From cf71c9539cf3a59126aba8b572d1fe1dd4f9670f Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Thu, 23 Dec 2021 11:06:02 -0800 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20details=20to=20message=20for?= =?UTF-8?q?=20default=20location=20in=20SARIF=20(#1414)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * add details to message * fix --- checks/evaluation/binary_artifacts.go | 3 ++- checks/raw/security_policy.go | 2 +- pkg/sarif.go | 26 ++++++++++++++++++++++++-- pkg/testdata/check6.sarif | 2 +- 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/checks/evaluation/binary_artifacts.go b/checks/evaluation/binary_artifacts.go index 19a3bf6a..598b6aef 100644 --- a/checks/evaluation/binary_artifacts.go +++ b/checks/evaluation/binary_artifacts.go @@ -36,7 +36,8 @@ func BinaryArtifacts(name string, dl checker.DetailLogger, for _, f := range r.Files { dl.Warn3(&checker.LogMessage{ Path: f.Path, Type: checker.FileTypeBinary, - Text: "binary detected", + Offset: f.Offset, + Text: "binary detected", }) // We remove one point for each binary. score-- diff --git a/checks/raw/security_policy.go b/checks/raw/security_policy.go index df0193c2..9b1705b7 100644 --- a/checks/raw/security_policy.go +++ b/checks/raw/security_policy.go @@ -116,7 +116,7 @@ func SecurityPolicy(c *checker.CheckRequest) (checker.SecurityPolicyData, error) } // Return raw results. - return checker.SecurityPolicyData{Files: files}, err + return checker.SecurityPolicyData{Files: files}, nil } func isSecurityRstFound(name string) bool { diff --git a/pkg/sarif.go b/pkg/sarif.go index ed69e411..01e90a4a 100644 --- a/pkg/sarif.go +++ b/pkg/sarif.go @@ -501,6 +501,28 @@ func createCheckIdentifiers(name string) (string, string) { return name, fmt.Sprintf("%sID", n) } +func filterOutDetailType(details []checker.CheckDetail, t checker.DetailType) []checker.CheckDetail { + ret := make([]checker.CheckDetail, 0) + for i := range details { + d := details[i] + if d.Type == t { + continue + } + ret = append(ret, d) + } + return ret +} + +func createDefaultLocationMessage(check *checker.CheckResult) string { + details := filterOutDetailType(check.Details2, checker.DetailInfo) + s, b := detailsToString(details, zapcore.WarnLevel) + if b { + // Warning: GitHub UX needs a single `\n` to turn it into a `
`. + return fmt.Sprintf("%s:\n%s", check.Reason, s) + } + return check.Reason +} + // AsSARIF outputs ScorecardResult in SARIF 2.1.0 format. func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel zapcore.Level, writer io.Writer, checkDocs docs.Doc, policy *spol.ScorecardPolicy) error { @@ -576,8 +598,8 @@ func (r *ScorecardResult) AsSARIF(showDetails bool, logLevel zapcore.Level, RuleIndex := len(run.Tool.Driver.Rules) - 1 if len(locs) == 0 { locs = addDefaultLocation(locs, "no file available") - // Use the `reason` as message. - cr := createSARIFCheckResult(RuleIndex, sarifCheckID, check.Reason, &locs[0]) + msg := createDefaultLocationMessage(&check) + cr := createSARIFCheckResult(RuleIndex, sarifCheckID, msg, &locs[0]) run.Results = append(run.Results, cr) } else { for _, loc := range locs { diff --git a/pkg/testdata/check6.sarif b/pkg/testdata/check6.sarif index a10db349..2621230e 100644 --- a/pkg/testdata/check6.sarif +++ b/pkg/testdata/check6.sarif @@ -47,7 +47,7 @@ "ruleId": "CheckNameID", "ruleIndex": 0, "message": { - "text": "six score reason" + "text": "six score reason:\nWarn: warn message" }, "locations": [ {