-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathgosec.py
91 lines (74 loc) · 2.88 KB
/
gosec.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import json
from converters.models import Finding
class GosecParser(object):
def get_scan_types(self):
return ["Gosec Scanner"]
def get_label_for_scan_types(self, scan_type):
return scan_type
def get_description_for_scan_types(self, scan_type):
return "Import Gosec Scanner findings in JSON format."
def get_findings(self, filename, test):
tree = filename.read()
try:
data = json.loads(str(tree, "utf-8"))
except Exception:
data = json.loads(tree)
dupes = dict()
for item in data["Issues"]:
impact = ""
references = ""
findingdetail = ""
title = ""
filename = item.get("file")
line = item.get("line")
scanner_confidence = item.get("confidence")
title = item["details"] + " - rule " + item["rule_id"]
# Finding details information
findingdetail += "Filename: {}\n\n".format(filename)
findingdetail += "Line number: {}\n\n".format(str(line))
findingdetail += "Issue Confidence: {}\n\n".format(
scanner_confidence
)
findingdetail += "Code:\n\n"
findingdetail += "```{}```".format(item["code"])
sev = item["severity"]
# Best attempt at ongoing documentation provided by gosec, based on
# rule id
references = "https://securego.io/docs/rules/{}.html".format(
item["rule_id"]
).lower()
if scanner_confidence:
# Assign integer value to confidence.
if scanner_confidence == "HIGH":
scanner_confidence = 1
elif scanner_confidence == "MEDIUM":
scanner_confidence = 4
elif scanner_confidence == "LOW":
scanner_confidence = 7
if "-" in line:
# if this is a range, only point to the beginning.
line = line.split("-", 1)[0]
if line.isdigit():
line = int(line)
else:
line = None
dupe_key = title + item["file"] + str(line)
if dupe_key in dupes:
find = dupes[dupe_key]
else:
dupes[dupe_key] = True
find = Finding(
title=title,
test=test,
description=findingdetail,
reason=title,
severity=sev.title(),
impact=impact,
references=references,
file_path=filename,
line=line,
scanner_confidence=scanner_confidence,
static_finding=True
)
dupes[dupe_key] = find
return list(dupes.values())