Skip to content

Commit 8e7e1ee

Browse files
kdudkakdudka
committed
parser-json-sarif: initialize the imp flag
... to 1 if `level` is `error`. This is how `csgrep ---mode=sarif` encodes the `imp` flag. As a side effect, all findings from Snyk Code with `level` set to `error` will be marked as important. Nevertheless, this is what `csmock-plugin-snyk` explicitly does already: csutils/csmock#122 Resolves: https://issues.redhat.com/browse/OSH-754 Closes: #205
1 parent 7c61790 commit 8e7e1ee

File tree

2 files changed

+27
-1
lines changed

2 files changed

+27
-1
lines changed

src/lib/parser-json-sarif.cc

+5-1
Original file line numberDiff line numberDiff line change
@@ -323,8 +323,12 @@ bool SarifTreeDecoder::readNode(Defect *def)
323323
// initialize the defect structure
324324
*def = Defect(d->singleChecker);
325325

326-
// initialize the key event
326+
// read "level" if available and propagate "error" to the "imp" flag
327327
const auto level = valueOf<std::string>(defNode, "level", "warning");
328+
if (level == "error")
329+
def->imp = 1;
330+
331+
// initialize the key event
328332
def->events.push_back(DefEvent(level));
329333
DefEvent &keyEvent = def->events.back();
330334

tests/csgrep/0106-snyk-prepend-path-stdout.txt

+22
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,7 @@
176176
{
177177
"checker": "SNYK_CODE_WARNING",
178178
"cwe": 122,
179+
"imp": 1,
179180
"tool": "snyk-code",
180181
"key_event_idx": 0,
181182
"events": [
@@ -193,6 +194,7 @@
193194
{
194195
"checker": "SNYK_CODE_WARNING",
195196
"cwe": 122,
197+
"imp": 1,
196198
"tool": "snyk-code",
197199
"key_event_idx": 0,
198200
"events": [
@@ -210,6 +212,7 @@
210212
{
211213
"checker": "SNYK_CODE_WARNING",
212214
"cwe": 122,
215+
"imp": 1,
213216
"tool": "snyk-code",
214217
"key_event_idx": 0,
215218
"events": [
@@ -227,6 +230,7 @@
227230
{
228231
"checker": "SNYK_CODE_WARNING",
229232
"cwe": 122,
233+
"imp": 1,
230234
"tool": "snyk-code",
231235
"key_event_idx": 0,
232236
"events": [
@@ -244,6 +248,7 @@
244248
{
245249
"checker": "SNYK_CODE_WARNING",
246250
"cwe": 122,
251+
"imp": 1,
247252
"tool": "snyk-code",
248253
"key_event_idx": 0,
249254
"events": [
@@ -261,6 +266,7 @@
261266
{
262267
"checker": "SNYK_CODE_WARNING",
263268
"cwe": 122,
269+
"imp": 1,
264270
"tool": "snyk-code",
265271
"key_event_idx": 0,
266272
"events": [
@@ -278,6 +284,7 @@
278284
{
279285
"checker": "SNYK_CODE_WARNING",
280286
"cwe": 122,
287+
"imp": 1,
281288
"tool": "snyk-code",
282289
"key_event_idx": 0,
283290
"events": [
@@ -295,6 +302,7 @@
295302
{
296303
"checker": "SNYK_CODE_WARNING",
297304
"cwe": 122,
305+
"imp": 1,
298306
"tool": "snyk-code",
299307
"key_event_idx": 0,
300308
"events": [
@@ -312,6 +320,7 @@
312320
{
313321
"checker": "SNYK_CODE_WARNING",
314322
"cwe": 122,
323+
"imp": 1,
315324
"tool": "snyk-code",
316325
"key_event_idx": 0,
317326
"events": [
@@ -329,6 +338,7 @@
329338
{
330339
"checker": "SNYK_CODE_WARNING",
331340
"cwe": 122,
341+
"imp": 1,
332342
"tool": "snyk-code",
333343
"key_event_idx": 0,
334344
"events": [
@@ -346,6 +356,7 @@
346356
{
347357
"checker": "SNYK_CODE_WARNING",
348358
"cwe": 122,
359+
"imp": 1,
349360
"tool": "snyk-code",
350361
"key_event_idx": 0,
351362
"events": [
@@ -363,6 +374,7 @@
363374
{
364375
"checker": "SNYK_CODE_WARNING",
365376
"cwe": 122,
377+
"imp": 1,
366378
"tool": "snyk-code",
367379
"key_event_idx": 0,
368380
"events": [
@@ -380,6 +392,7 @@
380392
{
381393
"checker": "SNYK_CODE_WARNING",
382394
"cwe": 122,
395+
"imp": 1,
383396
"tool": "snyk-code",
384397
"key_event_idx": 0,
385398
"events": [
@@ -397,6 +410,7 @@
397410
{
398411
"checker": "SNYK_CODE_WARNING",
399412
"cwe": 122,
413+
"imp": 1,
400414
"tool": "snyk-code",
401415
"key_event_idx": 0,
402416
"events": [
@@ -414,6 +428,7 @@
414428
{
415429
"checker": "SNYK_CODE_WARNING",
416430
"cwe": 122,
431+
"imp": 1,
417432
"tool": "snyk-code",
418433
"key_event_idx": 0,
419434
"events": [
@@ -431,6 +446,7 @@
431446
{
432447
"checker": "SNYK_CODE_WARNING",
433448
"cwe": 122,
449+
"imp": 1,
434450
"tool": "snyk-code",
435451
"key_event_idx": 0,
436452
"events": [
@@ -448,6 +464,7 @@
448464
{
449465
"checker": "SNYK_CODE_WARNING",
450466
"cwe": 122,
467+
"imp": 1,
451468
"tool": "snyk-code",
452469
"key_event_idx": 0,
453470
"events": [
@@ -465,6 +482,7 @@
465482
{
466483
"checker": "SNYK_CODE_WARNING",
467484
"cwe": 122,
485+
"imp": 1,
468486
"tool": "snyk-code",
469487
"key_event_idx": 0,
470488
"events": [
@@ -482,6 +500,7 @@
482500
{
483501
"checker": "SNYK_CODE_WARNING",
484502
"cwe": 122,
503+
"imp": 1,
485504
"tool": "snyk-code",
486505
"key_event_idx": 0,
487506
"events": [
@@ -499,6 +518,7 @@
499518
{
500519
"checker": "SNYK_CODE_WARNING",
501520
"cwe": 122,
521+
"imp": 1,
502522
"tool": "snyk-code",
503523
"key_event_idx": 0,
504524
"events": [
@@ -771,6 +791,7 @@
771791
{
772792
"checker": "SNYK_CODE_WARNING",
773793
"cwe": 1325,
794+
"imp": 1,
774795
"tool": "snyk-code",
775796
"key_event_idx": 0,
776797
"events": [
@@ -788,6 +809,7 @@
788809
{
789810
"checker": "SNYK_CODE_WARNING",
790811
"cwe": 1325,
812+
"imp": 1,
791813
"tool": "snyk-code",
792814
"key_event_idx": 0,
793815
"events": [

0 commit comments

Comments
 (0)