move to simple json

jfrog · Sep 11, 2023 · 03a23bc · 03a23bc
1 parent 9e7c89d
commit 03a23bc
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 28 deletions.
diff --git a/xray/formats/conversion.go b/xray/formats/conversion.go
@@ -1,6 +1,7 @@
 package formats
 
 import (
+	"strconv"
 	"strings"
 )
 
@@ -145,7 +146,7 @@ func ConvertToSecretsTableRow(rows []SourceCodeRow) (tableRows []secretsTableRow
 		tableRows = append(tableRows, secretsTableRow{
 			severity:   rows[i].Severity,
 			file:       rows[i].File,
-			lineColumn: rows[i].LineColumn,
+			lineColumn: (strconv.Itoa(rows[i].StartLine) + ":" + strconv.Itoa(rows[i].StartColumn)),
 			text:       rows[i].Snippet,
 		})
 	}
@@ -157,7 +158,7 @@ func ConvertToIacTableRow(rows []SourceCodeRow) (tableRows []iacTableRow) {
 		tableRows = append(tableRows, iacTableRow{
 			severity:   rows[i].Severity,
 			file:       rows[i].File,
-			lineColumn: rows[i].LineColumn,
+			lineColumn: (strconv.Itoa(rows[i].StartLine) + ":" + strconv.Itoa(rows[i].StartColumn)),
 			text:       rows[i].Snippet,
 		})
 	}
@@ -169,7 +170,7 @@ func ConvertToSastTableRow(rows []SourceCodeRow) (tableRows []sastTableRow) {
 		tableRows = append(tableRows, sastTableRow{
 			severity:   rows[i].Severity,
 			file:       rows[i].File,
-			lineColumn: rows[i].LineColumn,
+			lineColumn: (strconv.Itoa(rows[i].StartLine) + ":" + strconv.Itoa(rows[i].StartColumn)),
 			text:       rows[i].Snippet,
 		})
 	}

diff --git a/xray/formats/simplejsonapi.go b/xray/formats/simplejsonapi.go
@@ -78,14 +78,19 @@ type SourceCodeRow struct {
 	Severity         string `json:"severity"`
 	SeverityNumValue int    `json:"-"` // For sorting
 	SourceCodeLocationRow
-	Type     string                    `json:"type"`
-	CodeFlow [][]SourceCodeLocationRow `json:"codeFlow,omitempty"`
+	Type               string                    `json:"type"`
+	Finding            string                    `json:"finding,omitempty"`
+	ScannerDescription string                    `json:"scannerDescription,omitempty"`
+	CodeFlow           [][]SourceCodeLocationRow `json:"codeFlow,omitempty"`
 }
 
 type SourceCodeLocationRow struct {
-	File       string `json:"file"`
-	LineColumn string `json:"lineColumn"`
-	Snippet    string `json:"snippet"`
+	File        string `json:"file"`
+	StartLine   int    `json:"startLine,omitempty"`
+	StartColumn int    `json:"startColumn,omitempty"`
+	EndLine     int    `json:"endLine,omitempty"`
+	EndColumn   int    `json:"endColumn,omitempty"`
+	Snippet     string `json:"snippet,omitempty"`
 }
 
