diff --git a/lib/salus.rb b/lib/salus.rb index eb58361c..7c228d3b 100644 --- a/lib/salus.rb +++ b/lib/salus.rb @@ -17,7 +17,7 @@ require 'salus/scanner_types' module Salus - VERSION = '3.2.4'.freeze + VERSION = '3.2.5'.freeze DEFAULT_REPO_PATH = './repo'.freeze # This is inside the docker container at /home/repo. DEFAULT_REPORT_FILTER = 'all'.freeze NONE_REPORT_FILTER = 'none'.freeze diff --git a/lib/sarif/pattern_search_sarif.rb b/lib/sarif/pattern_search_sarif.rb index c5a97fb5..91ad9fb2 100644 --- a/lib/sarif/pattern_search_sarif.rb +++ b/lib/sarif/pattern_search_sarif.rb @@ -88,7 +88,8 @@ def parse_issue(issue) uri: url_info[0], help_url: PATTERN_SEARCH_URI, code: issue[:hit], - properties: { severity: "HIGH" } + properties: { severity: "HIGH" }, + messageStrings: { "severity": { "text": "HIGH" } } } end diff --git a/lib/sarif/semgrep_sarif.rb b/lib/sarif/semgrep_sarif.rb index 0793b101..bc3b8717 100644 --- a/lib/sarif/semgrep_sarif.rb +++ b/lib/sarif/semgrep_sarif.rb @@ -99,7 +99,8 @@ def parse_hit(hit) code: code, rule: "Pattern: #{hit[:pattern]}\nMessage: #{hit[:msg]}", properties: { 'severity': hit[:severity] }, - messageStrings: { "cwe": { "text": cwes.to_s } } + messageStrings: { "cwe": { "text": cwes.to_s }, + "severity": { "text": hit[:severity].to_s } } } rescue StandardError => e bugsnag_notify(e.message) diff --git a/spec/fixtures/integration/expected_report.json b/spec/fixtures/integration/expected_report.json index a58f2de8..01d73216 100644 --- a/spec/fixtures/integration/expected_report.json +++ b/spec/fixtures/integration/expected_report.json @@ -1,5 +1,5 @@ { - "version": "3.2.4", + "version": "3.2.5", "passed": true, "running_time": 0.0, "scans": { diff --git a/spec/fixtures/processor/local_uri/expected_report.json b/spec/fixtures/processor/local_uri/expected_report.json index ec2ca342..6f4b9fce 100644 --- a/spec/fixtures/processor/local_uri/expected_report.json +++ b/spec/fixtures/processor/local_uri/expected_report.json @@ -254,5 +254,5 @@ } } }, - "version": "3.2.4" + "version": "3.2.5" } diff --git a/spec/fixtures/processor/multiple_endpoints/expected_report.json b/spec/fixtures/processor/multiple_endpoints/expected_report.json index 503abd1d..17d42e77 100644 --- a/spec/fixtures/processor/multiple_endpoints/expected_report.json +++ b/spec/fixtures/processor/multiple_endpoints/expected_report.json @@ -1,5 +1,5 @@ { - "version": "3.2.4", + "version": "3.2.5", "passed": true, "running_time": 0.0, "scans": { diff --git a/spec/fixtures/processor/remote_uri/expected_report.json b/spec/fixtures/processor/remote_uri/expected_report.json index d4624b6c..dacf0e40 100644 --- a/spec/fixtures/processor/remote_uri/expected_report.json +++ b/spec/fixtures/processor/remote_uri/expected_report.json @@ -254,5 +254,5 @@ } } }, - "version": "3.2.4" + "version": "3.2.5" } diff --git a/spec/fixtures/sarifs/diff/git_diff_yarn.txt b/spec/fixtures/sarifs/diff/git_diff_yarn.txt new file mode 100644 index 00000000..10815378 --- /dev/null +++ b/spec/fixtures/sarifs/diff/git_diff_yarn.txt @@ -0,0 +1,36 @@ +diff --git a/yarn.lock b/yarn.lock +index 06e7d3ba9ef..e3f8fbb5889 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -10599,10 +10599,10 @@ base64-arraybuffer@^0.2.0: + resolved "https://registry-npm.com/base64-arraybuffer/-/base64-arraybuffer-0.2.0.tgz#4b944fac0191aa5907afe2d8c999ccc57ce80f45" + integrity sha512-7emyCsu1/xiBXgQZrscw/8KPRT44I4Yq9Pe6EGs3aPRTsWuggML1/1DTuZUuIaJPIm1FTDUVXl4x/yW8s0kQDQ== + +-jspdf@2.5.1: +- version "2.5.1" +- resolved "https://registry.yarnpkg.com/jspdf/-/jspdf-2.5.1.tgz#00c85250abf5447a05f3b32ab9935ab4a56592cc" +- integrity sha512-hXObxz7ZqoyhxET78+XR34Xu2qFGrJJ2I2bE5w4SM8eFaFEkW2xcGRVUss360fYelwRSid/jT078kbNvmoW0QA== ++jspdf@2.3.1: ++ version "2.3.1" ++ resolved "https://registry-npm.com/jspdf/-/jspdf-2.3.1.tgz#313d117234b546469694a1fd81a1e02411647576" ++ integrity sha512-1vp0USP1mQi1h7NKpwxjFgQkJ5ncZvtH858aLpycUc/M+r/RpWJT8PixAU7Cw/3fPd4fpC8eB/Bj42LnsR21YQ== + dependencies: +- "@babel/runtime" "^7.14.0" + atob "^2.1.2" + btoa "^1.2.1" + fflate "^0.4.8" +@@ -31897,12 +31889,12 @@ text-encoding@0.7.0: + resolved "https://registry-npm.com/text-encoding/-/text-encoding-0.7.0.tgz#f895e836e45990624086601798ea98e8f36ee643" + integrity sha512-oJQ3f1hrOnbRLOcwKz0Liq2IcrvDeZRHXhd9RgLrsT+DjWY/nty1Hi7v3dtkaEYbPYe0mUoOfzRrMwfXXwgPUA== + +-text-segmentation@^1.0.2, text-segmentation@^1.0.3: +- version "1.0.3" +- resolved "https://registry.yarnpkg.com/text-segmentation/-/text-segmentation-1.0.3.tgz#52a388159efffe746b24a63ba311b6ac9f2d7943" +- integrity sha512-iOiPUo/BGnZ6+54OsWxZidGCsdU8YbE4PSpdPinp7DeMtUJNJBoJ/ouUSTJjHkh1KntHaltHl/gDs2FC4i5+Nw== ++text-segmentation@^1.0.2: ++ version "1.0.2" ++ resolved "https://registry-npm.com/text-segmentation/-/text-segmentation-1.0.2.tgz#1f828fa14aa101c114ded1bda35ba7dcc17c9858" ++ integrity sha512-uTqvLxdBrVnx/CFQOtnf8tfzSXFm+1Qxau7Xi54j4OPTZokuDOX8qncQzrg2G8ZicAMOM8TgzFAYTb+AqNO4Cw== + dependencies: +- utrie "^1.0.2" ++ utrie "^1.0.1" diff --git a/spec/fixtures/sorted_results/sorted_json.json b/spec/fixtures/sorted_results/sorted_json.json index 88451e4e..1715df41 100644 --- a/spec/fixtures/sorted_results/sorted_json.json +++ b/spec/fixtures/sorted_results/sorted_json.json @@ -81,5 +81,5 @@ } } }, - "version": "3.2.4" + "version": "3.2.5" } \ No newline at end of file diff --git a/spec/fixtures/sorted_results/sorted_yaml.yml b/spec/fixtures/sorted_results/sorted_yaml.yml index be50fd7e..bccc7f4c 100644 --- a/spec/fixtures/sorted_results/sorted_yaml.yml +++ b/spec/fixtures/sorted_results/sorted_yaml.yml @@ -49,4 +49,4 @@ col: 1 line: 3 :type: Syntax error -:version: 3.2.4 +:version: 3.2.5 diff --git a/spec/lib/sarif/pattern_search_sarif_spec.rb b/spec/lib/sarif/pattern_search_sarif_spec.rb index 3c78a1b7..22ff3ee0 100644 --- a/spec/lib/sarif/pattern_search_sarif_spec.rb +++ b/spec/lib/sarif/pattern_search_sarif_spec.rb @@ -40,6 +40,7 @@ report = adapter.build_runs_object(true) rules = report['tool'][:driver]['rules'] results = report['results'] + expect(results).to include( { "ruleId": "Forbidden Pattern Found", @@ -69,14 +70,15 @@ } ) doc = "https://github.com/coinbase/salus/blob/master/docs/scanners/pattern_search.md" + expect(rules).to include( { "id": "Forbidden Pattern Found", "name": "Forbidden Pattern Found", + "messageStrings": { "severity": { "text": "HIGH" } }, "fullDescription": { "text": "not important string. Pattern Nerv is forbidden." }, - "messageStrings": {}, "helpUri": doc, "help": { "text": "More info: #{doc}", diff --git a/spec/lib/sarif/semgrep_sarif_spec.rb b/spec/lib/sarif/semgrep_sarif_spec.rb index 746f364c..d2939a00 100644 --- a/spec/lib/sarif/semgrep_sarif_spec.rb +++ b/spec/lib/sarif/semgrep_sarif_spec.rb @@ -101,7 +101,8 @@ "help" => { "markdown" => "[More info](https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md).", "text" => "More info: https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md" }, "helpUri" => "https://github.com/coinbase/salus/blob/master/docs/scanners/semgrep.md", "id" => "semgrep-eqeq-test", - "messageStrings" => { "cwe" => { "text" => "[\"CWE-676: Use of Potentially Dangerous Function\"]" } }, + "messageStrings" => { "cwe" => { "text" => "[\"CWE-676: Use of Potentially Dangerous Function\"]" }, + "severity" => { "text" => "WARNING" } }, "name" => " / user.id == user.id is always true\n\trule_id: semgrep-eqeq-test Forbidden Pattern Found" }]) # rubocop:enable Layout/LineLength end