Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add fingerprint field to simple json format #169

Merged
merged 3 commits into from
Sep 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions formats/sarifutils/sarifutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package sarifutils

import (
"fmt"
"github.com/jfrog/jfrog-cli-security/utils/jasutils"
"path/filepath"
"strings"

Expand Down Expand Up @@ -419,3 +420,12 @@ func GetRulesPropertyCount(property, value string, runs ...*sarif.Run) (count in
}
return
}

func GetResultFingerprint(result *sarif.Result) string {
if result.Fingerprints != nil {
if value, ok := result.Fingerprints[jasutils.SastFingerprintKey].(string); ok {
return value
}
}
return ""
}
28 changes: 28 additions & 0 deletions formats/sarifutils/sarifutils_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package sarifutils

import (
"github.com/jfrog/jfrog-cli-security/utils/jasutils"
"path/filepath"
"testing"

Expand Down Expand Up @@ -615,3 +616,30 @@ func TestGetInvocationWorkingDirectory(t *testing.T) {
assert.Equal(t, test.expectedOutput, GetInvocationWorkingDirectory(test.invocation))
}
}

func TestGetResultFingerprint(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where can we add a test of same finding, in same file - and have two different fingerprints?
(here or https://github.com/jfrog/frogbot/pull/748/files)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will add it to frogbot integration tests

tests := []struct {
name string
result *sarif.Result
expectedOutput string
}{
{
name: "No results",
result: &sarif.Result{},
expectedOutput: "",
},
{
name: "Empty fingerprint field in the result",
result: CreateResultWithLocations("msg", "rule", "level"),
expectedOutput: "",
},
{
name: "Results with fingerprint field",
result: CreateDummyResultWithFingerprint("some_markdown", "masg", jasutils.SastFingerprintKey, "sast_fingerprint"),
expectedOutput: "sast_fingerprint",
},
}
for _, test := range tests {
assert.Equal(t, test.expectedOutput, GetResultFingerprint(test.result))
}
}
4 changes: 3 additions & 1 deletion formats/sarifutils/test_sarifutils.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package sarifutils

import "github.com/owenrumney/go-sarif/v2/sarif"
import (
"github.com/owenrumney/go-sarif/v2/sarif"
)

func CreateRunWithDummyResultsInWd(wd string, results ...*sarif.Result) *sarif.Run {
return createRunWithDummyResults("", results...).WithInvocations([]*sarif.Invocation{sarif.NewInvocation().WithWorkingDirectory(sarif.NewSimpleArtifactLocation(wd))})
Expand Down
1 change: 1 addition & 0 deletions formats/simplejsonapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ type SourceCodeRow struct {
SeverityDetails
Location
Finding string `json:"finding,omitempty"`
Fingerprint string `json:"fingerprint,omitempty"`
ScannerDescription string `json:"scannerDescription,omitempty"`
CodeFlow [][]Location `json:"codeFlow,omitempty"`
}
Expand Down
2 changes: 2 additions & 0 deletions utils/jasutils/jasutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ const (
NotScanned ApplicabilityStatus = ""
)

const SastFingerprintKey = "precise_sink_and_sink_function"

func (as ApplicabilityStatus) String() string {
return string(as)
}
Expand Down
3 changes: 3 additions & 0 deletions utils/resultstable.go
Original file line number Diff line number Diff line change
Expand Up @@ -356,6 +356,7 @@ func prepareSecrets(secrets []*sarif.Run, isTable bool) []formats.SourceCodeRow
formats.SourceCodeRow{
SeverityDetails: severityutils.GetAsDetails(currSeverity, jasutils.Applicable, isTable),
Finding: sarifutils.GetResultMsgText(secretResult),
Fingerprint: sarifutils.GetResultFingerprint(secretResult),
Location: formats.Location{
File: sarifutils.GetRelativeLocationFileName(location, secretRun.Invocations),
StartLine: sarifutils.GetLocationStartLine(location),
Expand Down Expand Up @@ -410,6 +411,7 @@ func prepareIacs(iacs []*sarif.Run, isTable bool) []formats.SourceCodeRow {
formats.SourceCodeRow{
SeverityDetails: severityutils.GetAsDetails(currSeverity, jasutils.Applicable, isTable),
Finding: sarifutils.GetResultMsgText(iacResult),
Fingerprint: sarifutils.GetResultFingerprint(iacResult),
ScannerDescription: scannerDescription,
Location: formats.Location{
File: sarifutils.GetRelativeLocationFileName(location, iacRun.Invocations),
Expand Down Expand Up @@ -466,6 +468,7 @@ func prepareSast(sasts []*sarif.Run, isTable bool) []formats.SourceCodeRow {
SeverityDetails: severityutils.GetAsDetails(currSeverity, jasutils.Applicable, isTable),
ScannerDescription: scannerDescription,
Finding: sarifutils.GetResultMsgText(sastResult),
Fingerprint: sarifutils.GetResultFingerprint(sastResult),
orz25 marked this conversation as resolved.
Show resolved Hide resolved
Location: formats.Location{
File: sarifutils.GetRelativeLocationFileName(location, sastRun.Invocations),
StartLine: sarifutils.GetLocationStartLine(location),
Expand Down
Loading