Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support messageStrings property #63

Merged
merged 1 commit into from
Sep 17, 2023

Conversation

masakura
Copy link
Contributor

📑 Description

Support messageStrings property. see https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sarif-v2.1.0-csprd01.html#_Toc10541285

example:

          "rules": [
            {
              "id": "BA2024",
              "name": "EnableSpectreMitigations",
              "fullDescription": {
                "text": "Application code should be compiled with the Spectre mitigations switch (/Qspectre) and toolsets that support it."
              },
              "help": {
                "text": "Application code should be compiled with the Spectre mitigations switch (/Qspectre) and toolsets that support it."
              },
              "messageStrings": {
                "Warning": {
                  "text": "'{0}' was compiled with one or more modules that do not enable code generation mitigations for speculative execution side-channel attack (Spectre) vulnerabilities. Spectre attacks can compromise hardware-based isolation, allowing non-privileged users to retrieve potentially sensitive data from the CPU cache. To resolve the issue, provide the /Qspectre switch on the compiler command-line (or /d2guardspecload in cases where your compiler supports this switch and it is not possible to update to a toolset that supports /Qspectre). This warning should be addressed for code that operates on data that crosses a trust boundary and that can affect execution, such as parsing untrusted file inputs or processing query strings of a web request.\r\n{1}"
                },
                "Warning_OptimizationsDisabled": {
                  "text": "The following modules were compiled with optimizations disabled (/Od), a condition that disables Spectre mitigations:\r\n{0}"
                },
                "Warning_SpectreMitigationNotEnabled": {
                  "text": "The following modules were compiled with a toolset that supports /Qspectre but the switch was not enabled on the command-line:\r\n{0}"
                },
                "Warning_SpectreMitigationExplicitlyDisabled": {
                  "text": "The following modules were compiled with Spectre mitigations explicitly disabled:\r\n{0}"
                },
                "Pass": {
                  "text": "All linked modules '{0}' were compiled with mitigations enabled that help prevent Spectre (speculative execution side-channel attack) vulnerabilities."
                },
                "NotApplicable_InvalidMetadata": {
                  "text": "'{0}' was not evaluated for check '{1}' as the analysis is not relevant based on observed metadata: {2}."
                }
              },
              "helpUri": "https://github.com/microsoft/binskim/blob/main/docs/BinSkimRules.md#rule-BA2024EnableSpectreMitigations"
            }
          ],

✅ Checks

  • My pull request adheres to the code style of this project
  • My code requires changes to the documentation
  • I have updated the documentation as required
  • All the tests have passed

Copy link
Owner

@owenrumney owenrumney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, thanks

@owenrumney owenrumney merged commit f695e97 into owenrumney:main Sep 17, 2023
1 check passed
owenrumney pushed a commit that referenced this pull request Sep 18, 2023
change in #63 add messageStrings to the reportingDescriptor but didn't
mark as being `omitempty`. This resolves that
owenrumney added a commit that referenced this pull request Sep 18, 2023
change in #63 add messageStrings to the reportingDescriptor but didn't
mark as being `omitempty`. This resolves that
another-rex referenced this pull request in google/osv-scanner Sep 19, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/go-git/go-billy/v5](https://togithub.com/go-git/go-billy)
| require | minor | `v5.4.1` -> `v5.5.0` |
| [github.com/go-git/go-git/v5](https://togithub.com/go-git/go-git) |
require | minor | `v5.8.1` -> `v5.9.0` |
|
[github.com/owenrumney/go-sarif/v2](https://togithub.com/owenrumney/go-sarif)
| require | patch | `v2.2.0` -> `v2.2.2` |

---

### Release Notes

<details>
<summary>go-git/go-billy (github.com/go-git/go-billy/v5)</summary>

### [`v5.5.0`](https://togithub.com/go-git/go-billy/releases/tag/v5.5.0)

[Compare
Source](https://togithub.com/go-git/go-billy/compare/v5.4.1...v5.5.0)

#### What's Changed

- \*: Bump dependencies and go.mod to Go 1.18. Add codeQL workflow. by
[@&#8203;pjbgf](https://togithub.com/pjbgf) in
[https://github.com/go-git/go-billy/pull/30](https://togithub.com/go-git/go-billy/pull/30)
- osfs: Add new BoundOS type by
[@&#8203;pjbgf](https://togithub.com/pjbgf) in
[https://github.com/go-git/go-billy/pull/31](https://togithub.com/go-git/go-billy/pull/31)
- Re-introduce osfs.Default by
[@&#8203;pjbgf](https://togithub.com/pjbgf) in
[https://github.com/go-git/go-billy/pull/33](https://togithub.com/go-git/go-billy/pull/33)
- Revert back to upstream github.com/cyphar/filepath-securejoin by
[@&#8203;pjbgf](https://togithub.com/pjbgf) in
[https://github.com/go-git/go-billy/pull/34](https://togithub.com/go-git/go-billy/pull/34)

