create v2 version (#30)

example/example-report.sarif

@@ -1,6 +1,6 @@
 {
   "version": "2.1.0",
-  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
   "runs": [
     {
       "tool": {
@@ -14,7 +14,7 @@
                 "text": "Resource 'aws_security_group_rule.my-rule' defines a fully open ingress security group rule."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS006/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Your port exposed to the internet",
@@ -27,7 +27,7 @@
                 "text": "Resource 'azurerm_managed_disk.source' defines an unencrypted managed disk."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/azure/AZU003/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "",
@@ -40,7 +40,7 @@
                 "text": "Resource 'aws_api_gateway_domain_name.outdated_security_policy' defines outdated SSL/TLS policies (not using TLS_1_2)."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS025/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Outdated SSL policies increase exposure to known vulnerabilites",
@@ -53,7 +53,7 @@
                 "text": "Resource 'aws_security_group_rule.my-rule' should include a description for auditing purposes."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS018/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Descriptions provide context for the firewall rule reasons",
@@ -66,7 +66,7 @@
                 "text": "Resource 'aws_alb_listener.my-alb-listener' uses plain HTTP instead of HTTPS."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS004/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Your traffic is not protected",
@@ -79,7 +79,7 @@
                 "text": "Resource 'aws_db_security_group.my-group' uses EC2 Classic. Use a VPC instead."
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS003/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Classic resources are running in a shared environment with other customers",
@@ -92,7 +92,7 @@
                 "text": "Resource 'aws_dynamodb_table.bad_example' is not using KMS CMK for encryption"
               },
               "help": {
-                "text": "See https://tfsec.dev/docs/aws/AWS092/ for more information."
+                "markdown": "# markdown"
               },
               "properties": {
                 "impact": "Using AWS managed keys does not allow for fine grained control",
@@ -294,4 +294,28 @@
       ]
     }
   ]
+}in.tf"
+                },
+                "region": {
+                  "startLine": 41,
+                  "endLine": 56
+                }
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}
+                  "startLine": 41,
+                  "endLine": 56
+                }
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
 }

example/main.go

@@ -6,7 +6,7 @@ import (
 	"os"
 	"strings"
 
-	"github.com/owenrumney/go-sarif/sarif"
+	"github.com/owenrumney/go-sarif/v2/sarif"
 )
 
 // simple structure for the output of tfsec
@@ -58,7 +58,8 @@ func main() {
 		run.AddRule(r.RuleID).
 			WithDescription(r.Description).
 			WithHelp(r.Link).
-			WithProperties(pb.Properties)
+			WithProperties(pb.Properties).
+			WithMarkdownHelp("# markdown")
 
 		// add the location as a unique artifact
 		run.AddDistinctArtifact(r.Location.Filename)
@@ -95,7 +96,7 @@ func main() {
 // load the example results file
 func loadTfsecResults() (TfsecResults, error) {
 
-	jsonResult, err := ioutil.ReadFile("results.json")
+	jsonResult, err := ioutil.ReadFile("./results.json")
 	if err != nil {
 		panic(err)
 	}

go.mod

@@ -1,4 +1,4 @@
-module github.com/owenrumney/go-sarif
+module github.com/owenrumney/go-sarif/v2
 
 go 1.16
 

sarif/multi_format_message_string.go

@@ -2,13 +2,19 @@ package sarif
 
 type MultiformatMessageString struct {
 	PropertyBag
-	Text     string  `json:"text"`
+	Text     *string `json:"text,omitempty"`
 	Markdown *string `json:"markdown,omitempty"`
 }
 
+func NewMarkdownMultiformatMessageString(markdown string) *MultiformatMessageString {
+	return &MultiformatMessageString{
+		Markdown: &markdown,
+	}
+}
+
 func NewMultiformatMessageString(text string) *MultiformatMessageString {
 	return &MultiformatMessageString{
-		Text: text,
+		Text: &text,
 	}
 }
 

