CodeSecTools/codesectools/sasts/tools/SpotBugs/sast.py at 7925659bdb9e6a4ee5b1e1582eed890853ca66a7 · OPPIDA/CodeSecTools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
"""Defines the SAST integration for SpotBugs.

This module provides the `SpotBugsSAST` class, which configures and orchestrates
the execution of SpotBugs scans using the core SAST framework.
"""

import shutil
from pathlib import Path

from codesectools.sasts.core.sast import PrebuiltSAST
from codesectools.sasts.core.sast.properties import SASTProperties
from codesectools.sasts.core.sast.requirements import (
    Binary,
    File,
    SASTRequirements,
)
from codesectools.sasts.tools.SpotBugs.parser import SpotBugsAnalysisResult


class SpotBugsSAST(PrebuiltSAST):
    """SAST integration for SpotBugs.

    Attributes:
        name (str): The name of the SAST tool.
        supported_languages (list[str]): A list of supported programming languages.
        supported_dataset_names (list[str]): A list of names of compatible datasets.
        properties (SASTProperties): The properties of the SAST tool.
        requirements (SASTRequirements): The requirements for the SAST tool.
        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
        valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
        output_files (list[tuple[Path, bool]]): A list of expected output files and
            whether they are required.
        parser (type[SpotBugsAnalysisResult]): The parser class for the tool's results.
        color_mapping (dict): A mapping of result categories to colors for plotting.

    """

    name = "SpotBugs"
    supported_languages = ["java"]
    supported_dataset_names = ["BenchmarkJava"]
    properties = SASTProperties(free=True, offline=True)
    requirements = SASTRequirements(
        full_reqs=[
            binary := Binary("spotbugs", url="https://github.com/spotbugs/spotbugs"),
            File(
                name="findsecbugs-plugin-1.14.0.jar",
                depends_on=[binary],
                parent_dir=Path(shutil.which("spotbugs")).parent.parent / "plugin"
                if shutil.which("spotbugs")
                else Path("/tmp"),
                file_url="https://search.maven.org/remotecontent?filepath=com/h3xstream/findsecbugs/findsecbugs-plugin/1.14.0/findsecbugs-plugin-1.14.0.jar",
                license="LGPL-3.0",
                license_url="https://find-sec-bugs.github.io/license.htm",
            ),
        ],
        partial_reqs=[],
    )
    commands = [
        [
            "spotbugs",
            "-textui",
            "-nested:true",
            "-progress",
            "-sarif=spotbugs_output.json",
            "{artifacts}",
        ]
    ]
    valid_codes = [0]
    output_files = [
        (Path("spotbugs_output.json"), True),
    ]
    parser = SpotBugsAnalysisResult
    # Based on: spotbugs/spotbugs/etc/bugrank.txt
    color_mapping = {
        "SECURITY": "red",
        "CORRECTNESS": "orange",
        "MT_CORRECTNESS": "yellow",
    }

    # PrebuiltSAST
    artifact_name = "Java Bytecode"
    artifact_type = "directory"