From 3285e901788dfe842e509e87ae36568ff96723e6 Mon Sep 17 00:00:00 2001 From: Margarita Date: Fri, 12 Jan 2024 13:51:13 +0200 Subject: [PATCH] Fix Bug number AST-34230 - Sarif report outOfRange issue (#639) * Fix Bug number AST-34230 - Sarif report outOfRange issue * fix litter --------- Co-authored-by: Pedro Lopes <83576881+pedrompflopes@users.noreply.github.com> Co-authored-by: Pedro Lopes --- internal/commands/result.go | 25 ++++++++++++++----------- internal/commands/result_test.go | 9 +++++++++ 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/internal/commands/result.go b/internal/commands/result.go index ad025c6c5..6333b01d7 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -83,6 +83,7 @@ const ( apiDocumentationFlagDescription = "Swagger folder/file filter for API-Security scan. Example: ./swagger.json" summaryCreatedAtLayout = "2006-01-02, 15:04:05" glTimeFormat = "2006-01-02T15:04:05" + sarifNodeFileLength = 2 ) var summaryFormats = []string{ @@ -1620,18 +1621,20 @@ func parseSarifResultSast(result *wrappers.ScanResult, scanResults []wrappers.Sa for _, node := range result.ScanResultData.Nodes { var scanLocation wrappers.SarifLocation - scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:] - if node.Line <= 0 { - continue + if len(node.FileName) >= sarifNodeFileLength { + scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:] + if node.Line <= 0 { + continue + } + scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{} + scanLocation.PhysicalLocation.Region.StartLine = node.Line + column := node.Column + length := node.Length + scanLocation.PhysicalLocation.Region.StartColumn = column + scanLocation.PhysicalLocation.Region.EndColumn = column + length + + scanResult.Locations = append(scanResult.Locations, scanLocation) } - scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{} - scanLocation.PhysicalLocation.Region.StartLine = node.Line - column := node.Column - length := node.Length - scanLocation.PhysicalLocation.Region.StartColumn = column - scanLocation.PhysicalLocation.Region.EndColumn = column + length - - scanResult.Locations = append(scanResult.Locations, scanLocation) } scanResults = append(scanResults, scanResult) diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go index 4060ff65b..d27d70422 100644 --- a/internal/commands/result_test.go +++ b/internal/commands/result_test.go @@ -9,6 +9,7 @@ import ( "github.com/checkmarx/ast-cli/internal/commands/util/printer" "github.com/checkmarx/ast-cli/internal/params" + "github.com/checkmarx/ast-cli/internal/wrappers" "gotest.tools/assert" ) @@ -39,6 +40,14 @@ func TestRunGetResultsByScanIdSarifFormat(t *testing.T) { os.Remove(fmt.Sprintf("%s.%s", fileName, printer.FormatSarif)) } +func TestParseSarifEmptyResultSast(t *testing.T) { + emptyResult := &wrappers.ScanResult{} + result := parseSarifResultSast(emptyResult, nil) + if result != nil { + t.Errorf("Expected nil result for empty ScanResultData.Nodes, got %v", result) + } +} + func TestRunGetResultsByScanIdSonarFormat(t *testing.T) { execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")