Skip to content

Commit 5ad571c

Browse files
kdudkakdudka
committed
writer-json-sarif: encode code snippets for DefectDojo
... in the same way as Snyk Code encodes them Fixes: #124 Closes: #127
1 parent b5df1f6 commit 5ad571c

File tree

3 files changed

+128
-25
lines changed

3 files changed

+128
-25
lines changed

Diff for: src/lib/writer-json-sarif.cc

+38-3
Original file line numberDiff line numberDiff line change
@@ -258,6 +258,27 @@ static void sarifEncodeEvt(array *pDst, const Defect &def, unsigned idx)
258258
pDst->push_back(std::move(tfLoc));
259259
}
260260

261+
void sarifEncodeSnippet(object &reg, const std::string &msg)
262+
{
263+
// check whether the "snippet" node already exists
264+
value &valSnip = reg["snippet"];
265+
if (!valSnip.is_object()) {
266+
// create the "text" node containing the header line
267+
valSnip.emplace_object() = {
268+
{ "text", "Problem detected in this context:" }
269+
};
270+
}
271+
272+
// reuse the existing "snippet/text" nodes
273+
string &strSnip = valSnip.get_object()["text"].get_string();
274+
275+
// use new-line as delimiter
276+
strSnip += "\n";
277+
278+
// concatenate the snippet from this event
279+
strSnip += msg;
280+
}
281+
261282
void SarifTreeEncoder::appendDef(const Defect &def)
262283
{
263284
const DefEvent &keyEvt = def.events[def.keyEventIdx];
@@ -293,16 +314,30 @@ void SarifTreeEncoder::appendDef(const Defect &def)
293314
sarifEncodeLoc(&loc, def, def.keyEventIdx);
294315
result["locations"] = array{std::move(loc)};
295316

317+
// resolve key event region
318+
value &valLoc = result["locations"].get_array().front();
319+
value &valPhy = valLoc.get_object()["physicalLocation"];
320+
object &reg = valPhy.get_object()["region"].get_object();
321+
296322
// key msg
297323
sarifEncodeMsg(&result, keyEvt.msg);
298324

299325
// other events
300326
array flowLocs, relatedLocs;
301327
for (unsigned i = 0; i < def.events.size(); ++i) {
302-
if (def.events[i].event == "#")
303-
sarifEncodeComment(&relatedLocs, def, i);
304-
else
328+
const DefEvent &evt = def.events[i];
329+
if (evt.event != "#") {
330+
// regular event
305331
sarifEncodeEvt(&flowLocs, def, i);
332+
continue;
333+
}
334+
335+
if (ctxEvtDetetor_.isAnyCtxLine(evt))
336+
// code snippet
337+
sarifEncodeSnippet(reg, evt.msg);
338+
339+
// any comment
340+
sarifEncodeComment(&relatedLocs, def, i);
306341
}
307342

308343
// codeFlows

Diff for: src/lib/writer-json-sarif.hh

+2
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
#define H_GUARD_WRITER_JSON_SARIF_H
2222

2323
#include "abstract-tree.hh"
24+
#include "writer.hh" // for CtxEventDetector
2425

2526
#include <boost/json.hpp>
2627

@@ -54,6 +55,7 @@ class SarifTreeEncoder: public AbstractTreeEncoder {
5455
TScanProps scanProps_;
5556
boost::json::object driver_;
5657
boost::json::array results_;
58+
CtxEventDetector ctxEvtDetetor_;
5759
};
5860

