From 4fa264372bec0e04f64afa67a8066602c2084ccf Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Tue, 3 Sep 2024 16:04:08 +0300 Subject: [PATCH] grabbing the value of applicability from the sarif and checking by it. also added the right types --- build.gradle | 2 +- .../idea/inspections/JFrogSecurityWarning.java | 4 ++-- .../jfrog/ide/idea/scan/ScanBinaryExecutor.java | 3 ++- .../java/com/jfrog/ide/idea/scan/data/Rule.java | 8 ++++++++ .../jfrog/ide/idea/scan/data/RuleProperties.java | 15 +++++++++++++++ .../java/com/jfrog/ide/idea/scan/data/Run.java | 9 +++++++++ 6 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java diff --git a/build.gradle b/build.gradle index 082ab1c1..85db788d 100644 --- a/build.gradle +++ b/build.gradle @@ -4,7 +4,7 @@ import java.net.http.HttpResponse import java.nio.file.Paths plugins { - id "org.jetbrains.intellij" version "1.16.0" + id "org.jetbrains.intellij" version "1.17.0" id "java" id "maven-publish" id "de.undercouch.download" version "5.3.0" diff --git a/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java b/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java index ace09f18..37e8b60e 100644 --- a/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java +++ b/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java @@ -52,7 +52,7 @@ public JFrogSecurityWarning( this.codeFlows = codeFlows; } - public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter) { + public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter, Rule rule) { this(getFirstRegion(result).getStartLine() - 1, getFirstRegion(result).getStartColumn() - 1, getFirstRegion(result).getEndLine() - 1, @@ -62,7 +62,7 @@ public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter) { result.getRuleId(), getFirstRegion(result).getSnippet().getText(), reporter, - !result.getKind().equals("pass"), + (!result.getKind().equals("pass") && (rule.getRuleProperties().map(properties -> !properties.getApplicability().equals("not_applicable")).orElse(true))), Severity.fromSarif(result.getSeverity()), convertCodeFlowsToFindingInfo(result.getCodeFlows()) ); diff --git a/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java b/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java index 558af867..2a2e984c 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java +++ b/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java @@ -260,7 +260,8 @@ protected boolean isPackageTypeSupported(PackageManagerType type) { protected List parseOutputSarif(Path outputFile) throws IOException { Output output = getOutputObj(outputFile); List warnings = new ArrayList<>(); - output.getRuns().forEach(run -> run.getResults().stream().filter(SarifResult::isNotSuppressed).forEach(result -> warnings.add(new JFrogSecurityWarning(result, scanType)))); + + output.getRuns().forEach(run -> run.getResults().stream().filter(SarifResult::isNotSuppressed).forEach(result -> warnings.add(new JFrogSecurityWarning(result, scanType, run.getRuleFromRunById(result.getRuleId()))))); Optional run = output.getRuns().stream().findFirst(); if (run.isPresent()) { diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java b/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java index c0088b0d..514580b6 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java +++ b/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java @@ -3,6 +3,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import java.util.Objects; +import java.util.Optional; public class Rule { @@ -15,6 +16,9 @@ public class Rule { @JsonProperty("fullDescription") private Message fullDescription; + @JsonProperty("properties") + private RuleProperties properties; + public String getId() { return id; } @@ -43,6 +47,10 @@ public void setFullDescription(Message fullDescription) { this.fullDescription = fullDescription; } + public Optional getRuleProperties() { + return Optional.ofNullable(properties); + } + @Override public int hashCode() { return Objects.hash(id); diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java b/src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java new file mode 100644 index 00000000..cae90d1d --- /dev/null +++ b/src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java @@ -0,0 +1,15 @@ +package com.jfrog.ide.idea.scan.data; + +import com.fasterxml.jackson.annotation.JsonProperty; +import lombok.Getter; + +@Getter +public class RuleProperties { + + @JsonProperty("conclusion") + private String conclusion; + + @JsonProperty("applicability") + private String applicability; + +} diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/Run.java b/src/main/java/com/jfrog/ide/idea/scan/data/Run.java index 53e36272..683fec56 100644 --- a/src/main/java/com/jfrog/ide/idea/scan/data/Run.java +++ b/src/main/java/com/jfrog/ide/idea/scan/data/Run.java @@ -39,6 +39,15 @@ public List getResults() { return results; } + public Rule getRuleFromRunById(String ruleId) { + List rules = this.getTool().getDriver().getRules(); + return rules.stream() + .filter(rule -> rule.getId().equals(ruleId)) + .findFirst() + .orElseThrow(() -> new NoSuchElementException("No rule found with id: " + ruleId)); + + } + public void setResults(List results) { this.results = results; }