Skip message change

Signed-off-by: Charles Hu <[email protected]>

libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf-withraw.json

@@ -34,35 +34,35 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 83\nColumn: 14",
               "message": "HIGH confidence of rule violation at:\n82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go\nLine: 52\nColumn: 27",
               "message": "HIGH confidence of rule violation at:\n51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 96\nColumn: 12",
               "message": "HIGH confidence of rule violation at:\n95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 87\nColumn: 15",
               "message": "HIGH confidence of rule violation at:\n86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
               "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
@@ -89,7 +89,7 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
               "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
@@ -116,15 +116,15 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 77\nColumn: 15",
               "message": "HIGH confidence of rule violation at:\n76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
               "start_time": ""
             }
           ]
         }
       ],
-      "sha256": "f32894c089bb1994c0c0a75032a02e46724631bbb0c1bd61aefbd26e3ad7507e"
+      "sha256": "a6012052657380bab7a50dcb2e5452c19b0d02bd29212c07cbf57d9cadb8204d"
     }
   ],
   "passthrough": {

libs/hdf-converters/sample_jsons/gosec_mapper/grype-gosec-hdf.json

@@ -34,35 +34,35 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 83\nColumn: 14",
               "message": "HIGH confidence of rule violation at:\n82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go\nLine: 52\nColumn: 27",
               "message": "HIGH confidence of rule violation at:\n51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 96\nColumn: 12",
               "message": "HIGH confidence of rule violation at:\n95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 87\nColumn: 15",
               "message": "HIGH confidence of rule violation at:\n86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
               "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
@@ -89,7 +89,7 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
               "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
@@ -116,15 +116,15 @@
           "results": [
             {
               "status": "failed",
-              "skip_message": "",
+              "skip_message": "N/A",
               "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 77\nColumn: 15",
               "message": "HIGH confidence of rule violation at:\n76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
               "start_time": ""
             }
           ]
         }
       ],
-      "sha256": "f32894c089bb1994c0c0a75032a02e46724631bbb0c1bd61aefbd26e3ad7507e"
+      "sha256": "a6012052657380bab7a50dcb2e5452c19b0d02bd29212c07cbf57d9cadb8204d"
     }
   ],
   "passthrough": {

libs/hdf-converters/sample_jsons/gosec_mapper/sample_input_report/Go_Ethereum_gosec_results_suppressed.json

@@ -107,7 +107,7 @@
             "rule_id": "G304",
             "details": "Potential file inclusion via variable",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go",
-            "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n",
+            "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n",
             "line": "102",
             "column": "9",
             "nosec": false,
@@ -123,7 +123,7 @@
             "rule_id": "G304",
             "details": "Potential file inclusion via variable",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go",
-            "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n",
+            "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n",
             "line": "97",
             "column": "9",
             "nosec": false,
@@ -191,7 +191,12 @@
             "line": "162",
             "column": "15",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -207,7 +212,12 @@
             "line": "142",
             "column": "22",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -223,7 +233,12 @@
             "line": "86",
             "column": "12",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -235,11 +250,20 @@
             "rule_id": "G302",
             "details": "Expect file permissions to be 0600 or less",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go",
-            "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n103: }\n",
+            "code": "101: func openFreezerFileTruncated(filename string) (*os.File, error) {\n102: \treturn os.OpenFile(filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644) // #nosec G302\n103: }\n",
             "line": "102",
             "column": "9",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "inSource",
+                    "justification": ""
+                },
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -251,11 +275,20 @@
             "rule_id": "G302",
             "details": "Expect file permissions to be 0600 or less",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\rawdb\\freezer_utils.go",
-            "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644)\n98: }\n",
+            "code": "96: func openFreezerFileForReadOnly(filename string) (*os.File, error) {\n97: \treturn os.OpenFile(filename, os.O_RDONLY, 0644) // #nosec G302\n98: }\n",
             "line": "97",
             "column": "9",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "inSource",
+                    "justification": ""
+                },
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -271,7 +304,12 @@
             "line": "84",
             "column": "15",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "external",
+                    "justification": "Globally suppressed."
+                }
+            ]
         },
         {
             "severity": "MEDIUM",
@@ -287,12 +325,7 @@
             "line": "133",
             "column": "12",
             "nosec": false,
-            "suppressions": [
-                {
-                    "kind": "external",
-                    "justification": "Globally suppressed."
-                }
-            ]
+            "suppressions": null
         },
         {
             "severity": "MEDIUM",
@@ -308,12 +341,7 @@
             "line": "99",
             "column": "12",
             "nosec": false,
-            "suppressions": [
-                {
-                    "kind": "external",
-                    "justification": "Globally suppressed."
-                }
-            ]
+            "suppressions": null
         },
         {
             "severity": "LOW",
@@ -2677,11 +2705,16 @@
             "rule_id": "G104",
             "details": "Errors unhandled.",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go",
-            "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true)\n1525: \t\t\tbc.lastWrite = chosen\n",
+            "code": "1523: \t\t\t// Flush an entire trie and restart the counters\n1524: \t\t\tbc.triedb.Commit(header.Root, true) // #nosec G104\n1525: \t\t\tbc.lastWrite = chosen\n",
             "line": "1524",
             "column": "4",
             "nosec": false,
-            "suppressions": null
+            "suppressions": [
+                {
+                    "kind": "inSource",
+                    "justification": ""
+                }
+            ]
         },
         {
             "severity": "LOW",
@@ -2751,14 +2784,14 @@
             "rule_id": "G104",
             "details": "Errors unhandled.",
             "file": "C:\\Users\\chu\\Downloads\\go-ethereum-master\\core\\blockchain.go",
-            "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104\n459: \t\t}\n",
+            "code": "457: \t\t} else {\n458: \t\t\tbc.SetHead(compat.RewindToBlock) // #nosec G104 -- False positive\n459: \t\t}\n",
             "line": "458",
             "column": "4",
             "nosec": false,
             "suppressions": [
                 {
                     "kind": "inSource",
-                    "justification": ""
+                    "justification": "False positive"
                 }
             ]
         },
@@ -2808,8 +2841,8 @@
     "Stats": {
         "files": 156,
         "lines": 46219,
-        "nosec": 5,
-        "found": 166
+        "nosec": 8,
+        "found": 161
     },
     "GosecVersion": "dev"
 }

libs/hdf-converters/src/gosec-mapper.ts

@@ -32,9 +32,24 @@ function formatStatus(input: Record<string, unknown>): string {
 
 // If a gosec rule violation is suppressed, forward the given justification
 function formatSkipMessage(input: Record<string, unknown>): string {
-  return `${_.get(input, 'suppressions')}` !== 'null'
-    ? `${_.get(input, 'suppressions[0].justification')}`
-    : '';
+  const suppressions = _.get(input, 'suppressions');
+
+  // If test is not skipped
+  if (`${suppressions}` === 'null') {
+    return 'N/A';
+  }
+  // If test is skipped
+  let skipMessage = '';
+  if (Array.isArray(suppressions)) {
+    suppressions.map((suppression) => {
+      // If a justification is given, report; otherwise, report that none is given
+      skipMessage = skipMessage.concat(
+        `${suppression.justification ? suppression.justification : 'No reason provided'} (${suppression.kind}) `
+      );
+    });
+  }
+
+  return skipMessage.trim();
 }
 
 // Report gosec rule violation and violation location