Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SARIF output shows incorrect rule properties #1362

Open
nierz opened this issue Mar 3, 2024 · 1 comment
Open

SARIF output shows incorrect rule properties #1362

nierz opened this issue Mar 3, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@nierz
Copy link

nierz commented Mar 3, 2024

Describe the bug
GitLeaks pre v8.18.2 used to show the rule IDs in the SARIF output in the following way:

     "rules": [
      {
       "id": "adafruit-api-key",
       "name": "Adafruit API Key",
       "shortDescription": {
        "text": "(?i)(?:adafruit)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      {
       "id": "adobe-client-id",
       "name": "Adobe Client ID (OAuth Web)",
       "shortDescription": {
        "text": "(?i)(?:adobe)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      ...more rules
    ]

However, in GitLeaks v8.18.2 this was changed to:

     "rules": [
      {
       "id": "adafruit-api-key",
       "name": "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.",
       "shortDescription": {
        "text": "(?i)(?:adafruit)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      {
       "id": "adobe-client-id",
       "name": "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.",
       "shortDescription": {
        "text": "(?i)(?:adobe)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      ...more rules
    ]

As you can see, the properties are wrong. The name actually changed to be a description.

To Reproduce
Steps to reproduce the behavior:

Simply run gitleaks with SARIF report format on any directory. For instance:

gitleaks detect . --report-format sarif --report-path result.json

Expected behavior
The name property should have the actual name (like it used to do), and the new name that looks like a description should go into a different SARIF property - fullDescription is a good one, here's an example from KICS's SARIF output:

"rules": [
  {
	  "id": "fd54f200-402c-4333-a5a4-36ef6709af2f",
	  "name": "Missing User Instruction",
	  "shortDescription": {
		  "text": "Missing User Instruction"
	  },
	  "fullDescription": {
		  "text": "A user should be specified in the dockerfile, otherwise the image will run as root"
	  },
   ...
  }

Basic Info:

  • OS: Mac OS
  • Gitleaks Version: 8.18.2

cc @zricethezav
@nierz nierz added the bug Something isn't working label Mar 3, 2024
@ebarped ebarped mentioned this issue Mar 5, 2024
Open
@baruchiro
Copy link
Contributor

baruchiro commented Mar 6, 2024
edited

It was done by #1300.

cc @LironJit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baruchiro @nierz