Fix Sarif file uri path invalid in Windows and update go-sarif to lat…

…est (#1070) * Fix Sarif file uri path invalid in Windows * Update package go-sarif to v1.0.12 * fix test after uri update
tenable · Dec 10, 2021 · 790b1dd · 790b1dd
1 parent 81f67ad
commit 790b1dd
Show file tree

Hide file tree

Showing 10 changed files with 82 additions and 19 deletions.
diff --git a/go.mod b/go.mod
@@ -46,13 +46,13 @@ require (
 	github.com/onsi/ginkgo v1.15.1
 	github.com/onsi/gomega v1.11.0
 	github.com/open-policy-agent/opa v0.22.0
-	github.com/owenrumney/go-sarif v1.0.4
+	github.com/owenrumney/go-sarif v1.0.12
 	github.com/pelletier/go-toml v1.9.3
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/afero v1.6.0
 	github.com/spf13/cobra v1.1.3
 	github.com/stretchr/testify v1.7.0
-	github.com/zclconf/go-cty v1.8.3
+	github.com/zclconf/go-cty v1.9.1
 	go.uber.org/zap v1.16.0
 	golang.org/x/sys v0.0.0-20211205182925-97ca703d548d
 	golang.org/x/tools v0.1.8 // indirect

diff --git a/go.sum b/go.sum
@@ -1202,6 +1202,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh
 github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
 github.com/owenrumney/go-sarif v1.0.4 h1:0LFC5eHP6amc/9ajM1jDiE52UfXFcl/oozay+X3KgV4=
 github.com/owenrumney/go-sarif v1.0.4/go.mod h1:DXUGbHwQcCMvqcvZbxh8l/7diHsJVztOKZgmPt88RNI=
+github.com/owenrumney/go-sarif v1.0.12 h1:8cgnqe7MbXGDJYEiMc0jeFi7opwgWM8GWBPAAnn2Ut8=
+github.com/owenrumney/go-sarif v1.0.12/go.mod h1:Jk5smXU9QuCqTdh4N3PehnG+azzrf0XcQ267ZwAG8Ho=
 github.com/packer-community/winrmcp v0.0.0-20180921211025-c76d91c1e7db/go.mod h1:f6Izs6JvFTdnRbziASagjZ2vmf55NSIkC/weStxCHqk=
 github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -1482,6 +1484,8 @@ github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUA
 github.com/zclconf/go-cty v1.8.2/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.8.3 h1:48gwZXrdSADU2UW9eZKHprxAI7APZGW9XmExpJpSjT0=
 github.com/zclconf/go-cty v1.8.3/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
+github.com/zclconf/go-cty v1.9.1 h1:viqrgQwFl5UpSxc046qblj78wZXVDFnSOufaOTER+cc=
+github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
 github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=

diff --git a/pkg/utils/path.go b/pkg/utils/path.go
@@ -153,3 +153,15 @@ func FilterHiddenDirectories(dirList []string, rootDir string) []string {
 	}
 	return filteredDirs
 }
+
+// GetFileURI returns the rfc3986 format file uri from a path string
+// https://tools.ietf.org/html/rfc3986
+// always use / and for windows it starts three ///
+func GetFileURI(path string) (string, error) {
+	path = strings.ReplaceAll(path, "\\", "/")
+	prefix := "file://"
+	if IsWindowsPlatform() {
+		prefix += "/"
+	}
+	return prefix + path, nil
+}
diff --git a/pkg/utils/path_test.go b/pkg/utils/path_test.go
@@ -114,3 +114,47 @@ func TestFindAllDirectories(t *testing.T) {
 		}
 	})
 }
+
+func TestGetFileURI(t *testing.T) {
+
+	table := []struct {
+		name    string
+		path    string
+		want    string
+		wantWin string
+		wantErr error
+	}{
+		{
+			name:    "test Linux path",
+			path:    "dir1/dir2/file.txt",
+			want:    "file://dir1/dir2/file.txt",
+			wantWin: "file:///dir1/dir2/file.txt",
+			wantErr: nil,
+		},
+		{
+			name:    "test Windows path",
+			path:    "c:\\dir1\\dir2\\file.txt",
+			want:    "file://c:/dir1/dir2/file.txt",
+			wantWin: "file:///c:/dir1/dir2/file.txt",
+			wantErr: nil,
+		},
+	}
+
+	for _, tt := range table {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetFileURI(tt.path)
+			if err != tt.wantErr {
+				t.Errorf("unexpected error; got: '%v', want: '%v'", err, tt.wantErr)
+			}
+			if IsWindowsPlatform() {
+				if got != tt.wantWin {
+					t.Errorf("got: '%v', want: '%v'", got, tt.wantWin)
+				}
+			} else {
+				if got != tt.want {
+					t.Errorf("got: '%v', want: '%v'", got, tt.want)
+				}
+			}
+		})
+	}
+}
diff --git a/pkg/writer/github_sarif_test.go b/pkg/writer/github_sarif_test.go
@@ -11,7 +11,7 @@ import (
 
