Skip to content

Commit

Permalink
Checkov2: Correct reports that onyl return summaries (#7136)
Browse files Browse the repository at this point in the history
  • Loading branch information
Maffooch authored Nov 14, 2022
1 parent e8f9940 commit 145331b
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 44 deletions.
57 changes: 13 additions & 44 deletions dojo/tools/checkov/parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def get_description_for_scan_types(self, scan_type):
return "Import JSON reports of Infrastructure as Code vulnerabilities."

def get_findings(self, json_output, test):
findings = list()
findings = []
if json_output:
deserialized = self.parse_json(json_output)
for tree in deserialized:
Expand Down Expand Up @@ -44,15 +44,13 @@ def parse_json(self, json_output):
except:
raise Exception("Invalid format")

if type(deserialized) is not list:
return [deserialized]
else:
return deserialized
return [deserialized] if type(deserialized) is not list else deserialized

def get_items(self, tree, test, check_type):
items = []

for node in tree['results']['failed_checks']:
failed_checks = tree.get('results', {}).get('failed_checks', [])
for node in failed_checks:
item = get_item(node, test, check_type)
if item:
items.append(item)
Expand All @@ -61,51 +59,22 @@ def get_items(self, tree, test, check_type):


def get_item(vuln, test, check_type):
title = ''
if 'check_name' in vuln:
title = vuln['check_name']
else:
title = 'check_name not found'

description = 'Check Type: {}\n'.format(check_type)
title = vuln['check_name'] if 'check_name' in vuln else 'check_name not found'
description = f'Check Type: {check_type}\n'
if 'check_id' in vuln:
description += 'Check Id: {}\n'.format(vuln['check_id'])
description += f"Check Id: {vuln['check_id']}\n"
if 'check_name' in vuln:
description += '{}\n'.format(vuln['check_name'])

file_path = None
if 'file_path' in vuln:
file_path = vuln['file_path']
description += f"{vuln['check_name']}\n"

file_path = vuln['file_path'] if 'file_path' in vuln else None
source_line = None
if 'file_line_range' in vuln:
lines = vuln['file_line_range']
source_line = lines[0]

resource = None
if 'resource' in vuln:
resource = vuln['resource']

severity = 'Medium'
if 'severity' in vuln:
severity = vuln['severity'].capitalize()

resource = vuln['resource'] if 'resource' in vuln else None
severity = vuln['severity'].capitalize() if 'severity' in vuln else 'Medium'
mitigation = ''

references = ''
if 'guideline' in vuln:
references = vuln['guideline']

finding = Finding(title=title,
test=test,
description=description,
severity=severity,
mitigation=mitigation,
references=references,
file_path=file_path,
line=source_line,
component_name=resource,
static_finding=True,
dynamic_finding=False)

return finding
references = vuln['guideline'] if 'guideline' in vuln else ''
return Finding(title=title, test=test, description=description, severity=severity, mitigation=mitigation, references=references, file_path=file_path, line=source_line, component_name=resource, static_finding=True, dynamic_finding=False)
8 changes: 8 additions & 0 deletions unittests/scans/checkov/checkov2-report-0-vuln.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"passed": 0,
"failed": 0,
"skipped": 0,
"parsingerrors": 0,
"resourcecount": 0,
"checkov_version": "2.1.269"
}
6 changes: 6 additions & 0 deletions unittests/tools/test_checkov_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ def test_parse_file_with_no_vuln_has_no_findings(self):
findings = parser.get_findings(testfile, Test())
self.assertEqual(0, len(findings))

def test_parse_file_with_no_vuln_has_no_findings_v2(self):
testfile = open("unittests/scans/checkov/checkov2-report-0-vuln.json")
parser = CheckovParser()
findings = parser.get_findings(testfile, Test())
self.assertEqual(0, len(findings))

def test_parse_file_with_one_vuln_has_one_finding(self):
testfile = open("unittests/scans/checkov/checkov-report-1-vuln.json")
parser = CheckovParser()
Expand Down

0 comments on commit 145331b

Please sign in to comment.