Skip to content

Commit

Permalink
Undetermined reason for undetermined contextual analysis status (#155)
Browse files Browse the repository at this point in the history
  • Loading branch information
barv-jfrog authored Sep 12, 2024
1 parent 78eda05 commit 13e64cc
Show file tree
Hide file tree
Showing 6 changed files with 49 additions and 15 deletions.
11 changes: 11 additions & 0 deletions formats/sarifutils/sarifutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,17 @@ func GetRuleShortDescriptionText(rule *sarif.ReportingDescriptor) string {
return ""
}

func GetRuleProperty(key string, rule *sarif.ReportingDescriptor) string {
if rule != nil && rule.Properties != nil && rule.Properties[key] != nil {
prop, ok := rule.Properties[key].(string)
if !ok {
return ""
}
return prop
}
return ""
}

func GetRunRules(run *sarif.Run) []*sarif.ReportingDescriptor {
if run != nil && run.Tool.Driver != nil {
return run.Tool.Driver.Rules
Expand Down
11 changes: 8 additions & 3 deletions formats/sarifutils/test_sarifutils.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,19 @@ func createRunWithDummyResults(toolName string, results ...*sarif.Result) *sarif
return run
}

func CreateRunWithDummyResultAndRuleProperties(property, value string, result *sarif.Result) *sarif.Run {
func CreateRunWithDummyResultAndRuleProperties(result *sarif.Result, properties, values []string) *sarif.Run {
if len(properties) != len(values) {
return nil
}
run := sarif.NewRunWithInformationURI("", "")
if result.RuleID != nil {
run.AddRule(*result.RuleID)
}
run.AddResult(result)
run.Tool.Driver.Rules[0].Properties = make(sarif.Properties)
run.Tool.Driver.Rules[0].Properties[property] = value
run.Tool.Driver.Rules[0].Properties = make(sarif.Properties, len(properties))
for index := range properties {
run.Tool.Driver.Rules[0].Properties[properties[index]] = values[index]
}
return run
}

Expand Down
1 change: 1 addition & 0 deletions formats/simplejsonapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ type CveRow struct {
type Applicability struct {
Status string `json:"status"`
ScannerDescription string `json:"scannerDescription,omitempty"`
UndeterminedReason string `json:"undeterminedReason,omitempty"`
Evidence []Evidence `json:"evidence,omitempty"`
}

Expand Down
5 changes: 5 additions & 0 deletions utils/resultstable.go
Original file line number Diff line number Diff line change
Expand Up @@ -940,6 +940,7 @@ func getCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Ru
if rule, _ := applicabilityRun.GetRuleById(jasutils.CveToApplicabilityRuleId(cveId)); rule != nil {
applicability.ScannerDescription = sarifutils.GetRuleFullDescriptionText(rule)
status := getApplicabilityStatusFromRule(rule)
applicability.UndeterminedReason = GetRuleUndeterminedReason(rule)
if status != "" {
applicabilityStatuses = append(applicabilityStatuses, status)
}
Expand Down Expand Up @@ -1028,6 +1029,10 @@ func extractDependencyNameFromComponent(key string, techIdentifier string) (depe
return
}

func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string {
return sarifutils.GetRuleProperty("undetermined_reason", rule)
}

