Skip to content
This repository has been archived by the owner on Jun 9, 2022. It is now read-only.

Extend java-find-secbugs module to include package and class name in error code #108

Merged
merged 1 commit into from May 3, 2019
Merged

Extend java-find-secbugs module to include package and class name in error code #108

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 3 additions & 3 deletions lib/modules/java-find-secbugs/__tests__/findsecbugs-unit.js
View file
Open in desktop
Expand Up @@ -84,7 +84,7 @@ describe('FindSecBugs Module', () => {
const results = await run(fm)

expect(results.results.high).to.deep.equal([{
code: 'java-find-secbugs-XML_DECODER',
code: 'java-find-secbugs-XML_DECODER-com.hawkeye.java.test.controller.MyVulnerableControllerClass',
offender: 'In method com.hawkeye.java.test.controller.MyVulnerableControllerClass.Update(int, UpdateCommand, BindingResult)',
description: 'It is not safe to use an XMLDecoder to parse user supplied data',
mitigation: 'Check line(s) [47-48]'
Expand All @@ -102,7 +102,7 @@ describe('FindSecBugs Module', () => {
const results = await run(fm)

expect(results.results.medium).to.deep.equal([{
code: 'java-find-secbugs-PREDICTABLE_RANDOM',
code: 'java-find-secbugs-PREDICTABLE_RANDOM-com.hawkeye.java.test.config.MyVulnerableConfigClass',
offender: 'In method com.hawkeye.java.test.config.MyVulnerableConfigClass.generateSecretToken()',
description: 'The use of java.util.Random is predictable',
mitigation: 'Check line(s) 30'
Expand All @@ -120,7 +120,7 @@ describe('FindSecBugs Module', () => {
const results = await run(fm)

expect(results.results.low).to.deep.equal([{
code: 'java-find-secbugs-CRLF_INJECTION_LOGS',
code: 'java-find-secbugs-CRLF_INJECTION_LOGS-com.hawkeye.java.Application',
description: 'This use of Logger.info(...) might be used to include CRLF characters into log messages',
mitigation: 'Check line(s) 50, 55, 57, 59, 60, 61',
offender: 'In method com.hawkeye.java.Application.main(String[])'
Expand Down
2 changes: 1 addition & 1 deletion lib/modules/java-find-secbugs/index.js
View file
Open in desktop
Expand Up @@ -52,7 +52,7 @@ module.exports = {
const bugs = _.get(findSecBugsResult, ['BugCollection', 'BugInstance'], [])
return bugs.map(bug => ({
level: getSeverity(bug.$.priority),
code: bug.$.type,
code: bug.$.type + '-' + _.get(bug, ['Class', '0', '$', 'classname'], ''),
offender: bug.Method[0].Message[0],
description: bug.LongMessage[0],
mitigation: getMitigationMessage(bug.SourceLine)
Expand Down