Skip to content

Commit

Permalink
advance snyk to support snykcode and snykcontainer DefectDojo#9270 (D…
Browse files Browse the repository at this point in the history 
…efectDojo#9289)

* advance snyk to support snykcode and snykcontainer DefectDojo#9270

* 🚧 update

* works, but information in findings is still missing

* shorten unittestfile

* finish
  • Loading branch information
@manuel-sommer
manuel-sommer authored Jan 10, 2024
1 parent 159dca6 commit 42548de
Show file tree
Hide file tree
Showing 4 changed files with 14,890 additions and 13 deletions.
65 changes: 55 additions & 10 deletions dojo/tools/snyk/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,23 +42,25 @@ def parse_json(self, json_output):

def get_items(self, tree, test):
items = {}
target_file = tree.get("displayTargetFile", None)
upgrades = tree.get("remediation", {}).get("upgrade", None)
iterator = 0
if "vulnerabilities" in tree:
target_file = tree.get("displayTargetFile", None)
upgrades = tree.get("remediation", {}).get("upgrade", None)
vulnerabilityTree = tree["vulnerabilities"]

for node in vulnerabilityTree:
item = self.get_item(
node, test, target_file=target_file, upgrades=upgrades
)
unique_key = node["title"] + str(
node["packageName"]
+ str(node["version"])
+ str(node["from"])
+ str(node["id"])
items[iterator] = item
iterator += 1
elif "runs" in tree and tree["runs"][0].get("results"):
results = tree["runs"][0]["results"]
for node in results:
item = self.get_code_item(
node, test
)
items[unique_key] = item

items[iterator] = item
iterator += 1
return list(items.values())

def get_item(self, vulnerability, test, target_file=None, upgrades=None):
Expand Down Expand Up @@ -211,5 +213,48 @@ def get_item(self, vulnerability, test, target_file=None, upgrades=None):
current_pack_version, upgraded_pack
)
finding.mitigation += "\n - ".join(tertiary_upgrade_list)
return finding

def get_code_item(self, vulnerability, test):
ruleId = vulnerability["ruleId"]
ruleIndex = vulnerability["ruleIndex"]
message = vulnerability["message"]["text"]
score = vulnerability["properties"]["priorityScore"]
locations_uri = vulnerability["locations"][0]["physicalLocation"]["artifactLocation"]["uri"]
locations_uriBaseId = vulnerability["locations"][0]["physicalLocation"]["artifactLocation"]["uriBaseId"]
locations_startLine = vulnerability["locations"][0]["physicalLocation"]["region"]["startLine"]
locations_endLine = vulnerability["locations"][0]["physicalLocation"]["region"]["endLine"]
locations_startColumn = vulnerability["locations"][0]["physicalLocation"]["region"]["startColumn"]
locations_endColumn = vulnerability["locations"][0]["physicalLocation"]["region"]["endColumn"]
isAutofixable = vulnerability["properties"]["isAutofixable"]
if score <= 399:
severity = "Low"
elif score <= 699:
severity = "Medium"
elif score <= 899:
severity = "High"
else:
severity = "Critical"
# create the finding object
finding = Finding(
title=ruleId + "_" + locations_uri,
test=test,
severity=severity,
description="**ruleId**: " + str(ruleId) + "\n"
+ "**ruleIndex**: " + str(ruleIndex) + "\n"
+ "**message**: " + str(message) + "\n"
+ "**score**: " + str(score) + "\n"
+ "**uri**: " + locations_uri + "\n"
+ "**uriBaseId**: " + locations_uriBaseId + "\n"
+ "**startLine**: " + str(locations_startLine) + "\n"
+ "**endLine**: " + str(locations_endLine) + "\n"
+ "**startColumn**: " + str(locations_startColumn) + "\n"
+ "**endColumn**: " + str(locations_endColumn) + "\n"
+ "**isAutofixable**: " + str(isAutofixable) + "\n",
false_p=False,
duplicate=False,
out_of_scope=False,
static_finding=True,
dynamic_finding=False,
)
return finding
Loading

0 comments on commit 42548de

Please sign in to comment.