Skip to content

Commit

Permalink
internal/sarif: improve GOMODCACHE relative paths
Browse files Browse the repository at this point in the history 
The paths are now indeed relative to %GOMODCACHE%.

Change-Id: I445f95dfdcda4bf053b28917482f9a39866f9dd3
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/581235
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@zpavlinovic
zpavlinovic committed May 8, 2024
1 parent 93d3090 commit 052eac7
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 20 deletions.
24 changes: 12 additions & 12 deletions cmd/govulncheck/testdata/common/testfiles/source-call/source_call_sarif.ct
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -195,7 +195,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -213,7 +213,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down Expand Up @@ -263,7 +263,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -281,7 +281,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -299,7 +299,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -317,7 +317,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand All @@ -335,7 +335,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down Expand Up @@ -402,7 +402,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "language/parse.go",
"uri": "golang.org/x/text@v0.3.0/language/parse.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down Expand Up @@ -452,7 +452,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "language/parse.go",
"uri": "golang.org/x/text@v0.3.0/language/parse.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down Expand Up @@ -519,7 +519,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down Expand Up @@ -569,7 +569,7 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
"location": {
"physicalLocation": {
"artifactLocation": {
"uri": "gjson.go",
"uri": "github.com/tidwall/gjson@v1.6.5/gjson.go",
"uriBaseId": "%GOMODCACHE%"
},
"region": {
Expand Down
19 changes: 11 additions & 8 deletions internal/sarif/handler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"encoding/json"
"fmt"
"io"
"path/filepath"
"sort"

"golang.org/x/vuln/internal"
Expand Down Expand Up @@ -289,11 +290,12 @@ func stack(h *handler, f *govulncheck.Finding) Stack {
Module: frame.Module + "@" + frame.Version,
Location: Location{Message: Description{Text: symbol(frame)}}, // show the (full) symbol name
}
file, base := fileURIInfo(pos.Filename, top.Module, frame.Module, frame.Version)
if h.cfg.ScanMode != govulncheck.ScanModeBinary {
sf.Location.PhysicalLocation = PhysicalLocation{
ArtifactLocation: ArtifactLocation{
URI: pos.Filename,
URIBaseID: uriID(top.Module, frame.Module),
URI: file,
URIBaseID: base,
},
Region: Region{
StartLine: pos.Line,
Expand Down Expand Up @@ -362,11 +364,12 @@ func threadFlows(h *handler, fs []*govulncheck.Finding) []ThreadFlow {
Module: frame.Module + "@" + frame.Version,
Location: Location{Message: Description{Text: symbol(frame)}}, // show the (full) symbol name
}
file, base := fileURIInfo(pos.Filename, top.Module, frame.Module, frame.Version)
if h.cfg.ScanMode != govulncheck.ScanModeBinary {
tfl.Location.PhysicalLocation = PhysicalLocation{
ArtifactLocation: ArtifactLocation{
URI: pos.Filename,
URIBaseID: uriID(top.Module, frame.Module),
URI: file,
URIBaseID: base,
},
Region: Region{
StartLine: pos.Line,
Expand All @@ -381,12 +384,12 @@ func threadFlows(h *handler, fs []*govulncheck.Finding) []ThreadFlow {
return tfs
}

func uriID(top, module string) string {
func fileURIInfo(filename, top, module, version string) (string, string) {
if top == module {
return SrcRootID
return filename, SrcRootID
}
if module == internal.GoStdModulePath {
return GoRootID
return filename, GoRootID
}
return GoModCacheID
return filepath.ToSlash(filepath.Join(module+"@"+version, filename)), GoModCacheID
}

0 comments on commit 052eac7

Please sign in to comment.