apr 8, 2022
6c9c445
update results modifier
cx-pedro-lopes Apr 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
82 changes: 63 additions & 19 deletions internal/commands/result.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,13 @@ var filterResultsListFlagUsage = fmt.Sprintf(
),
)

var securities = map[string]string{
infoCx: "3.5",
lowCx: "6.5",
mediumCx: "8.5",
highCx: "9.5",
}

// NewResultCommand - Deprecated command
func NewResultCommand(resultsWrapper wrappers.ResultsWrapper, scanWrapper wrappers.ScansWrapper) *cobra.Command {
resultCmd := &cobra.Command{
Expand Down Expand Up @@ -750,22 +757,12 @@ func parseSonarTextRange(results *wrappers.ScanResultNode) wrappers.SonarTextRan

func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappers.SarifDriverRule {
var sarifRule wrappers.SarifDriverRule
var sarifDescription wrappers.SarifDescription
sarifDescription.Text = "No description available"
if result.ScanResultData.QueryID == nil {
sarifRule.ID = fmt.Sprintf("%s (%s)", result.ID, result.Type)
} else {
sarifRule.ID = fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type)
}
sarifRule.ID = findRuleID(result)
sarifRule.Name = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ")

sarifDescription.Text = result.Description
if result.Type == commonParams.KicsType {
sarifDescription.Text = result.Description + " Value:" + result.ScanResultData.Value + ". Expected value:" + result.ScanResultData.ExpectedValue
}
sarifRule.FullDescription = sarifDescription

sarifRule.FullDescription = findFullDescription(result)
sarifRule.Help = findHelp(result)
sarifRule.HelpURI = wrappers.SarifInformationURI
sarifRule.Properties = findProperties(result)

if !ruleIds[sarifRule.ID] {
ruleIds[sarifRule.ID] = true
Expand All @@ -775,6 +772,57 @@ func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappe
return nil
}

func findRuleID(result *wrappers.ScanResult) string {
if result.ScanResultData.QueryID == nil {
return fmt.Sprintf("%s (%s)", result.ID, result.Type)
}

return fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type)
}

func findFullDescription(result *wrappers.ScanResult) wrappers.SarifDescription {
var sarifDescription wrappers.SarifDescription
sarifDescription.Text = findDescriptionText(result)
return sarifDescription
}

func findHelp(result *wrappers.ScanResult) wrappers.SarifHelp {
var sarifHelp wrappers.SarifHelp
sarifHelp.Text = findDescriptionText(result)
sarifHelp.Markdown = findHelpMarkdownText(result)

return sarifHelp
}

func findDescriptionText(result *wrappers.ScanResult) string {
if result.Type == commonParams.KicsType {
return fmt.Sprintf("%s Value: %s Excepted value: %s",
result.Description, result.ScanResultData.Value, result.ScanResultData.ExpectedValue)
}

return result.Description
}

func findHelpMarkdownText(result *wrappers.ScanResult) string {
if result.Type == commonParams.KicsType {
return fmt.Sprintf("%s <br><br><strong>Value:</strong> %s <br><strong>Excepted value:</strong> %s",
result.Description, result.ScanResultData.Value, result.ScanResultData.ExpectedValue)
}

return result.Description
}

func findProperties(result *wrappers.ScanResult) wrappers.SarifProperties {
var sarifProperties wrappers.SarifProperties
sarifProperties.ID = findRuleID(result)
sarifProperties.Name = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ")
sarifProperties.Description = findDescriptionText(result)
sarifProperties.SecuritySeverity = securities[result.Severity]
sarifProperties.Tags = []string{"security", "checkmarx", result.Type}

return sarifProperties
}

func findResult(result *wrappers.ScanResult) *wrappers.SarifScanResult {
var scanResult wrappers.SarifScanResult
// Match cx severity with sarif severity
Expand All @@ -784,11 +832,7 @@ func findResult(result *wrappers.ScanResult) *wrappers.SarifScanResult {
mediumCx: mediumSarif,
highCx: highSarif,
}
if result.ScanResultData.QueryID == nil {
scanResult.RuleID = fmt.Sprintf("%v (%s)", result.ID, result.Type)
} else {
scanResult.RuleID = fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type)
}
scanResult.RuleID = findRuleID(result)
scanResult.Level = level[result.Severity]
scanResult.Message.Text = strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ")
scanResult.Locations = []wrappers.SarifLocation{}
Expand Down
6 changes: 5 additions & 1 deletion internal/wrappers/results-modifier.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,14 @@ func (s *ScanResult) UnmarshalJSON(data []byte) error {
s.Type = params.KicsType
}

if strings.HasPrefix(s.Type, "dependency") || strings.HasPrefix(s.Type, "sca-container") {
if strings.HasPrefix(s.Type, "dependency") || strings.HasPrefix(s.Type, "sca-") {
s.Type = params.ScaType
}

s.Status = strings.TrimSpace(s.Status)
s.State = strings.TrimSpace(s.State)
s.Severity = strings.TrimSpace(s.Severity)

if s.Description == "" && s.ScanResultData.Description != "" {
s.Description = s.ScanResultData.Description
s.ScanResultData.Description = ""
Expand Down
16 changes: 15 additions & 1 deletion internal/wrappers/results-sarif.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ package wrappers
var (
SarifName = "Checkmarx AST"
SarifVersion = "1.0"
SarifInformationURI = "https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation"
SarifInformationURI = "https://checkmarx.atlassian.net/wiki/spaces/AST"
)

type SarifResultsCollection struct {
Expand Down Expand Up @@ -32,9 +32,23 @@ type SarifDriverRule struct {
ID string `json:"id"`
Name string `json:"name,omitempty"`
HelpURI string `json:"helpUri"`
Help SarifHelp `json:"help"`
FullDescription SarifDescription `json:"fullDescription"`
Properties SarifProperties `json:"properties,omitempty"`
}

type SarifProperties struct {
SecuritySeverity string `json:"security-severity"`
Name string `json:"name"`
ID string `json:"id"`
Description string `json:"description"`
Tags []string `json:"tags"`
}

type SarifHelp struct {
Text string `json:"text"`
Markdown string `json:"markdown"`
}
type SarifDescription struct {
Text string `json:"text"`
}
Expand Down
4 changes: 2 additions & 2 deletions test/integration/user-count-github_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ func TestGitHubUserCount(t *testing.T) {
_ = viper.BindEnv(pat)
buffer := executeCmdWithTimeOutNilAssertion(
t,
"Counting contributors from checkmarxdev should pass",
"Counting contributors from checkmarx should pass",
2*time.Minute,
"utils",
usercount.UcCommand,
usercount.GithubCommand,
flag(usercount.OrgsFlag),
"checkmarxdev",
"checkmarx",
flag(params.SCMTokenFlag),
viper.GetString(pat),
flag(params.FormatFlag),
Expand Down