fix(sarif): fix validation errors (#1376)

2025-12-12 07:40:48 -08:00 · 2021-11-15 20:36:51 +06:00
parent 9bcf9e72f5
commit efdb29d0d4
4 changed files with 58 additions and 31 deletions
--- a/contrib/sarif.tpl
+++ b/contrib/sarif.tpl
@@ -75,6 +75,9 @@
              "artifactLocation": {
                "uri": "{{ toPathUri $filePath }}",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -85,7 +88,7 @@
      "columnKind": "utf16CodeUnits",
      "originalUriBaseIds": {
        "ROOTPATH": {
-          "uri": "/"
+          "uri": "file:///"
        }
      }
    }
--- a/integration/testdata/alpine-310.sarif.golden
+++ b/integration/testdata/alpine-310.sarif.golden
@@ -12,7 +12,7 @@
          "rules": [
                {
                  "id": "CVE-2019-1549",
-                  "name": "OS Package Vulnerability",
+                  "name": "OsPackageVulnerability",
                  "shortDescription": {
                    "text": "CVE-2019-1549"
                  },
@@ -33,7 +33,7 @@
                },
                {
                  "id": "CVE-2019-1551",
-                  "name": "OS Package Vulnerability",
+                  "name": "OsPackageVulnerability",
                  "shortDescription": {
                    "text": "CVE-2019-1551"
                  },
@@ -54,7 +54,7 @@
                },
                {
                  "id": "CVE-2019-1563",
-                  "name": "OS Package Vulnerability",
+                  "name": "OsPackageVulnerability",
                  "shortDescription": {
                    "text": "CVE-2019-1563"
                  },
@@ -75,7 +75,7 @@
                },
                {
                  "id": "CVE-2019-1547",
-                  "name": "OS Package Vulnerability",
+                  "name": "OsPackageVulnerability",
                  "shortDescription": {
                    "text": "CVE-2019-1547"
                  },
@@ -109,6 +109,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -125,6 +128,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -141,6 +147,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -157,6 +166,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -173,6 +185,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -189,6 +204,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -205,6 +223,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -221,6 +242,9 @@
              "artifactLocation": {
                "uri": "testdata/fixtures/images/alpine-310.tar.gz",
                "uriBaseId": "ROOTPATH"
+              },
+              "region" : {
+                "startLine": 1
              }
            }
          }]
@@ -228,7 +252,7 @@
      "columnKind": "utf16CodeUnits",
      "originalUriBaseIds": {
        "ROOTPATH": {
-          "uri": "/"
+          "uri": "file:///"
        }
      }
    }
--- a/pkg/report/template.go
+++ b/pkg/report/template.go
@@ -106,11 +106,11 @@ func toSarifRuleName(vulnerabilityType string) string {
 		vulnerability.Debian, vulnerability.DebianOVAL, vulnerability.Fedora, vulnerability.Amazon,
 		vulnerability.OracleOVAL, vulnerability.SuseCVRF, vulnerability.OpenSuseCVRF, vulnerability.Photon,
 		vulnerability.CentOS:
-		return "OS Package Vulnerability"
+		return "OsPackageVulnerability"
 	case "npm", "yarn", "nuget", "pipenv", "poetry", "bundler", "cargo", "composer":
-		return "Programming Language Vulnerability"
+		return "ProgrammingLanguageVulnerability"
 	default:
-		return "Other Vulnerability"
+		return "OtherVulnerability"
 	}
 }

--- a/pkg/report/writer_internal_test.go
+++ b/pkg/report/writer_internal_test.go
@@ -14,91 +14,91 @@ func TestReportWriter_toSarifRuleName(t *testing.T) {
 	}{
 		{
 			vulnerabilityType: vulnerability.Ubuntu,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.Alpine,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.RedHat,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.RedHatOVAL,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.Debian,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.DebianOVAL,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.Fedora,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.Amazon,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.OracleOVAL,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.SuseCVRF,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.OpenSuseCVRF,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.Photon,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: vulnerability.CentOS,
-			sarifRuleName:     "OS Package Vulnerability",
+			sarifRuleName:     "OsPackageVulnerability",
 		},
 		{
 			vulnerabilityType: "npm",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "yarn",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "nuget",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "pipenv",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "poetry",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "bundler",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "cargo",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "composer",
-			sarifRuleName:     "Programming Language Vulnerability",
+			sarifRuleName:     "ProgrammingLanguageVulnerability",
 		},
 		{
 			vulnerabilityType: "redis",
-			sarifRuleName:     "Other Vulnerability",
+			sarifRuleName:     "OtherVulnerability",
 		},
 	}
 	for _, tc := range tests {