-
Notifications
You must be signed in to change notification settings - Fork 181
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
420 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
src/main/java/edu/hm/hafner/analysis/parser/violations/SemgrepAdapter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
package edu.hm.hafner.analysis.parser.violations; | ||
|
||
import se.bjurr.violations.lib.parsers.SemgrepParser; | ||
|
||
/** | ||
* Parses PyDocStyle results files. | ||
* | ||
* @author Ullrich Hafner | ||
*/ | ||
public class SemgrepAdapter extends AbstractViolationAdapter { | ||
private static final long serialVersionUID = 1119003057153007718L; | ||
|
||
@Override | ||
SemgrepParser createParser() { | ||
return new SemgrepParser(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
src/main/java/edu/hm/hafner/analysis/registry/SemgrepDescriptor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package edu.hm.hafner.analysis.registry; | ||
|
||
import edu.hm.hafner.analysis.IssueParser; | ||
import edu.hm.hafner.analysis.parser.violations.SemgrepAdapter; | ||
|
||
/** | ||
* A descriptor for Semgrep. | ||
* | ||
* @author Ullrich Hafner | ||
*/ | ||
class SemgrepDescriptor extends ParserDescriptor { | ||
private static final String ID = "semgrep"; | ||
private static final String NAME = "Semgrep"; | ||
|
||
SemgrepDescriptor() { | ||
super(ID, NAME); | ||
} | ||
|
||
@Override | ||
public IssueParser createParser(final Option... options) { | ||
return new SemgrepAdapter(); | ||
} | ||
|
||
@Override | ||
public String getHelp() { | ||
return "Use <code>--json</code>"; | ||
} | ||
|
||
@Override | ||
public String getUrl() { | ||
return "https://semgrep.dev/"; | ||
} | ||
|
||
@Override | ||
public String getIconUrl() { | ||
return "https://raw.githubusercontent.com/returntocorp/semgrep/develop/semgrep.svg"; | ||
} | ||
} |
39 changes: 39 additions & 0 deletions
39
src/test/java/edu/hm/hafner/analysis/parser/violations/SemgrepAdapterTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package edu.hm.hafner.analysis.parser.violations; | ||
|
||
import edu.hm.hafner.analysis.AbstractParserTest; | ||
import edu.hm.hafner.analysis.Report; | ||
import edu.hm.hafner.analysis.Severity; | ||
import edu.hm.hafner.analysis.assertions.SoftAssertions; | ||
|
||
/** | ||
* Tests the class {@link XmlLintAdapter}. | ||
* | ||
* @author Ullrich Hafner | ||
*/ | ||
class SemgrepAdapterTest extends AbstractParserTest { | ||
SemgrepAdapterTest() { | ||
super("semgrep-report.json"); | ||
} | ||
|
||
@Override | ||
protected void assertThatIssuesArePresent(final Report report, final SoftAssertions softly) { | ||
softly.assertThat(report).hasSize(1); | ||
softly.assertThat(report.get(0)) | ||
.hasFileName("src/main/java/se/bjurr/violations/lib/parsers/JUnitParser.java") | ||
.hasLineStart(33) | ||
.hasColumnStart(24) | ||
.hasColumnEnd(86) | ||
.hasType("java.lang.security.audit.formatted-sql-string.formatted-sql-string") | ||
.hasSeverity(Severity.WARNING_HIGH); | ||
|
||
softly.assertThat(report.get(0).getMessage()).contains("Detected a formatted string in a SQL statement. This could lead to SQL" | ||
+ " injection if variables in the SQL statement are not properly sanitized." | ||
+ " Use a prepared statements (java.sql.PreparedStatement) instead. You can" | ||
+ " obtain a PreparedStatement using 'connection.prepareStatement'."); | ||
} | ||
|
||
@Override | ||
protected SemgrepAdapter createParser() { | ||
return new SemgrepAdapter(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.