json-writer: print level key in SARIF output

... so that users can easily filter results according to their severity. Fixes: #80
csutils · Aug 26, 2022 · 53994e8 · 53994e8
1 parent d9ede63
commit 53994e8
Show file tree

Hide file tree

Showing 9 changed files with 12,475 additions and 0 deletions.
diff --git a/src/json-writer.cc b/src/json-writer.cc
@@ -26,6 +26,7 @@
 
 #include <queue>
 
+#include <boost/algorithm/string/predicate.hpp>
 #include <boost/iostreams/filtering_stream.hpp>
 #include <boost/iostreams/filter/regex.hpp>
 #include <boost/nowide/utf/convert.hpp>
@@ -214,6 +215,19 @@ static void sarifEncodeMsg(PTree *pDst, const std::string& text)
     pDst->put_child("message", msg);
 }
 
+static void sarifEncodeLevel(PTree *result, const std::string &event) {
+    std::string level = "warning";
+
+    if (boost::starts_with(event, "error"))
+        level = "error";
+    else if (boost::starts_with(event, "warning"))
+        level = "warning";
+    else if (boost::starts_with(event, "note"))
+        level = "note";
+
+    result->put<std::string>("level", level);
+}
+
 static void sarifEncodeLoc(PTree *pLoc, const Defect &def, unsigned idx)
 {
     // location ID within the result
@@ -291,6 +305,9 @@ void SarifTreeEncoder::appendDef(const Defect &def)
         // update CWE map
         cweMap_[ruleId] = def.cwe;
 
+    // key event severity level
+    sarifEncodeLevel(&result, keyEvt.event);
+
     // key event location
     PTree loc;
     sarifEncodeLoc(&loc, def, def.keyEventIdx);