openclarity · csatib02 · Jul 8, 2024 · Jul 5, 2024 · Jul 6, 2024
@@ -18,6 +18,7 @@ package e2e
 import (
 	"context"
 	"path/filepath"
+	"reflect"
 
 	"github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
@@ -98,3 +99,65 @@ var _ = ginkgo.Describe("Running KICS scan", func() {
 		})
 	})
 })
+
+var _ = ginkgo.Describe("Running a KICS scan", func() {
+	ginkgo.Context("which scans an openapi.yaml file and has report-formats set to sarif", func() {
+		ginkgo.It("should finish successfully, and output both JSON and Sarif format as well as VMClarity output", func(ctx ginkgo.SpecContext) {
+			if cfg.TestEnvConfig.Images.PluginKics == "" {
+				ginkgo.Skip("KICS plugin image not provided")
+			}
+
+			input, err := filepath.Abs("./testdata")
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+			notifier := &Notifier{}
+
+			errs := families.New(&families.Config{
+				Plugins: plugins.Config{
+					Enabled:      true,
+					ScannersList: []string{scannerPluginName},
+					Inputs: []types.Input{
+						{
+							Input:     input,
+							InputType: string(utils.ROOTFS),
+						},
+					},
+					ScannersConfig: &common.ScannersConfig{
+						scannerPluginName: config.Config{
+							Name:          scannerPluginName,
+							ImageName:     cfg.TestEnvConfig.Images.PluginKics,
+							InputDir:      "",
+							ScannerConfig: "{\"report-formats\": [\"sarif\"]}",
+						},
+					},
+				},
+			}).Run(ctx, notifier)
+			gomega.Expect(errs).To(gomega.BeEmpty())
+
+			gomega.Eventually(func() bool {
+				results := notifier.Results[0].Result.(*plugins.Results).PluginOutputs[scannerPluginName] // nolint:forcetypeassert
+
+				isEmptyFuncs := []func() bool{
+					func() bool { return isEmpty(results.RawJSON) },
+					func() bool { return isEmpty(results.RawSarif) },
+					func() bool { return isEmpty(results.Vmclarity) },
+				}
+
+				for _, f := range isEmptyFuncs {
+					if f() {
+						return false
+					}
+				}
+
+				return true
+			}, DefaultTimeout, DefaultPeriod).Should(gomega.BeTrue())
+		})
+	})
+})
+
+func isEmpty(x interface{}) bool {
+	if x == nil {
+		return true
+	}
+
+	return reflect.DeepEqual(x, reflect.Zero(reflect.TypeOf(x)).Interface())
+}
@@ -7,20 +7,22 @@ Project structure:
 - **sdk-*** - Language-specific libraries, templates, and examples to aid with the implementation of scanner plugins.
 - **store** - Collection of available plugins that can be directly used in VMClarity.
 
-### Requirements
+## Requirements
 
 Scanner plugins are distributed as containers and require [**Docker Engine**](https://docs.docker.com/engine/) on the host that runs the actual scanning via
 VMClarity CLI to work.
 
 ## Support
 
 ✅ List of supported environments:
+
 1. AWS
 2. GCP
 3. Azure
 4. Docker
 
 ❌ List of unsupported environments:
+
 - _Kubernetes_ - We plan on adding plugin support to Kubernetes once we have dealt with all the security considerations.
 
 _Note:_ Plugin support has been tested against [VMClarity installation artifacts](../installation) for the given environments.
@@ -51,5 +53,6 @@ plugins:
 You can use one of available SDKs in your language of choice to quickly develop scanner plugins for VMClarity.
 
 ✅ List of supported languages:
+
 - [Golang](sdk-go)
 - [Python](sdk-python)
@@ -223,6 +223,11 @@ components:
           # Required.
           type: null
           description: Defines scan result data that is not consumed by VMClarity API.
+        rawSarif:
+          # Specifies raw scan result data in SARIF format.
+          # Optional.
+          type: null
+          description: Defines scan result data in that is not consumed by the VMClarity API.
 
     VMClarityData:
       type: object

@@ -14,7 +14,7 @@ class Result(Model):
     Do not edit the class manually.
     """
 
-    def __init__(self, annotations=None, vmclarity=None, raw_json=None):  # noqa: E501
+    def __init__(self, annotations=None, vmclarity=None, raw_json=None, raw_sarif=None):  # noqa: E501
         """Result - a model defined in OpenAPI
 
         :param annotations: The annotations of this Result.  # noqa: E501
@@ -23,22 +23,27 @@ def __init__(self, annotations=None, vmclarity=None, raw_json=None):  # noqa: E5
         :type vmclarity: VMClarityData
         :param raw_json: The raw_json of this Result.  # noqa: E501
         :type raw_json: object
+        :param raw_sarif: The raw_sarif of this Result.  # noqa: E501
+        :type raw_sarif: object
         """
         self.openapi_types = {
             'annotations': Dict[str, str],
             'vmclarity': VMClarityData,
-            'raw_json': object
+            'raw_json': object,
+            'raw_sarif': object
         }
 
         self.attribute_map = {
             'annotations': 'annotations',
             'vmclarity': 'vmclarity',
-            'raw_json': 'rawJSON'
+            'raw_json': 'rawJSON',
+            'raw_sarif': 'rawSarif'
         }
 
         self._annotations = annotations
         self._vmclarity = vmclarity
         self._raw_json = raw_json
+        self._raw_sarif = raw_sarif
 
     @classmethod
     def from_dict(cls, dikt) -> 'Result':
@@ -121,3 +126,26 @@ def raw_json(self, raw_json: object):
             raise ValueError("Invalid value for `raw_json`, must not be `None`")  # noqa: E501
 
         self._raw_json = raw_json
+
+    @property
+    def raw_sarif(self) -> object:
+        """Gets the raw_sarif of this Result.
+
+        Defines scan result data in that is not consumed by the VMClarity API.  # noqa: E501
+
+        :return: The raw_sarif of this Result.
+        :rtype: object
+        """
+        return self._raw_sarif
+
+    @raw_sarif.setter
+    def raw_sarif(self, raw_sarif: object):
+        """Sets the raw_sarif of this Result.
+
+        Defines scan result data in that is not consumed by the VMClarity API.  # noqa: E501
+
+        :param raw_sarif: The raw_sarif of this Result.
+        :type raw_sarif: object
+        """
+
+        self._raw_sarif = raw_sarif
@@ -0,0 +1,90 @@
+// Copyright © 2024 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package formatter
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+
+	"github.com/Checkmarx/kics/pkg/model"
+
+	"github.com/openclarity/vmclarity/plugins/sdk-go/types"
+)
+
+var mapKICSSeverity = map[model.Severity]types.MisconfigurationSeverity{
+	model.SeverityHigh:   types.MisconfigurationSeverityHigh,
+	model.SeverityMedium: types.MisconfigurationSeverityMedium,
+	model.SeverityLow:    types.MisconfigurationSeverityLow,
+	model.SeverityInfo:   types.MisconfigurationSeverityInfo,
+	model.SeverityTrace:  types.MisconfigurationSeverityInfo,
+}
+
+func FormatJSONOutput(rawOutputDir string) (model.Summary, error) {
+	var summaryJSON model.Summary
+	err := decodeFile(filepath.Join(rawOutputDir, "kics.json"), &summaryJSON)
+	if err != nil {
+		return model.Summary{}, fmt.Errorf("failed to decode kics.json: %w", err)
+	}
+
+	return summaryJSON, nil
+}
+
+func FormatVMClarityOutput(summaryJSON model.Summary) (*[]types.Misconfiguration, error) {
+	var misconfigurations []types.Misconfiguration
+	for _, q := range summaryJSON.Queries {
+		for _, file := range q.Files {
+			misconfigurations = append(misconfigurations, types.Misconfiguration{
+				Id:          types.Ptr(file.SimilarityID),
+				Location:    types.Ptr(file.FileName + "#" + strconv.Itoa(file.Line)),
+				Category:    types.Ptr(q.Category + ":" + string(file.IssueType)),
+				Message:     types.Ptr(file.KeyActualValue),
+				Description: types.Ptr(q.Description),
+				Remediation: types.Ptr(file.KeyExpectedValue),
+				Severity:    types.Ptr(mapKICSSeverity[q.Severity]),
+			})
+		}
+	}
+
+	return types.Ptr(misconfigurations), nil
+}
+
+func FormatSarifOutput(rawOutputDir string) (*interface{}, error) {
+	var summarySarif interface{}
+	err := decodeFile(filepath.Join(rawOutputDir, "kics.sarif"), &summarySarif)
+	if err != nil {
+		return nil, fmt.Errorf("failed to decode kics.sarif: %w", err)
+	}
+
+	return types.Ptr(summarySarif), nil
+}
+
+func decodeFile(filePath string, target interface{}) error {
+	file, err := os.Open(filePath)
+	if err != nil {
+		return fmt.Errorf("failed to open file: %w", err)
+	}
+	defer file.Close()
+
+	err = json.NewDecoder(file).Decode(target)
+	if err != nil {
+		return fmt.Errorf("failed to decode file: %w", err)
+	}
+
+	return nil
+}