rel 2023.0.1

CHANGELOG.md

@@ -3,6 +3,13 @@
 All major and minor version changes will be documented in this file. Details of
 patch-level version changes can be found in [commit messages](../../commits/master).
 
+## 2023.0.1 - 2023/06/27
+
+- Fix `csv` writer
+- Fix python 3.8 compatibility
+- Fix `ansi` writer on python 3.11
+- Fix `sarif` writer so output conforms with the schema
+
 ## 2023 - 2023/06/27
 
 - Refactor to fix bugs and improve readability

documentation/reference/simplesecurity/formatter.md

@@ -16,7 +16,7 @@ Formatter
 
 ## ansi
 
-[Show source in formatter.py:162](../../../simplesecurity/formatter.py#L162)
+[Show source in formatter.py:163](../../../simplesecurity/formatter.py#L163)
 
 Format to ansi.
 
@@ -48,7 +48,7 @@ def ansi(
 
 ## csv
 
-[Show source in formatter.py:120](../../../simplesecurity/formatter.py#L120)
+[Show source in formatter.py:121](../../../simplesecurity/formatter.py#L121)
 
 Format to CSV.
 
@@ -78,7 +78,7 @@ def csv(findings: list[Finding], heading: str | None = None, colourMode: int = 0
 
 ## formatEvidence
 
-[Show source in formatter.py:35](../../../simplesecurity/formatter.py#L35)
+[Show source in formatter.py:36](../../../simplesecurity/formatter.py#L36)
 
 Format evidence to plaintext.
 
@@ -106,7 +106,7 @@ def formatEvidence(evidence: list[Line], newlineChar: bool = True) -> str:
 
 ## json
 
-[Show source in formatter.py:97](../../../simplesecurity/formatter.py#L97)
+[Show source in formatter.py:98](../../../simplesecurity/formatter.py#L98)
 
 Format to Json.
 
@@ -138,7 +138,7 @@ def json(
 
 ## markdown
 
-[Show source in formatter.py:51](../../../simplesecurity/formatter.py#L51)
+[Show source in formatter.py:52](../../../simplesecurity/formatter.py#L52)
 
 Format to Markdown.
 
@@ -170,7 +170,7 @@ def markdown(
 
 ## sarif
 
-[Show source in formatter.py:253](../../../simplesecurity/formatter.py#L253)
+[Show source in formatter.py:254](../../../simplesecurity/formatter.py#L254)
 
 Format to sarif https://sarifweb.azurewebsites.net/.
 

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "simplesecurity"
-version = "2023"
+version = "2023.0.1"
 license = "mit"
 description = "Combine multiple popular python security tools and generate reports or output into different formats"
 authors = ["FredHappyface"]
@@ -38,6 +38,9 @@ semgrep = {version = "<2,>=1.29.0", optional = true}
 [tool.poetry.extras]
 full = ["poetry", "bandit", "safety", "dodgy", "dlint", "semgrep"]
 
+[tool.poetry.group.dev.dependencies]
+jsonschema = "^4.17.3"
+
 [tool.black]
 line-length = 100
 target-version = ["py38"]
@@ -74,13 +77,16 @@ disable = ["pointless-string-statement", "superfluous-parens"]
 [tool.tox]
 legacy_tox_ini = """
 [tox]
+isolated_build = True
 env_list =
 	py311
 	py310
 	py39
 	py38
 
 [testenv]
-deps = pytest
-commands = pytest tests
+allowlist_externals = poetry
+commands =
+  poetry install -v
+  poetry run pytest
 """

simplesecurity/__init__.py

@@ -70,7 +70,7 @@ def _processFormat(formatin: str | None) -> Callable:
 
 
 def _processPlugin(args) -> list[Callable]:
-	pluginMap: dict[str, Any] = {
+	pluginMap = {
 		"bandit": {
 			"func": plugins.bandit,
 			"max_severity": 3,

simplesecurity/formatter.py

@@ -133,7 +133,7 @@ def csv(findings: list[Finding], heading: str | None = None, colourMode: int = 0
 	_ = colourMode  # silence pylint
 	findings = sorted(findings, key=lambda i: i["severity"], reverse=True)
 	output = StringIO()
-	csvString = writer(output, quoting=QUOTE_ALL)
+	csvString = writer(output, quoting=QUOTE_ALL, lineterminator="\n", strict=True)
 	csvString.writerow(
 		[
 			heading
@@ -224,7 +224,7 @@ def ansi(findings: list[Finding], heading: str | None = None, colourMode: int =
 	strBuf.append("│Severity  │Finding                                           │")
 	strBuf.append(f"├{'─'*10}┼{'─'*50}┤")
 	for finding in findings:
-		strBuf.append(f"│{finding['severity']: <10}│{finding['title'][:50]: <50}│")
+		strBuf.append(f"│{str(finding['severity']): <10}│{finding['title'][:50]: <50}│")
 	strBuf.append(f"└{'─'*10}┴{'─'*50}┘")
 	strBuf.append("")
 
