Skip to content

Commit 043b365

Browse files
zhamborovazhamborova
committed
fix sarifs
1 parent 0620f43 commit 043b365

4 files changed

Lines changed: 84 additions & 78 deletions

File tree

plugins/tools/pmd/test/expected.sarif

Lines changed: 23 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -1,69 +1,58 @@
11
{
2-
"version": "2.1.0",
32
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
43
"runs": [
54
{
6-
"tool": {
7-
"driver": {
8-
"name": "PMD",
9-
"version": "6.55.0",
10-
"informationUri": "https://pmd.github.io/pmd/",
11-
"rules": null
12-
}
13-
},
145
"results": [
156
{
16-
"ruleId": "UnusedPrivateField",
17-
"ruleIndex": 0,
18-
"message": {
19-
"text": "Avoid unused private fields such as 'unusedField'."
20-
},
7+
"level": "",
218
"locations": [
229
{
2310
"physicalLocation": {
2411
"artifactLocation": {
2512
"uri": "/plugins/tools/pmd/test/src/Test.java"
2613
},
2714
"region": {
28-
"startLine": 2,
2915
"startColumn": 20,
30-
"endLine": 2,
31-
"endColumn": 30
16+
"startLine": 2
3217
}
3318
}
3419
}
35-
]
36-
},
37-
{
38-
"ruleId": "UnconditionalIfStatement",
39-
"ruleIndex": 1,
20+
],
4021
"message": {
41-
"text": "Do not use if statements that are always true or always false"
22+
"text": "Avoid unused private fields such as 'unusedField'."
4223
},
24+
"ruleId": "UnusedPrivateField"
25+
},
26+
{
27+
"level": "",
4328
"locations": [
4429
{
4530
"physicalLocation": {
4631
"artifactLocation": {
4732
"uri": "/plugins/tools/pmd/test/src/Test.java"
4833
},
4934
"region": {
50-
"startLine": 5,
5135
"startColumn": 13,
52-
"endLine": 5,
53-
"endColumn": 16
36+
"startLine": 5
5437
}
5538
}
5639
}
57-
]
40+
],
41+
"message": {
42+
"text": "Do not use if statements that are always true or always false"
43+
},
44+
"ruleId": "UnconditionalIfStatement"
5845
}
5946
],
60-
"invocations": [
61-
{
62-
"executionSuccessful": true,
63-
"toolConfigurationNotifications": [],
64-
"toolExecutionNotifications": []
47+
"tool": {
48+
"driver": {
49+
"informationUri": "https://pmd.github.io/pmd/",
50+
"name": "PMD",
51+
"rules": null,
52+
"version": "6.55.0"
6553
}
66-
]
54+
}
6755
}
68-
]
56+
],
57+
"version": "2.1.0"
6958
}

plugins/tools/semgrep/test/expected.sarif

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,15 @@
44
{
55
"results": [
66
{
7-
"level": "",
87
"locations": [
98
{
109
"physicalLocation": {
1110
"artifactLocation": {
1211
"uri": "test_file.py"
1312
},
1413
"region": {
14+
"endColumn": 26,
15+
"endLine": 14,
1516
"startColumn": 5,
1617
"startLine": 14
1718
}
@@ -24,14 +25,15 @@
2425
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
2526
},
2627
{
27-
"level": "",
2828
"locations": [
2929
{
3030
"physicalLocation": {
3131
"artifactLocation": {
3232
"uri": "test_file.py"
3333
},
3434
"region": {
35+
"endColumn": 26,
36+
"endLine": 15,
3537
"startColumn": 5,
3638
"startLine": 15
3739
}
@@ -44,14 +46,15 @@
4446
"ruleId": "codacy.tools-configs.python.lang.security.audit.os-system.os-system"
4547
},
4648
{
47-
"level": "",
4849
"locations": [
4950
{
5051
"physicalLocation": {
5152
"artifactLocation": {
5253
"uri": "test_file.py"
5354
},
5455
"region": {
56+
"endColumn": 43,
57+
"endLine": 16,
5558
"startColumn": 5,
5659
"startLine": 16
5760
}
@@ -64,14 +67,15 @@
6467
"ruleId": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true"
6568
},
6669
{
67-
"level": "",
6870
"locations": [
6971
{
7072
"physicalLocation": {
7173
"artifactLocation": {
7274
"uri": "test_file.py"
7375
},
7476
"region": {
77+
"endColumn": 37,
78+
"endLine": 20,
7579
"startColumn": 5,
7680
"startLine": 20
7781
}
@@ -84,14 +88,15 @@
8488
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
8589
},
8690
{
87-
"level": "",
8891
"locations": [
8992
{
9093
"physicalLocation": {
9194
"artifactLocation": {
9295
"uri": "test_file.py"
9396
},
9497
"region": {
98+
"endColumn": 43,
99+
"endLine": 26,
95100
"startColumn": 5,
96101
"startLine": 26
97102
}
@@ -104,14 +109,15 @@
104109
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
105110
},
106111
{
107-
"level": "",
108112
"locations": [
109113
{
110114
"physicalLocation": {
111115
"artifactLocation": {
112116
"uri": "test_file.py"
113117
},
114118
"region": {
119+
"endColumn": 23,
120+
"endLine": 27,
115121
"startColumn": 5,
116122
"startLine": 27
117123
}
@@ -126,7 +132,6 @@
126132
],
127133
"tool": {
128134
"driver": {
129-
"informationUri": "",
130135
"name": "Semgrep OSS",
131136
"rules": null,
132137
"version": ""

