TODO

csutils · Aug 24, 2022 · 6a160d8 · 6a160d8
1 parent 9defc0c
commit 6a160d8
Showing 1 changed file with 69 additions and 25 deletions.
diff --git a/src/json-writer.cc b/src/json-writer.cc
@@ -26,8 +26,10 @@
 
 #include <queue>
 
+#include <boost/algorithm/string/predicate.hpp>
 #include <boost/iostreams/filtering_stream.hpp>
 #include <boost/iostreams/filter/regex.hpp>
+#include <boost/lexical_cast.hpp>
 #include <boost/nowide/utf/convert.hpp>
 #include <boost/property_tree/json_parser.hpp>
 
@@ -152,10 +154,10 @@ class SarifTreeEncoder: public AbstractTreeEncoder {
         void writeTo(std::ostream &) override;
 
     private:
-        void serializeCweMap();
+        void serializeRuleMap();
 
-        typedef std::map<std::string, int>  TCweMap;
-        TCweMap                     cweMap_;
+        typedef std::map<std::string, int> TRuleMap;
+        TRuleMap                    ruleMap_;
         TScanProps                  scanProps_;
         PTree                       driver_;
         PTree                       results_;
@@ -170,31 +172,64 @@ SarifTreeEncoder::SarifTreeEncoder()
             "https://github.com/csutils/csdiff");
 }
 
-void SarifTreeEncoder::serializeCweMap()
+static void sarifEncodeCweRule(PTree *rule, int cwe) {
+    PTree cweList;
+    const auto cweStr = std::to_string(cwe);
+    appendNode(&cweList, PTree("CWE-" + cweStr));
+
+    // properties.cwe[]
+    PTree props;
+    props.put_child("cwe", cweList);
+    rule->put_child("properties", props);
+
+    // help.text
+    PTree help;
+    const auto helpText =
+        "https://cwe.mitre.org/data/definitions/" + cweStr + ".html";
+    help.put<std::string>("text", helpText);
+    rule->put_child("help", help);
+}
+
+static void sarifEncodeShellCheckRule(PTree *rule, int ruleID) {
+    const auto ruleStr = "SC" + std::to_string(ruleID);
+
+    // name
+    rule->put<std::string>("name", ruleStr);
+
+    // properties.tags[]
+    PTree tagList;
+    appendNode(&tagList, PTree({"ShellCheck"}));
+
+    PTree props;
+    props.put_child("tags", tagList);
+    rule->put_child("properties", props);
+
+    // help.text && help.markdown
+    PTree help;
+    const auto helpURI =
+        "https://github.com/koalaman/shellcheck/wiki/" + ruleStr;
+    help.put<std::string>("text", "Defect reference: " + helpURI);
+
+    const auto helpMarkdown =
+        "Defect reference: [" + ruleStr +"](" + helpURI + ")";
+    help.put<std::string>("markdown", helpMarkdown);
+
+    rule->put_child("help", help);
+}
+
+void SarifTreeEncoder::serializeRuleMap()
 {
     PTree ruleList;
 
-    for (const auto &item : cweMap_) {
+    for (const auto &item : ruleMap_) {
         PTree rule;
         const auto &id = item.first;
         rule.put<std::string>("id", id);
 
-        PTree cweList;
-        const auto cwe = item.second;
-        const auto cweStr = std::to_string(cwe);
-        appendNode(&cweList, PTree("CWE-" + cweStr));
-
-        // properties.cwe[]
-        PTree props;
-        props.put_child("cwe", cweList);
-        rule.put_child("properties", props);
-
-        // help.text
-        PTree help;
-        const auto helpText =
-            "https://cwe.mitre.org/data/definitions/" + cweStr + ".html";
-        help.put<std::string>("text", helpText);
-        rule.put_child("help", help);
+        if (boost::starts_with(id, "SHELLCHECK_WARNING"))
+            sarifEncodeShellCheckRule(&rule, item.second);
+        else
+            sarifEncodeCweRule(&rule, item.second);
 
         appendNode(&ruleList, rule);
     }
@@ -287,9 +322,18 @@ void SarifTreeEncoder::appendDef(const Defect &def)
     // checker (FIXME: suboptimal mapping to SARIF)
     const std::string ruleId = def.checker + ": " + keyEvt.event;
     result.put<std::string>("ruleId", ruleId);
-    if (def.cwe)
+
+    if (def.checker == "SHELLCHECK_WARNING") {
+        boost::smatch sm;
+        static const RE reShellCheckMsg("(\\[)?SC([0-9]+)(\\])?$");
+        boost::regex_search(keyEvt.event, sm, reShellCheckMsg);
+
+        // update ShellCheck rule map
+        ruleMap_[ruleId] = boost::lexical_cast<int>(sm[2]);
+    } else if (def.cwe) {
         // update CWE map
-        cweMap_[ruleId] = def.cwe;
+        ruleMap_[ruleId] = def.cwe;
+    }
 
     // key event location
     PTree loc;
@@ -355,9 +399,9 @@ void SarifTreeEncoder::writeTo(std::ostream &str)
         root.put_child("inlineExternalProperties", propsList);
     }
 
-    if (!cweMap_.empty())
+    if (!ruleMap_.empty())
         // needs to run before we pick driver_
-        this->serializeCweMap();
+        this->serializeRuleMap();
 
     PTree tool;
     tool.put_child("driver", driver_);