@@ -289,7 +289,7 @@ def sarif(findings: list[Finding], heading: str | None = None, colourMode: int =
 								"physicalLocation": {
 									"artifactLocation": {"uri": finding["file"]},
 									"region": {
-										"startLine": finding["line"],
+										"startLine": max(finding["line"], 1),
 										"snippet": {
 											"text": "".join(
 												[
@@ -301,8 +301,8 @@ def sarif(findings: list[Finding], heading: str | None = None, colourMode: int =
 										},
 									},
 									"contextRegion": {
-										"startLine": finding["evidence"][0]["line"],
-										"endLine": finding["evidence"][-1]["line"],
+										"startLine": max(finding["evidence"][0]["line"], 1),
+										"endLine": max(finding["evidence"][-1]["line"], 1),
 										"snippet": {
 											"text": "\n".join(
 												[line["content"] for line in finding["evidence"]]

tests/__init__.py

@@ -0,0 +1 @@
+

tests/data/advanced.ansi

@@ -0,0 +1,33 @@
+Findings
+
+Find a list of findings below ordered by severity
+
+┌──────────┬──────────────────────────────────────────────────┐
+│Severity  │Finding                                           │
+├──────────┼──────────────────────────────────────────────────┤
+│Medium    │TEST                                              │
+│Low       │TEST2                                             │
+└──────────┴──────────────────────────────────────────────────┘
+
+TEST
+This is a test
+
+Severity: Medium (confidence: Medium)
+
+Evidence
+┌───────────────────────────── this_file_does_not_exist ──────────────────────────────┐
+│  0  lineContent                                                                     │
+└─────────────────────────────────────────────────────────────────────────────────────┘
+
+TEST2
+This is a test2
+
+Severity: Low (confidence: High)
+
+Evidence
+┌───────────────────────────── this_file_does_not_exist2 ─────────────────────────────┐
+│  3  3                                                                               │
+│  5  5                                                                               │
+│  9  9                                                                               │
+│ 99  999999999999999999999999999999999                                               │
+└─────────────────────────────────────────────────────────────────────────────────────┘

tests/data/advanced.csv

@@ -0,0 +1,4 @@
+"Findings - Findings below are ordered by severity (you may want to delete this line)"
+"id","title","description","file","evidence","severity","confidence","line"
+"TEST_ID","TEST","This is a test","this_file_does_not_exist","lineContent","Medium","Medium","0"
+"TEST_ID2","TEST2","This is a test2","this_file_does_not_exist2","3\n5\n9\n999999999999999999999999999999999","Low","High","700"

tests/data/advanced.json

@@ -0,0 +1,54 @@
+{
+	"heading": "Findings - Findings below are ordered by severity",
+	"findings": [
+		{
+			"id": "TEST_ID",
+			"title": "TEST",
+			"description": "This is a test",
+			"file": "this_file_does_not_exist",
+			"evidence": [
+				{
+					"selected": true,
+					"line": 0,
+					"content": "lineContent"
+				}
+			],
+			"severity": 2,
+			"confidence": 2,
+			"line": 0,
+			"_other": {}
+		},
+		{
+			"id": "TEST_ID2",
+			"title": "TEST2",
+			"description": "This is a test2",
+			"file": "this_file_does_not_exist2",
+			"evidence": [
+				{
+					"selected": false,
+					"line": 3,
+					"content": "3"
+				},
+				{
+					"selected": true,
+					"line": 5,
+					"content": "5"
+				},
+				{
+					"selected": true,
+					"line": 9,
+					"content": "9"
+				},
+				{
+					"selected": true,
+					"line": 99,
+					"content": "999999999999999999999999999999999"
+				}
+			],
+			"severity": 1,
+			"confidence": 3,
+			"line": 700,
+			"_other": {}
+		}
+	]
+}

tests/data/advanced.md

@@ -0,0 +1,41 @@
+# Findings
+Find a list of findings below ordered by severity
+
+|Severity|Finding|
+|:--|:--|
+|Medium|TEST|
+|Low|TEST2|
+
+## TEST
+This is a test
+
+
+File: `this_file_does_not_exist`
+### Severity
+
+Medium (confidence: Medium)
+### Evidence
+
+Line: 0
+
+```python
+lineContent
+```
+## TEST2
+This is a test2
+
+
+File: `this_file_does_not_exist2`
+### Severity
+
+Low (confidence: High)
+### Evidence
+
+Line: 700
+
+```python
+3
+5
+9
+999999999999999999999999999999999
+```

tests/data/advanced.sarif

@@ -0,0 +1,75 @@
+{
+	"version": "2.1.0",
+	"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+	"runs": [
+		{
+			"tool": {
+				"driver": {
+					"name": "SimpleSecurity",
+					"informationUri": "https://github.com/FHPythonUtils/SimpleSecurity",
+					"version": "2020.*"
+				}
+			},
+			"results": [
+				{
+					"ruleId": "TEST_ID",
+					"level": "warning",
+					"message": {
+						"text": "TEST: This is a test"
+					},
+					"locations": [
+						{
+							"physicalLocation": {
+								"artifactLocation": {
+									"uri": "this_file_does_not_exist"
+								},
+								"region": {
+									"startLine": 1,
+									"snippet": {
+										"text": "lineContent"
+									}
+								},
+								"contextRegion": {
+									"startLine": 1,
+									"endLine": 1,
+									"snippet": {
+										"text": "lineContent"
+									}
+								}
+							}
+						}
+					]
+				},
+				{
+					"ruleId": "TEST_ID2",
+					"level": "warning",
+					"message": {
+						"text": "TEST2: This is a test2"
+					},
+					"locations": [
+						{
+							"physicalLocation": {
+								"artifactLocation": {
+									"uri": "this_file_does_not_exist2"
+								},
+								"region": {
+									"startLine": 700,
+									"snippet": {
+										"text": "59999999999999999999999999999999999"
+									}
+								},
+								"contextRegion": {
+									"startLine": 3,
+									"endLine": 99,
+									"snippet": {
+										"text": "3\n5\n9\n999999999999999999999999999999999"
+									}
+								}
+							}
+						}
+					]
+				}
+			]
+		}
+	]
+}