From 2e7a3f3659759eaec2286c0b52df3b04f54065d7 Mon Sep 17 00:00:00 2001 From: "andrzej.janczak" Date: Fri, 4 Jul 2025 15:51:44 +0200 Subject: [PATCH] fix: sarif output --- .codacy/codacy.yaml | 9 +-- cmd/analyze.go | 9 --- example_1.ts | 60 ++++++++++++++++++ out.txt | 146 ++++++++++++++++++++++++++++++++++++++++++++ req.txt | 0 vul.ts | 20 ++++++ 6 files changed, 229 insertions(+), 15 deletions(-) create mode 100644 example_1.ts create mode 100644 out.txt create mode 100644 req.txt create mode 100644 vul.ts diff --git a/.codacy/codacy.yaml b/.codacy/codacy.yaml index ec91a308..dd18086d 100644 --- a/.codacy/codacy.yaml +++ b/.codacy/codacy.yaml @@ -1,16 +1,13 @@ runtimes: - - dart@3.7.2 - go@1.22.3 - java@17.0.10 - node@22.2.0 - python@3.11.11 tools: - - codacy-enigma-cli@0.0.1-main.8.49310c3 - - dartanalyzer@3.7.2 - - eslint@8.57.0 + - eslint@9.26.0 - lizard@1.17.19 - - pmd@6.55.0 - - pylint@3.3.6 + - pmd@7.11.0 + - pylint@3.3.7 - revive@1.7.0 - semgrep@1.78.0 - trivy@0.59.1 diff --git a/cmd/analyze.go b/cmd/analyze.go index 2f5e1a67..8af70786 100644 --- a/cmd/analyze.go +++ b/cmd/analyze.go @@ -437,13 +437,6 @@ func validatePaths(paths []string) error { return nil } -func validateCloudMode(cliLocalMode bool) error { - if cliLocalMode { - fmt.Println("Warning: cannot run in cloud mode") - } - return nil -} - var analyzeCmd = &cobra.Command{ Use: "analyze", Short: "Analyze code using configured tools", @@ -465,8 +458,6 @@ Supports API token, provider, and repository flags to automatically fetch tool c cliLocalMode := len(initFlags.ApiToken) == 0 - validateCloudMode(cliLocalMode) - var toolsToRun map[string]*plugins.ToolInfo if toolsToAnalyzeParam != "" { diff --git a/example_1.ts b/example_1.ts new file mode 100644 index 00000000..def2c37a --- /dev/null +++ b/example_1.ts @@ -0,0 +1,60 @@ +// vulneravel.ts + +import * as http from 'http'; +import * as url from 'url'; +import * as fs from 'fs'; +import * as mysql from 'mysql'; + +// 1. Exposição de credenciais +const db = mysql.createConnection({ + host: 'localhost', + user: 'root', + password: 'rootpassword', // Credenciais expostas + database: 'test' +}); + +http.createServer((req, res) => { + const parsedUrl = url.parse(req.url || '', true); + const query = parsedUrl.query; + + // 2. Injeção SQL - FIXED: Use parameterized query + const username = query.username; + const sql = `SELECT * FROM users WHERE username = ?`; + db.query(sql, [username], (err, result) => { + if (err) throw err; + + // 3. Exposição de dados sensíveis - FIXED: Filter sensitive fields + const safeResult = result.map((user: any) => { + const { password, ...safeUser } = user; + return safeUser; + }); + res.writeHead(200, { 'Content-Type': 'application/json' }); + res.end(JSON.stringify(safeResult)); // devolve dados sem campos sensíveis + }); + + // 4. Leitura insegura de ficheiros + const file = query.file as string; + fs.readFile('./uploads/' + file, 'utf8', (err, data) => { + if (!err) { + res.write('\n\n' + data); // pode ser usado para leitura arbitrária de ficheiros + } + }); + + // 5. Execução de código arbitrário + if (query.runCode) { + eval(query.runCode as string); // MUITO perigoso + } + +}).listen(8080); + +// 6. Dependência desatualizada (suponha que mysql está vulnerável) + +// 7. Falta de HTTPS (http em vez de https) + +// 8. Nenhuma validação