Fixes according to PR comments.

jenkinsci · Aug 8, 2022 · 97d7d00 · 97d7d00
1 parent 1c6f5eb
commit 97d7d00
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 16 deletions.
diff --git a/src/main/java/edu/hm/hafner/analysis/parser/VeraCodePipelineScannerParser.java b/src/main/java/edu/hm/hafner/analysis/parser/VeraCodePipelineScannerParser.java
@@ -49,15 +49,17 @@ private Issue convertToIssue(final JSONObject finding, final IssueBuilder issueB
         final int severity = finding.getInt("severity");
         final String title = finding.getString("title");
         final String issueType = finding.getString("issue_type");
+        final String issueTypeId = finding.getString("issue_type_id");
         final String scope = getSourceFileField(finding, "scope", VALUE_NOT_SET);
         final String packageName = getPackageName(scope);
         return issueBuilder
                 .setFileName(enrichedFileName)
                 .setLineStart(line)
                 .setSeverity(mapSeverity(severity))
-                .setMessage(title)
+                .setMessage(issueType)
                 .setPackageName(packageName)
-                .setType(issueType)
+                .setType(title)
+                .setCategory(issueTypeId)
                 .setDescription(formatDescription(enrichedFileName, finding))
                 .buildAndClean();
     }

diff --git a/src/test/java/edu/hm/hafner/analysis/parser/VeraCodePipelineScannerParserTest.java b/src/test/java/edu/hm/hafner/analysis/parser/VeraCodePipelineScannerParserTest.java
@@ -24,52 +24,59 @@ protected void assertThatIssuesArePresent(final Report report, final SoftAsserti
 
         softly.assertThat(report.get(0))
                 .hasSeverity(Severity.WARNING_HIGH)
-                .hasMessage("org.slf4j.Logger.info")
+                .hasType("org.slf4j.Logger.info")
+                .hasCategory("taint")
                 .hasFileName("src/main/java/com/sample/LoggingFilter.java")
                 .hasPackageName("com.sample")
-                .hasType("Improper Output Neutralization for Logs")
+                .hasMessage("Improper Output Neutralization for Logs")
                 .hasLineStart(28);
         softly.assertThat(report.get(1))
                 .hasSeverity(Severity.WARNING_NORMAL)
-                .hasMessage("set")
+                .hasType("set")
+                .hasCategory("crypto")
                 .hasFileName("react/dist/esm/data.js")
                 .hasPackageName("-")
-                .hasType("Use of Hard-coded Password")
+                .hasMessage("Use of Hard-coded Password")
                 .hasLineStart(25);
         softly.assertThat(report.get(2))
                 .hasSeverity(Severity.WARNING_LOW)
-                .hasMessage("management:endpoint:health:show-details:")
+                .hasType("management:endpoint:health:show-details:")
+                .hasCategory("crypto")
                 .hasFileName("BOOT-INF/classes/application.yml")
                 .hasPackageName("application")
-                .hasType("Information Exposure Through Sent Data")
+                .hasMessage("Information Exposure Through Sent Data")
                 .hasLineStart(1);
         softly.assertThat(report.get(3))
                 .hasSeverity(Severity.WARNING_LOW)
-                .hasMessage("nosourcefile")
+                .hasType("nosourcefile")
+                .hasCategory("other")
                 .hasFileName("-")
                 .hasPackageName("-")
-                .hasType("No source_file present")
+                .hasMessage("No source_file present")
                 .hasLineStart(0);
         softly.assertThat(report.get(4))
                 .hasSeverity(Severity.WARNING_LOW)
-                .hasMessage("nofiles")
+                .hasType("nofiles")
+                .hasCategory("other")
                 .hasFileName("-")
                 .hasPackageName("-")
-                .hasType("No files present")
+                .hasMessage("No files present")
                 .hasLineStart(0);
         softly.assertThat(report.get(5))
                 .hasSeverity(Severity.WARNING_HIGH)
-                .hasMessage("child_process.spawn")
+                .hasType("child_process.spawn")
+                .hasCategory("taint")
                 .hasFileName("lib/optimizer/Optimizer.js")
                 .hasPackageName("-")
-                .hasType("Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')")
+                .hasMessage("Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')")
                 .hasLineStart(24);
         softly.assertThat(report.get(6))
                 .hasSeverity(Severity.WARNING_HIGH)
-                .hasMessage("org.slf4j.Logger.info")
+                .hasType("org.slf4j.Logger.info")
+                .hasCategory("taint")
                 .hasFileName("src/main/java/com/othersample/LoggingFilter.java")
                 .hasPackageName("com.othersample")
-                .hasType("Improper Output Neutralization for Logs")
+                .hasMessage("Improper Output Neutralization for Logs")
                 .hasLineStart(55);
     }