Skip to content

Commit

Permalink
writer-json-sarif: add tool to rule properties
Browse files Browse the repository at this point in the history
... to ease SARIF import into Defect Dojo

Resolves: https://issues.redhat.com/browse/OSH-355
Closes: #147
  • Loading branch information
kdudka committed Oct 17, 2023
1 parent 0bfa251 commit bb1634e
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 1 deletion.
11 changes: 11 additions & 0 deletions src/lib/writer-json-sarif.cc
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ using namespace boost::json;
struct RuleProps {
int cweId;
std::string scRuleId;
std::string tool;
};

struct SarifTreeEncoder::Private {
Expand Down Expand Up @@ -164,6 +165,12 @@ void SarifTreeEncoder::Private::serializeRules()
const bool haveScRule = !rp.scRuleId.empty();
if (haveScRule)
sarifEncodeShellCheckRule(&rule, rp.scRuleId);
else if (!rp.tool.empty()) {
// encode tool tag
array tags = { rp.tool };
object &props = rule["properties"].as_object();
props["tags"] = std::move(tags);
}

if (rp.cweId)
sarifEncodeCweRule(&rule, rp.cweId, /*append =*/ haveScRule);
Expand Down Expand Up @@ -316,6 +323,10 @@ void SarifTreeEncoder::appendDef(const Defect &def)
result["properties"] = std::move(cweProp);
}

if (!def.tool.empty())
// update tool for this rule
d->ruleMap[ruleId].tool = def.tool;

// key event severity level
sarifEncodeLevel(&result, keyEvt.event);

Expand Down
54 changes: 54 additions & 0 deletions tests/csgrep/0081-sarif-writer-stdout.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
{
"id": "ALLOC_FREE_MISMATCH: free",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-762"
]
Expand All @@ -23,6 +26,9 @@
{
"id": "CHECKED_RETURN: check_return",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-252"
]
Expand All @@ -34,6 +40,9 @@
{
"id": "CONSTANT_EXPRESSION_RESULT: pointless_expression",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-569"
]
Expand All @@ -45,6 +54,9 @@
{
"id": "CONSTANT_EXPRESSION_RESULT: result_independent_of_operands",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-569"
]
Expand All @@ -56,6 +68,9 @@
{
"id": "DEADCODE: dead_error_begin",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-561"
]
Expand All @@ -67,6 +82,9 @@
{
"id": "DEADCODE: dead_error_line",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-561"
]
Expand All @@ -78,6 +96,9 @@
{
"id": "DEADCODE: effectively_constant",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-561"
]
Expand All @@ -89,6 +110,9 @@
{
"id": "FORWARD_NULL: var_deref_model",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-476"
]
Expand All @@ -100,6 +124,9 @@
{
"id": "NEGATIVE_RETURNS: negative_returns",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-687"
]
Expand All @@ -111,6 +138,9 @@
{
"id": "OVERRUN: illegal_address",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-119"
]
Expand All @@ -122,6 +152,9 @@
{
"id": "OVERRUN: overrun-buffer-arg",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-119"
]
Expand All @@ -133,6 +166,9 @@
{
"id": "OVERRUN: overrun-local",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-125"
]
Expand All @@ -144,6 +180,9 @@
{
"id": "PRINTF_ARGS: invalid_type",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-686"
]
Expand All @@ -155,6 +194,9 @@
{
"id": "RESOURCE_LEAK: leaked_storage",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-404"
]
Expand All @@ -166,6 +208,9 @@
{
"id": "RESOURCE_LEAK: overwrite_var",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-404"
]
Expand All @@ -177,6 +222,9 @@
{
"id": "STRING_NULL: string_null",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-170"
]
Expand All @@ -188,6 +236,9 @@
{
"id": "STRING_OVERFLOW: fixed_size_dest",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-120"
]
Expand All @@ -199,6 +250,9 @@
{
"id": "TOCTOU: toctou",
"properties": {
"tags": [
"coverity"
],
"cwe": [
"CWE-367"
]
Expand Down
12 changes: 11 additions & 1 deletion tests/csgrep/0090-sarif-writer-illegal-utf8-sequence-stdout.txt
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,17 @@
"driver": {
"name": "csdiff",
"version": "",
"informationUri": "https://github.com/csutils/csdiff"
"informationUri": "https://github.com/csutils/csdiff",
"rules": [
{
"id": "COMPILER_WARNING: warning",
"properties": {
"tags": [
"gcc"
]
}
}
]
}
},
"results": [
Expand Down

0 comments on commit bb1634e

Please sign in to comment.