Fix severity level mapping (#921)

jfrog · Aug 31, 2023 · ab1405a · ab1405a
1 parent 3ddf531
commit ab1405a
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 21 deletions.
diff --git a/xray/commands/utils/utils_test.go b/xray/commands/utils/utils_test.go
@@ -72,7 +72,7 @@ func TestFilterResultIfNeeded(t *testing.T) {
 				},
 			},
 			params: ScanGraphParams{
-				severityLevel: 8,
+				severityLevel: 11,
 			},
 			expected: services.ScanResponse{
 				Violations: []services.Violation{

diff --git a/xray/utils/analyzermanager.go b/xray/utils/analyzermanager.go
@@ -19,8 +19,25 @@ import (
 	"github.com/owenrumney/go-sarif/v2/sarif"
 )
 
+type SarifLevel string
+
+const (
+	Error   SarifLevel = "error"
+	Warning SarifLevel = "warning"
+	Info    SarifLevel = "info"
+	Note    SarifLevel = "note"
+	None    SarifLevel = "none"
+
+	SeverityDefaultValue = "Medium"
+)
+
 var (
-	levelToSeverity = map[string]string{"error": "High", "warning": "Medium", "info": "Low"}
+	// All other values (include default) mapped as 'Medium' severity
+	levelToSeverity = map[SarifLevel]string{
+		Error: "High",
+		Note:  "Low",
+		None:  "Unknown",
+	}
 )
 
 const (
@@ -37,7 +54,6 @@ const (
 	jfTokenEnvVariable            = "JF_TOKEN"
 	jfPlatformUrlEnvVariable      = "JF_PLATFORM_URL"
 	logDirEnvVariable             = "AM_LOG_DIRECTORY"
-	SeverityDefaultValue          = "Medium"
 	notEntitledExitCode           = 31
 	unsupportedCommandExitCode    = 13
 	unsupportedOsExitCode         = 55
@@ -232,7 +248,7 @@ func ExtractRelativePath(resultPath string, projectRoot string) string {
 
 func GetResultSeverity(result *sarif.Result) string {
 	if result.Level != nil {
-		if severity, ok := levelToSeverity[*result.Level]; ok {
+		if severity, ok := levelToSeverity[SarifLevel(strings.ToLower(*result.Level))]; ok {
 			return severity
 		}
 	}

diff --git a/xray/utils/analyzermanager_test.go b/xray/utils/analyzermanager_test.go
@@ -3,11 +3,12 @@ package utils
 import (
 	"errors"
 	"fmt"
+	"path/filepath"
+	"testing"
+
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/owenrumney/go-sarif/v2/sarif"
 	"github.com/stretchr/testify/assert"
-	"path/filepath"
-	"testing"
 )
 
 func TestRemoveDuplicateValues(t *testing.T) {
@@ -115,9 +116,11 @@ func TestExtractRelativePath(t *testing.T) {
 }
 
 func TestGetResultSeverity(t *testing.T) {
-	levelValueHigh := "error"
-	levelValueMedium := "warning"
-	levelValueLow := "info"
+	levelValueHigh := string(Error)
+	levelValueMedium := string(Warning)
+	levelValueMedium2 := string(Info)
+	levelValueLow := string(Note)
+	levelValueUnknown := string(None)
 
 	tests := []struct {
 		result           *sarif.Result
@@ -129,8 +132,12 @@ func TestGetResultSeverity(t *testing.T) {
 			expectedSeverity: "High"},
 		{result: &sarif.Result{Level: &levelValueMedium},
 			expectedSeverity: "Medium"},
+		{result: &sarif.Result{Level: &levelValueMedium2},
+			expectedSeverity: "Medium"},
 		{result: &sarif.Result{Level: &levelValueLow},
 			expectedSeverity: "Low"},
+		{result: &sarif.Result{Level: &levelValueUnknown},
+			expectedSeverity: "Unknown"},
 	}
 
 	for _, test := range tests {

diff --git a/xray/utils/resultstable.go b/xray/utils/resultstable.go
@@ -536,24 +536,29 @@ func (s *Severity) printableTitle(isTable bool) string {
 
