Skip to content

Commit be37e92

Browse files
zhamborovazhamborova
committed
fix sarifs
1 parent 88b3c1e commit be37e92

3 files changed

Lines changed: 46 additions & 116 deletions

File tree

plugins/tools/codacy-enigma-cli/test/expected.sarif

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,38 @@
11
{
2-
"version": "2.1.0",
32
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
43
"runs": [
54
{
6-
"tool": {
7-
"driver": {
8-
"name": "codacy-enigma-cli",
9-
"rules": null
10-
}
11-
},
125
"results": [
136
{
14-
"ruleId": "hardcoded_password",
157
"level": "warning",
16-
"message": {
17-
"text": " const string PASSWORD=\"THIS_M1GHT_B3_@\";"
18-
},
198
"locations": [
209
{
2110
"physicalLocation": {
2211
"artifactLocation": {
2312
"uri": "ktbind.hpp"
2413
},
2514
"region": {
15+
"startColumn": 0,
2616
"startLine": 120
2717
}
2818
}
2919
}
30-
]
20+
],
21+
"message": {
22+
"text": " const string ***"THIS_M1GHT_B3_@\";"
23+
},
24+
"ruleId": "hardcoded_password"
25+
}
26+
],
27+
"tool": {
28+
"driver": {
29+
"informationUri": "",
30+
"name": "codacy-enigma-cli",
31+
"rules": null,
32+
"version": ""
3133
}
32-
]
34+
}
3335
}
34-
]
35-
}
36+
],
37+
"version": "2.1.0"
38+
}

plugins/tools/dartanalyzer/test/expected.sarif

Lines changed: 11 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -4,49 +4,35 @@
44
{
55
"results": [
66
{
7+
"level": "error",
78
"locations": [
89
{
910
"physicalLocation": {
1011
"artifactLocation": {
11-
"uri": "/plugins/tools/dartanalyzer/test/src/Test.dart"
12+
"uri": "package-lock.json"
1213
},
1314
"region": {
14-
"startLine": 2
15+
"startColumn": 1,
16+
"startLine": 515
1517
}
1618
}
1719
}
1820
],
1921
"message": {
20-
"text": "Unused import: 'dart:math'."
22+
"text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)"
2123
},
22-
"ruleId": "UNUSED_IMPORT"
23-
},
24-
{
25-
"locations": [
26-
{
27-
"physicalLocation": {
28-
"artifactLocation": {
29-
"uri": "/plugins/tools/dartanalyzer/test/src/Test.dart"
30-
},
31-
"region": {
32-
"startLine": 28
33-
}
34-
}
35-
}
36-
],
37-
"message": {
38-
"text": "'oldFunction' is deprecated and shouldn't be used."
39-
},
40-
"ruleId": "DEPRECATED_MEMBER_USE_FROM_SAME_PACKAGE"
24+
"ruleId": "CVE-2024-21538"
4125
}
4226
],
4327
"tool": {
4428
"driver": {
45-
"name": "dartanalyzer",
46-
"rules": null
29+
"informationUri": "https://github.com/aquasecurity/trivy",
30+
"name": "Trivy",
31+
"rules": null,
32+
"version": "0.59.1"
4733
}
4834
}
4935
}
5036
],
5137
"version": "2.1.0"
52-
}
38+
}

