Include target value in Sarif template ruleID (aquasecurity#991)

* Include target value in Sarif template ruleID * Fix format
riddopic · May 13, 2021 · eaf2da2 · eaf2da2
1 parent 083c157
commit eaf2da2
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 24 deletions.
diff --git a/contrib/sarif.tpl b/contrib/sarif.tpl
@@ -11,7 +11,7 @@
           "version": "0.15.0",
           "rules": [
         {{- $t_first := true }}
-        {{- range . }}
+        {{- range $result := . }}
             {{- $vulnerabilityType := .Type }}
             {{- range .Vulnerabilities -}}
               {{- if $t_first -}}
@@ -20,7 +20,7 @@
                 ,
               {{- end }}
             {
-              "id": "{{ .VulnerabilityID }}/{{ .PkgName }}/{{ .InstalledVersion }}",
+              "id": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
               "name": "{{ toSarifRuleName $vulnerabilityType }}",
               "shortDescription": {
                 "text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }}
@@ -57,7 +57,7 @@
       },
       "results": [
     {{- $t_first := true }}
-    {{- range . }}
+    {{- range $result := . }}
         {{- $filePath := .Target }}
         {{- range $index, $vulnerability := .Vulnerabilities -}}
           {{- if $t_first -}}
@@ -66,7 +66,7 @@
             ,
           {{- end }}
         {
-          "ruleId": "{{ $vulnerability.VulnerabilityID }}/{{ $vulnerability.PkgName }}/{{ $vulnerability.InstalledVersion }}",
+          "ruleId": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
           "ruleIndex": {{ $index }},
           "level": "{{ toSarifErrorLevel $vulnerability.Vulnerability.Severity }}",
           "message": {

diff --git a/integration/testdata/alpine-310.sarif.golden b/integration/testdata/alpine-310.sarif.golden
@@ -11,7 +11,7 @@
           "version": "0.15.0",
           "rules": [
             {
-              "id": "CVE-2019-1549/libcrypto1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1549",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1549 Package: libcrypto1.1"
@@ -37,7 +37,7 @@
               }
             },
             {
-              "id": "CVE-2019-1551/libcrypto1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1551",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1551 Package: libcrypto1.1"
@@ -63,7 +63,7 @@
               }
             },
             {
-              "id": "CVE-2019-1563/libcrypto1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1563",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1563 Package: libcrypto1.1"
@@ -89,7 +89,7 @@
               }
             },
             {
-              "id": "CVE-2019-1547/libcrypto1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1547",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1547 Package: libcrypto1.1"
@@ -115,7 +115,7 @@
               }
             },
             {
-              "id": "CVE-2019-1549/libssl1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1549",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1549 Package: libssl1.1"
@@ -141,7 +141,7 @@
               }
             },
             {
-              "id": "CVE-2019-1551/libssl1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1551",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1551 Package: libssl1.1"
@@ -167,7 +167,7 @@
               }
             },
             {
-              "id": "CVE-2019-1563/libssl1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1563",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1563 Package: libssl1.1"
@@ -193,7 +193,7 @@
               }
             },
             {
-              "id": "CVE-2019-1547/libssl1.1/1.1.1c-r0",
+              "id": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1547",
               "name": "OS Package Vulnerability (Alpine)",
               "shortDescription": {
                 "text": "CVE-2019-1547 Package: libssl1.1"
@@ -222,7 +222,7 @@
       },
       "results": [
         {
-          "ruleId": "CVE-2019-1549/libcrypto1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1549",
           "ruleIndex": 0,
           "level": "warning",
           "message": {
@@ -238,7 +238,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1551/libcrypto1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1551",
           "ruleIndex": 1,
           "level": "warning",
           "message": {
@@ -254,7 +254,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1563/libcrypto1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1563",
           "ruleIndex": 2,
           "level": "warning",
           "message": {
@@ -270,7 +270,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1547/libcrypto1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libcrypto1.1-1.1.1c-r0 CVE-2019-1547",
           "ruleIndex": 3,
           "level": "note",
           "message": {
@@ -286,7 +286,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1549/libssl1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1549",
           "ruleIndex": 4,
           "level": "warning",
           "message": {
@@ -302,7 +302,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1551/libssl1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1551",
           "ruleIndex": 5,
           "level": "warning",
           "message": {
@@ -318,7 +318,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1563/libssl1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1563",
           "ruleIndex": 6,
           "level": "warning",
           "message": {
@@ -334,7 +334,7 @@
           }]
         },
         {
-          "ruleId": "CVE-2019-1547/libssl1.1/1.1.1c-r0",
+          "ruleId": "testdata/fixtures/alpine-310.tar.gz (alpine 3.10.2): libssl1.1-1.1.1c-r0 CVE-2019-1547",
           "ruleIndex": 7,
           "level": "note",
           "message": {

diff --git a/pkg/report/writer_test.go b/pkg/report/writer_test.go
@@ -409,7 +409,7 @@ func TestReportWriter_Template_SARIF(t *testing.T) {
           "version": "0.15.0",
           "rules": [
             {
-              "id": "CVE-1234-5678/foopackage/1.2.3",
+              "id": "foo/target/alpine-310.tar.gz (alpine 3.10.2): foopackage-1.2.3 CVE-1234-5678",
               "name": "Other Vulnerability (Footype)",
               "shortDescription": {
                 "text": "CVE-1234-5678 Package: foopackage"
@@ -437,7 +437,7 @@ func TestReportWriter_Template_SARIF(t *testing.T) {
       },
       "results": [
         {
-          "ruleId": "CVE-1234-5678/foopackage/1.2.3",
+          "ruleId": "foo/target/alpine-310.tar.gz (alpine 3.10.2): foopackage-1.2.3 CVE-1234-5678",
           "ruleIndex": 0,
           "level": "error",
           "message": {
@@ -493,7 +493,7 @@ func TestReportWriter_Template_SARIF(t *testing.T) {
           "version": "0.15.0",
           "rules": [
             {
-              "id": "CVE-1234-5678/foopackage/1.2.3",
+              "id": "rust-app\\Cargo.lock: foopackage-1.2.3 CVE-1234-5678",
               "name": "Other Vulnerability (Footype)",
               "shortDescription": {
                 "text": "CVE-1234-5678 Package: foopackage"
@@ -522,7 +522,7 @@ func TestReportWriter_Template_SARIF(t *testing.T) {
       },
       "results": [
         {
-          "ruleId": "CVE-1234-5678/foopackage/1.2.3",
+          "ruleId": "rust-app\\Cargo.lock: foopackage-1.2.3 CVE-1234-5678",
           "ruleIndex": 0,
           "level": "error",
           "message": {