Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use taxa instead of tags to associate CWE in SARIF renderer #446

Open
ericwb opened this issue Apr 29, 2024 · 0 comments
Open

Use taxa instead of tags to associate CWE in SARIF renderer #446

ericwb opened this issue Apr 29, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@ericwb
Copy link
Contributor

ericwb commented Apr 29, 2024

Describe the bug
Currently the CWE number is associated to a rule via the tags property on the rule. However, according to spec, the taxa property should be used instead.

Tags SHOULD NOT be used to label a result or a rule as belonging to a category in a classification system such as the Common Weakness Enumeration [CWE™] (for example, by adding a tag "CWE/622"). Instead, taxonomies (§3.19.3) SHOULD be used for this purpose.

To Reproduce
Steps to reproduce the behavior:
n/a

Expected behavior
Will this still work in GitHub UI? If not, might have to do both.

Version

precli 0.5.2
Copyright 2024 Secure Saurce LLC
License BUSL-1.1: Business Source License 1.1 <https://spdx.org/licenses/BUSL-1.1.html>
  Python 3.12.1 (main, Dec 12 2023, 13:19:17) [Clang 15.0.0 (clang-1500.0.40.1)]

Additional context
See 3.19.25 taxa property in
https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html
@ericwb ericwb added the bug Something isn't working label Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericwb