Skip to content

Commit

Permalink
add cli arguments argument in Reporter to report invocations
Browse files Browse the repository at this point in the history
  • Loading branch information
MariusAlbrecht committed Oct 6, 2024
1 parent a09f0ec commit 061c31c
Show file tree
Hide file tree
Showing 3 changed files with 41 additions and 78 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import kotlin.io.path.createDirectories
import kotlin.io.path.writeText

interface Reporter {

/**
* Generates a report for the given rule
*
Expand All @@ -41,7 +42,11 @@ interface Reporter {
* @param minify if true, a minified version of the report is generated
* @return the report as a string that can be written to a file
*/
fun report(rules: Collection<Rule>, minify: Boolean = false): String
fun report(
rules: Collection<Rule>,
minify: Boolean = false,
arguments: List<String> = ArrayList(0),
): String

/**
* Maps a level to the respective format
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
*/
package de.fraunhofer.aisec.cpg.query

import de.fraunhofer.aisec.cpg.graph.Node as CpgGraphNode
import de.fraunhofer.aisec.cpg.graph.Node
import io.github.detekt.sarif4k.*
import java.nio.file.Paths

Expand All @@ -39,7 +39,7 @@ class SarifReporter : Reporter {
* @param rules the [Rule]s to generate the report for
* @param minify if true, the output json will be minified to reduce file size
*/
override fun report(rules: Collection<Rule>, minify: Boolean): String {
override fun report(rules: Collection<Rule>, minify: Boolean, arguments: List<String>): String {
// TODO: consider validation of rule fields
val sarifObj =
SarifSchema210(
Expand Down Expand Up @@ -91,18 +91,20 @@ class SarifReporter : Reporter {
)
)
),
// TODO: automationDetails, invocation
// automationDetails is definitely possible if used with the [RuleRunner]
results = createResults(rules)
// TODO: heuristic for executionSuccessful needed
invocations =
listOf(
Invocation(executionSuccessful = true, arguments = arguments)
),
results = results(rules)
)
)
)
return if (minify) SarifSerializer.toMinifiedJson(sarifObj)
else SarifSerializer.toJson(sarifObj)
}

private fun createResults(rules: Collection<Rule>): List<Result> {

private fun results(rules: Collection<Rule>): List<Result> {
val results = mutableListOf<Result>()
for ((i, rule) in rules.withIndex()) {
results.addAll(results(rule, i.toLong()))
Expand Down Expand Up @@ -131,48 +133,50 @@ class SarifReporter : Reporter {
id = if (rule.cweId != null) "CWE-${rule.cweId}" else null
)
),
locations = locations(threadFlowLocations),
codeFlows = codeFlows(threadFlowLocations)
locations =
findReasonableLocation(threadFlowLocations).let {
if (it != null) listOf(it) else null
},
codeFlows = codeFlows(threadFlowLocations),
)
)
}
return results
}

private fun codeFlows(threadFlowLocations: MutableList<ThreadFlowLocation>) =
if (threadFlowLocations.isEmpty()) null
else listOf(CodeFlow(threadFlows = listOf(ThreadFlow(locations = threadFlowLocations))))

private fun locations(threadFlowLocations: MutableList<ThreadFlowLocation>) =
listOf(
Location(
private fun findReasonableLocation(threadFlowLocations: List<ThreadFlowLocation>): Location? {
threadFlowLocations.getOrNull(threadFlowLocations.lastIndex)?.let {
val physicalLocation = it.location?.physicalLocation
return@findReasonableLocation Location(
physicalLocation =
PhysicalLocation(
artifactLocation =
ArtifactLocation(
// TODO: Hacky but idk a better way
uri =
threadFlowLocations
.getOrNull(0)
?.location
?.physicalLocation
?.artifactLocation
?.uri
// TODO: no baseId rn even though the spec suggests its use bcs of
// editor extension support
),
ArtifactLocation(uri = physicalLocation?.artifactLocation?.uri),
region =
Region(
startLine = physicalLocation?.region?.startLine,
endLine = physicalLocation?.region?.endLine,
startColumn = physicalLocation?.region?.startColumn,
endColumn = physicalLocation?.region?.endColumn
)
)
)
)
}
return null
}

private fun codeFlows(threadFlowLocations: MutableList<ThreadFlowLocation>) =
if (threadFlowLocations.isEmpty()) null
else listOf(CodeFlow(threadFlows = listOf(ThreadFlow(locations = threadFlowLocations))))

private fun threadFlows(root: QueryTree<*>): MutableList<ThreadFlowLocation> {
var initDepth: Long = -1
var nodeValueLocation: de.fraunhofer.aisec.cpg.sarif.PhysicalLocation? = null
val threadFlowLocations = mutableListOf<ThreadFlowLocation>()

root.inOrder({ (node, depth): Pair<QueryTree<*>, Long> ->
if (node.value is CpgGraphNode) {
nodeValueLocation = (node.value as CpgGraphNode).location
if (node.value is Node) {
nodeValueLocation = (node.value as Node).location
if (nodeValueLocation != null) {
threadFlowLocations.add(
ThreadFlowLocation(
Expand Down

This file was deleted.

0 comments on commit 061c31c

Please sign in to comment.