def to_violation(self, result: Dict[str, Any]) -> Violation: start_line = int(result["line"]) column = int(result["column"]) check_id = result["rule_id"] message = result["details"] path = str(PurePath(result["file"]).relative_to(REMOTE_BASE_PATH)) level = result["severity"] severity = self.SEVERITIES.get(level, 0) link = result.get("cwe", {}).get("URL", "") line_of_code = (fetch_line_in_file(self.base_path / path, start_line) or "<no source found>") return Violation( tool_id=GosecTool.TOOL_ID, check_id=check_id, path=path, line=start_line, column=column, message=message, severity=severity, syntactic_context=line_of_code, link=link, )
def to_violation(self, result: Dict[str, Any]) -> Violation: start_line = result["line"] column = result["column"] check_id = f"SC{result['code']}" message = result["message"] path = result["file"] path = self.trim_base(path) level = result["level"] if level == "error": severity = 2 elif level == "warning": severity = 1 elif level == "info": severity = 0 elif level == "style": severity = 0 link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}" line_of_code = (fetch_line_in_file(self.base_path / path, start_line) or "<no source found>") return Violation( tool_id=ShellcheckTool.TOOL_ID, check_id=check_id, path=path, line=start_line, column=column, message=message, severity=severity, syntactic_context=line_of_code, link=link, )
def to_violation(self, result: Dict[str, Any]) -> Violation: path = self.trim_base(result["path"]) start_line = result["start"]["line"] start_col = result["start"]["col"] message = result.get("extra", {}).get("message") check_id = result["check_id"] level = result.get("extra", {}).get("level") if level == "error": severity = 2 elif level == "warning": severity = 1 elif level == "info": severity = 0 elif level == "style": severity = 0 link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}" line_of_code = (fetch_line_in_file(self.base_path / path, start_line) or "<no source found>") return Violation( tool_id=ShellcheckTool.tool_id(), check_id=check_id, path=path, line=start_line, column=start_col, message=message, severity=severity, syntactic_context=line_of_code, link=link, )
def __result_to_violation(self, result: Dict[str, Any]) -> Violation: path = self.trim_base(result["filename"]) link = result.get("more_info", None) # Remove bandit line numbers, empty lines, and leading / trailing whitespace bandit_source = result["code"].rstrip() # Remove trailing whitespace test_id = result["test_id"] check_id = BANDIT_TO_BENTO.get(test_id, test_id) line_range = result["line_range"] def in_line_range(bandit_code_line: str) -> bool: # Check if string with format `3 def do_it(cmd: str) -> None:` # starts with line number that is within reported line_range # of finding for idx, ch in enumerate(bandit_code_line): if not ch.isdigit(): num = int(bandit_code_line[:idx]) return num in line_range return False # bandit might include extra lines before and after # a finding. Filter those out and filter out line numbers lines = [ s.lstrip(BanditParser.LINE_NO_CHARS).rstrip() for s in bandit_source.split("\n") if in_line_range(s) ] nonempty = [l for l in lines if l] source = "\n".join(nonempty) if source == "" and result["line_number"] != 0: source = ( fetch_line_in_file(self.base_path / path, result["line_number"]) or "<no source found>" ) return Violation( check_id=check_id, tool_id=BanditTool.TOOL_ID, path=path, line=result["line_number"], column=0, message=result["issue_text"], severity=BanditParser.SEVERITY.get(result["issue_severity"], 1), syntactic_context=source, link=link, )
def to_violation(self, result: Dict[str, Any]) -> Violation: path = self.trim_base(result["path"]) abspath = self.base_path / path check_id = str(result["code"]) line = result["line"] return Violation( tool_id=PyreTool.TOOL_ID, check_id=check_id, path=path, line=line, column=result["column"], message=result["description"], severity=2, syntactic_context=fetch_line_in_file(abspath, line) or "<no source found>", link="https://pyre-check.org/docs/error-types.html", )
def to_violation(self, result: Dict[str, Any]) -> Violation: start_line = result["line"] column = result["column"] check_id = result["code"] message = result["message"] path = result["file"] path = self.trim_base(path) level = result["level"] if level == "error": severity = 2 elif level == "warning": severity = 1 elif level == "info": severity = 0 elif level == "style": severity = 0 if "DL" in check_id or check_id in ["SC2046", "SC2086"]: link = f"https://github.com/hadolint/hadolint/wiki/{check_id}" elif "SC" in check_id: link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}" else: link = "" line_of_code = (fetch_line_in_file(self.base_path / path, start_line) or "<no source found>") if check_id == "DL1000": message = "Dockerfile parse error. Invalid docker instruction." return Violation( tool_id=HadolintTool.TOOL_ID, check_id=check_id, path=path, line=start_line, column=column, message=message, severity=severity, syntactic_context=line_of_code, link=link, )
def parse(self, results: JsonR) -> List[Violation]: violations: List[Violation] = [] for check in results: check_id = check["check_id"] path = self.trim_base(check["path"]) start_line = check["start"]["line"] start_col = check["start"]["col"] # Custom way to get check_name for sgrep-lint:0.1.10 message = check.get("extra", {}).get("message") source = (fetch_line_in_file(self.base_path / path, start_line) or "<no source found>").rstrip() violation = Violation( tool_id=self.tool_id(), check_id=check_id, path=path, line=start_line, column=start_col, message=message, severity=2, syntactic_context=source, ) violations.append(violation) return violations
def parse(self, results: JsonR) -> List[Violation]: violations: List[Violation] = [] for check in results: path = self.trim_base(check["path"]) start_line = check["start"]["line"] start_col = check["start"]["col"] check_id = check["check_id"] line_of_code = (fetch_line_in_file( self.base_path / path, start_line) or "<no source found>") violation = Violation( tool_id=PythonTaintTool.tool_id(), check_id=check_id, path=path, line=start_line, column=start_col, message=check.get("extra", {}).get("description"), severity=2, syntactic_context=line_of_code, ) violations.append(violation) return violations