CM-35360 - Use policy display name as title of SAST detections (#85)

cycodehq · May 15, 2024 · efee551 · efee551
1 parent 3743e2f
commit efee551
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 11 deletions.
diff --git a/src/constants.ts b/src/constants.ts
@@ -132,7 +132,7 @@ export const getScanTypeDisplayName = (scanType: string): string => {
 
 export const DIAGNOSTIC_CODE_SEPARATOR = '::';
 
-export const REQUIRED_CLI_VERSION = '1.9.4';
+export const REQUIRED_CLI_VERSION = '1.9.5';
 
 export const CLI_GITHUB = {
   OWNER: 'cycodehq',

diff --git a/src/panels/violation/renderer/sast.ts b/src/panels/violation/renderer/sast.ts
@@ -10,7 +10,7 @@ const renderDetection = detection => {
   const severityFirstLetter = detection.severity[0].toUpperCase();
   ge('severity-icon').src = severityIcons[severityFirstLetter];
 
-  ge('title').innerText = detection.message;
+  ge('title').innerText = detection.detection_details.policy_display_name;
 
   const cwes = detection.detection_details.cwe.join(', ');
   if (cwes) {

diff --git a/src/panels/violation/violation-panel.ts b/src/panels/violation/violation-panel.ts
@@ -104,7 +104,7 @@ const _enrichIacDetectionForRender = (detection: IacDetection): IacDetection =>
 };
 
 const _enrichSastDetectionForRender = (detection: SastDetection): SastDetection => {
-  if (detection.message) {
+  if (detection.detection_details.description) {
     detection.detection_details.description =
         _MARKDOWN_CONVERTER.makeHtml(detection.detection_details.description);
   }

diff --git a/src/providers/code-actions/commonActions.ts b/src/providers/code-actions/commonActions.ts
@@ -66,6 +66,10 @@ export const createOpenViolationCardAction = (
   const detection = scanResultsService.getDetectionById(diagnosticCode.uniqueDetectionId);
 
   let message = detection?.message;
+  if (detection?.type === 'SAST') {
+    message = detection?.detection_details.policy_display_name;
+  }
+
   if (message && message.length > 50) {
     message = message.slice(0, 50) + '...';
   }

diff --git a/src/providers/tree-view/utils.ts b/src/providers/tree-view/utils.ts
@@ -94,11 +94,11 @@ const _getIacValueItem = (detection: IacDetection): ValueItem => {
 };
 
 const _getSastValueItem = (detection: SastDetection): ValueItem => {
-  const {message, detection_details, severity} = detection;
+  const {detection_details, severity} = detection;
   const {line_in_file, file_path} = detection_details;
 
   const valueItem: TreeViewDisplayedData = {
-    title: `line ${line_in_file}: ${message}`,
+    title: `line ${line_in_file}: ${detection_details.policy_display_name}`,
     severityFirstLetter: mapSeverityToFirstLetter(severity),
     lineNumber: line_in_file,
     detection: detection,

diff --git a/src/services/scanners/IacScanner.ts b/src/services/scanners/IacScanner.ts
@@ -163,7 +163,7 @@ const detectionsToDiagnostics = async (
     const document = await vscode.workspace.openTextDocument(documentUri);
 
     let message = `Severity: ${detection.severity}\n`;
-    message += `Description: ${detection.message}\n`;
+    message += `Rule: ${detection.message}\n`;
 
     message += `IaC Provider: ${detection.detection_details.infra_provider}\n`;
 

diff --git a/src/services/scanners/SastScanner.ts b/src/services/scanners/SastScanner.ts
@@ -82,9 +82,6 @@ const normalizeSastDetections = (result: { detections?: SastDetection[] }): Sast
     if (!detection_details.file_path.startsWith('/')) {
       detection_details.file_path = '/' + detection_details.file_path;
     }
-
-    detection_details.description = detection.message;
-    detection.message = detection.message.slice(0, 50) + '...';
   }
 
   return result.detections;
@@ -158,7 +155,7 @@ const detectionsToDiagnostics = async (
     const document = await vscode.workspace.openTextDocument(documentUri);
 
     let message = `Severity: ${detection.severity}\n`;
-    message += `Description: ${detection.message}\n`;
+    message += `Rule: ${detection.detection_details.policy_display_name}\n`;
     message += `In file: ${detection.detection_details.file_name}\n`;
 
     const diagnostic = new vscode.Diagnostic(

diff --git a/src/types/detection.ts b/src/types/detection.ts
@@ -17,6 +17,7 @@ export type SecretDetection = {
     description?: string;
     remediation_guidelines?: string;
     custom_remediation_guidelines?: string;
+    policy_display_name: string;
   };
 };
 
@@ -45,6 +46,10 @@ export type ScaDetection = {
       vulnerable_requirements: string;
       first_patched_version: string;
     };
+    description?: string;
+    remediation_guidelines?: string;
+    custom_remediation_guidelines?: string;
+    policy_display_name: string;
   };
 };
 
@@ -66,6 +71,7 @@ export type IacDetection = {
     description?: string;
     remediation_guidelines?: string;
     custom_remediation_guidelines?: string;
+    policy_display_name: string;
   };
 };
 
@@ -77,7 +83,6 @@ export type SastDetection = {
   severity: string;
   detection_details: {
     external_scanner_id: string;
-    description: string; // doesn't come from CLI yet
     line_in_file: number;
     start_position: number;
     end_position: number;
@@ -87,6 +92,10 @@ export type SastDetection = {
     owasp: string[];
     category: string;
     languages: string[];
+    description?: string;
+    remediation_guidelines?: string;
+    custom_remediation_guidelines?: string;
+    policy_display_name: string;
   };
 };