From 59857a01a038b4b3c4f357c3facdd47b1cdfafff Mon Sep 17 00:00:00 2001 From: zied-elouaer Date: Tue, 13 Aug 2024 17:48:24 +0200 Subject: [PATCH 1/7] feat: support format_version in json plan for new versions --- pkg/iac-providers/tfplan/v1/load-file.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/iac-providers/tfplan/v1/load-file.go b/pkg/iac-providers/tfplan/v1/load-file.go index 7ab28c906..4bcb0e02d 100644 --- a/pkg/iac-providers/tfplan/v1/load-file.go +++ b/pkg/iac-providers/tfplan/v1/load-file.go @@ -35,7 +35,7 @@ var ( ) func getTfPlanFormatVersions() []string { - return []string{"0.1", "0.2"} + return []string{"0.1", "0.2", "1.0", "1.1", "1.2"} } // LoadIacFile parses the given tfplan file from the given file path From 407e87de6ad6f03349be8748e3dedf983e6dc24b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez?= Date: Thu, 22 Aug 2024 12:54:56 +0200 Subject: [PATCH 2/7] feat: Add resource.ID to the report violation --- pkg/policy/opa/engine.go | 1 + pkg/results/types.go | 1 + 2 files changed, 2 insertions(+) diff --git a/pkg/policy/opa/engine.go b/pkg/policy/opa/engine.go index 872bd61cd..57ae99350 100644 --- a/pkg/policy/opa/engine.go +++ b/pkg/policy/opa/engine.go @@ -298,6 +298,7 @@ func (e *Engine) reportViolation(regoData *policy.RegoData, resource *output.Res Category: regoData.Metadata.Category, RuleFile: regoData.Metadata.File, RuleData: regoData.RawRego, + ResourceID: resource.ID, ResourceName: resource.Name, ResourceType: resource.Type, ResourceData: resource.Config, diff --git a/pkg/results/types.go b/pkg/results/types.go index 4633560c8..3db916aac 100644 --- a/pkg/results/types.go +++ b/pkg/results/types.go @@ -31,6 +31,7 @@ type Violation struct { RuleFile string `json:"-" yaml:"-" xml:"-"` RuleData interface{} `json:"-" yaml:"-" xml:"-"` Comment string `json:"skip_comment,omitempty" yaml:"skip_comment,omitempty" xml:"skip_comment,omitempty"` + ResourceID string `json:"resource_id" yaml:"resource_id" xml:"resource_id"` ResourceName string `json:"resource_name" yaml:"resource_name" xml:"resource_name,attr"` ResourceType string `json:"resource_type" yaml:"resource_type" xml:"resource_type,attr"` ResourceData interface{} `json:"-" yaml:"-" xml:"-"` From b24d087c5c85a8d82b648fa546a756baae9da976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez?= Date: Thu, 22 Aug 2024 14:31:25 +0200 Subject: [PATCH 3/7] feat: Add support to dump resource_id As decoratedName in SARIF report --- pkg/results/types.go | 2 +- pkg/writer/github_sarif_test.go | 1 + pkg/writer/json_test.go | 2 ++ pkg/writer/sarif.go | 8 ++++++-- pkg/writer/sarif_test.go | 1 + pkg/writer/xml_test.go | 4 ++-- pkg/writer/yaml_test.go | 4 ++++ 7 files changed, 17 insertions(+), 5 deletions(-) diff --git a/pkg/results/types.go b/pkg/results/types.go index 3db916aac..5901ae900 100644 --- a/pkg/results/types.go +++ b/pkg/results/types.go @@ -31,7 +31,7 @@ type Violation struct { RuleFile string `json:"-" yaml:"-" xml:"-"` RuleData interface{} `json:"-" yaml:"-" xml:"-"` Comment string `json:"skip_comment,omitempty" yaml:"skip_comment,omitempty" xml:"skip_comment,omitempty"` - ResourceID string `json:"resource_id" yaml:"resource_id" xml:"resource_id"` + ResourceID string `json:"resource_id" yaml:"resource_id" xml:"resource_id,attr"` ResourceName string `json:"resource_name" yaml:"resource_name" xml:"resource_name,attr"` ResourceType string `json:"resource_type" yaml:"resource_type" xml:"resource_type,attr"` ResourceData interface{} `json:"-" yaml:"-" xml:"-"` diff --git a/pkg/writer/github_sarif_test.go b/pkg/writer/github_sarif_test.go index 844d2a113..bc973a15a 100644 --- a/pkg/writer/github_sarif_test.go +++ b/pkg/writer/github_sarif_test.go @@ -58,6 +58,7 @@ const