writer-json-simple: provide csdiff/v1 fingerprints

kdudka · kdudka · commit 83c638d81f41 · 2024-05-03T12:52:09.000+02:00
... when the line content in the `csgrep --embed-context` format is available. Out of the 1783 fingerprints generated for the csgrep regression tests we got 115 collisions, which need to be analyzed. Some of them look undesired as, for example: ``` Error: CERT EXP40-C (CWE-758): wget-1.21.1/src/http.c:256: cert_exp40_c_violation: Casting pointer "value" with type "char const *" to type "void *" allows an object defined with a const-qualified type to be modified through use of an lvalue with non-const-qualified type. # 254| release_header (hdr); # 255| hdr->name = (void *)name; # 256|-> hdr->value = (void *)value; # 257| hdr->release_policy = release_policy; # 258| return; Error: CERT EXP40-C (CWE-758): wget-1.21.1/src/http.c:271: cert_exp40_c_violation: Casting pointer "value" with type "char const *" to type "void *" allows an object defined with a const-qualified type to be modified through use of an lvalue with non-const-qualified type. # 269| hdr = &req->headers[req->hcount++]; # 270| hdr->name = (void *)name; # 271|-> hdr->value = (void *)value; # 272| hdr->release_policy = release_policy; # 273| } ``` Related: #98
diff --git a/src/lib/parser-json-simple.cc b/src/lib/parser-json-simple.cc
@@ -60,6 +60,7 @@ SimpleTreeDecoder::Private::Private(InStream &input):
         "defect_id",
         "events",
         "function",
+        "hash_v1",
         "imp",
         "key_event_idx",
         "language",
diff --git a/src/lib/writer-json-simple.cc b/src/lib/writer-json-simple.cc
@@ -19,6 +19,7 @@
 
 #include "writer-json-simple.hh"
 
+#include "finger-print.hh"
 #include "writer-json-common.hh"
 
 using namespace boost::json;
@@ -83,6 +84,12 @@ void SimpleTreeEncoder::appendDef(const Defect &def)
     if (!def.tool.empty())
         defNode["tool"] = def.tool;
 
