module SastBox::Reporter::Sarif

Public Instance Methods

convert_to_sarif_result(issue) click to toggle source
# File lib/sastbox-sdk/reporter_sarif.rb, line 61
def convert_to_sarif_result(issue)
  rule_index = make_rule(issue)
  rule = @sarif_rules[rule_index]

  relative_path = filename_relative(issue[:filename])
  return nil if relative_path.nil?

  snippet = issue[:snippet]

  sarif_result = {
    ruleId:    rule[:id],
    ruleIndex: rule_index,
    level:     'warning',
    message:   {text: issue[:description]},

    locations: [{
      physicalLocation: {
        artifactLocation: {uri: relative_path, uriBaseId: '%SRCROOT%'},
        region: {
          snippet: {
            text: snippet[:evidence_line][:content]
          },
          startLine: snippet[:evidence_line][:start_line]
        },
        contextRegion: {
          snippet: {
            text: snippet[:evidence_full][:content]
          },
          startLine: snippet[:evidence_full][:start_line],
          endLine: snippet[:evidence_full][:end_line]
        }
      }
    }],
    partialFingerprints: {
      hashIssueV1:      issue[:hash_issue],       # compatible with sastbox v1
      hashIssueV2:      issue[:hash_issue_v2],
      snippetHashLine:  snippet[:evidence_line][:hash],
      snippetHashFull:  snippet[:evidence_full][:hash]
    },
    properties: {
      cweId: issue[:cwe_id].to_i,
      tags: issue[:tags],
      issueSeverity: issue[:severity],
    }
  }
  sarif_result
end
generate_sarif_report() click to toggle source
# File lib/sastbox-sdk/reporter_sarif.rb, line 7
def generate_sarif_report
  new_sarif_log
  @issues.each do |issue|
    sarif_result = convert_to_sarif_result(issue)
    @sarif_results << sarif_result unless sarif_result.nil?
  end

  begin
    JSON.pretty_generate(@sarif_log)
  rescue JSON::GeneratorError => e
    print_error("Could not generate sarif result=> #{e}")
  end
end
make_rule(issue) click to toggle source
# File lib/sastbox-sdk/reporter_sarif.rb, line 38
def make_rule(issue)
  rule_id = "#{@name}-#{Digest::SHA1.hexdigest(issue[:title])}"
  rule_name = issue[:title]
  help_uri = ''
  help_uri = issue[:references].first if issue[:references].length > 0

  rule_index = @sarif_rules.index { |r| r[:id] == rule_id }
  if rule_index.nil?
    rule = {
      id: rule_id,
      name: rule_name,
      shortDescription: {text: issue[:title]},
      fullDescription:  {text: issue[:title]},
      helpUri: help_uri,
      help: {text: ''}
    }
    rule_index = @sarif_rules.length
    @sarif_rules << rule

  end
  rule_index
end
new_sarif_log() click to toggle source
# File lib/sastbox-sdk/reporter_sarif.rb, line 21
def new_sarif_log
  @sarif_results = []
  @sarif_rules = []
  @sarif_log = {
    'version': '2.1.0',
    '$schema': 'https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json',
    'runs': sarif_runs
  }
end
sarif_runs() click to toggle source
# File lib/sastbox-sdk/reporter_sarif.rb, line 31
def sarif_runs
  [{
    'tool': { 'driver': {'name': @name, 'informationUri': '', 'semanticVersion': @version, 'rules': @sarif_rules } },
    'results': @sarif_results
  }]
end