Class: SarifResults
Instance Method Summary collapse
-
#driver(rules) ⇒ Object
Generates a SARIF driver object, which describes the tool and the rules used.
- #relative_path(file_name) ⇒ Object
- #render(results, rule_registry) ⇒ Object
- #sarif_level(violation_type) ⇒ Object
-
#sarif_line_number(line_number) ⇒ Object
Line number defaults to 1 unless provided with valid number.
-
#sarif_result(file_name:, violation:, index:) ⇒ Object
Given a cfn_nag Violation object, and index, generates a SARIF result object for the finding.
Instance Method Details
#driver(rules) ⇒ Object
Generates a SARIF driver object, which describes the tool and the rules used
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 34 def driver(rules) { name: 'cfn_nag', informationUri: 'https://github.com/stelligent/cfn_nag', semanticVersion: CfnNagVersion::VERSION, rules: rules.map do |rule_definition| { id: "CFN_NAG_#{rule_definition.id}", name: rule_definition.name, fullDescription: { text: rule_definition. } } end } end |
#relative_path(file_name) ⇒ Object
94 95 96 97 98 99 100 101 102 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 94 def relative_path(file_name) file_pathname = Pathname.new(file_name) if file_pathname.relative? file_pathname.to_s else file_pathname.relative_path_from(Pathname.pwd).to_s end end |
#render(results, rule_registry) ⇒ Object
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 7 def render(results, rule_registry) sarif_results = [] results.each do |file| # For each file in the results, review the violations file[:file_results][:violations].each do |violation| # For each violation, generate a sarif result for each logical resource id in the violation violation.logical_resource_ids.each_with_index do |_logical_resource_id, index| sarif_results << sarif_result(file_name: file[:filename], violation: violation, index: index) end end end sarif_report = { version: '2.1.0', '$schema': 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json', runs: [ tool: { driver: driver(rule_registry.rules) }, results: sarif_results ] } puts JSON.pretty_generate(sarif_report) end |
#sarif_level(violation_type) ⇒ Object
85 86 87 88 89 90 91 92 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 85 def sarif_level(violation_type) case violation_type when RuleDefinition::WARNING 'warning' else 'error' end end |
#sarif_line_number(line_number) ⇒ Object
Line number defaults to 1 unless provided with valid number
81 82 83 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 81 def sarif_line_number(line_number) line_number.nil? || line_number.to_i < 1 ? 1 : line_number.to_i end |
#sarif_result(file_name:, violation:, index:) ⇒ Object
Given a cfn_nag Violation object, and index, generates a SARIF result object for the finding
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/cfn-nag/result_view/sarif_results.rb', line 52 def sarif_result(file_name:, violation:, index:) { ruleId: "CFN_NAG_#{violation.id}", level: sarif_level(violation.type), message: { text: violation. }, locations: [ { physicalLocation: { artifactLocation: { uri: relative_path(file_name), uriBaseId: '%SRCROOT%' }, region: { startLine: sarif_line_number(violation.line_numbers[index]) } }, logicalLocations: [ { name: violation.logical_resource_ids[index] } ] } ] } end |