+    // encode fingerprint if available
+    const FingerPrinter fp(def);
+    const std::string hash = fp.getHash(FPV_CSDIFF_WITH_LINE_CONTENT);
+    if (!hash.empty())
+        defNode["hash_v1"] = hash;
+
     // encode events
     defNode["key_event_idx"] = def.keyEventIdx;
     defNode["events"] = simpleEncodeEvents(def.events);
diff --git a/tests/csgrep/0036-csgrep-json-stdout.txt b/tests/csgrep/0036-csgrep-json-stdout.txt
@@ -4,6 +4,7 @@
             "checker": "SHELLCHECK_WARNING",
             "language": "shell",
             "tool": "shellcheck",
+            "hash_v1": "b6311c1fdc52c47d4279cd6650af36e6f8299960",
             "key_event_idx": 0,
             "events": [
                 {
diff --git a/tests/csgrep/0069-csfilter-python-build-path-stdout.txt b/tests/csgrep/0069-csfilter-python-build-path-stdout.txt
@@ -28,6 +28,7 @@
             "cwe": 398,
             "function": "_iglob",
             "language": "python",
+            "hash_v1": "554e9b7906f0190923e89202997ef41ff2fb2ff1",
             "key_event_idx": 1,
             "events": [
                 {
diff --git a/tests/csgrep/0070-csparser-included-from-note-stdout.txt b/tests/csgrep/0070-csparser-included-from-note-stdout.txt
@@ -5,6 +5,7 @@
             "cwe": 758,
             "language": "c/c++",
             "tool": "gcc",
+            "hash_v1": "3d6f5aa62d8ec23aa8f96f320fa7cda8d60941f4",
             "key_event_idx": 10,
             "events": [
                 {
@@ -127,6 +128,7 @@
             "cwe": 758,
             "language": "c/c++",
             "tool": "gcc",
+            "hash_v1": "f448f63e387cbc6662221e3efe5f3c13b5f98b4b",
             "key_event_idx": 11,
             "events": [
                 {
diff --git a/tests/csgrep/0086-sarif-parser-stdout.txt b/tests/csgrep/0086-sarif-parser-stdout.txt
@@ -28,6 +28,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "f75915548d17ebc31e35ad7c4f34514688703109",
             "key_event_idx": 0,
             "events": [
                 {
@@ -85,6 +86,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "f751115465d08a034db0c47d3bdda83d544dc285",
             "key_event_idx": 0,
             "events": [
                 {
@@ -142,6 +144,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "ffed405bfb4ef75b9de1588f2ae94661db90cb8f",
             "key_event_idx": 0,
             "events": [
                 {
@@ -199,6 +202,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "b59a6dfe30dd990e93bc2ff51b9a61e1fc3b0926",
             "key_event_idx": 0,
             "events": [
                 {
@@ -256,6 +260,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "2b94655ac88de81e21564d68ba609c967257d460",
             "key_event_idx": 0,
             "events": [
                 {
@@ -313,6 +318,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "3489908a33d71933646018c6af1d99654c12f995",
             "key_event_idx": 0,
             "events": [
                 {
@@ -370,6 +376,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "05bc362f71d27e6caca89cb7eaed08720379622e",
             "key_event_idx": 0,
             "events": [
                 {
@@ -427,6 +434,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "8f8bd8e7bc4b3458dddeb917207831b973ff44d0",
             "key_event_idx": 0,
             "events": [
                 {
@@ -484,6 +492,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "58e1f662e974930637555fd08b0d7bc584eb389c",
             "key_event_idx": 0,
             "events": [
                 {
@@ -541,6 +550,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "1ceac5351bf27c316a7317f1d5ae782890a489ca",
             "key_event_idx": 0,
             "events": [
                 {
@@ -598,6 +608,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "63ae1429f2f7edeea500344b6181c2a426f13b8c",
             "key_event_idx": 0,
             "events": [
                 {
@@ -655,6 +666,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "aac84c26219cc0e4ae0b0e916ea65a0a897ea5cb",
             "key_event_idx": 0,
             "events": [
                 {
@@ -712,6 +724,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "abd11bd54a40383a913a850e6cba5634d404134a",
             "key_event_idx": 0,
             "events": [
                 {
@@ -769,6 +782,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "9afea3c68ec0867020943d0343b5c46fc63cd38a",
             "key_event_idx": 0,
             "events": [
                 {
@@ -826,6 +840,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "7277dca5030b5230bd7279fbd4d2da5d9f2dfd2a",
             "key_event_idx": 0,
             "events": [
                 {
@@ -883,6 +898,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "3a30dc31a50e73377464370e31ef610d45e459e2",
             "key_event_idx": 0,
             "events": [
                 {
@@ -940,6 +956,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "fb0aa5afe7e8d70ebfc6069c2acc185d3c97b941",
             "key_event_idx": 0,
             "events": [
                 {
@@ -997,6 +1014,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "e0c742d03cd6f29e0611b4992b1292dade93ec5c",
             "key_event_idx": 0,
             "events": [
                 {
@@ -1054,6 +1072,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "4184f94fe78777e886108f7cda4b64c1ab380c6a",
             "key_event_idx": 0,
             "events": [
                 {
@@ -1111,6 +1130,7 @@
             "checker": "UNCAUGHT_EXCEPT",
             "cwe": 248,
             "tool": "coverity",
+            "hash_v1": "3ddf218d4bfcbcc00ddb78214866ea90daff11f4",
             "key_event_idx": 0,
             "events": [
                 {
@@ -1168,6 +1188,7 @@
             "checker": "UNINIT_CTOR",
             "cwe": 456,
             "tool": "coverity",
+            "hash_v1": "4b7e4e2caa66077653924005972f710a5cb6d400",
             "key_event_idx": 1,
             "events": [
                 {
@@ -1225,6 +1246,7 @@
             "checker": "UNINIT_CTOR",
             "cwe": 456,
             "tool": "coverity",
+            "hash_v1": "eb2f4311ffbce9e44a3814d2dec6a85853e9992f",
             "key_event_idx": 1,
             "events": [
                 {
diff --git a/tests/csgrep/0088-csparser-cert-c-stdout.txt b/tests/csgrep/0088-csparser-cert-c-stdout.txt
diff --git a/tests/csgrep/0099-csparser-his-metrics-stdout.txt b/tests/csgrep/0099-csparser-his-metrics-stdout.txt
diff --git a/tests/csgrep/0121-cov-parser-lock-evasion-stdout.txt b/tests/csgrep/0121-cov-parser-lock-evasion-stdout.txt

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`"checker": "SHELLCHECK_WARNING",`
`5`	`5`	`"language": "shell",`
`6`	`6`	`"tool": "shellcheck",`
	`7`	`+ "hash_v1": "b6311c1fdc52c47d4279cd6650af36e6f8299960",`
`7`	`8`	`"key_event_idx": 0,`
`8`	`9`	`"events": [`
`9`	`10`	`{`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@`
`28`	`28`	`"cwe": 398,`
`29`	`29`	`"function": "_iglob",`
`30`	`30`	`"language": "python",`
	`31`	`+ "hash_v1": "554e9b7906f0190923e89202997ef41ff2fb2ff1",`
`31`	`32`	`"key_event_idx": 1,`
`32`	`33`	`"events": [`
`33`	`34`	`{`