 const violationTemplateForGH = `{
           "version": "2.1.0",
-          "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+          "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
           "runs": [
             {
               "tool": {

diff --git a/pkg/writer/sarif.go b/pkg/writer/sarif.go
@@ -17,7 +17,6 @@
 package writer
 
 import (
-	"fmt"
 	"github.com/accurics/terrascan/pkg/policy"
 	"github.com/accurics/terrascan/pkg/utils"
 	"github.com/accurics/terrascan/pkg/version"
@@ -55,22 +54,22 @@ func writeSarif(data interface{}, writer io.Writer, forGithub bool) error {
 	report.AddRun(run)
 
 	for _, passedRule := range outputData.PassedRules {
-		m := make(map[string]string)
-		m["category"] = passedRule.Category
-		m["severity"] = passedRule.Severity
+		m := sarif.NewPropertyBag()
+		m.Properties["category"] = passedRule.Category
+		m.Properties["severity"] = passedRule.Severity
 
 		run.AddRule(passedRule.RuleID).
-			WithDescription(passedRule.Description).WithName(passedRule.RuleName).WithProperties(m)
+			WithDescription(passedRule.Description).WithName(passedRule.RuleName).WithProperties(m.Properties)
 	}
 
 	// for each result add the rule, location and result to the report
 	for _, violation := range outputData.Violations {
-		m := make(map[string]string)
-		m["category"] = violation.Category
-		m["severity"] = violation.Severity
+		m := sarif.NewPropertyBag()
+		m.Properties["category"] = violation.Category
+		m.Properties["severity"] = violation.Severity
 
 		rule := run.AddRule(violation.RuleID).
-			WithDescription(violation.Description).WithName(violation.RuleName).WithProperties(m)
+			WithDescription(violation.Description).WithName(violation.RuleName).WithProperties(m.Properties)
 
 		var artifactLocation *sarif.ArtifactLocation
 
@@ -82,7 +81,11 @@ func writeSarif(data interface{}, writer io.Writer, forGithub bool) error {
 			if err != nil {
 				return errors.Errorf("unable to create absolute path, error: %v", err)
 			}
-			artifactLocation = sarif.NewSimpleArtifactLocation(fmt.Sprintf("file://%s", absFilePath))
+			uriFilePath, err := utils.GetFileURI(absFilePath)
+			if err != nil {
+				return errors.Errorf("unable to create uri path, error: %v", err)
+			}
+			artifactLocation = sarif.NewSimpleArtifactLocation(uriFilePath)
 		}
 
 		location := sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().

diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go
@@ -18,7 +18,7 @@ var testpathForGH = violationsInput.Violations[0].File
 
 const violationTemplate = `{
           "version": "2.1.0",
-          "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+          "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
           "runs": [
             {
               "tool": {
@@ -76,7 +76,7 @@ var expectedSarifOutput1 = fmt.Sprintf(violationTemplate, version.GetNumeric(),
 
 var expectedSarifOutput2 = fmt.Sprintf(`{
           "version": "2.1.0",
-          "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+          "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
           "runs": [
             {
               "tool": {
@@ -93,7 +93,7 @@ var expectedSarifOutput2 = fmt.Sprintf(`{
 
 var expectedSarifOutput3 = fmt.Sprintf(`{
           "version": "2.1.0",
-          "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+          "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
           "runs": [
             {
               "tool": {

diff --git a/...r_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt b/...r_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt
@@ -1,6 +1,6 @@
 {
   "version": "2.1.0",
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
   "runs": [
     {
       "tool": {

diff --git a/.../e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt b/.../e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt
@@ -1,6 +1,6 @@
 {
   "version": "2.1.0",
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
   "runs": [
     {
       "tool": {

diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt
@@ -1,6 +1,6 @@
 {
   "version": "2.1.0",
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
   "runs": [
     {
       "tool": {