Skip to content

Commit

Permalink
OSV scanners
Browse files Browse the repository at this point in the history
  • Loading branch information
joshuaostrom-cb committed Mar 22, 2023
1 parent e80f924 commit d07d0c3
Show file tree
Hide file tree
Showing 5 changed files with 26 additions and 0 deletions.
14 changes: 14 additions & 0 deletions lib/sarif/osv/base_sarif.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,19 @@ def parse_scan_report!
end

def parse_issue(issue)
# Example issue
# {"Package"=>"github.com/syncthing/syncthing",
# "Vulnerable Version"=>"0",
# "Version Detected"=>"1.14.0",
# "Patched Version"=>"1.15.0",
# "ID"=>"CVE-2021-21404",
# "Database"=>"Github Advisory Database",
# "Summary"=>"Crash due to malformed relay protocol message",
# "References"=>
# "https://github.com/advisories/GHSA-x462-89pf-6r5h, https://nvd.nist.gov...",
# "Source"=>"https://osv.dev/list",
# "Severity"=>"LOW"}

parsed_issue = {
id: issue['ID'],
name: SCANNER_NAME,
Expand All @@ -33,6 +46,7 @@ def parse_issue(issue)
messageStrings: { "package": { "text": issue['Package'].to_s },
"title": { "text": issue['Summary'].to_s },
"severity": { "text": issue['Severity'].to_s },
"cwe": { "text": [issue['ID']].to_s },
"patched_versions": { "text": issue['Patched Version'].to_s },
"vulnerable_versions": {
"text": issue['Vulnerable Version'].to_s
Expand Down
3 changes: 3 additions & 0 deletions spec/lib/sarif/osv/go_osv_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ def stub_req_with_valid_response
"helpUri" => "https://osv.dev/list",
"id" => "CVE-2021-21404",
"messageStrings" => {
"cwe" => {
"text" => "[\"CVE-2021-21404\"]"
},
"package" => {
"text" => "github.com/syncthing/syncthing"
},
Expand Down
3 changes: 3 additions & 0 deletions spec/lib/sarif/osv/gradle_osv_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ def stub_req_with_valid_response
"helpUri" => "https://osv.dev/list",
"id" => "CVE-2020-8908",
"messageStrings" => {
"cwe" => {
"text" => "[\"CVE-2020-8908\"]"
},
"package" => {
"text" => "com.google.guava:guava"
},
Expand Down
3 changes: 3 additions & 0 deletions spec/lib/sarif/osv/maven_osv_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ def stub_req_with_valid_response
"helpUri" => "https://osv.dev/list",
"id" => "CVE-2018-15756",
"messageStrings" => {
"cwe" => {
"text" => "[\"CVE-2018-15756\"]"
},
"package" => {
"text" => "org.springframework:spring-core"
},
Expand Down
3 changes: 3 additions & 0 deletions spec/lib/sarif/osv/python_osv_sarif_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ def stub_req_with_valid_response
"helpUri" => "https://osv.dev/list",
"id" => "CVE-2020-29651",
"messageStrings" => {
"cwe" => {
"text" => "[\"CVE-2020-29651\"]"
},
"package" => {
"text" => "py"
},
Expand Down

0 comments on commit d07d0c3

Please sign in to comment.