5961
#endif /* H_GUARD_WRITER_JSON_SARIF_H */

Diff for: tests/csgrep/0085-sarif-writer-stdout.txt

+88-22
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,10 @@
7575
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
7676
},
7777
"region": {
78-
"startLine": 30
78+
"startLine": 30,
79+
"snippet": {
80+
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
81+
}
7982
}
8083
}
8184
}
@@ -219,7 +222,10 @@
219222
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
220223
},
221224
"region": {
222-
"startLine": 30
225+
"startLine": 30,
226+
"snippet": {
227+
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
228+
}
223229
}
224230
}
225231
}
@@ -363,7 +369,10 @@
363369
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
364370
},
365371
"region": {
366-
"startLine": 30
372+
"startLine": 30,
373+
"snippet": {
374+
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
375+
}
367376
}
368377
}
369378
}
@@ -507,7 +516,10 @@
507516
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csdiff.cc"
508517
},
509518
"region": {
510-
"startLine": 30
519+
"startLine": 30,
520+
"snippet": {
521+
"text": "Problem detected in this context:\n 28| #include <boost/program_options.hpp>\n 29| \n 30|-> int main(int argc, char *argv[])\n 31| {\n 32| using std::string;"
522+
}
511523
}
512524
}
513525
}
@@ -651,7 +663,10 @@
651663
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
652664
},
653665
"region": {
654-
"startLine": 563
666+
"startLine": 563,
667+
"snippet": {
668+
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
669+
}
655670
}
656671
}
657672
}
@@ -795,7 +810,10 @@
795810
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
796811
},
797812
"region": {
798-
"startLine": 563
813+
"startLine": 563,
814+
"snippet": {
815+
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
816+
}
799817
}
800818
}
801819
}
@@ -939,7 +957,10 @@
939957
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csgrep.cc"
940958
},
941959
"region": {
942-
"startLine": 563
960+
"startLine": 563,
961+
"snippet": {
962+
"text": "Problem detected in this context:\n 561| }\n 562| \n 563|-> int main(int argc, char *argv[])\n 564| {\n 565| using std::string;"
963+
}
943964
}
944965
}
945966
}
@@ -1083,7 +1104,10 @@
10831104
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cshtml.cc"
10841105
},
10851106
"region": {
1086-
"startLine": 54
1107+
"startLine": 54,
1108+
"snippet": {
1109+
"text": "Problem detected in this context:\n 52| }\n 53| \n 54|-> int main(int argc, char *argv[])\n 55| {\n 56| using std::string;"
1110+
}
10871111
}
10881112
}
10891113
}
@@ -1227,7 +1251,10 @@
12271251
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cshtml.cc"
12281252
},
12291253
"region": {
1230-
"startLine": 54
1254+
"startLine": 54,
1255+
"snippet": {
1256+
"text": "Problem detected in this context:\n 52| }\n 53| \n 54|-> int main(int argc, char *argv[])\n 55| {\n 56| using std::string;"
1257+
}
12311258
}
12321259
}
12331260
}
@@ -1371,7 +1398,10 @@
13711398
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
13721399
},
13731400
"region": {
1374-
"startLine": 152
1401+
"startLine": 152,
1402+
"snippet": {
1403+
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
1404+
}
13751405
}
13761406
}
13771407
}
@@ -1515,7 +1545,10 @@
15151545
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
15161546
},
15171547
"region": {
1518-
"startLine": 152
1548+
"startLine": 152,
1549+
"snippet": {
1550+
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
1551+
}
15191552
}
15201553
}
15211554
}
@@ -1659,7 +1692,10 @@
16591692
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
16601693
},
16611694
"region": {
1662-
"startLine": 152
1695+
"startLine": 152,
1696+
"snippet": {
1697+
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
1698+
}
16631699
}
16641700
}
16651701
}
@@ -1803,7 +1839,10 @@
18031839
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
18041840
},
18051841
"region": {
1806-
"startLine": 152
1842+
"startLine": 152,
1843+
"snippet": {
1844+
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
1845+
}
18071846
}
18081847
}
18091848
}
@@ -1947,7 +1986,10 @@
19471986
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cslinker.cc"
19481987
},
19491988
"region": {
1950-
"startLine": 152
1989+
"startLine": 152,
1990+
"snippet": {
1991+
"text": "Problem detected in this context:\n 150| }\n 151| \n 152|-> int main(int argc, char *argv[])\n 153| {\n 154| using std::string;"
1992+
}
19511993
}
19521994
}
19531995
}
@@ -2091,7 +2133,10 @@
20912133
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
20922134
},
20932135
"region": {
2094-
"startLine": 161
2136+
"startLine": 161,
2137+
"snippet": {
2138+
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
2139+
}
20952140
}
20962141
}
20972142
}
@@ -2235,7 +2280,10 @@
22352280
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
22362281
},
22372282
"region": {
2238-
"startLine": 161
2283+
"startLine": 161,
2284+
"snippet": {
2285+
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
2286+
}
22392287
}
22402288
}
22412289
}
@@ -2379,7 +2427,10 @@
23792427
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cssort.cc"
23802428
},
23812429
"region": {
2382-
"startLine": 161
2430+
"startLine": 161,
2431+
"snippet": {
2432+
"text": "Problem detected in this context:\n 159| }\n 160| \n 161|-> int main(int argc, char *argv[])\n 162| {\n 163| using std::string;"
2433+
}
23832434
}
23842435
}
23852436
}
@@ -2523,7 +2574,10 @@
25232574
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
25242575
},
25252576
"region": {
2526-
"startLine": 300
2577+
"startLine": 300,
2578+
"snippet": {
2579+
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
2580+
}
25272581
}
25282582
}
25292583
}
@@ -2667,7 +2721,10 @@
26672721
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
26682722
},
26692723
"region": {
2670-
"startLine": 300
2724+
"startLine": 300,
2725+
"snippet": {
2726+
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
2727+
}
26712728
}
26722729
}
26732730
}
@@ -2811,7 +2868,10 @@
28112868
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/cstrans-df-run.cc"
28122869
},
28132870
"region": {
2814-
"startLine": 300
2871+
"startLine": 300,
2872+
"snippet": {
2873+
"text": "Problem detected in this context:\n 298| }\n 299| \n 300|-> int main(int argc, char *argv[])\n 301| {\n 302| // used also in diagnostic messages"
2874+
}
28152875
}
28162876
}
28172877
}
@@ -2955,7 +3015,10 @@
29553015
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/csv-parser.cc"
29563016
},
29573017
"region": {
2958-
"startLine": 36
3018+
"startLine": 36,
3019+
"snippet": {
3020+
"text": "Problem detected in this context:\n 34| d(new Private)\n 35| {\n 36|-> }\n 37| \n 38| AbstractCsvParser::~AbstractCsvParser()"
3021+
}
29593022
}
29603023
}
29613024
}
@@ -3099,7 +3162,10 @@
30993162
"uri": "csdiff-2.3.0.20220405.151039.gdb041e9.sarif/src/json-writer.cc"
31003163
},
31013164
"region": {
3102-
"startLine": 347
3165+
"startLine": 347,
3166+
"snippet": {
3167+
"text": "Problem detected in this context:\n 345| str(str_)\n 346| {\n 347|-> }\n 348| };\n 349| "
3168+
}
31033169
}
31043170
}
31053171
}

0 commit comments

Comments
 (0)