From 729cff1b3dcb55267814b3dec25dd003fe5b26ae Mon Sep 17 00:00:00 2001 From: flowirtz <6052785+flowirtz@users.noreply.github.com> Date: Fri, 7 Jun 2024 17:40:55 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20some=20producers=20failing?= =?UTF-8?q?=20if=20unable=20to=20extract=20code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- components/producers/golang-gosec/main.go | 7 ++++++- components/producers/kics/main.go | 12 ++++++++---- components/producers/python-bandit/main.go | 13 +++++++++---- components/producers/semgrep/main.go | 11 ++++++++--- components/producers/terraform-tfsec/main.go | 11 ++++++++--- components/producers/typescript-eslint/main.go | 11 ++++++++--- 6 files changed, 47 insertions(+), 18 deletions(-) diff --git a/components/producers/golang-gosec/main.go b/components/producers/golang-gosec/main.go index bbb28e225..91daff7cd 100644 --- a/components/producers/golang-gosec/main.go +++ b/components/producers/golang-gosec/main.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "log" + "log/slog" v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/pkg/context" @@ -50,11 +51,15 @@ func parseIssues(out *GoSecOut) ([]*v1.Issue, error) { Confidence: v1.Confidence(v1.Confidence_value[fmt.Sprintf("CONFIDENCE_%s", r.Confidence)]), Description: r.Code, } + + // Extract the code snippet, if possible code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } iss.ContextSegment = &code + issues = append(issues, iss) } return issues, nil diff --git a/components/producers/kics/main.go b/components/producers/kics/main.go index 45621fa73..3b1c1c037 100644 --- a/components/producers/kics/main.go +++ b/components/producers/kics/main.go @@ -5,6 +5,7 @@ import ( "flag" "fmt" "log" + "log/slog" v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/components/producers" @@ -80,13 +81,16 @@ func parseOut(results types.KICSOut) ([]*v1.Issue, error) { file.ResourceName), Description: string(description), } - cs, err := context.ExtractCode(iss) + + // Extract the code snippet, if possible + code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } - iss.ContextSegment = &cs + iss.ContextSegment = &code + issues = append(issues, iss) - } } return issues, nil diff --git a/components/producers/python-bandit/main.go b/components/producers/python-bandit/main.go index 05588dc19..28895dd23 100644 --- a/components/producers/python-bandit/main.go +++ b/components/producers/python-bandit/main.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "log" + "log/slog" "strings" v1 "github.com/ocurity/dracon/api/proto/v1" @@ -50,7 +51,7 @@ func parseResult(r *BanditResult) (*v1.Issue, error) { for _, r := range r.LineRange { rng = append(rng, fmt.Sprintf("%d", r)) } - iss := v1.Issue{ + iss := &v1.Issue{ Target: fmt.Sprintf("%s:%s", r.Filename, strings.Join(rng, "-")), Type: r.TestID, Title: r.TestName, @@ -59,12 +60,16 @@ func parseResult(r *BanditResult) (*v1.Issue, error) { Confidence: v1.Confidence(v1.Confidence_value[fmt.Sprintf("CONFIDENCE_%s", r.IssueConfidence)]), Description: fmt.Sprintf("%s\ncode:%s", r.IssueText, r.Code), } - code, err := context.ExtractCode(&iss) // Bandit only extracts a small code sample, we think it's better to have more + + // Extract the code snippet, if possible + code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } iss.ContextSegment = &code - return &iss, nil + + return iss, nil } // BanditOut represents the output of a bandit run. diff --git a/components/producers/semgrep/main.go b/components/producers/semgrep/main.go index 483f39b10..4d12f44f2 100644 --- a/components/producers/semgrep/main.go +++ b/components/producers/semgrep/main.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "log" + "log/slog" v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/components/producers/semgrep/types" @@ -63,11 +64,15 @@ func parseIssues(out types.SemgrepResults) ([]*v1.Issue, error) { Confidence: v1.Confidence_CONFIDENCE_MEDIUM, Description: fmt.Sprintf("%s\n extra lines: %s", r.Extra.Message, r.Extra.Lines), } - cs, err := context.ExtractCode(iss) + + // Extract the code snippet, if possible + code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } - iss.ContextSegment = &cs + iss.ContextSegment = &code + issues = append(issues, iss) } return issues, nil diff --git a/components/producers/terraform-tfsec/main.go b/components/producers/terraform-tfsec/main.go index e4bac92ba..346a9bea1 100644 --- a/components/producers/terraform-tfsec/main.go +++ b/components/producers/terraform-tfsec/main.go @@ -5,6 +5,7 @@ import ( "flag" "fmt" "log" + "log/slog" v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/components/producers" @@ -75,11 +76,15 @@ func parseOut(results types.TfSecOut) ([]*v1.Issue, error) { Confidence: v1.Confidence_CONFIDENCE_MEDIUM, Description: string(description), } - cs, err := context.ExtractCode(iss) + + // Extract the code snippet, if possible + code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } - iss.ContextSegment = &cs + iss.ContextSegment = &code + issues = append(issues, iss) } return issues, nil diff --git a/components/producers/typescript-eslint/main.go b/components/producers/typescript-eslint/main.go index 124fc93e0..5902d9134 100644 --- a/components/producers/typescript-eslint/main.go +++ b/components/producers/typescript-eslint/main.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "log" + "log/slog" v1 "github.com/ocurity/dracon/api/proto/v1" "github.com/ocurity/dracon/components/producers/typescript-eslint/types" @@ -61,11 +62,15 @@ func parseIssues(out []types.ESLintIssue) ([]*v1.Issue, error) { Confidence: v1.Confidence_CONFIDENCE_MEDIUM, Description: msg.Message, } - cs, err := context.ExtractCode(iss) + + // Extract the code snippet, if possible + code, err := context.ExtractCode(iss) if err != nil { - return nil, err + slog.Warn("Failed to extract code snippet", "error", err) + code = "" } - iss.ContextSegment = &cs + iss.ContextSegment = &code + issues = append(issues, iss) } }