🐛 Fix some producers failing if unable to extract code

smithy-security · Jun 7, 2024 · 729cff1 · 729cff1
1 parent db05659
commit 729cff1
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 18 deletions.
diff --git a/components/producers/golang-gosec/main.go b/components/producers/golang-gosec/main.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"log/slog"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
 	"github.com/ocurity/dracon/pkg/context"
@@ -50,11 +51,15 @@ func parseIssues(out *GoSecOut) ([]*v1.Issue, error) {
 			Confidence:  v1.Confidence(v1.Confidence_value[fmt.Sprintf("CONFIDENCE_%s", r.Confidence)]),
 			Description: r.Code,
 		}
+
+		// Extract the code snippet, if possible
 		code, err := context.ExtractCode(iss)
 		if err != nil {
-			return nil, err
+			slog.Warn("Failed to extract code snippet", "error", err)
+			code = ""
 		}
 		iss.ContextSegment = &code
+
 		issues = append(issues, iss)
 	}
 	return issues, nil

diff --git a/components/producers/kics/main.go b/components/producers/kics/main.go
@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"log/slog"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
 	"github.com/ocurity/dracon/components/producers"
@@ -80,13 +81,16 @@ func parseOut(results types.KICSOut) ([]*v1.Issue, error) {
 					file.ResourceName),
 				Description: string(description),
 			}
-			cs, err := context.ExtractCode(iss)
+
+			// Extract the code snippet, if possible
+			code, err := context.ExtractCode(iss)
 			if err != nil {
-				return nil, err
+				slog.Warn("Failed to extract code snippet", "error", err)
+				code = ""
 			}
-			iss.ContextSegment = &cs
+			iss.ContextSegment = &code
+
 			issues = append(issues, iss)
-
 		}
 	}
 	return issues, nil

diff --git a/components/producers/python-bandit/main.go b/components/producers/python-bandit/main.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"log/slog"
 	"strings"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
@@ -50,7 +51,7 @@ func parseResult(r *BanditResult) (*v1.Issue, error) {
 	for _, r := range r.LineRange {
 		rng = append(rng, fmt.Sprintf("%d", r))
 	}
-	iss := v1.Issue{
+	iss := &v1.Issue{
 		Target:      fmt.Sprintf("%s:%s", r.Filename, strings.Join(rng, "-")),
 		Type:        r.TestID,
 		Title:       r.TestName,
@@ -59,12 +60,16 @@ func parseResult(r *BanditResult) (*v1.Issue, error) {
 		Confidence:  v1.Confidence(v1.Confidence_value[fmt.Sprintf("CONFIDENCE_%s", r.IssueConfidence)]),
 		Description: fmt.Sprintf("%s\ncode:%s", r.IssueText, r.Code),
 	}
-	code, err := context.ExtractCode(&iss) // Bandit only extracts a small code sample, we think it's better to have more
+
+	// Extract the code snippet, if possible
+	code, err := context.ExtractCode(iss)
 	if err != nil {
-		return nil, err
+		slog.Warn("Failed to extract code snippet", "error", err)
+		code = ""
 	}
 	iss.ContextSegment = &code
-	return &iss, nil
+
+	return iss, nil
 }
 
 // BanditOut represents the output of a bandit run.

diff --git a/components/producers/semgrep/main.go b/components/producers/semgrep/main.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"log/slog"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
 	"github.com/ocurity/dracon/components/producers/semgrep/types"
@@ -63,11 +64,15 @@ func parseIssues(out types.SemgrepResults) ([]*v1.Issue, error) {
 			Confidence:  v1.Confidence_CONFIDENCE_MEDIUM,
 			Description: fmt.Sprintf("%s\n extra lines: %s", r.Extra.Message, r.Extra.Lines),
 		}
-		cs, err := context.ExtractCode(iss)
+
+		// Extract the code snippet, if possible
+		code, err := context.ExtractCode(iss)
 		if err != nil {
-			return nil, err
+			slog.Warn("Failed to extract code snippet", "error", err)
+			code = ""
 		}
-		iss.ContextSegment = &cs
+		iss.ContextSegment = &code
+
 		issues = append(issues, iss)
 	}
 	return issues, nil

diff --git a/components/producers/terraform-tfsec/main.go b/components/producers/terraform-tfsec/main.go
@@ -5,6 +5,7 @@ import (
 	"flag"
 	"fmt"
 	"log"
+	"log/slog"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
 	"github.com/ocurity/dracon/components/producers"
@@ -75,11 +76,15 @@ func parseOut(results types.TfSecOut) ([]*v1.Issue, error) {
 			Confidence:  v1.Confidence_CONFIDENCE_MEDIUM,
 			Description: string(description),
 		}
-		cs, err := context.ExtractCode(iss)
+
+		// Extract the code snippet, if possible
+		code, err := context.ExtractCode(iss)
 		if err != nil {
-			return nil, err
+			slog.Warn("Failed to extract code snippet", "error", err)
+			code = ""
 		}
-		iss.ContextSegment = &cs
+		iss.ContextSegment = &code
+
 		issues = append(issues, iss)
 	}
 	return issues, nil

diff --git a/components/producers/typescript-eslint/main.go b/components/producers/typescript-eslint/main.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"log"
+	"log/slog"
 
 	v1 "github.com/ocurity/dracon/api/proto/v1"
 	"github.com/ocurity/dracon/components/producers/typescript-eslint/types"
@@ -61,11 +62,15 @@ func parseIssues(out []types.ESLintIssue) ([]*v1.Issue, error) {
 				Confidence:  v1.Confidence_CONFIDENCE_MEDIUM,
 				Description: msg.Message,
 			}
-			cs, err := context.ExtractCode(iss)
+
+			// Extract the code snippet, if possible
+			code, err := context.ExtractCode(iss)
 			if err != nil {
-				return nil, err
+				slog.Warn("Failed to extract code snippet", "error", err)
+				code = ""
 			}
-			iss.ContextSegment = &cs
+			iss.ContextSegment = &code
+
 			issues = append(issues, iss)
 		}
 	}