**Full Changelog**:
go-git/go-billy@v5.4.1...v5.5.0

</details>

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.9.0`](https://togithub.com/go-git/go-git/releases/tag/v5.9.0)

[Compare
Source](https://togithub.com/go-git/go-git/compare/v5.8.1...v5.9.0)

#### What's Changed

- git: worktree: add Amend option to CommitOptions by
[@&#8203;john-cai](https://togithub.com/john-cai) in
[https://github.com/go-git/go-git/pull/438](https://togithub.com/go-git/go-git/pull/438)
- git: worktree, reset ignored files that are part of the worktree:
Fixes [#&#8203;819](https://togithub.com/go-git/go-git/issues/819) by
[@&#8203;daolis](https://togithub.com/daolis) in
[https://github.com/go-git/go-git/pull/821](https://togithub.com/go-git/go-git/pull/821)
- plumbing: Do not swallow http message coming from VCS providers by
[@&#8203;matejrisek](https://togithub.com/matejrisek) in
[https://github.com/go-git/go-git/pull/835](https://togithub.com/go-git/go-git/pull/835)
- plumbing: transport, handle IPv6 while parsing endpoint. Fixes
[#&#8203;740](https://togithub.com/go-git/go-git/issues/740) by
[@&#8203;ninedraft](https://togithub.com/ninedraft) in
[https://github.com/go-git/go-git/pull/820](https://togithub.com/go-git/go-git/pull/820)
- \*: update goproxy dependency to fix CVE-2023-37788 vulnerability by
[@&#8203;svghadi](https://togithub.com/svghadi) in
[https://github.com/go-git/go-git/pull/832](https://togithub.com/go-git/go-git/pull/832)
- \*: bump dependencies and Go to 1.19 by
[@&#8203;pjbgf](https://togithub.com/pjbgf) in
[https://github.com/go-git/go-git/pull/837](https://togithub.com/go-git/go-git/pull/837)

#### New Contributors

- [@&#8203;svghadi](https://togithub.com/svghadi) made their first
contribution in
[https://github.com/go-git/go-git/pull/832](https://togithub.com/go-git/go-git/pull/832)
- [@&#8203;daolis](https://togithub.com/daolis) made their first
contribution in
[https://github.com/go-git/go-git/pull/821](https://togithub.com/go-git/go-git/pull/821)

**Full Changelog**:
go-git/go-git@v5.8.1...v5.9.0

</details>

<details>
<summary>owenrumney/go-sarif
(github.com/owenrumney/go-sarif/v2)</summary>

###
[`v2.2.2`](https://togithub.com/owenrumney/go-sarif/releases/tag/v2.2.2)

[Compare
Source](https://togithub.com/owenrumney/go-sarif/compare/v2.2.1...v2.2.2)

#### What's Changed

- fix: add omitempty annotation to messageStrings by
[@&#8203;owenrumney](https://togithub.com/owenrumney) in
[https://github.com/owenrumney/go-sarif/pull/68](https://togithub.com/owenrumney/go-sarif/pull/68)

**Full Changelog**:
owenrumney/go-sarif@v2.2.1...v2.2.2

###
[`v2.2.1`](https://togithub.com/owenrumney/go-sarif/releases/tag/v2.2.1)

[Compare
Source](https://togithub.com/owenrumney/go-sarif/compare/v2.2.0...v2.2.1)

#### What's Changed

- Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/owenrumney/go-sarif/pull/62](https://togithub.com/owenrumney/go-sarif/pull/62)
- Bump github.com/zclconf/go-cty from 1.13.1 to 1.13.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/owenrumney/go-sarif/pull/61](https://togithub.com/owenrumney/go-sarif/pull/61)
- support messageStrings property by
[@&#8203;masakura](https://togithub.com/masakura) in
[https://github.com/owenrumney/go-sarif/pull/63](https://togithub.com/owenrumney/go-sarif/pull/63)
- Bump github.com/zclconf/go-cty from 1.13.2 to 1.14.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/owenrumney/go-sarif/pull/65](https://togithub.com/owenrumney/go-sarif/pull/65)

#### New Contributors

- [@&#8203;masakura](https://togithub.com/masakura) made their first
contribution in
[https://github.com/owenrumney/go-sarif/pull/63](https://togithub.com/owenrumney/go-sarif/pull/63)

**Full Changelog**:
owenrumney/go-sarif@v2.2.0...v2.2.1

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants