json-writer: print level key in SARIF output

... so that users can easily filter results according to their severity. Fixes: #80
csutils · Aug 26, 2022 · 6f6901a · 6f6901a
1 parent d9ede63
commit 6f6901a
Show file tree

Hide file tree

Showing 9 changed files with 12,477 additions and 0 deletions.
diff --git a/src/json-writer.cc b/src/json-writer.cc
@@ -214,6 +214,22 @@ static void sarifEncodeMsg(PTree *pDst, const std::string& text)
     pDst->put_child("message", msg);
 }
 
+static void sarifEncodeLevel(PTree *result, const std::string &event) {
+    const RE error("error(\\[|$)");
+    const RE warning("warning(\\[|$)");
+    const RE note("note(\\[|$)");
+    std::string level = "warning";
+
+    if (boost::regex_search(event, error))
+        level = "error";
+    else if (boost::regex_search(event, warning))
+        level = "warning";
+    else if (boost::regex_search(event, note))
+        level = "note";
+
+    result->put<std::string>("level", level);
+}
+
 static void sarifEncodeLoc(PTree *pLoc, const Defect &def, unsigned idx)
 {
     // location ID within the result
@@ -291,6 +307,9 @@ void SarifTreeEncoder::appendDef(const Defect &def)
         // update CWE map
         cweMap_[ruleId] = def.cwe;
 
+    // key event severity level
+    sarifEncodeLevel(&result, keyEvt.event);
+
     // key event location
     PTree loc;
     sarifEncodeLoc(&loc, def, def.keyEventIdx);