Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correct issue with SARIF dir scan relative paths #682

Merged
merged 4 commits into from Mar 21, 2022
Merged

Correct issue with SARIF dir scan relative paths #682

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
adba3a4
Correct issue with SARIF dir scan relative paths
kzantow Mar 21, 2022
c091213
Invert nil check logic
kzantow Mar 21, 2022
f169356
Add some testing
kzantow Mar 21, 2022
c7f0077
Fix tests
kzantow Mar 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 28 additions & 16 deletions grype/presenter/sarif/presenter.go
View file
Open in desktop
Expand Up @@ -151,34 +151,43 @@ func (pres *Presenter) helpText(m match.Match, link string) *sarif.MultiformatMe

// packagePath attempts to get the relative path of the package to the "scan root"
func (pres *Presenter) packagePath(p pkg.Package) string {
inputPath := strings.TrimPrefix(pres.srcMetadata.Path, "./")
if inputPath == "." {
inputPath = ""
}
if len(p.Locations) > 0 {
location := p.Locations[0]
packagePath := location.RealPath
if location.VirtualPath != "" {
packagePath = location.VirtualPath
}
if pres.srcMetadata.Scheme == source.DirectoryScheme {
packagePath = fmt.Sprintf("%s/%s", inputPath, packagePath)
return locationPath(p.Locations[0])
}
return pres.inputPath()
}

// inputPath returns a friendlier relative path or absolute path depending on the input, not prefixed by . or ./
func (pres *Presenter) inputPath() string {
kzantow marked this conversation as resolved.
Show resolved Hide resolved
if pres.srcMetadata != nil {
inputPath := strings.TrimPrefix(pres.srcMetadata.Path, "./")
if inputPath == "." {
return ""
}
return packagePath
return inputPath
}
return ""
kzantow marked this conversation as resolved.
Show resolved Hide resolved
}

// locationPath returns a path for the location
func locationPath(l source.Location) string {
if l.VirtualPath != "" {
return l.VirtualPath
}
return inputPath
return l.RealPath
}

// locations the locations array is a single "physical" location with potentially multiple logical locations
func (pres *Presenter) locations(m match.Match) []*sarif.Location {
var logicalLocations []*sarif.LogicalLocation
physicalLocation := pres.packagePath(m.Package)
trimmedPath := strings.TrimPrefix(physicalLocation, "/")

var logicalLocations []*sarif.LogicalLocation

switch pres.srcMetadata.Scheme {
case source.ImageScheme:
img := pres.srcMetadata.ImageMetadata.UserInput
for _, l := range m.Package.Locations {
trimmedPath := strings.TrimPrefix(locationPath(l), "/")
logicalLocations = append(logicalLocations, &sarif.LogicalLocation{
FullyQualifiedName: sp(fmt.Sprintf("%s@%s:/%s", img, l.FileSystemID, trimmedPath)),
Name: sp(l.RealPath),
Expand All @@ -193,10 +202,13 @@ func (pres *Presenter) locations(m match.Match) []*sarif.Location {
case source.FileScheme:
for _, l := range m.Package.Locations {
logicalLocations = append(logicalLocations, &sarif.LogicalLocation{
FullyQualifiedName: sp(fmt.Sprintf("%s:/%s", pres.srcMetadata.Path, trimmedPath)),
FullyQualifiedName: sp(fmt.Sprintf("%s:/%s", pres.srcMetadata.Path, locationPath(l))),
Name: sp(l.RealPath),
})
}
case source.DirectoryScheme:
// Get a friendly relative location as well as possible
physicalLocation = strings.TrimPrefix(physicalLocation, pres.inputPath())
}

return []*sarif.Location{
Expand Down