de entrada em nenhuma parte + +// 9. Stack traces revelados com throw err + +// 10. Não existe autenticação nem controlo de acessos + +console.log('Servidor inseguro a correr em http://localhost:8080'); diff --git a/out.txt b/out.txt new file mode 100644 index 00000000..b3f96428 --- /dev/null +++ b/out.txt @@ -0,0 +1,146 @@ +Warning: cannot run in cloud mode +{ + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "invocations": [ + { + "executionSuccessful": true, + "toolExecutionNotifications": [] + } + ], + "results": [], + "tool": { + "driver": { + "name": "Semgrep OSS", + "rules": null, + "semanticVersion": "1.78.0" + } + } + }, + { + "columnKind": "utf16CodeUnits", + "originalUriBaseIds": { + "ROOTPATH": { + "uri": "file:///Users/czak/GIT/codacy/codacy-cli-v2/example_1.ts/" + } + }, + "results": [], + "tool": { + "driver": { + "fullName": "Trivy Vulnerability Scanner", + "informationUri": "https://github.com/aquasecurity/trivy", + "name": "Trivy", + "rules": null, + "version": "0.59.1" + } + } + }, + { + "artifacts": [ + { + "location": { + "uri": "file:///Users/czak/GIT/codacy/codacy-cli-v2/example_1.ts" + } + } + ], + "invocations": [ + { + "executionSuccessful": true, + "toolConfigurationNotifications": [ + { + "descriptor": { + "id": "ESL0999" + }, + "level": "warning", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "index": 0, + "uri": "file:///Users/czak/GIT/codacy/codacy-cli-v2/example_1.ts" + } + } + } + ], + "message": { + "text": "File ignored because no matching configuration was supplied." + } + } + ] + } + ], + "results": [], + "tool": { + "driver": { + "informationUri": "https://eslint.org", + "name": "ESLint", + "rules": null, + "version": "9.26.0" + } + } + }, + { + "results": [ + { + "level": "error", + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "example_1.ts" + }, + "region": { + "startColumn": 1, + "startLine": 1 + } + } + } + ], + "message": { + "text": "Parsing failed: 'invalid syntax (example_1, line 1)'" + }, + "ruleId": "syntax-error" + } + ], + "tool": { + "driver": { + "informationUri": "https://pylint.org", + "name": "Pylint", + "rules": null, + "version": "3.3.6" + } + } + }, + { + "results": [ + { + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "example_1.ts" + }, + "region": { + "startColumn": 1, + "startLine": 3 + } + } + } + ], + "message": { + "text": "invalid file example_1.ts: example_1.ts:3:1: expected 'package', found 'import' (and 4 more errors)" + } + } + ], + "tool": { + "driver": { + "informationUri": "https://github.com/mgechev/revive", + "name": "revive", + "rules": null + } + } + } + ], + "version": "2.1.0" +} diff --git a/req.txt b/req.txt new file mode 100644 index 00000000..e69de29b diff --git a/vul.ts b/vul.ts new file mode 100644 index 00000000..7c71bb80 --- /dev/null +++ b/vul.ts @@ -0,0 +1,20 @@ + + + // 5. Execução de código arbitrário + if (query.runCode) { + eval(query.runCode as string); // MUITO perigoso + } + +}).listen(8080); + +// 6. Dependência desatualizada (suponha que mysql está vulnerável) + +// 7. Falta de HTTPS (http em vez de https) + +// 8. Nenhuma validação de entrada em nenhuma parte + +// 9. Stack traces revelados com throw err + +// 10. Não existe autenticação nem controlo de acessos + +console.log('Servidor inseguro a correr em http://localhost:8080'); \ No newline at end of file