violationTemplateForGH = `{ "logicalLocations": [ { "name": "bucket", + "decoratedName": "aws_s3_bucket.bucket", "kind": "aws_s3_bucket" } ] diff --git a/pkg/writer/json_test.go b/pkg/writer/json_test.go index 0ffac90d3..dbf1c169e 100644 --- a/pkg/writer/json_test.go +++ b/pkg/writer/json_test.go @@ -36,6 +36,7 @@ const ( "rule_id": "AWS.S3Bucket.DS.High.1043", "severity": "HIGH", "category": "S3", + "resource_id": "aws_s3_bucket.bucket", "resource_name": "bucket", "resource_type": "aws_s3_bucket", "file": "modules/m1/main.tf", @@ -49,6 +50,7 @@ const ( "rule_id": "AWS.S3Bucket.DS.High.1043", "severity": "HIGH", "category": "S3", + "resource_id": "aws_s3_bucket.bucket", "resource_name": "bucket", "resource_type": "aws_s3_bucket", "file": "modules/m1/main.tf", diff --git a/pkg/writer/sarif.go b/pkg/writer/sarif.go index 7bd048f6c..3bbb1d4db 100644 --- a/pkg/writer/sarif.go +++ b/pkg/writer/sarif.go @@ -93,8 +93,12 @@ func writeSarif(data interface{}, writers []io.Writer, forGitHub bool) error { WithArtifactLocation(artifactLocation).WithRegion(sarif.NewRegion().WithStartLine(violation.LineNumber))) if len(violation.ResourceType) > 0 && len(violation.ResourceName) > 0 { - location.LogicalLocations = append(location.LogicalLocations, sarif.NewLogicalLocation(). - WithKind(violation.ResourceType).WithName(violation.ResourceName)) + ll := sarif.NewLogicalLocation(). + WithKind(violation.ResourceType).WithName(violation.ResourceName) + if len(violation.ResourceID) > 0 { + ll.WithDecoratedName(violation.ResourceID) + } + location.LogicalLocations = append(location.LogicalLocations, ll) } run.AddResult(sarif.NewRuleResult(rule.ID). diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go index fb9e981bd..d415d0353 100644 --- a/pkg/writer/sarif_test.go +++ b/pkg/writer/sarif_test.go @@ -62,6 +62,7 @@ const violationTemplate = `{ }, "logicalLocations": [ { + "decoratedName": "aws_s3_bucket.bucket", "name": "bucket", "kind": "aws_s3_bucket" } diff --git a/pkg/writer/xml_test.go b/pkg/writer/xml_test.go index 49b0a7375..6b85020c3 100644 --- a/pkg/writer/xml_test.go +++ b/pkg/writer/xml_test.go @@ -15,10 +15,10 @@ const ( - + - + diff --git a/pkg/writer/yaml_test.go b/pkg/writer/yaml_test.go index c62245d8a..cd4c18b4a 100644 --- a/pkg/writer/yaml_test.go +++ b/pkg/writer/yaml_test.go @@ -53,6 +53,7 @@ var ( RuleID: "AWS.S3Bucket.DS.High.1043", Severity: "HIGH", Category: "S3", + ResourceID: "aws_s3_bucket.bucket", ResourceName: "bucket", ResourceType: "aws_s3_bucket", File: "modules/m1/main.tf", @@ -67,6 +68,7 @@ var ( Severity: "HIGH", Category: "S3", Comment: "", + ResourceID: "aws_s3_bucket.bucket", ResourceName: "bucket", ResourceType: "aws_s3_bucket", File: "modules/m1/main.tf", @@ -114,6 +116,7 @@ const ( rule_id: AWS.S3Bucket.DS.High.1043 severity: HIGH category: S3 + resource_id: aws_s3_bucket.bucket resource_name: bucket resource_type: aws_s3_bucket file: modules/m1/main.tf @@ -124,6 +127,7 @@ const ( rule_id: AWS.S3Bucket.DS.High.1043 severity: HIGH category: S3 + resource_id: aws_s3_bucket.bucket resource_name: bucket resource_type: aws_s3_bucket file: modules/m1/main.tf From 12af1a3315640d1011e2ae40c78294c38f6eaa57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez?= Date: Thu, 22 Aug 2024 15:11:45 +0200 Subject: [PATCH 4/7] test: Support happy path for executor of an engine --- pkg/runtime/executor_test.go | 57 ++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 16 deletions(-) diff --git a/pkg/runtime/executor_test.go b/pkg/runtime/executor_test.go index 06f7bc114..e0eb81afd 100644 --- a/pkg/runtime/executor_test.go +++ b/pkg/runtime/executor_test.go @@ -23,11 +23,9 @@ import ( "reflect" "testing" - "github.com/hashicorp/go-multierror" - tfv15 "github.com/tenable/terrascan/pkg/iac-providers/terraform/v15" - "github.com/tenable/terrascan/pkg/results" - "github.com/tenable/terrascan/pkg/vulnerability" + "github.com/stretchr/testify/assert" + "github.com/tenable/terrascan/pkg/config" iacProvider "github.com/tenable/terrascan/pkg/iac-providers" armv1 "github.com/tenable/terrascan/pkg/iac-providers/arm/v1" cftv1 "github.com/tenable/terrascan/pkg/iac-providers/cft/v1" @@ -35,15 +33,16 @@ import ( helmv3 "github.com/tenable/terrascan/pkg/iac-providers/helm/v3" k8sv1 "github.com/tenable/terrascan/pkg/iac-providers/kubernetes/v1" kustomizev4 "github.com/tenable/terrascan/pkg/iac-providers/kustomize/v4" + "github.com/tenable/terrascan/pkg/iac-providers/output" tfv12 "github.com/tenable/terrascan/pkg/iac-providers/terraform/v12" tfv14 "github.com/tenable/terrascan/pkg/iac-providers/terraform/v14" - "github.com/tenable/terrascan/pkg/notifications/webhook" - - "github.com/tenable/terrascan/pkg/config" - "github.com/tenable/terrascan/pkg/iac-providers/output" + tfv15 "github.com/tenable/terrascan/pkg/iac-providers/terraform/v15" "github.com/tenable/terrascan/pkg/notifications" + "github.com/tenable/terrascan/pkg/notifications/webhook" "github.com/tenable/terrascan/pkg/policy" + "github.com/tenable/terrascan/pkg/results" "github.com/tenable/terrascan/pkg/utils" + "github.com/tenable/terrascan/pkg/vulnerability" ) var ( @@ -77,6 +76,7 @@ func (m MockIacProvider) Name() string { // mock policy engine type MockPolicyEngine struct { err error + out policy.EngineOutput } type MockVulnerabilityEngine struct { out vulnerability.EngineOutput @@ -97,7 +97,7 @@ func (m MockPolicyEngine) Configure() error { } func (m MockPolicyEngine) Evaluate(input policy.EngineInput, filter policy.PreScanFilter) (out policy.EngineOutput, err error) { - return out, m.err + return m.out, m.err } func (m MockVulnerabilityEngine) ReportVulnerability(input vulnerability.EngineInput, options map[string]interface{}) (out vulnerability.EngineOutput) { @@ -125,6 +125,7 @@ func TestExecute(t *testing.T) { configWithError bool executor Executor wantErr error + wantResults *Output }{ { name: "test LoadIacDir error", @@ -132,7 +133,7 @@ func TestExecute(t *testing.T) { dirPath: testDir, iacProviders: []iacProvider.IacProvider{MockIacProvider{err: errMockLoadIacDir}}, }, - wantErr: multierror.Append(errMockLoadIacDir), + wantErr: errMockLoadIacDir, }, { name: "test LoadIacDir no error", @@ -155,11 +156,32 @@ func TestExecute(t *testing.T) { { name: "test LoadIacFile no error", executor: Executor{ - filePath: filepath.Join(testDataDir, "testfile"), - iacProviders: []iacProvider.IacProvider{MockIacProvider{err: nil}}, - policyEngines: []policy.Engine{MockPolicyEngine{err: nil}}, + filePath: filepath.Join(testDataDir, "testfile"), + iacProviders: []iacProvider.IacProvider{MockIacProvider{err: nil}}, + policyEngines: []policy.Engine{MockPolicyEngine{err: nil, out: policy.EngineOutput{ + ViolationStore: &results.ViolationStore{ + Violations: []*results.Violation{{ + ResourceID: "id", + ResourceName: "name", + }}, + }, + }}}, }, wantErr: nil, + wantResults: &Output{ + ResourceConfig: output.AllResourceConfigs(nil), + Violations: policy.EngineOutput{ + ViolationStore: &results.ViolationStore{ + Summary: results.ScanSummary{ + ResourcePath: "testdata/testfile", + }, + Violations: []*results.Violation{{ + ResourceID: "id", + ResourceName: "name", + }}, + }, + }, + }, }, { name: "test SendNotifications no error", @@ -227,9 +249,12 @@ func TestExecute(t *testing.T) { for _, tt := range table { t.Run(tt.name, func(t *testing.T) { - _, gotErr := tt.executor.Execute(tt.configOnly, tt.configWithError) - if !reflect.DeepEqual(gotErr, tt.wantErr) { - t.Errorf("unexpected