 var Severities = map[string]map[string]*Severity{
 	"Critical": {
-		ApplicableStringValue:                {emoji: "💀", title: "Critical", numValue: 12, style: color.New(color.BgLightRed, color.LightWhite)},
-		ApplicabilityUndeterminedStringValue: {emoji: "💀", title: "Critical", numValue: 11, style: color.New(color.BgLightRed, color.LightWhite)},
-		NotApplicableStringValue:             {emoji: "💀", title: "Critical", numValue: 4, style: color.New(color.Gray)},
+		ApplicableStringValue:                {emoji: "💀", title: "Critical", numValue: 15, style: color.New(color.BgLightRed, color.LightWhite)},
+		ApplicabilityUndeterminedStringValue: {emoji: "💀", title: "Critical", numValue: 14, style: color.New(color.BgLightRed, color.LightWhite)},
+		NotApplicableStringValue:             {emoji: "💀", title: "Critical", numValue: 5, style: color.New(color.Gray)},
 	},
 	"High": {
-		ApplicableStringValue:                {emoji: "🔥", title: "High", numValue: 10, style: color.New(color.Red)},
-		ApplicabilityUndeterminedStringValue: {emoji: "🔥", title: "High", numValue: 9, style: color.New(color.Red)},
-		NotApplicableStringValue:             {emoji: "🔥", title: "High", numValue: 3, style: color.New(color.Gray)},
+		ApplicableStringValue:                {emoji: "🔥", title: "High", numValue: 13, style: color.New(color.Red)},
+		ApplicabilityUndeterminedStringValue: {emoji: "🔥", title: "High", numValue: 12, style: color.New(color.Red)},
+		NotApplicableStringValue:             {emoji: "🔥", title: "High", numValue: 4, style: color.New(color.Gray)},
 	},
 	"Medium": {
-		ApplicableStringValue:                {emoji: "🎃", title: "Medium", numValue: 8, style: color.New(color.Yellow)},
-		ApplicabilityUndeterminedStringValue: {emoji: "🎃", title: "Medium", numValue: 7, style: color.New(color.Yellow)},
-		NotApplicableStringValue:             {emoji: "🎃", title: "Medium", numValue: 2, style: color.New(color.Gray)},
+		ApplicableStringValue:                {emoji: "🎃", title: "Medium", numValue: 11, style: color.New(color.Yellow)},
+		ApplicabilityUndeterminedStringValue: {emoji: "🎃", title: "Medium", numValue: 10, style: color.New(color.Yellow)},
+		NotApplicableStringValue:             {emoji: "🎃", title: "Medium", numValue: 3, style: color.New(color.Gray)},
 	},
 	"Low": {
-		ApplicableStringValue:                {emoji: "👻", title: "Low", numValue: 6},
-		ApplicabilityUndeterminedStringValue: {emoji: "👻", title: "Low", numValue: 5},
-		NotApplicableStringValue:             {emoji: "👻", title: "Low", numValue: 1, style: color.New(color.Gray)},
+		ApplicableStringValue:                {emoji: "👻", title: "Low", numValue: 9},
+		ApplicabilityUndeterminedStringValue: {emoji: "👻", title: "Low", numValue: 8},
+		NotApplicableStringValue:             {emoji: "👻", title: "Low", numValue: 2, style: color.New(color.Gray)},
+	},
+	"Unknown": {
+		ApplicableStringValue:                {emoji: "😐", title: "Unknown", numValue: 7},
+		ApplicabilityUndeterminedStringValue: {emoji: "😐", title: "Unknown", numValue: 6},
+		NotApplicableStringValue:             {emoji: "😐", title: "Unknown", numValue: 1, style: color.New(color.Gray)},
 	},
 }
 

diff --git a/xray/utils/resultwriter.go b/xray/utils/resultwriter.go
@@ -225,6 +225,7 @@ func getIacOrSecretsProperties(secretOrIac formats.IacSecretsRow, markdownOutput
 	file := strings.TrimPrefix(secretOrIac.File, string(os.PathSeparator))
 	mapSeverityToScore := map[string]string{
 		"":         "0.0",
+		"unknown":  "0.0",
 		"low":      "3.9",
 		"medium":   "6.9",
 		"high":     "8.9",