plugins/tools/trivy/test/expected.sarif

Lines changed: 15 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,52 +1,38 @@
11
{
2-
"version": "2.1.0",
32
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
43
"runs": [
54
{
6-
"tool": {
7-
"driver": {
8-
"fullName": "Trivy Vulnerability Scanner",
9-
"informationUri": "https://github.com/aquasecurity/trivy",
10-
"name": "Trivy",
11-
"rules": null,
12-
"version": "0.59.1"
13-
}
14-
},
155
"results": [
166
{
17-
"ruleId": "CVE-2024-21538",
18-
"ruleIndex": 0,
197
"level": "error",
20-
"message": {
21-
"text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)"
22-
},
238
"locations": [
249
{
2510
"physicalLocation": {
2611
"artifactLocation": {
27-
"uri": "package-lock.json",
28-
"uriBaseId": "ROOTPATH"
12+
"uri": "package-lock.json"
2913
},
3014
"region": {
31-
"startLine": 515,
3215
"startColumn": 1,
33-
"endLine": 527,
34-
"endColumn": 1
16+
"startLine": 515
3517
}
36-
},
37-
"message": {
38-
"text": "package-lock.json: cross-spawn@7.0.3"
3918
}
4019
}
41-
]
20+
],
21+
"message": {
22+
"text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)"
23+
},
24+
"ruleId": "CVE-2024-21538"
4225
}
4326
],
44-
"columnKind": "utf16CodeUnits",
45-
"originalUriBaseIds": {
46-
"ROOTPATH": {
47-
"uri": "file:///plugins/tools/trivy/test/src/"
27+
"tool": {
28+
"driver": {
29+
"informationUri": "https://github.com/aquasecurity/trivy",
30+
"name": "Trivy",
31+
"rules": null,
32+
"version": "0.59.1"
4833
}
4934
}
5035
}
51-
]
36+
],
37+
"version": "2.1.0"
5238
}

utils/sarif.go

Lines changed: 34 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,9 @@ type SarifReport struct {
2727
}
2828

2929
type Run struct {
30-
Tool Tool `json:"tool"`
31-
Results []Result `json:"results"`
30+
Invocations []Invocation `json:"invocations,omitempty"`
31+
Results []Result `json:"results"`
32+
Tool Tool `json:"tool"`
3233
}
3334

3435
type Tool struct {
@@ -38,7 +39,7 @@ type Tool struct {
3839
type Driver struct {
3940
Name string `json:"name"`
4041
Version string `json:"version"`
41-
InformationURI string `json:"informationUri,omitempty"`
42+
InformationURI string `json:"informationUri"`
4243
Rules []Rule `json:"rules"`
4344
}
4445

@@ -58,10 +59,11 @@ type RuleProperties struct {
5859
}
5960

6061
type Result struct {
61-
RuleID string `json:"ruleId"`
62-
Level string `json:"level,omitempty"`
63-
Message MessageText `json:"message"`
62+
Level string `json:"level"`
6463
Locations []Location `json:"locations"`
64+
Message MessageText `json:"message"`
65+
RuleID string `json:"ruleId"`
66+
RuleIndex int `json:"ruleIndex,omitempty"`
6567
}
6668

6769
type Location struct {
@@ -78,16 +80,40 @@ type ArtifactLocation struct {
7880
}
7981

8082
type Region struct {
81-
StartLine int `json:"startLine"`
8283
StartColumn int `json:"startColumn"`
83-
EndLine int `json:"endLine,omitempty"`
84+
StartLine int `json:"startLine"`
8485
EndColumn int `json:"endColumn,omitempty"`
86+
EndLine int `json:"endLine,omitempty"`
8587
}
8688

8789
type MessageText struct {
8890
Text string `json:"text"`
8991
}
9092

93+
type Invocation struct {
94+
ExecutionSuccessful bool `json:"executionSuccessful"`
95+
ToolConfigurationNotifications []ToolConfigurationNotification `json:"toolConfigurationNotifications,omitempty"`
96+
ToolExecutionNotifications []ToolExecutionNotification `json:"toolExecutionNotifications,omitempty"`
97+
}
98+
99+
type ToolConfigurationNotification struct {
100+
Descriptor struct {
101+
ID string `json:"id"`
102+
} `json:"descriptor"`
103+
Level string `json:"level"`
104+
Locations []Location `json:"locations"`
105+
Message MessageText `json:"message"`
106+
}
107+
108+
type ToolExecutionNotification struct {
109+
Descriptor struct {
110+
ID string `json:"id"`
111+
} `json:"descriptor"`
112+
Level string `json:"level"`
113+
Locations []Location `json:"locations"`
114+
Message MessageText `json:"message"`
115+
}
116+
91117
// ConvertPylintToSarif converts Pylint JSON output to SARIF format
92118
func ConvertPylintToSarif(pylintOutput []byte) []byte {
93119
var issues []PylintIssue

0 commit comments

Comments
 (0)