error; gotErr: '%v', wantErr: '%v'", gotErr, tt.wantErr) + gotResults, gotErr := tt.executor.Execute(tt.configOnly, tt.configWithError) + assert.ErrorIs(t, gotErr, tt.wantErr) + if tt.wantResults != nil { + // Check output (only specific fields as testify no support for ignoring fields) + assert.Equal(t, tt.wantResults.Violations.Summary.ResourcePath, gotResults.Violations.Summary.ResourcePath) + assert.Equal(t, tt.wantResults.Violations.Violations, gotResults.Violations.Violations) } }) } From e7c9b553786f4939ee59002ec519c47bdb7e53c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez?= Date: Fri, 30 Aug 2024 10:39:36 +0200 Subject: [PATCH 5/7] feat: Wait longer to process JQ query Some large files may take longer than 100ms. It also fixes a wrong log message, only in this file, there are more in other parts of the project. --- pkg/utils/jqhelper.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/utils/jqhelper.go b/pkg/utils/jqhelper.go index fdf960a95..4da6bb970 100644 --- a/pkg/utils/jqhelper.go +++ b/pkg/utils/jqhelper.go @@ -44,7 +44,7 @@ func JQFilterWithQuery(jqQuery string, jsonInput []byte) ([]byte, error) { } // run jq query on input - ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) + ctx, cancel := context.WithTimeout(context.Background(), time.Second) defer cancel() iter := query.RunWithContext(ctx, input) for { @@ -53,13 +53,13 @@ func JQFilterWithQuery(jqQuery string, jsonInput []byte) ([]byte, error) { break } if err, ok := v.(error); ok { - zap.S().Warn("error in processing jq query; error: '%v'", err) + zap.S().Warnf("error in processing jq query; error: '%v'", err) continue } jqout, err := json.Marshal(v) if err != nil { - zap.S().Warn("failed to encode jq output into JSON. error: '%v'", err) + zap.S().Warnf("failed to encode jq output into JSON. error: '%v'", err) continue } processed = append(processed, jqout...) From ac7ecb7ed724afc6f7a959ecd32b3a0b1e9cb561 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Thu, 5 Sep 2024 21:24:04 +0200 Subject: [PATCH 6/7] Add resource_type to rule properties --- pkg/policy/opa/engine.go | 11 ++++++----- pkg/results/types.go | 11 ++++++----- pkg/writer/github_sarif_test.go | 1 + pkg/writer/human_readable_test.go | 22 ++++++++++++---------- pkg/writer/sarif.go | 2 ++ pkg/writer/sarif_test.go | 5 ++++- 6 files changed, 31 insertions(+), 21 deletions(-) diff --git a/pkg/policy/opa/engine.go b/pkg/policy/opa/engine.go index 57ae99350..d77c2dab3 100644 --- a/pkg/policy/opa/engine.go +++ b/pkg/policy/opa/engine.go @@ -341,11 +341,12 @@ func (e *Engine) reportViolation(regoData *policy.RegoData, resource *output.Res // reportPassed Adds a passed rule which wasn't violated by all the resources func (e *Engine) reportPassed(regoData *policy.RegoData) { passedRule := results.PassedRule{ - RuleName: regoData.Metadata.Name, - Description: regoData.Metadata.Description, - RuleID: regoData.Metadata.ID, - Severity: regoData.Metadata.Severity, - Category: regoData.Metadata.Category, + RuleName: regoData.Metadata.Name, + Description: regoData.Metadata.Description, + RuleID: regoData.Metadata.ID, + Severity: regoData.Metadata.Severity, + Category: regoData.Metadata.Category, + ResourceType: regoData.Metadata.ResourceType, } e.results.ViolationStore.AddPassedRule(&passedRule) diff --git a/pkg/results/types.go b/pkg/results/types.go index 5901ae900..3b367e503 100644 --- a/pkg/results/types.go +++ b/pkg/results/types.go @@ -43,11 +43,12 @@ type Violation struct { // PassedRule contains information of a passed rule type PassedRule struct { - RuleName string `json:"rule_name" yaml:"rule_name" xml:"rule_name,attr"` - Description string `json:"description" yaml:"description" xml:"description,attr"` - RuleID