 type ComponentRow struct {

diff --git a/xray/utils/resultstable.go b/xray/utils/resultstable.go
@@ -308,11 +308,15 @@ func prepareSecrets(secrets []*sarif.Run, isTable bool) []formats.SourceCodeRow
 				secretsRows = append(secretsRows,
 					formats.SourceCodeRow{
 						Severity:         currSeverity.printableTitle(isTable),
+						Finding:          GetResultMsgText(secret),
 						SeverityNumValue: currSeverity.numValue,
 						SourceCodeLocationRow: formats.SourceCodeLocationRow{
-							File:       GetLocationFileName(location),
-							LineColumn: GetStartLocationInFile(location),
-							Snippet:    GetLocationSnippet(location),
+							File:        GetLocationFileName(location),
+							StartLine:   GetLocationStartLine(location),
+							StartColumn: GetLocationStartColumn(location),
+							EndLine:     GetLocationEndLine(location),
+							EndColumn:   GetLocationEndColumn(location),
+							Snippet:     GetLocationSnippet(location),
 						},
 						Type: *secret.RuleID,
 					},
@@ -347,16 +351,25 @@ func prepareIacs(iacs []*sarif.Run, isTable bool) []formats.SourceCodeRow {
 	var iacRows []formats.SourceCodeRow
 	for _, iacRun := range iacs {
 		for _, iac := range iacRun.Results {
+			scannerDescription := ""
+			if rule, err := iacRun.GetRuleById(*iac.RuleID); err == nil {
+				scannerDescription = GetRuleFullDescription(rule)
+			}
 			currSeverity := GetSeverity(GetResultSeverity(iac), Applicable)
 			for _, location := range iac.Locations {
 				iacRows = append(iacRows,
 					formats.SourceCodeRow{
-						Severity:         currSeverity.printableTitle(isTable),
-						SeverityNumValue: currSeverity.numValue,
+						Severity:           currSeverity.printableTitle(isTable),
+						Finding:            GetResultMsgText(iac),
+						ScannerDescription: scannerDescription,
+						SeverityNumValue:   currSeverity.numValue,
 						SourceCodeLocationRow: formats.SourceCodeLocationRow{
-							File:       GetLocationFileName(location),
-							LineColumn: GetStartLocationInFile(location),
-							Snippet:    GetResultMsgText(iac),
+							File:        GetLocationFileName(location),
+							StartLine:   GetLocationStartLine(location),
+							StartColumn: GetLocationStartColumn(location),
+							EndLine:     GetLocationEndLine(location),
+							EndColumn:   GetLocationEndColumn(location),
+							Snippet:     GetLocationSnippet(location),
 						},
 						Type: *iac.RuleID,
 					},
@@ -390,18 +403,26 @@ func prepareSast(sasts []*sarif.Run, isTable bool) []formats.SourceCodeRow {
 	var sastRows []formats.SourceCodeRow
 	for _, sastRun := range sasts {
 		for _, sast := range sastRun.Results {
+			scannerDescription := ""
+			if rule, err := sastRun.GetRuleById(*sast.RuleID); err == nil {
+				scannerDescription = GetRuleFullDescription(rule)
+			}
 			currSeverity := GetSeverity(GetResultSeverity(sast), Applicable)
-
 			flows := toSourceCodeCodeFlowRow(sast.CodeFlows, isTable)
 			for _, location := range sast.Locations {
 				sastRows = append(sastRows,
 					formats.SourceCodeRow{
 						Severity:         currSeverity.printableTitle(isTable),
+						Finding:            GetResultMsgText(sast),
+						ScannerDescription: scannerDescription,
 						SeverityNumValue: currSeverity.numValue,
 						SourceCodeLocationRow: formats.SourceCodeLocationRow{
-							File:       GetLocationFileName(location),
-							LineColumn: GetStartLocationInFile(location),
-							Snippet:    GetResultMsgText(sast),
+							File:        GetLocationFileName(location),
+							StartLine:   GetLocationStartLine(location),
+							StartColumn: GetLocationStartColumn(location),
+							EndLine:     GetLocationEndLine(location),
+							EndColumn:   GetLocationEndColumn(location),
+							Snippet:     GetLocationSnippet(location),
 						},
 						Type:     *sast.RuleID,
 						CodeFlow: flows,
@@ -428,9 +449,12 @@ func toSourceCodeCodeFlowRow(flows []*sarif.CodeFlow, isTable bool) (flowRows []
 			rowFlow := []formats.SourceCodeLocationRow{}
 			for _, stackTraceEntry := range stackTrace.Locations {
 				rowFlow = append(rowFlow, formats.SourceCodeLocationRow{
-					File:       GetLocationFileName(stackTraceEntry.Location),
-					LineColumn: GetStartLocationInFile(stackTraceEntry.Location),
-					Snippet:    GetLocationSnippet(stackTraceEntry.Location),
+					File:        GetLocationFileName(stackTraceEntry.Location),
+							StartLine:   GetLocationStartLine(stackTraceEntry.Location),
+							StartColumn: GetLocationStartColumn(stackTraceEntry.Location),
+							EndLine:     GetLocationEndLine(stackTraceEntry.Location),
+							EndColumn:   GetLocationEndColumn(stackTraceEntry.Location),
+							Snippet:     GetLocationSnippet(stackTraceEntry.Location),
 				})
 			}
 			flowRows = append(flowRows, rowFlow)
@@ -955,9 +979,12 @@ func getCveApplicability(cve formats.CveRow, applicabilityScanResults []*sarif.R
 		for _, location := range foundResult.Locations {
 			applicability.Evidence = append(applicability.Evidence, formats.Evidence{
 				SourceCodeLocationRow: formats.SourceCodeLocationRow{
-					File:       GetLocationFileName(location),
-					LineColumn: GetStartLocationInFile(location),
-					Snippet:    GetLocationSnippet(location),
+					File:        GetLocationFileName(location),
+					StartLine:   GetLocationStartLine(location),
+					StartColumn: GetLocationStartColumn(location),
+					EndLine:     GetLocationEndLine(location),
+					EndColumn:   GetLocationEndColumn(location),
+					Snippet:     GetLocationSnippet(location),
 				},
 				Reason: GetResultMsgText(foundResult),
 			})

diff --git a/xray/utils/sarifutils.go b/xray/utils/sarifutils.go
@@ -92,15 +92,15 @@ func getRunInformationUri(run *sarif.Run) string {
 // Calculate new information that exists at the run and not at the source
 func GetDiffFromRun(sources []*sarif.Run, targets []*sarif.Run) (runWithNewOnly *sarif.Run) {
 	// Combine
-	combinedSource := sarif.NewRunWithInformationURI(sources[0].Tool.Driver.Name, getRunInformationUri(sources[0]))
+	combinedSource := sarif.NewRunWithInformationURI(sources[0].Tool.Driver.Name, getRunInformationUri(sources[0])).WithInvocations([]*sarif.Invocation{})
 	AggregateMultipleRunsIntoSingle(sources, combinedSource)
 	if combinedSource == nil {
 		return
 	}
 	if len(targets) == 0 {
 		return combinedSource
 	}
-	combinedTarget := sarif.NewRunWithInformationURI(targets[0].Tool.Driver.Name, getRunInformationUri(targets[0]))
+	combinedTarget := sarif.NewRunWithInformationURI(targets[0].Tool.Driver.Name, getRunInformationUri(targets[0])).WithInvocations([]*sarif.Invocation{})
 	AggregateMultipleRunsIntoSingle(targets, combinedTarget)
 	if combinedTarget == nil {
 		return combinedSource