Skip to content

Commit 4d4b31f

Browse files
cwong-scwcwong-scw
committed
Added support for rule tags
1 parent c65ec17 commit 4d4b31f

File tree

5 files changed

+151
-11
lines changed

5 files changed

+151
-11
lines changed

dist/index.js

Lines changed: 3 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

dist/index.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

fixtures/test004.sarif

Lines changed: 92 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,92 @@
1+
{
2+
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3+
"version": "2.1.0",
4+
"runs": [
5+
{
6+
"tool": {
7+
"driver": {
8+
"name": "Tool Name 3",
9+
"rules": [
10+
{
11+
"id": "TEST01 CWE-22",
12+
"name": "Test 01 rule name cwe: 23",
13+
"messageStrings": {
14+
"default": {
15+
"text": "This is the message text. It might be very long."
16+
}
17+
},
18+
"shortDescription": {
19+
"text": "Failed to release dynamic memory."
20+
},
21+
"fullDescription": {
22+
"text": "Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully."
23+
},
24+
"help": {
25+
"text": "some help text",
26+
"markdown": "markdown version some link [here](https://github.com)"
27+
},
28+
"properties": {
29+
"tags": [
30+
"Tag A",
31+
"cwE-24",
32+
"Tag B",
33+
"Cwe_25"
34+
]
35+
}
36+
}
37+
]
38+
}
39+
},
40+
"results": [
41+
{
42+
"ruleId": "TEST01",
43+
"level": "error",
44+
"message": {
45+
"text": "Result text. This result does not have a rule associated."
46+
},
47+
"locations": [
48+
{
49+
"physicalLocation": {
50+
"artifactLocation": {
51+
"uri": "app.js"
52+
},
53+
"region": {
54+
"startLine": 5,
55+
"startColumn": 4,
56+
"endColumn": 10
57+
}
58+
}
59+
}
60+
],
61+
"partialFingerprints": {
62+
"primaryLocationLineHash": "39fa2ee980eb94b0:1"
63+
}
64+
},
65+
{
66+
"ruleId": "TEST01",
67+
"level": "note",
68+
"message": {
69+
"text": "more different text."
70+
},
71+
"locations": [
72+
{
73+
"physicalLocation": {
74+
"artifactLocation": {
75+
"uri": "app.js"
76+
},
77+
"region": {
78+
"startLine": 15,
79+
"startColumn": 5,
80+
"endColumn": 8
81+
}
82+
}
83+
}
84+
],
85+
"partialFingerprints": {
86+
"primaryLocationLineHash": "39fa2ee980eb94d0:1"
87+
}
88+
}
89+
]
90+
}
91+
]
92+
}

sarifProcessors/ruleProcessor.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@ async function process(run) {
2929

3030
if (rule.help) ruleText += textObjectProcessor.extractText(rule.help);
3131

32+
if (rule.properties && rule.properties.tags && Array.isArray(rule.properties.tags)) ruleText += rule.properties.tags.join(' ');
33+
3234
// search ruleText
3335
const matches = cweSearcher.search(ruleText);
3436
const alreadyAddedEntries = {};
@@ -37,7 +39,7 @@ async function process(run) {
3739
const matchId = `${match.referenceType}::${match.referenceId}`;
3840
if (!alreadyAddedEntries[matchId]) {
3941
alreadyAddedEntries[matchId] = 1;
40-
42+
4143
// call Direct Linking API
4244
let trainingData;
4345
try {

sarifProcessors/ruleProcessor.test.js

Lines changed: 52 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -107,19 +107,63 @@ test('ruleProcessor should load test003 and add 2 entries based on the rule id a
107107
"id": "TEST01 CWE-22",
108108
"name": "Test 01 rule name cwe: 23",
109109
"messageStrings": {
110-
"default": {
111-
"text": "This is the message text. It might be very long."
112-
}
110+
"default": {
111+
"text": "This is the message text. It might be very long."
112+
}
113113
},
114114
"shortDescription": {
115-
"text": "Failed to release dynamic memory."
115+
"text": "Failed to release dynamic memory."
116116
},
117117
"fullDescription": {
118-
"text": "Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully."
118+
"text": "Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully."
119119
},
120120
"help": {
121-
"text": `some help text\n\nSecure Code Warrior Training:\n\n[CWE 22] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n[CWE 23] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`,
122-
"markdown": `markdown version some link [here](https://github.com)\n\n## Secure Code Warrior Training\n\n#### [CWE 22] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n#### [CWE 23] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`
121+
"text": `some help text\n\nSecure Code Warrior Training:\n\n[CWE 22] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n[CWE 23] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`,
122+
"markdown": `markdown version some link [here](https://github.com)\n\n## Secure Code Warrior Training\n\n#### [CWE 22] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n#### [CWE 23] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`
123123
}
124-
});
124+
});
125+
});
126+
127+
test('ruleProcessor should load test004 and add 4 entries based on the rule id, rule name and tags (x2)', async () => {
128+
const sarif = await sarifLoader.load('./fixtures/test004.sarif');
129+
const NAME = 'AAA';
130+
const DESCRIPTION = 'bbb';
131+
const URL = 'ccc';
132+
const VIDEOS = ['ddd'];
133+
directLinking.getTrainingData.mockResolvedValue({
134+
name: NAME,
135+
description: DESCRIPTION,
136+
url: URL,
137+
videos: VIDEOS
138+
});
139+
await ruleProcessor.process(sarif.runs[0]);
140+
141+
// expect material added to help.text and help.markdown
142+
expect(sarif.runs[0].tool.driver.rules[0]).toEqual({
143+
"id": "TEST01 CWE-22",
144+
"name": "Test 01 rule name cwe: 23",
145+
"messageStrings": {
146+
"default": {
147+
"text": "This is the message text. It might be very long."
148+
}
149+
},
150+
"shortDescription": {
151+
"text": "Failed to release dynamic memory."
152+
},
153+
"fullDescription": {
154+
"text": "Unused variables, imports, functions or classes may be a symptom of a bug and should be examined carefully."
155+
},
156+
"help": {
157+
"text": `some help text\n\nSecure Code Warrior Training:\n\n[CWE 22] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n[CWE 23] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n[CWE 24] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n[CWE 25] ${NAME} [What is this?](${VIDEOS[0]})\n\n${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`,
158+
"markdown": `markdown version some link [here](https://github.com)\n\n## Secure Code Warrior Training\n\n#### [CWE 22] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n#### [CWE 23] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n#### [CWE 24] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})\n\n#### [CWE 25] ${NAME} *[What is this?](${VIDEOS[0]})*\n\n* ${DESCRIPTION} [Try this challenge in Secure Code Warrior](${URL})`
159+
},
160+
"properties": {
161+
"tags": [
162+
"Tag A",
163+
"cwE-24",
164+
"Tag B",
165+
"Cwe_25"
166+
]
167+
}
168+
});
125169
});

0 commit comments

Comments
 (0)