sarif/reporting_descriptor.go

@@ -0,0 +1,87 @@
+package sarif
+
+type ReportingConfiguration struct {
+	Enabled    bool         `json:"enabled,omitempty"`
+	Level      interface{}  `json:"level,omitempty"`
+	Parameters *PropertyBag `json:"parameters,omitempty"`
+	Properties *PropertyBag `json:"properties,omitempty"`
+	Rank       float64      `json:"rank,omitempty"`
+}
+
+// ReportingDescriptor specifies a Sarif ReportingDescriptor object
+type ReportingDescriptor struct {
+	PropertyBag
+	ID                   string                    `json:"id"`
+	Name                 *string                   `json:"name,omitempty"`
+	ShortDescription     *MultiformatMessageString `json:"shortDescription"`
+	FullDescription      *MultiformatMessageString `json:"fullDescription,omitempty"`
+	DefaultConfiguration *ReportingConfiguration   `json:"defaultConfiguration,omitempty"`
+	HelpURI              *string                   `json:"helpUri,omitempty"`
+	Help                 *MultiformatMessageString `json:"help,omitempty"`
+	Properties           Properties                `json:"properties,omitempty"`
+}
+
+func newRule(ruleID string) *ReportingDescriptor {
+	return &ReportingDescriptor{
+		ID: ruleID,
+	}
+}
+
+// WithName specifies rule name that is understandable to an end user and returns the updated rule.
+func (rule *ReportingDescriptor) WithName(name string) *ReportingDescriptor {
+	rule.Name = &name
+	return rule
+}
+
+// WithDescription specifies short description for a rule and returns the updated rule.
+// Short description should be a single sentence that is understandable when visible space is limited to a single line
+// of text.
+func (rule *ReportingDescriptor) WithDescription(description string) *ReportingDescriptor {
+	rule.ShortDescription = NewMultiformatMessageString(description)
+	return rule
+}
+
+// WithShortDescription specifies short description for a rule and returns the updated rule.
+// Short description should be a single sentence that is understandable when visible space is limited to a single line
+// of text.
+func (rule *ReportingDescriptor) WithShortDescription(description *MultiformatMessageString) *ReportingDescriptor {
+	rule.ShortDescription = description
+	return rule
+}
+
+// WithFullDescription specifies full description for a rule and returns the updated rule.
+// Full description should, as far as possible, provide details sufficient to enable resolution of any problem indicated
+// by the result.
+func (rule *ReportingDescriptor) WithFullDescription(description *MultiformatMessageString) *ReportingDescriptor {
+	rule.FullDescription = description
+	return rule
+}
+
+// WithHelpURI specifies a helpURI for a rule and returns the updated rule
+func (rule *ReportingDescriptor) WithHelpURI(helpURI string) *ReportingDescriptor {
+	rule.HelpURI = &helpURI
+	return rule
+}
+
+// WithHelp specifies a help text  for a rule and returns the updated rule
+func (rule *ReportingDescriptor) WithHelp(helpText string) *ReportingDescriptor {
+	rule.Help = NewMultiformatMessageString(helpText)
+	return rule
+}
+
+// WithMarkdownHelp specifies a help text  for a rule and returns the updated rule
+func (rule *ReportingDescriptor) WithMarkdownHelp(markdownText string) *ReportingDescriptor {
+	rule.Help = NewMarkdownMultiformatMessageString(markdownText)
+	return rule
+}
+
+// WithProperties specifies properties for a rule and returns the updated rule
+func (rule *ReportingDescriptor) WithProperties(properties Properties) *ReportingDescriptor {
+	rule.Properties = properties
+	return rule
+}
+
+// AttachPropertyBag adds a property bag to a rule
+func (rule *ReportingDescriptor) AttachPropertyBag(pb *PropertyBag) {
+	rule.Properties = pb.Properties
+}

sarif/run.go

@@ -24,7 +24,7 @@ type Run struct { // https://docs.oasis-open.org/sarif/sarif/v2.1.0/csprd01/sari
 func NewRun(toolName, informationURI string) *Run {
 	run := &Run{
 		Tool: Tool{
-			Driver: &Driver{
+			Driver: &ToolComponent{
 				Name:           toolName,
 				InformationURI: &informationURI,
 			},
@@ -70,8 +70,8 @@ func (run *Run) AddDistinctArtifact(uri string) *Artifact {
 	return a
 }
 
-// AddRule returns an existing Rule for the ruleID or creates a new Rule and returns a pointer to it
-func (run *Run) AddRule(ruleID string) *Rule {
+// AddRule returns an existing ReportingDescriptor for the ruleID or creates a new ReportingDescriptor and returns a pointer to it
+func (run *Run) AddRule(ruleID string) *ReportingDescriptor {
 	for _, rule := range run.Tool.Driver.Rules {
 		if rule.ID == ruleID {
 			return rule
@@ -94,7 +94,7 @@ func (run *Run) AttachPropertyBag(pb *PropertyBag) {
 }
 
 // GetRuleById finds a rule by a given rule ID and returns a pointer to it
-func (run *Run) GetRuleById(ruleId string) (*Rule, error) {
+func (run *Run) GetRuleById(ruleId string) (*ReportingDescriptor, error) {
 	if run.Tool.Driver != nil {
 		for _, rule := range run.Tool.Driver.Rules {
 			if rule.ID == ruleId {

sarif/tool.go

@@ -2,29 +2,6 @@ package sarif
 
 type Tool struct {
 	PropertyBag
-	Driver *Driver `json:"driver"`
+	Driver *ToolComponent `json:"driver"`
 }
 
-type Driver struct {
-	PropertyBag
-	Name           string  `json:"name"`
-	Version        *string `json:"version,omitempty"`
-	InformationURI *string `json:"informationUri"`
-	Rules          []*Rule `json:"rules,omitempty"`
-}
-
-// WithVersion specifies tool version, in whatever format it natively provides. Returns updated driver.
-func (driver *Driver) WithVersion(version string) *Driver {
-	driver.Version = &version
-	return driver
-}
-
-func (driver *Driver) getOrCreateRule(rule *Rule) uint {
-	for i, r := range driver.Rules {
-		if r.ID == rule.ID {
-			return uint(i)
-		}
-	}
-	driver.Rules = append(driver.Rules, rule)
-	return uint(len(driver.Rules) - 1)
-}

sarif/tool_component.go

@@ -0,0 +1,27 @@
+package sarif
+
+type ToolComponent struct {
+	PropertyBag
+	Name           string                 `json:"name"`
+	Version        *string                `json:"version,omitempty"`
+	InformationURI *string                `json:"informationUri"`
+	Notifications  []*ReportingDescriptor `json:"notifications,omitempty"`
+	Rules          []*ReportingDescriptor `json:"rules,omitempty"`
+	Taxa           []*ReportingDescriptor `json:"taxa,omitempty"`
+}
+
+// WithVersion specifies tool version, in whatever format it natively provides. Returns updated driver.
+func (driver *ToolComponent) WithVersion(version string) *ToolComponent {
+	driver.Version = &version
+	return driver
+}
+
+func (driver *ToolComponent) getOrCreateRule(rule *ReportingDescriptor) uint {
+	for i, r := range driver.Rules {
+		if r.ID == rule.ID {
+			return uint(i)
+		}
+	}
+	driver.Rules = append(driver.Rules, rule)
+	return uint(len(driver.Rules) - 1)
+}