Fix sarif formatting issues (#565)

DimaSalakhov · web-flow · commit 6c57ae1628c4 · 2021-02-05T10:06:04.000+01:00
* include tool version

* change declared safix shema version

* dedup rules, fix result locations

* refactor rules collection creation
diff --git a/output/formatter.go b/output/formatter.go
@@ -180,27 +180,39 @@ func convertToSonarIssues(rootPaths []string, data *reportInfo) (*sonarIssues, e
 func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, error) {
 	sr := buildSarifReport()
 
-	var rules []*sarifRule
-	var locations []*sarifLocation
+	type rule struct {
+		index int
+		rule  *sarifRule
+	}
+
+	rules := make([]*sarifRule, 0)
+	rulesIndices := make(map[string]rule)
+	lastRuleIndex := -1
+
 	results := []*sarifResult{}
 
-	for index, issue := range data.Issues {
-		rules = append(rules, buildSarifRule(issue))
+	for _, issue := range data.Issues {
+		r, ok := rulesIndices[issue.RuleID]
+		if !ok {
+			lastRuleIndex++
+			r = rule{index: lastRuleIndex, rule: buildSarifRule(issue)}
+			rulesIndices[issue.RuleID] = r
+			rules = append(rules, r.rule)
+		}
 
 		location, err := buildSarifLocation(issue, rootPaths)
 		if err != nil {
 			return nil, err
 		}
-		locations = append(locations, location)
 
 		result := &sarifResult{
-			RuleID:    fmt.Sprintf("%s (CWE-%s)", issue.RuleID, issue.Cwe.ID),
-			RuleIndex: index,
+			RuleID:    r.rule.ID,
+			RuleIndex: r.index,
 			Level:     getSarifLevel(issue.Severity.String()),
 			Message: &sarifMessage{
 				Text: issue.What,
 			},
-			Locations: locations,
+			Locations: []*sarifLocation{location},
 		}
 
 		results = append(results, result)
@@ -209,6 +221,7 @@ func convertToSarifReport(rootPaths []string, data *reportInfo) (*sarifReport, e
 	tool := &sarifTool{
 		Driver: &sarifDriver{
 			Name:           "gosec",
+			Version:        "2.1.0",
 			InformationURI: "https://github.com/securego/gosec/",
 			Rules:          rules,
 		},
diff --git a/output/sarif_format.go b/output/sarif_format.go
@@ -2,9 +2,10 @@ package output
 
 import (
 	"fmt"
-	"github.com/securego/gosec/v2"
 	"strconv"
 	"strings"
+
+	"github.com/securego/gosec/v2"
 )
 
 type sarifLevel string
@@ -68,6 +69,7 @@ type sarifResult struct {
 
 type sarifDriver struct {
 	Name           string       `json:"name"`
+	Version        string       `json:"version"`
 	InformationURI string       `json:"informationUri"`
 	Rules          []*sarifRule `json:"rules,omitempty"`
 }
@@ -91,7 +93,7 @@ type sarifReport struct {
 func buildSarifReport() *sarifReport {
 	return &sarifReport{
 		Version: "2.1.0",
-		Schema:  "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",
+		Schema:  "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
 		Runs:    []*sarifRun{},
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -2,9 +2,10 @@ package output`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"fmt"`
`5`		`- "github.com/securego/gosec/v2"`
`6`	`5`	`"strconv"`
`7`	`6`	`"strings"`
	`7`	`+`
	`8`	`+ "github.com/securego/gosec/v2"`
`8`	`9`	`)`
`9`	`10`
`10`	`11`	`type sarifLevel string`
`@@ -68,6 +69,7 @@ type sarifResult struct {`
`68`	`69`
`69`	`70`	`type sarifDriver struct {`
`70`	`71`	Name string `json:"name"`
	`72`	+ Version string `json:"version"`
`71`	`73`	InformationURI string `json:"informationUri"`
`72`	`74`	Rules []*sarifRule `json:"rules,omitempty"`
`73`	`75`	`}`
`@@ -91,7 +93,7 @@ type sarifReport struct {`
`91`	`93`	`func buildSarifReport() *sarifReport {`
`92`	`94`	`return &sarifReport{`
`93`	`95`	`Version: "2.1.0",`
`94`		`- Schema: "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.4.json",`
	`96`	`+ Schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",`
`95`	`97`	`Runs: []*sarifRun{},`
`96`	`98`	`}`
`97`	`99`	`}`