def to_violation(self, result: Dict[str, Any]) -> Violation:
start_line = int(result["line"])
column = int(result["column"])
check_id = result["rule_id"]
message = result["details"]
path = str(PurePath(result["file"]).relative_to(REMOTE_BASE_PATH))
level = result["severity"]
severity = self.SEVERITIES.get(level, 0)
link = result.get("cwe", {}).get("URL", "")
line_of_code = (fetch_line_in_file(self.base_path / path, start_line)
or "<no source found>")
return Violation(
tool_id=GosecTool.TOOL_ID,
check_id=check_id,
path=path,
line=start_line,
column=column,
message=message,
severity=severity,
syntactic_context=line_of_code,
link=link,
)
def to_violation(self, result: Dict[str, Any]) -> Violation:
start_line = result["line"]
column = result["column"]
check_id = f"SC{result['code']}"
message = result["message"]
path = result["file"]
path = self.trim_base(path)
level = result["level"]
if level == "error":
severity = 2
elif level == "warning":
severity = 1
elif level == "info":
severity = 0
elif level == "style":
severity = 0
link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}"
line_of_code = (fetch_line_in_file(self.base_path / path, start_line)
or "<no source found>")
return Violation(
tool_id=ShellcheckTool.TOOL_ID,
check_id=check_id,
path=path,
line=start_line,
column=column,
message=message,
severity=severity,
syntactic_context=line_of_code,
link=link,
)
def to_violation(self, result: Dict[str, Any]) -> Violation:
path = self.trim_base(result["path"])
start_line = result["start"]["line"]
start_col = result["start"]["col"]
message = result.get("extra", {}).get("message")
check_id = result["check_id"]
level = result.get("extra", {}).get("level")
if level == "error":
severity = 2
elif level == "warning":
severity = 1
elif level == "info":
severity = 0
elif level == "style":
severity = 0
link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}"
line_of_code = (fetch_line_in_file(self.base_path / path, start_line)
or "<no source found>")
return Violation(
tool_id=ShellcheckTool.tool_id(),
check_id=check_id,
path=path,
line=start_line,
column=start_col,
message=message,
severity=severity,
syntactic_context=line_of_code,
link=link,
)
def __result_to_violation(self, result: Dict[str, Any]) -> Violation:
path = self.trim_base(result["filename"])
link = result.get("more_info", None)
# Remove bandit line numbers, empty lines, and leading / trailing whitespace
bandit_source = result["code"].rstrip() # Remove trailing whitespace
test_id = result["test_id"]
check_id = BANDIT_TO_BENTO.get(test_id, test_id)
line_range = result["line_range"]
def in_line_range(bandit_code_line: str) -> bool:
# Check if string with format `3 def do_it(cmd: str) -> None:`
# starts with line number that is within reported line_range
# of finding
for idx, ch in enumerate(bandit_code_line):
if not ch.isdigit():
num = int(bandit_code_line[:idx])
return num in line_range
return False
# bandit might include extra lines before and after
# a finding. Filter those out and filter out line numbers
lines = [
s.lstrip(BanditParser.LINE_NO_CHARS).rstrip()
for s in bandit_source.split("\n")
if in_line_range(s)
]
nonempty = [l for l in lines if l]
source = "\n".join(nonempty)
if source == "" and result["line_number"] != 0:
source = (
fetch_line_in_file(self.base_path / path, result["line_number"])
or "<no source found>"
)
return Violation(
check_id=check_id,
tool_id=BanditTool.TOOL_ID,
path=path,
line=result["line_number"],
column=0,
message=result["issue_text"],
severity=BanditParser.SEVERITY.get(result["issue_severity"], 1),
syntactic_context=source,
link=link,
)
def to_violation(self, result: Dict[str, Any]) -> Violation:
path = self.trim_base(result["path"])
abspath = self.base_path / path
check_id = str(result["code"])
line = result["line"]
return Violation(
tool_id=PyreTool.TOOL_ID,
check_id=check_id,
path=path,
line=line,
column=result["column"],
message=result["description"],
severity=2,
syntactic_context=fetch_line_in_file(abspath, line) or "<no source found>",
link="https://pyre-check.org/docs/error-types.html",
)
def to_violation(self, result: Dict[str, Any]) -> Violation:
start_line = result["line"]
column = result["column"]
check_id = result["code"]
message = result["message"]
path = result["file"]
path = self.trim_base(path)
level = result["level"]
if level == "error":
severity = 2
elif level == "warning":
severity = 1
elif level == "info":
severity = 0
elif level == "style":
severity = 0
if "DL" in check_id or check_id in ["SC2046", "SC2086"]:
link = f"https://github.com/hadolint/hadolint/wiki/{check_id}"
elif "SC" in check_id:
link = f"https://github.com/koalaman/shellcheck/wiki/{check_id}"
else:
link = ""
line_of_code = (fetch_line_in_file(self.base_path / path, start_line)
or "<no source found>")
if check_id == "DL1000":
message = "Dockerfile parse error. Invalid docker instruction."
return Violation(
tool_id=HadolintTool.TOOL_ID,
check_id=check_id,
path=path,
line=start_line,
column=column,
message=message,
severity=severity,
syntactic_context=line_of_code,
link=link,
)
def parse(self, results: JsonR) -> List[Violation]:
violations: List[Violation] = []
for check in results:
check_id = check["check_id"]
path = self.trim_base(check["path"])
start_line = check["start"]["line"]
start_col = check["start"]["col"]
# Custom way to get check_name for sgrep-lint:0.1.10
message = check.get("extra", {}).get("message")
source = (fetch_line_in_file(self.base_path / path, start_line)
or "<no source found>").rstrip()
violation = Violation(
tool_id=self.tool_id(),
check_id=check_id,
path=path,
line=start_line,
column=start_col,
message=message,
severity=2,
syntactic_context=source,
)
violations.append(violation)
return violations
def parse(self, results: JsonR) -> List[Violation]:
violations: List[Violation] = []
for check in results:
path = self.trim_base(check["path"])
start_line = check["start"]["line"]
start_col = check["start"]["col"]
check_id = check["check_id"]
line_of_code = (fetch_line_in_file(
self.base_path / path, start_line) or "<no source found>")
violation = Violation(
tool_id=PythonTaintTool.tool_id(),
check_id=check_id,
path=path,
line=start_line,
column=start_col,
message=check.get("extra", {}).get("description"),
severity=2,
syntactic_context=line_of_code,
)
violations.append(violation)
return violations
