Skip to content

Commit

Permalink
Use a stable SARIF identifier (aquasecurity#1230)
Browse files Browse the repository at this point in the history
  • Loading branch information
simon-engledew authored Nov 11, 2021
1 parent 5915ffb commit 33f74b3
Show file tree
Hide file tree
Showing 4 changed files with 167 additions and 285 deletions.
74 changes: 36 additions & 38 deletions contrib/sarif.tpl
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
{{- $rules := makeRuleMap }}
"runs": [
{
"tool": {
Expand All @@ -14,42 +15,39 @@
{{- range $result := . }}
{{- $vulnerabilityType := .Type }}
{{- range .Vulnerabilities -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"id": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
"name": "{{ toSarifRuleName $vulnerabilityType }}",
"shortDescription": {
"text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }}
},
"fullDescription": {
"text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
},
"defaultConfiguration": {
"level": "{{ toSarifErrorLevel .Vulnerability.Severity }}"
}
{{- with $help_uri := .PrimaryURL -}}
,
{{ $help_uri | printf "\"helpUri\": %q," -}}
{{- else -}}
,
{{- end }}
"help": {
"text": {{ printf "Vulnerability %v\nSeverity: %v\nPackage: %v\nInstalled Version: %v\nFixed Version: %v\nLink: [%v](%v)" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}},
"markdown": {{ printf "**Vulnerability %v**\n| Severity | Package | Installed Version | Fixed Version | Link |\n| --- | --- | --- | --- | --- |\n|%v|%v|%v|%v|[%v](%v)|\n" .VulnerabilityID .Vulnerability.Severity .PkgName .InstalledVersion .FixedVersion .VulnerabilityID .PrimaryURL | printf "%q"}}
},
"properties": {
"tags": [
"vulnerability",
"{{ .Vulnerability.Severity }}",
{{ .PkgName | printf "%q" }}
],
"precision": "very-high"
}
}
{{- if indexRule $rules .VulnerabilityID -}}
{{- if $t_first -}}
{{- $t_first = false -}}
{{ else -}}
,
{{- end }}
{
"id": {{ .VulnerabilityID | toJson }},
"name": "{{ toSarifRuleName $vulnerabilityType }}",
"shortDescription": {
"text": {{ .VulnerabilityID | toJson }}
},
"fullDescription": {
"text": {{ endWithPeriod (escapeString .Title) | printf "%q" }}
},
"defaultConfiguration": {
"level": "{{ toSarifErrorLevel .Vulnerability.Severity }}"
}
{{- with $help_uri := .PrimaryURL -}}
,
{{ $help_uri | printf "\"helpUri\": %q," -}}
{{- else -}}
,
{{- end }}
"properties": {
"tags": [
"vulnerability",
"{{ .Vulnerability.Severity }}"
],
"precision": "very-high"
}
}
{{- end -}}
{{- end -}}
{{- end -}}
]
Expand All @@ -66,8 +64,8 @@
,
{{- end }}
{
"ruleId": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
"ruleIndex": {{ $index }},
"ruleId": {{ .VulnerabilityID | toJson }},
"ruleIndex": {{ index $rules .VulnerabilityID }},
"level": "{{ toSarifErrorLevel $vulnerability.Vulnerability.Severity }}",
"message": {
"text": {{ endWithPeriod (escapeString $vulnerability.Description) | printf "%q" }}
Expand Down
Loading

0 comments on commit 33f74b3

Please sign in to comment.