Added rules to sarif. Added ruleDescription to other reports

Checkmarx · Oct 18, 2024 · a55313a · a55313a
1 parent 4b9e443
commit a55313a
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 14 deletions.
diff --git a/engine/engine.go b/engine/engine.go
@@ -90,15 +90,16 @@ func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.S
 			endLine = value.EndLine
 		}
 		secret := &secrets.Secret{
-			ID:          itemId,
-			Source:      item.GetSource(),
-			RuleID:      value.RuleID,
-			StartLine:   startLine,
-			StartColumn: value.StartColumn,
-			EndLine:     endLine,
-			EndColumn:   value.EndColumn,
-			Value:       value.Secret,
-			LineContent: value.Line,
+			ID:              itemId,
+			Source:          item.GetSource(),
+			RuleID:          value.RuleID,
+			StartLine:       startLine,
+			StartColumn:     value.StartColumn,
+			EndLine:         endLine,
+			EndColumn:       value.EndColumn,
+			Value:           value.Secret,
+			LineContent:     value.Line,
+			RuleDescription: value.Description,
 		}
 		if !isSecretIgnored(secret, &e.ignoredIds, &e.allowedValues) {
 			secretsChannel <- secret

diff --git a/lib/reporting/sarif.go b/lib/reporting/sarif.go
@@ -3,9 +3,10 @@ package reporting
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
+
 	"github.com/checkmarx/2ms/lib/config"
 	"github.com/checkmarx/2ms/lib/secrets"
-	"strings"
 )
 
 func writeSarif(report Report, cfg *config.Config) (string, error) {
@@ -26,23 +27,43 @@ func writeSarif(report Report, cfg *config.Config) (string, error) {
 func getRuns(report Report, cfg *config.Config) []Runs {
 	return []Runs{
 		{
-			Tool:    getTool(cfg),
+			Tool:    getTool(report, cfg),
 			Results: getResults(report),
 		},
 	}
 }
 
-func getTool(cfg *config.Config) Tool {
+func getTool(report Report, cfg *config.Config) Tool {
 	tool := Tool{
 		Driver: Driver{
 			Name:            cfg.Name,
 			SemanticVersion: cfg.Version,
+			Rules:           getRules(report),
 		},
 	}
 
 	return tool
 }
 
+func getRules(report Report) []*SarifRule {
+	uniqueRulesMap := make(map[string]*SarifRule)
+	var reportRules []*SarifRule
+	for _, reportSecrets := range report.Results {
+		for _, secret := range reportSecrets {
+			if _, exists := uniqueRulesMap[secret.RuleID]; !exists {
+				uniqueRulesMap[secret.RuleID] = &SarifRule{
+					ID: secret.RuleID,
+					FullDescription: &MultiformatMessageString{
+						Text: &secret.RuleDescription,
+					},
+				}
+				reportRules = append(reportRules, uniqueRulesMap[secret.RuleID])
+			}
+		}
+	}
+	return reportRules
+}
+
 func hasNoResults(report Report) bool {
 	return len(report.Results) == 0
 }
@@ -112,14 +133,24 @@ type ShortDescription struct {
 }
 
 type Driver struct {
-	Name            string `json:"name"`
-	SemanticVersion string `json:"semanticVersion"`
+	Name            string       `json:"name"`
+	SemanticVersion string       `json:"semanticVersion"`
+	Rules           []*SarifRule `json:"rules,omitempty"`
 }
 
 type Tool struct {
 	Driver Driver `json:"driver"`
 }
 
+type SarifRule struct {
+	ID              string                    `json:"id"`
+	FullDescription *MultiformatMessageString `json:"fullDescription,omitempty"`
+}
+
+type MultiformatMessageString struct {
+	Text *string `json:"text,omitempty"`
+}
+
 type Message struct {
 	Text string `json:"text"`
 }

diff --git a/lib/secrets/secret.go b/lib/secrets/secret.go
@@ -43,5 +43,6 @@ type Secret struct {
 	EndColumn        int                    `json:"endColumn"`
 	Value            string                 `json:"value"`
 	ValidationStatus ValidationResult       `json:"validationStatus,omitempty"`
+	RuleDescription  string                 `json:"ruleDescription,omitempty"`
 	ExtraDetails     map[string]interface{} `json:"extraDetails,omitempty"`
 }