func getApplicabilityStatusFromRule(rule *sarif.ReportingDescriptor) jasutils.ApplicabilityStatus {
if rule.Properties["applicability"] != nil {
status, ok := rule.Properties["applicability"].(string)
Expand Down
27 changes: 20 additions & 7 deletions utils/resultstable_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -682,9 +682,9 @@ func TestGetApplicableCveValue(t *testing.T) {
name: "new scan statuses - applicable wins all statuses",
scanResults: &ExtendedScanResults{
ApplicabilityScanResults: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "applicable", sarifutils.CreateDummyPassingResult("applic_testCve1")),
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "not_applicable", sarifutils.CreateDummyPassingResult("applic_testCve2")),
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "not_covered", sarifutils.CreateDummyPassingResult("applic_testCve3")),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve1"), []string{"applicability"}, []string{"applicable"}),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve2"), []string{"applicability"}, []string{"not_applicable"}),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve3"), []string{"applicability"}, []string{"not_covered"}),
},
EntitledForJas: true},
cves: []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}, {Id: "testCve3"}},
Expand All @@ -698,8 +698,8 @@ func TestGetApplicableCveValue(t *testing.T) {
name: "new scan statuses - not covered wins not applicable",
scanResults: &ExtendedScanResults{
ApplicabilityScanResults: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "not_covered", sarifutils.CreateDummyPassingResult("applic_testCve1")),
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "not_applicable", sarifutils.CreateDummyPassingResult("applic_testCve2")),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve1"), []string{"applicability"}, []string{"not_covered"}),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve2"), []string{"applicability"}, []string{"not_applicable"}),
},
EntitledForJas: true},
cves: []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}},
Expand All @@ -712,8 +712,8 @@ func TestGetApplicableCveValue(t *testing.T) {
name: "new scan statuses - undetermined wins not covered",
scanResults: &ExtendedScanResults{
ApplicabilityScanResults: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "not_covered", sarifutils.CreateDummyPassingResult("applic_testCve1")),
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "undetermined", sarifutils.CreateDummyPassingResult("applic_testCve2")),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve1"), []string{"applicability"}, []string{"not_covered"}),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve2"), []string{"applicability"}, []string{"undetermined"}),
},
EntitledForJas: true},
cves: []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}},
Expand All @@ -722,6 +722,19 @@ func TestGetApplicableCveValue(t *testing.T) {
{Id: "testCve2", Applicability: &formats.Applicability{Status: jasutils.ApplicabilityUndetermined.String()}},
},
},
{
name: "undetermined with undetermined reason",
scanResults: &ExtendedScanResults{
ApplicabilityScanResults: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyPassingResult("applic_testCve2"), []string{"applicability", "undetermined_reason"}, []string{"undetermined", "however"}),
},
EntitledForJas: true},
cves: []services.Cve{{Id: "testCve2"}},
expectedResult: jasutils.ApplicabilityUndetermined,
expectedCves: []formats.CveRow{
{Id: "testCve2", Applicability: &formats.Applicability{Status: jasutils.ApplicabilityUndetermined.String(), UndeterminedReason: "however"}},
},
},
}

for _, testCase := range testCases {
Expand Down
9 changes: 4 additions & 5 deletions utils/resultwriter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -674,7 +674,7 @@ func TestPatchRunsToPassIngestionRules(t *testing.T) {
cmdResult: &Results{ResultType: DockerImage, ScaResults: []*ScaScanResult{{Name: "dockerImage:imageVersion"}}},
subScan: ScaScan,
input: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "applicable", sarifutils.CreateDummyResultWithPathAndLogicalLocation("sha256__f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256").WithMessage(sarif.NewTextMessage("some-msg"))).
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyResultWithPathAndLogicalLocation("sha256__f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256").WithMessage(sarif.NewTextMessage("some-msg")), []string{"applicability"}, []string{"applicable"}).
WithInvocations([]*sarif.Invocation{
sarif.NewInvocation().WithWorkingDirectory(sarif.NewSimpleArtifactLocation(wd)),
},
Expand All @@ -684,10 +684,9 @@ func TestPatchRunsToPassIngestionRules(t *testing.T) {
),
},
expectedResults: []*sarif.Run{
sarifutils.CreateRunWithDummyResultAndRuleProperties("applicability", "applicable",
sarifutils.CreateDummyResultWithFingerprint("some-msg\nImage: dockerImage:imageVersion\nLayer (sha256): f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "some-msg", jfrogFingerprintAlgorithmName, "9522c1d915eef55b4a0dc9e160bf5dc7",
sarifutils.CreateDummyLocationWithPathAndLogicalLocation("sha256__f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256"),
),
sarifutils.CreateRunWithDummyResultAndRuleProperties(sarifutils.CreateDummyResultWithFingerprint("some-msg\nImage: dockerImage:imageVersion\nLayer (sha256): f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "some-msg", jfrogFingerprintAlgorithmName, "9522c1d915eef55b4a0dc9e160bf5dc7",
sarifutils.CreateDummyLocationWithPathAndLogicalLocation("sha256__f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "f752cb05a39e65f231a3c47c2e08cbeac1c15e4daff0188cb129c12a3ea3049d", "layer", "algorithm", "sha256"),
), []string{"applicability"}, []string{"applicable"},
).WithInvocations([]*sarif.Invocation{
sarif.NewInvocation().WithWorkingDirectory(sarif.NewSimpleArtifactLocation(wd)),
}),
Expand Down

0 comments on commit 13e64cc

Please sign in to comment.