Skip to content

Commit

Permalink
internal/sarif: add version to module info for locations
Browse files Browse the repository at this point in the history 
This allows makes module information complete so that users can compute
local paths.

Change-Id: I8cedf77908b825d7e66ac9d7a9a075804f207c66
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/581195
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
  • Loading branch information
@zpavlinovic
zpavlinovic committed May 8, 2024
1 parent 0e39fee commit 93d3090
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 28 deletions.
16 changes: 8 additions & 8 deletions cmd/govulncheck/testdata/common/testfiles/binary-call/binary_sarif.ct
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
{
"locations": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -148,7 +148,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
},
"frames": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -175,7 +175,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
{
"locations": [
{
"module": "golang.org/x/text",
"module": "golang.org/x/text@v0.3.0",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -201,7 +201,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
},
"frames": [
{
"module": "golang.org/x/text",
"module": "golang.org/x/text@v0.3.0",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -228,7 +228,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
{
"locations": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -251,7 +251,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
{
"locations": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -277,7 +277,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
},
"frames": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand All @@ -296,7 +296,7 @@ $ govulncheck -format sarif -mode binary ${common_vuln_binary}
},
"frames": [
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {},
Expand Down
36 changes: 18 additions & 18 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_call_sarif.ct
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
{
"locations": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -173,7 +173,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -191,7 +191,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -209,7 +209,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down Expand Up @@ -241,7 +241,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
},
"frames": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -259,7 +259,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -277,7 +277,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -295,7 +295,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -313,7 +313,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -331,7 +331,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down Expand Up @@ -380,7 +380,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
{
"locations": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -398,7 +398,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "golang.org/x/text",
"module": "golang.org/x/text@v0.3.0",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down Expand Up @@ -430,7 +430,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
},
"frames": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -448,7 +448,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "golang.org/x/text",
"module": "golang.org/x/text@v0.3.0",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down Expand Up @@ -497,7 +497,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
{
"locations": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -515,7 +515,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down Expand Up @@ -547,7 +547,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
},
"frames": [
{
"module": "golang.org/vuln",
"module": "golang.org/vuln@",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand All @@ -565,7 +565,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
}
},
{
"module": "github.com/tidwall/gjson",
"module": "github.com/tidwall/gjson@v1.6.5",
"location": {
"physicalLocation": {
"artifactLocation": {
Expand Down
4 changes: 2 additions & 2 deletions internal/sarif/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,7 +286,7 @@ func stack(h *handler, f *govulncheck.Finding) Stack {
}

sf := Frame{
Module: frame.Module,
Module: frame.Module + "@" + frame.Version,
Location: Location{Message: Description{Text: symbol(frame)}}, // show the (full) symbol name
}
if h.cfg.ScanMode != govulncheck.ScanModeBinary {
Expand Down Expand Up @@ -359,7 +359,7 @@ func threadFlows(h *handler, fs []*govulncheck.Finding) []ThreadFlow {
}

tfl := ThreadFlowLocation{
Module: frame.Module,
Module: frame.Module + "@" + frame.Version,
Location: Location{Message: Description{Text: symbol(frame)}}, // show the (full) symbol name
}
if h.cfg.ScanMode != govulncheck.ScanModeBinary {
Expand Down
6 changes: 6 additions & 0 deletions internal/sarif/sarif.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,9 @@ type ThreadFlow struct {
}

type ThreadFlowLocation struct {
// Module is module information in the form <module-path>@<version>.
// <version> can be empty when the module version is not known as
// with, say, the source module analyzed.
Module string `json:"module,omitempty"`
// Location also contains a Message field.
Location Location `json:"location,omitempty"`
Expand All @@ -138,6 +141,9 @@ type Stack struct {
// Frame is effectively a module location. It can also contain thread and
// parameter info, but those are not needed for govulncheck.
type Frame struct {
// Module is module information in the form <module-path>@<version>.
// <version> can be empty when the module version is not known as
// with, say, the source module analyzed.
Module string `json:"module,omitempty"`
Location Location `json:"location,omitempty"`
}
Expand Down

0 comments on commit 93d3090

Please sign in to comment.