Skip to content

Commit

Permalink
Merge pull request #826 from coinbase/severity_cleanup
Browse files Browse the repository at this point in the history
3.2.5 Ensure Semgrep and pattern search include severity in SARIF
  • Loading branch information
joshuaostrom-cb authored Mar 23, 2023
2 parents a868ce8 + ddd7e25 commit e927762
Show file tree
Hide file tree
Showing 12 changed files with 52 additions and 11 deletions.
2 changes: 1 addition & 1 deletion lib/salus.rb
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
require 'salus/scanner_types'

module Salus
VERSION = '3.2.4'.freeze
VERSION = '3.2.5'.freeze
DEFAULT_REPO_PATH = './repo'.freeze # This is inside the docker container at /home/repo.
DEFAULT_REPORT_FILTER = 'all'.freeze
NONE_REPORT_FILTER = 'none'.freeze
Expand Down
3 changes: 2 additions & 1 deletion lib/sarif/pattern_search_sarif.rb
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,8 @@ def parse_issue(issue)
uri: url_info[0],
help_url: PATTERN_SEARCH_URI,
code: issue[:hit],
properties: { severity: "HIGH" }
properties: { severity: "HIGH" },
messageStrings: { "severity": { "text": "HIGH" } }
}
end

Expand Down
3 changes: 2 additions & 1 deletion lib/sarif/semgrep_sarif.rb
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,8 @@ def parse_hit(hit)
code: code,
rule: "Pattern: #{hit[:pattern]}\nMessage: #{hit[:msg]}",
properties: { 'severity': hit[:severity] },
messageStrings: { "cwe": { "text": cwes.to_s } }
messageStrings: { "cwe": { "text": cwes.to_s },
"severity": { "text": hit[:severity].to_s } }
}
rescue StandardError => e
bugsnag_notify(e.message)
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/integration/expected_report.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "3.2.4",
"version": "3.2.5",
"passed": true,
"running_time": 0.0,
"scans": {
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/processor/local_uri/expected_report.json
Original file line number Diff line number Diff line change
Expand Up @@ -254,5 +254,5 @@
}
}
},
"version": "3.2.4"
"version": "3.2.5"
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "3.2.4",
"version": "3.2.5",
"passed": true,
"running_time": 0.0,
"scans": {
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/processor/remote_uri/expected_report.json
Original file line number Diff line number Diff line change
Expand Up @@ -254,5 +254,5 @@
}
}
},
"version": "3.2.4"
"version": "3.2.5"
}
36 changes: 36 additions & 0 deletions spec/fixtures/sarifs/diff/git_diff_yarn.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
diff --git a/yarn.lock b/yarn.lock
index 06e7d3ba9ef..e3f8fbb5889 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -10599,10 +10599,10 @@ base64-arraybuffer@^0.2.0:
resolved "https://registry-npm.com/base64-arraybuffer/-/base64-arraybuffer-0.2.0.tgz#4b944fac0191aa5907afe2d8c999ccc57ce80f45"
integrity sha512-7emyCsu1/xiBXgQZrscw/8KPRT44I4Yq9Pe6EGs3aPRTsWuggML1/1DTuZUuIaJPIm1FTDUVXl4x/yW8s0kQDQ==

[email protected]:
- version "2.5.1"
- resolved "https://registry.yarnpkg.com/jspdf/-/jspdf-2.5.1.tgz#00c85250abf5447a05f3b32ab9935ab4a56592cc"
- integrity sha512-hXObxz7ZqoyhxET78+XR34Xu2qFGrJJ2I2bE5w4SM8eFaFEkW2xcGRVUss360fYelwRSid/jT078kbNvmoW0QA==
[email protected]:
+ version "2.3.1"
+ resolved "https://registry-npm.com/jspdf/-/jspdf-2.3.1.tgz#313d117234b546469694a1fd81a1e02411647576"
+ integrity sha512-1vp0USP1mQi1h7NKpwxjFgQkJ5ncZvtH858aLpycUc/M+r/RpWJT8PixAU7Cw/3fPd4fpC8eB/Bj42LnsR21YQ==
dependencies:
- "@babel/runtime" "^7.14.0"
atob "^2.1.2"
btoa "^1.2.1"
fflate "^0.4.8"
@@ -31897,12 +31889,12 @@ [email protected]:
resolved "https://registry-npm.com/text-encoding/-/text-encoding-0.7.0.tgz#f895e836e45990624086601798ea98e8f36ee643"
integrity sha512-oJQ3f1hrOnbRLOcwKz0Liq2IcrvDeZRHXhd9RgLrsT+DjWY/nty1Hi7v3dtkaEYbPYe0mUoOfzRrMwfXXwgPUA==

-text-segmentation@^1.0.2, text-segmentation@^1.0.3:
- version "1.0.3"
- resolved "https://registry.yarnpkg.com/text-segmentation/-/text-segmentation-1.0.3.tgz#52a388159efffe746b24a63ba311b6ac9f2d7943"
- integrity sha512-iOiPUo/BGnZ6+54OsWxZidGCsdU8YbE4PSpdPinp7DeMtUJNJBoJ/ouUSTJjHkh1KntHaltHl/gDs2FC4i5+Nw==
+text-segmentation@^1.0.2:
+ version "1.0.2"
+ resolved "https://registry-npm.com/text-segmentation/-/text-segmentation-1.0.2.tgz#1f828fa14aa101c114ded1bda35ba7dcc17c9858"
+ integrity sha512-uTqvLxdBrVnx/CFQOtnf8tfzSXFm+1Qxau7Xi54j4OPTZokuDOX8qncQzrg2G8ZicAMOM8TgzFAYTb+AqNO4Cw==
dependencies:
- utrie "^1.0.2"
+ utrie "^1.0.1"
2 changes: 1 addition & 1 deletion spec/fixtures/sorted_results/sorted_json.json
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,5 @@
}
}
},
"version": "3.2.4"
"version": "3.2.5"
}
2 changes: 1 addition & 1 deletion spec/fixtures/sorted_results/sorted_yaml.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,4 @@
col: 1
line: 3
:type: Syntax error
:version: 3.2.4
:version: 3.2.5
4 changes: 3 additions & 1 deletion spec/lib/sarif/pattern_search_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
report = adapter.build_runs_object(true)
rules = report['tool'][:driver]['rules']
results = report['results']

expect(results).to include(
{
"ruleId": "Forbidden Pattern Found",
Expand Down Expand Up @@ -69,14 +70,15 @@
}
)
doc = "https://github.com/coinbase/salus/blob/master/docs/scanners/pattern_search.md"

expect(rules).to include(
{
"id": "Forbidden Pattern Found",
"name": "Forbidden Pattern Found",
"messageStrings": { "severity": { "text": "HIGH" } },
"fullDescription": {
"text": "not important string. Pattern Nerv is forbidden."
},
"messageStrings": {},
"helpUri": doc,
"help": {
"text": "More info: #{doc}",
Expand Down
3 changes: 2 additions & 1 deletion spec/lib/sarif/semgrep_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@
"help" => { "markdown" => "[More info](https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md).", "text" => "More info: https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md" },
"helpUri" => "https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md",
"id" => "semgrep-eqeq-test",
"messageStrings" => { "cwe" => { "text" => "[\"CWE-676: Use of Potentially Dangerous Function\"]" } },
"messageStrings" => { "cwe" => { "text" => "[\"CWE-676: Use of Potentially Dangerous Function\"]" },
"severity" => { "text" => "WARNING" } },
"name" => " / user.id == user.id is always true\n\trule_id: semgrep-eqeq-test Forbidden Pattern Found" }])
# rubocop:enable Layout/LineLength
end
Expand Down

0 comments on commit e927762

Please sign in to comment.