Add Cwe relationship to FlawFinder sarif (#2332)

* Add Cwe relationship to FlawFinder sarif * Fix the test cases
microsoft · Apr 20, 2021 · c38af87 · c38af87
1 parent df7621e
commit c38af87
Show file tree

Hide file tree

Showing 3 changed files with 110 additions and 8 deletions.
diff --git a/src/Sarif.Converters/FlawFinderConverter.cs b/src/Sarif.Converters/FlawFinderConverter.cs
@@ -48,9 +48,23 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm
                         Version = flawFinderCsvResults?.FirstOrDefault()?.ToolVersion,
                         InformationUri = new Uri(ToolInformationUri),
                         Rules = rules,
+                        SupportedTaxonomies = new List<ToolComponentReference>() { new ToolComponentReference() { Name = "CWE", Guid = "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5" } }
+                    }
+                },
+                ExternalPropertyFileReferences = new ExternalPropertyFileReferences()
+                {
+                    Taxonomies = new List<ExternalPropertyFileReference>()
+                    {
+                        new ExternalPropertyFileReference()
+                        {
+                            Location = new ArtifactLocation()
+                            {
+                                Uri = new Uri("https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"),
+                            },
+                            Guid = "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+                        }
                     }
                 },
-
                 Results = results,
             };
 
@@ -106,6 +120,22 @@ private static IList<ReportingDescriptor> ExtractRules(IList<FlawFinderCsvResult
                     Level = SarifLevelFromFlawFinderLevel(flawFinderCsvResult.DefaultLevel),
                 },
                 HelpUri = new Uri(flawFinderCsvResult.HelpUri),
+                Relationships = new List<ReportingDescriptorRelationship>(
+                    flawFinderCsvResult.CWEs.Split(new char[] { ',', '/' }, StringSplitOptions.RemoveEmptyEntries)
+                    .Select(p => p.Trim()).Where(p => !string.IsNullOrWhiteSpace(p)).ToList().OrderBy(o => int.Parse(o.Replace("CWE-", "").Replace("!", "")))
+                    .Select(s => new ReportingDescriptorRelationship()
+                    {
+                        Target = new ReportingDescriptorReference()
+                        {
+                            Id = s.Replace("!", ""),
+                            ToolComponent = new ToolComponentReference()
+                            {
+                                Name = "CWE",
+                                Guid = "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+                            }
+                        },
+                        Kinds = new List<string>() { s.EndsWith("!") ? "incomparable" : "relevant" },
+                    }))
             };
 
         private static Result SarifResultFromFlawFinderCsvResult(FlawFinderCsvResult flawFinderCsvResult)

diff --git a/src/Test.UnitTests.Sarif.Converters/TestData/FlawFinder/ExpectedOutputs/NoResults.sarif b/src/Test.UnitTests.Sarif.Converters/TestData/FlawFinder/ExpectedOutputs/NoResults.sarif
@@ -1,4 +1,4 @@
-{
+{
   "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
   "version": "2.1.0",
   "runs": [
@@ -7,10 +7,26 @@
       "tool": {
         "driver": {
           "name": "Flawfinder",
-          "informationUri": "https://dwheeler.com/flawfinder/"
+          "informationUri": "https://dwheeler.com/flawfinder/",
+          "supportedTaxonomies": [
+            {
+              "name": "CWE",
+              "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+            }
+          ]
         }
       },
-      "columnKind": "utf16CodeUnits"
+      "columnKind": "utf16CodeUnits",
+      "externalPropertyFileReferences": {
+        "taxonomies": [
+          {
+            "location": {
+              "uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
+            },
+            "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+          }
+        ]
+      }
     }
   ]
 }
diff --git a/src/Test.UnitTests.Sarif.Converters/TestData/FlawFinder/ExpectedOutputs/ValidResults.sarif b/src/Test.UnitTests.Sarif.Converters/TestData/FlawFinder/ExpectedOutputs/ValidResults.sarif
@@ -1,4 +1,4 @@
-{
+{
   "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
   "version": "2.1.0",
   "runs": [
@@ -107,7 +107,21 @@
               "defaultConfiguration": {
                 "level": "error"
               },
-              "helpUri": "https://dwheeler.com/flawfinder#FF1001"
+              "helpUri": "https://dwheeler.com/flawfinder#FF1001",
+              "relationships": [
+                {
+                  "target": {
+                    "id": "CWE-120",
+                    "toolComponent": {
+                      "name": "CWE",
+                      "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+                    }
+                  },
+                  "kinds": [
+                    "relevant"
+                  ]
+                }
+              ]
             },
             {
               "id": "FF1002",
@@ -118,12 +132,54 @@
               "defaultConfiguration": {
                 "level": "note"
               },
-              "helpUri": "https://dwheeler.com/flawfinder#FF1002"
+              "helpUri": "https://dwheeler.com/flawfinder#FF1002",
+              "relationships": [
+                {
+                  "target": {
+                    "id": "CWE-119",
+                    "toolComponent": {
+                      "name": "CWE",
+                      "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+                    }
+                  },
+                  "kinds": [
+                    "incomparable"
+                  ]
+                },
+                {
+                  "target": {
+                    "id": "CWE-120",
+                    "toolComponent": {
+                      "name": "CWE",
+                      "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+                    }
+                  },
+                  "kinds": [
+                    "relevant"
+                  ]
+                }
+              ]
+            }
+          ],
+          "supportedTaxonomies": [
+            {
+              "name": "CWE",
+              "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
             }
           ]
         }
       },
-      "columnKind": "utf16CodeUnits"
+      "columnKind": "utf16CodeUnits",
+      "externalPropertyFileReferences": {
+        "taxonomies": [
+          {
+            "location": {
+              "uri": "https://raw.githubusercontent.com/sarif-standard/taxonomies/main/CWE_v4.4.sarif"
+            },
+            "guid": "FFC64C90-42B6-44CE-8BEB-F6B7DAE649E5"
+          }
+        ]
+      }
     }
   ]
 }