string `json:"rule_id" yaml:"rule_id" xml:"rule_id,attr"` - Severity string `json:"severity" yaml:"severity" xml:"severity,attr"` - Category string `json:"category" yaml:"category" xml:"category,attr"` + RuleName string `json:"rule_name" yaml:"rule_name" xml:"rule_name,attr"` + Description string `json:"description" yaml:"description" xml:"description,attr"` + RuleID string `json:"rule_id" yaml:"rule_id" xml:"rule_id,attr"` + Severity string `json:"severity" yaml:"severity" xml:"severity,attr"` + Category string `json:"category" yaml:"category" xml:"category,attr"` + ResourceType string `json:"resource_type" yaml:"resource_type" xml:"resource_type,attr"` } // ViolationStore Storage area for violation data diff --git a/pkg/writer/github_sarif_test.go b/pkg/writer/github_sarif_test.go index bc973a15a..320672b76 100644 --- a/pkg/writer/github_sarif_test.go +++ b/pkg/writer/github_sarif_test.go @@ -29,6 +29,7 @@ const violationTemplateForGH = `{ }, "properties": { "category": "S3", + "resource_type": "aws_s3_bucket", "severity": "HIGH" } } diff --git a/pkg/writer/human_readable_test.go b/pkg/writer/human_readable_test.go index c9b1822a6..fe53cc0c6 100644 --- a/pkg/writer/human_readable_test.go +++ b/pkg/writer/human_readable_test.go @@ -27,11 +27,12 @@ var ( ViolationStore: &results.ViolationStore{ PassedRules: []*results.PassedRule{ { - RuleName: "s3EnforceUserACL", - Description: "S3 bucket Access is allowed to all AWS Account Users.", - RuleID: "AWS.S3Bucket.DS.High.1043", - Severity: "HIGH", - Category: "S3", + RuleName: "s3EnforceUserACL", + Description: "S3 bucket Access is allowed to all AWS Account Users.", + RuleID: "AWS.S3Bucket.DS.High.1043", + Severity: "HIGH", + Category: "S3", + ResourceType: "aws_s3_bucket", }, }, Summary: summaryWithNoViolations, @@ -53,11 +54,12 @@ var ( }, PassedRules: []*results.PassedRule{ { - RuleName: "s3EnforceUserACL", - Description: "S3 bucket Access is allowed to all AWS Account Users.", - RuleID: "AWS.S3Bucket.DS.High.1043", - Severity: "HIGH", - Category: "S3", + RuleName: "s3EnforceUserACL", + Description: "S3 bucket Access is allowed to all AWS Account Users.", + RuleID: "AWS.S3Bucket.DS.High.1043", + Severity: "HIGH", + Category: "S3", + ResourceType: "aws_s3_bucket", }, }, Summary: summaryWithNoViolations, diff --git a/pkg/writer/sarif.go b/pkg/writer/sarif.go index 3bbb1d4db..a587144bd 100644 --- a/pkg/writer/sarif.go +++ b/pkg/writer/sarif.go @@ -57,6 +57,7 @@ func writeSarif(data interface{}, writers []io.Writer, forGitHub bool) error { for _, passedRule := range outputData.PassedRules { m := sarif.NewPropertyBag() m.Properties["category"] = passedRule.Category + m.Properties["resource_type"] = passedRule.ResourceType m.Properties["severity"] = passedRule.Severity run.AddRule(passedRule.RuleID). @@ -67,6 +68,7 @@ func writeSarif(data interface{}, writers []io.Writer, forGitHub bool) error { for _, violation := range outputData.Violations { m := sarif.NewPropertyBag() m.Properties["category"] = violation.Category + m.Properties["resource_type"] = violation.ResourceType m.Properties["severity"] = violation.Severity rule := run.AddRule(violation.RuleID). diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go index d415d0353..81108befa 100644 --- a/pkg/writer/sarif_test.go +++ b/pkg/writer/sarif_test.go @@ -35,7 +35,8 @@ const violationTemplate = `{ }, "properties": { "category": "S3", - "severity": "HIGH" + "severity": "HIGH", + "resource_type": "aws_s3_bucket" } } ], @@ -113,6 +114,7 @@ var expectedSarifOutput3 = fmt.Sprintf(`{ }, "properties": { "category": "S3", + "resource_type": "aws_s3_bucket", "severity": "HIGH" } } @@ -143,6 +145,7 @@ var expectedSarifOutput4 = fmt.Sprintf(`{ }, "properties": { "category": "S3", + "resource_type": "aws_s3_bucket", "severity": "HIGH" } } From c924a621bff990fbc220f9a985680e8a592682a8 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Fri, 11 Oct 2024 11:09:33 +0200 Subject: [PATCH 7/7] chore: Update go-sarif to latest version --- go.mod | 2 +- go.sum | 4 ++-- pkg/writer/github_sarif_test.go | 2 +- pkg/writer/sarif_test.go | 8 ++++---- .../dockerfile_platform_flag_sarif.txt | 2 +- .../kubernetes_ingress_sarif.txt | 2 +- .../aws/aws_ami_violations/aws_ami_violation_sarif.txt | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/go.mod b/go.mod index 6611c5963..f7c97ad5c 100644 --- a/go.mod +++ b/go.mod @@ -54,7 +54,7 @@ require ( github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.22.1 github.com/open-policy-agent/opa v0.46.1 - github.com/owenrumney/go-sarif/v2 v2.1.2 + github.com/owenrumney/go-sarif/v2 v2.3.3 github.com/pelletier/go-toml v1.9.5 github.com/pkg/errors v0.9.1 github.com/spf13/afero v1.6.0 diff --git a/go.sum b/go.sum index 361b5bb2f..63814c4a0 100644 --- a/go.sum +++ b/go.sum @@ -957,8 +957,8 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= -github.com/owenrumney/go-sarif/v2 v2.1.2 h1:PMDK7tXShJ9zsB7bfvlpADH5NEw1dfA9xwU8Xtdj73U= -github.com/owenrumney/go-sarif/v2 v2.1.2/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/owenrumney/go-sarif/v2 v2.3.3 h1:ubWDJcF5i3L/EIOER+ZyQ03IfplbSU1BLOE26uKQIIU= +github.com/owenrumney/go-sarif/v2 v2.3.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= github.com/packer-community/winrmcp v0.0.0-20180921211025-c76d91c1e7db/go.mod h1:f6Izs6JvFTdnRbziASagjZ2vmf55NSIkC/weStxCHqk= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= diff --git a/pkg/writer/github_sarif_test.go b/pkg/writer/github_sarif_test.go index 320672b76..27b3248bf 100644 --- a/pkg/writer/github_sarif_test.go +++ b/pkg/writer/github_sarif_test.go @@ -13,7 +13,7 @@ import ( const violationTemplateForGH = `{ "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go index 81108befa..3472f0325 100644 --- a/pkg/writer/sarif_test.go +++ b/pkg/writer/sarif_test.go @@ -19,7 +19,7 @@ var testpathForGH = violationsInput.Violations[0].File const violationTemplate = `{ "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -80,7 +80,7 @@ var expectedSarifOutput1 = fmt.Sprintf(violationTemplate, version.GetNumeric(), var expectedSarifOutput2 = fmt.Sprintf(`{ "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -98,7 +98,7 @@ var expectedSarifOutput2 = fmt.Sprintf(`{ var expectedSarifOutput3 = fmt.Sprintf(`{ "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { @@ -129,7 +129,7 @@ var expectedSarifOutput3 = fmt.Sprintf(`{ var expectedSarifOutput4 = fmt.Sprintf(`{ "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { diff --git a/test/e2e/scan/golden/docker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt b/test/e2e/scan/golden/docker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt index 659ce811e..059eac9ea 100644 --- a/test/e2e/scan/golden/docker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt +++ b/test/e2e/scan/golden/docker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { diff --git a/test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt b/test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt index 486b7b731..0896f1f3f 100644 --- a/test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt +++ b/test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": { diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt index 469e60c2f..2ea6bebdc 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt @@ -1,6 +1,6 @@ { "version": "2.1.0", - "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json", "runs": [ { "tool": {