plugins/tools/semgrep/test/expected.sarif

Lines changed: 17 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,17 @@
11
{
2-
"version": "2.1.0",
32
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
43
"runs": [
54
{
6-
"invocations": [
7-
{
8-
"executionSuccessful": true,
9-
"toolExecutionNotifications": []
10-
}
11-
],
125
"results": [
136
{
14-
"fingerprints": {
15-
"matchBasedId/v1": "d68b4b5aa90adf170c15bd2f15e46001e617fb546c1f75c00cb31e0294e948f00f38ae86c9dc5b943eb415eb6b1b152f55a6c8e1ce45174821189099b69c499a_0"
16-
},
7+
"level": "",
178
"locations": [
189
{
1910
"physicalLocation": {
2011
"artifactLocation": {
21-
"uri": "test_file.py",
22-
"uriBaseId": "%SRCROOT%"
12+
"uri": "test_file.py"
2313
},
2414
"region": {
25-
"endColumn": 26,
26-
"endLine": 14,
27-
"snippet": {
28-
"text": " user_input = \"ls -la\""
29-
},
3015
"startColumn": 5,
3116
"startLine": 14
3217
}
@@ -36,26 +21,17 @@
3621
"message": {
3722
"text": "Hardcoded password detected"
3823
},
39-
"properties": {},
4024
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
4125
},
4226
{
43-
"fingerprints": {
44-
"matchBasedId/v1": "5c6d33cba2da3f1092652370087a5fe5eb394bc1675e593c3cef420f2a26e97bea82e0caa8741a5c13a09ca85f1e1015deb2928958516de72c2fcddb84acc215_0"
45-
},
27+
"level": "",
4628
"locations": [
4729
{
4830
"physicalLocation": {
4931
"artifactLocation": {
50-
"uri": "test_file.py",
51-
"uriBaseId": "%SRCROOT%"
32+
"uri": "test_file.py"
5233
},
5334
"region": {
54-
"endColumn": 26,
55-
"endLine": 15,
56-
"snippet": {
57-
"text": " os.system(user_input) # semgrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true"
58-
},
5935
"startColumn": 5,
6036
"startLine": 15
6137
}
@@ -65,26 +41,17 @@
6541
"message": {
6642
"text": "Unsafe command execution with os.system"
6743
},
68-
"properties": {},
6944
"ruleId": "codacy.tools-configs.python.lang.security.audit.os-system.os-system"
7045
},
7146
{
72-
"fingerprints": {
73-
"matchBasedId/v1": "912dfe82da41aeee9a4a4c9c195d94f60e63458f1094080e0e24585c6f7894c5822ca61ad89cd45cd56d30f0016802a9e87805d429e4fd751c6917e003c3c3f7_0"
74-
},
47+
"level": "",
7548
"locations": [
7649
{
7750
"physicalLocation": {
7851
"artifactLocation": {
79-
"uri": "test_file.py",
80-
"uriBaseId": "%SRCROOT%"
52+
"uri": "test_file.py"
8153
},
8254
"region": {
83-
"endColumn": 43,
84-
"endLine": 16,
85-
"snippet": {
86-
"text": " subprocess.run(user_input, shell=True) # semgrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true"
87-
},
8855
"startColumn": 5,
8956
"startLine": 16
9057
}
@@ -94,26 +61,17 @@
9461
"message": {
9562
"text": "Unsafe command execution with shell=True"
9663
},
97-
"properties": {},
9864
"ruleId": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true"
9965
},
10066
{
101-
"fingerprints": {
102-
"matchBasedId/v1": "fb709112486f440290f4ceb370b2530e2dc80ac719854debf8ef1cd92d493ff791afaadf0240b41f9365d69fef012c8b8a04e2a1b67ff651ff621d8c93d1bfda_0"
103-
},
67+
"level": "",
10468
"locations": [
10569
{
10670
"physicalLocation": {
10771
"artifactLocation": {
108-
"uri": "test_file.py",
109-
"uriBaseId": "%SRCROOT%"
72+
"uri": "test_file.py"
11073
},
11174
"region": {
112-
"endColumn": 37,
113-
"endLine": 20,
114-
"snippet": {
115-
"text": " password = \"mysecretpassword123\" # semgrep: python.lang.security.audit.hardcoded-password.hardcoded-password"
116-
},
11775
"startColumn": 5,
11876
"startLine": 20
11977
}
@@ -123,26 +81,17 @@
12381
"message": {
12482
"text": "Hardcoded password detected"
12583
},
126-
"properties": {},
12784
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
12885
},
12986
{
130-
"fingerprints": {
131-
"matchBasedId/v1": "ab899bcac588e9ca6eb62e2f3622c585458008ecbd31be21c538a80b2f34238826af6d34710506d190469ec9e2e6068fd0dc05f2f1e483fcc32dfa5dbce29a11_0"
132-
},
87+
"level": "",
13388
"locations": [
13489
{
13590
"physicalLocation": {
13691
"artifactLocation": {
137-
"uri": "test_file.py",
138-
"uriBaseId": "%SRCROOT%"
92+
"uri": "test_file.py"
13993
},
14094
"region": {
141-
"endColumn": 43,
142-
"endLine": 26,
143-
"snippet": {
144-
"text": " data = b\"cos\\nsystem\\n(S'ls -la'\\ntR.\""
145-
},
14695
"startColumn": 5,
14796
"startLine": 26
14897
}
@@ -152,26 +101,17 @@
152101
"message": {
153102
"text": "Hardcoded password detected"
154103
},
155-
"properties": {},
156104
"ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
157105
},
158106
{
159-
"fingerprints": {
160-
"matchBasedId/v1": "129aec3858c4c532da6214fac11e10c87bc7789d07f1651dc6e82f1d62ccfb29cc6e3fdd44320f3b06bad930ffa2bf454f75d03768ebfc8aed12191cbc3496b7_0"
161-
},
107+
"level": "",
162108
"locations": [
163109
{
164110
"physicalLocation": {
165111
"artifactLocation": {
166-
"uri": "test_file.py",
167-
"uriBaseId": "%SRCROOT%"
112+
"uri": "test_file.py"
168113
},
169114
"region": {
170-
"endColumn": 23,
171-
"endLine": 27,
172-
"snippet": {
173-
"text": " pickle.loads(data) # semgrep: python.lang.security.audit.pickle.avoid-pickle"
174-
},
175115
"startColumn": 5,
176116
"startLine": 27
177117
}
@@ -181,17 +121,18 @@
181121
"message": {
182122
"text": "Unsafe deserialization with pickle"
183123
},
184-
"properties": {},
185124
"ruleId": "codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle"
186125
}
187126
],
188127
"tool": {
189128
"driver": {
129+
"informationUri": "",
190130
"name": "Semgrep OSS",
191131
"rules": null,
192-
"semanticVersion": "1.78.0"
132+
"version": ""
193133
}
194134
}
195135
}
196-
]
197-
}
136+
],
137+
"version": "2.1.0"
138+
}

0 commit comments

Comments
 (0)