Skip to content

Commit

Permalink
writer-json-sarif: encode code snippets for DefectDojo
Browse files Browse the repository at this point in the history 
... in the same way as Snyk Code encodes them

Fixes: #124
Closes: #127
  • Loading branch information
@kdudka
kdudka committed Apr 20, 2023
1 parent b5df1f6 commit 5ad571c
Show file tree
Hide file tree
Showing 3 changed files with 128 additions and 25 deletions.
41 changes: 38 additions & 3 deletions src/lib/writer-json-sarif.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,27 @@ static void sarifEncodeEvt(array *pDst, const Defect &def, unsigned idx)
pDst->push_back(std::move(tfLoc));
}

void sarifEncodeSnippet(object &reg, const std::string &msg)
{
// check whether the "snippet" node already exists
value &valSnip = reg["snippet"];
if (!valSnip.is_object()) {
// create the "text" node containing the header line
valSnip.emplace_object() = {
{ "text", "Problem detected in this context:" }
};
}

// reuse the existing "snippet/text" nodes
string &strSnip = valSnip.get_object()["text"].get_string();

// use new-line as delimiter
strSnip += "\n";

// concatenate the snippet from this event
strSnip += msg;
}

void SarifTreeEncoder::appendDef(const Defect &def)
{
const DefEvent &keyEvt = def.events[def.keyEventIdx];
Expand Down Expand Up @@ -293,16 +314,30 @@ void SarifTreeEncoder::appendDef(const Defect &def)
sarifEncodeLoc(&loc, def, def.keyEventIdx);
result["locations"] = array{std::move(loc)};

// resolve key event region
value &valLoc = result["locations"].get_array().front();
value &valPhy = valLoc.get_object()["physicalLocation"];
object &reg = valPhy.get_object()["region"].get_object();

// key msg
sarifEncodeMsg(&result, keyEvt.msg);

// other events
array flowLocs, relatedLocs;
for (unsigned i = 0; i < def.events.size(); ++i) {
if (def.events[i].event == "#")
sarifEncodeComment(&relatedLocs, def, i);
else
const DefEvent &evt = def.events[i];
if (evt.event != "#") {
// regular event
sarifEncodeEvt(&flowLocs, def, i);
continue;
}

if (ctxEvtDetetor_.isAnyCtxLine(evt))
// code snippet
sarifEncodeSnippet(reg, evt.msg);

// any comment
sarifEncodeComment(&relatedLocs, def, i);
}

// codeFlows
Expand Down
2 changes: 2 additions & 0 deletions src/lib/writer-json-sarif.hh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
#define H_GUARD_WRITER_JSON_SARIF_H

#include "abstract-tree.hh"
#include "writer.hh" // for CtxEventDetector

#include <boost/json.hpp>

Expand Down Expand Up @@ -54,6 +55,7 @@ class SarifTreeEncoder: public AbstractTreeEncoder {
TScanProps scanProps_;
boost::json::object driver_;
boost::json::array results_;
CtxEventDetector ctxEvtDetetor_;
};

#endif /* H_GUARD_WRITER_JSON_SARIF_H */
110 changes: 88 additions & 22 deletions tests/csgrep/0085-sarif-writer-stdout.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
},
"region": {
"startLine": 30
"startLine": 30,
"snippet": {
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -219,7 +222,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
},
"region": {
"startLine": 30
"startLine": 30,
"snippet": {
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -363,7 +369,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
},
"region": {
"startLine": 30
"startLine": 30,
"snippet": {
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -507,7 +516,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
},
"region": {
"startLine": 30
"startLine": 30,
"snippet": {
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -651,7 +663,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
},
"region": {
"startLine": 563
"startLine": 563,
"snippet": {
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -795,7 +810,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
},
"region": {
"startLine": 563
"startLine": 563,
"snippet": {
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -939,7 +957,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
},
"region": {
"startLine": 563
"startLine": 563,
"snippet": {
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1083,7 +1104,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cshtml.cc"
},
"region": {
"startLine": 54
"startLine": 54,
"snippet": {
"text": "Problem detected in this context:\n 52| }\n 53| \n 54|-> int main(int argc, char *argv[])\n 55| {\n 56| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1227,7 +1251,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cshtml.cc"
},
"region": {
"startLine": 54
"startLine": 54,
"snippet": {
"text": "Problem detected in this context:\n 52| }\n 53| \n 54|-> int main(int argc, char *argv[])\n 55| {\n 56| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1371,7 +1398,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
},
"region": {
"startLine": 152
"startLine": 152,
"snippet": {
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1515,7 +1545,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
},
"region": {
"startLine": 152
"startLine": 152,
"snippet": {
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1659,7 +1692,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
},
"region": {
"startLine": 152
"startLine": 152,
"snippet": {
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1803,7 +1839,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
},
"region": {
"startLine": 152
"startLine": 152,
"snippet": {
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -1947,7 +1986,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
},
"region": {
"startLine": 152
"startLine": 152,
"snippet": {
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -2091,7 +2133,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
},
"region": {
"startLine": 161
"startLine": 161,
"snippet": {
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -2235,7 +2280,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
},
"region": {
"startLine": 161
"startLine": 161,
"snippet": {
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -2379,7 +2427,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
},
"region": {
"startLine": 161
"startLine": 161,
"snippet": {
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
}
}
}
}
Expand Down Expand Up @@ -2523,7 +2574,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
},
"region": {
"startLine": 300
"startLine": 300,
"snippet": {
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
}
}
}
}
Expand Down Expand Up @@ -2667,7 +2721,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
},
"region": {
"startLine": 300
"startLine": 300,
"snippet": {
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
}
}
}
}
Expand Down Expand Up @@ -2811,7 +2868,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
},
"region": {
"startLine": 300
"startLine": 300,
"snippet": {
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
}
}
}
}
Expand Down Expand Up @@ -2955,7 +3015,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csv-parser.cc"
},
"region": {
"startLine": 36
"startLine": 36,
"snippet": {
"text": "Problem detected in this context:\n 34| d(new Private)\n 35| {\n 36|-> }\n 37| \n 38| AbstractCsvParser::~AbstractCsvParser()"
}
}
}
}
Expand Down Expand Up @@ -3099,7 +3162,10 @@
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/json-writer.cc"
},
"region": {
"startLine": 347
"startLine": 347,
"snippet": {
"text": "Problem detected in this context:\n 345| str(str_)\n 346| {\n 347|-> }\n 348| };\n 349| "
}
}
}
}
Expand Down

0 comments on commit 5ad571c

Please sign in to comment.