-
Notifications
You must be signed in to change notification settings - Fork 493
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add github-sarif writer for github suited sarif output (#907)
* add --github flag for github suited sarif output * fixed golden file for scan -h * changed to using github-sarif writer than --github flag
- Loading branch information
Devang Gaur
committed
Jul 13, 2021
1 parent
73bcc12
commit 8bba815
Showing
18 changed files
with
182 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* | ||
Copyright (C) 2020 Accurics, Inc. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package writer | ||
|
||
import ( | ||
"io" | ||
) | ||
|
||
const ( | ||
githubSarifFormat supportedFormat = "github-sarif" | ||
) | ||
|
||
func init() { | ||
RegisterWriter(githubSarifFormat, GithubSarifWriter) | ||
} | ||
|
||
// GithubSarifWriter writes sarif formatted violation results report that are well suited for github codescanning alerts display | ||
func GithubSarifWriter(data interface{}, writer io.Writer) error { | ||
return writeSarif(data, writer, true) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
package writer | ||
|
||
import ( | ||
"bytes" | ||
"fmt" | ||
"github.com/accurics/terrascan/pkg/utils" | ||
"github.com/accurics/terrascan/pkg/version" | ||
"strings" | ||
"testing" | ||
) | ||
|
||
const violationTemplateForGH = `{ | ||
"version": "2.1.0", | ||
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", | ||
"runs": [ | ||
{ | ||
"tool": { | ||
"driver": { | ||
"name": "terrascan", | ||
"version": "%s", | ||
"informationUri": "https://github.com/accurics/terrascan", | ||
"rules": [ | ||
{ | ||
"id": "AWS.S3Bucket.DS.High.1043", | ||
"name": "s3EnforceUserACL", | ||
"shortDescription": { | ||
"text": "S3 bucket Access is allowed to all AWS Account Users." | ||
}, | ||
"properties": { | ||
"category": "S3", | ||
"severity": "HIGH" | ||
} | ||
} | ||
] | ||
} | ||
}, | ||
"results": [ | ||
{ | ||
"ruleId": "AWS.S3Bucket.DS.High.1043", | ||
"level": "error", | ||
"message": { | ||
"text": "S3 bucket Access is allowed to all AWS Account Users." | ||
}, | ||
"locations": [ | ||
{ | ||
"physicalLocation": { | ||
"artifactLocation": { | ||
"uri": "%s", | ||
"uriBaseId": "test" | ||
}, | ||
"region": { | ||
"startLine": 20 | ||
} | ||
}, | ||
"logicalLocations": [ | ||
{ | ||
"name": "bucket", | ||
"kind": "aws_s3_bucket" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
} | ||
] | ||
}` | ||
|
||
var expectedSarifViolationOutputGH = fmt.Sprintf(violationTemplateForGH, version.GetNumeric(), testpathForGH) | ||
|
||
func TestGithubSarifWriter(t *testing.T) { | ||
|
||
type funcInput interface{} | ||
tests := []struct { | ||
name string | ||
input funcInput | ||
expectedError bool | ||
expectedOutput string | ||
}{ | ||
{ | ||
name: "Sarif Writer for Github: Violations", | ||
input: violationsInput, | ||
expectedOutput: expectedSarifViolationOutputGH, | ||
}, | ||
} | ||
|
||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
writer := &bytes.Buffer{} | ||
if err := GithubSarifWriter(tt.input, writer); (err != nil) != tt.expectedError { | ||
t.Errorf("HumanReadbleWriter() error = gotErr: %v, wantErr: %v", err, tt.expectedError) | ||
} | ||
outputBytes := writer.Bytes() | ||
gotOutput := string(bytes.TrimSpace(outputBytes)) | ||
|
||
if equal, _ := utils.AreEqualJSON(strings.TrimSpace(gotOutput), strings.TrimSpace(tt.expectedOutput)); !equal { | ||
t.Errorf("HumanReadbleWriter() = got: %v, want: %v", gotOutput, tt.expectedOutput) | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters