Class: IronDome::Sarif::Output

Inherits:

Object

• Object
• IronDome::Sarif::Output

Defined in:

lib/iron_dome/sarif/output.rb

Overview

this class deal with sarif output

Instance Method Summary

• #build_physical_location(vuln) ⇒ Object
• #build_references(vuln) ⇒ Object
• #build_run_info ⇒ Object
• #convert_to_sarif(result) ⇒ Object
• #generate_sarif_result(vuln) ⇒ Object
• #initialize ⇒ Output constructor

  A new instance of Output.

• #output_report(result) ⇒ Object
• #process_vulnerability(sarif_result, vulnerability) ⇒ Object
• #sarif_schema ⇒ Object

Constructor Details

#initialize ⇒ Output

Returns a new instance of Output.

# File 'lib/iron_dome/sarif/output.rb', line 7

def initialize; end

Instance Method Details

#build_physical_location(vuln) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 35

def build_physical_location(vuln)
  affected_package = vuln["affected"][0]["package"]
  {
    physicalLocation: {
      artifactLocation: { uri: affected_package["purl"] },
      region: { startLine: nil, startColumn: nil }
    }
  }
end

#build_references(vuln) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 45

def build_references(vuln)
  vuln["references"].map { |ref| { type: "WEB", url: ref["url"] } }
end

#build_run_info ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 57

def build_run_info
  {
    tool: {
      driver: {
        name: "OSv.dev API",
        version: "1.0"
      }
    },
    results: []
  }
end

#convert_to_sarif(result) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 14

def convert_to_sarif(result)
  sarif_result = sarif_schema
  result.each { |vulnerability| process_vulnerability(sarif_result, vulnerability) }
  JSON.pretty_generate(sarif_result)
end

#generate_sarif_result(vuln) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 26

def generate_sarif_result(vuln)
  {
    ruleId: vuln["id"],
    message: { text: vuln["summary"] },
    locations: build_physical_location(vuln),
    references: build_references(vuln)
  }
end

#output_report(result) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 9

def output_report(result)
  sarif_json = convert_to_sarif(result)
  File.write("result.sarif", JSON.pretty_generate(sarif_json))
end

#process_vulnerability(sarif_result, vulnerability) ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 20

def process_vulnerability(sarif_result, vulnerability)
  vulnerability["vulns"].each do |vuln|
    sarif_result[:runs][0][:results] << generate_sarif_result(vuln)
  end
end

#sarif_schema ⇒ Object

# File 'lib/iron_dome/sarif/output.rb', line 49

def sarif_schema
  {
    schema: "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
    version: "2.1.0",
    runs: [build_run_info]
  }
end