gosec Mapper Rework (#5982)

* Mapper rework Signed-off-by: Charles Hu <computerscience@verizon.net> * Minor type fix * Linting Signed-off-by: Charles Hu <computerscience@verizon.net> * gosec name stylization fix Signed-off-by: Charles Hu <computerscience@verizon.net> * Skip message change Signed-off-by: Charles Hu <computerscience@verizon.net> * simplified skip message logic Signed-off-by: Amndeep Singh Mann <amann@mitre.org> * Do not supply a skip message when result is not skipped, fix bug where a skip message was not provided when a test was skipped, fix some of the verbiage and formatting. Signed-off-by: Amndeep Singh Mann <amann@mitre.org> * Skip message in frontend support Signed-off-by: Charles Hu <computerscience@verizon.net> * Reworked joint message support on frontend Signed-off-by: Charles Hu <computerscience@verizon.net> * Linting Signed-off-by: Charles Hu <computerscience@verizon.net> * i messed up the merge conflict fixing Signed-off-by: Amndeep Singh Mann <amann@mitre.org> * cleaned up message code Signed-off-by: Amndeep Singh Mann <amann@mitre.org> --------- Signed-off-by: Charles Hu <computerscience@verizon.net> Signed-off-by: Amndeep Singh Mann <amann@mitre.org> Co-authored-by: Amndeep Singh Mann <amann@mitre.org>
mitre · Jul 30, 2024 · 3857d6b · 3857d6b
1 parent 58b9499
commit 3857d6b
Show file tree

Hide file tree

Showing 15 changed files with 16,381 additions and 218 deletions.
diff --git a/apps/frontend/src/components/cards/controltable/ControlRowCol.vue b/apps/frontend/src/components/cards/controltable/ControlRowCol.vue
@@ -76,7 +76,12 @@ export default class ControlRowCol extends mixins(HtmlSanitizeMixin) {
   }
 
   get resultMessage(): string | undefined {
-    return this.result.message || this.result.skip_message;
+    // Check if either `skip_message` or `message` exist
+    // If one but not the other exists, display the individual message
+    // Otherwise display both messages in a joint string
+    return this.result.skip_message && this.result.message
+      ? `-Message-\n${this.result.message}\n\n-Skip Message-\n${this.result.skip_message}`
+      : this.result.message || this.result.skip_message;
   }
 }
 </script>

diff --git a/apps/frontend/src/components/global/upload_tabs/FileReader.vue b/apps/frontend/src/components/global/upload_tabs/FileReader.vue
@@ -35,7 +35,7 @@
                   <li>Checklist</li>
                   <li>DBProtect</li>
                   <li>Fortify</li>
-                  <li>Golang Security Checker (GoSec)</li>
+                  <li>Golang Security Checker (gosec)</li>
                   <li>Ion Channel</li>
                   <li>JFrog Xray</li>
                   <li>Nessus</li>

diff --git a/apps/frontend/src/store/report_intake.ts b/apps/frontend/src/store/report_intake.ts
@@ -14,7 +14,7 @@ import {
   DBProtectMapper,
   fingerprint,
   FortifyMapper,
-  GoSecMapper,
+  GosecMapper,
   INPUT_TYPES,
   IonChannelMapper,
   JfrogXrayMapper,
@@ -271,7 +271,7 @@ export class InspecIntake extends VuexModule {
       case INPUT_TYPES.CHECKLIST:
         return new ChecklistResults(convertOptions.data).toHdf();
       case INPUT_TYPES.GOSEC:
-        return new GoSecMapper(convertOptions.data).toHdf();
+        return new GosecMapper(convertOptions.data).toHdf();
       case INPUT_TYPES.TRUFFLEHOG:
         return new TrufflehogResults(convertOptions.data).toHdf();
       default:

diff --git a/libs/hdf-converters/README.md b/libs/hdf-converters/README.md
@@ -13,22 +13,23 @@ OHDF Converters supplies several methods to convert various types of security to
 6.  [**conveyor-mapper**] - Conveyor JSON file
 7.  [**dbprotect-mapper**] - DBProtect report in "Check Results Details" XML format
 8.  [**fortify-mapper**] - Fortify results FVDL file
-9.  [**ionchannel-mapper**] - SBOM data from Ion Channel
-10. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
-11. [**nessus-mapper**] - Nessus XML results file
-12. [**netsparker-mapper**] - Netsparker XML results file
-13. [**nikto-mapper**] - Nikto results JSON file
-14. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
-15. [**sarif-mapper**] - SARIF JSON file
-16. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
-17. [**snyk-mapper**] - Snyk results JSON file
-18. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
-19. [**splunk-mapper**] - Splunk instance
-20. [**trufflehog-mapper**] - Trufflehog results json file 
-21. [**twistlock-mapper**] - Twistlock CLI output file
-22. [**veracode-mapper**] - Veracode Scan Results XML file
-23. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
-24. [**zap-mapper**] - OWASP ZAP results JSON
+9.  [**gosec-mapper**] - gosec results JSON file
+10. [**ionchannel-mapper**] - SBOM data from Ion Channel
+11. [**jfrog-xray-mapper**] - JFrog Xray results JSON file
+12. [**nessus-mapper**] - Nessus XML results file
+13. [**netsparker-mapper**] - Netsparker XML results file
+14. [**nikto-mapper**] - Nikto results JSON file
+15. [**prisma-mapper**] - Prisma Cloud Scan Report CSV file
+16. [**sarif-mapper**] - SARIF JSON file
+17. [**scoutsuite-mapper**] - ScoutSuite results from a Javascript object
+18. [**snyk-mapper**] - Snyk results JSON file
+19. [**sonarqube-mapper**] - SonarQube vulnerabilities for the specified project name and optional branch or pull/merge request ID name from an API
+20. [**splunk-mapper**] - Splunk instance
+21. [**trufflehog-mapper**] - Trufflehog results json file 
+22. [**twistlock-mapper**] - Twistlock CLI output file
+23. [**veracode-mapper**] - Veracode Scan Results XML file
+24. [**xccdf-results-mapper**] - SCAP client XCCDF-Results XML report
+25. [**zap-mapper**] - OWASP ZAP results JSON
 
 ### NOTICE
 

diff --git a/...-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json b/...-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf-withraw.json
diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/go-ethereum-all-unsuppressed-gosec-hdf.json
diff --git a/...erters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json b/...erters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf-withraw.json
diff --git a/...hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json b/...hdf-converters/sample_jsons/gosec_mapper/go-ethereum-external-unsuppressed-gosec-hdf.json
diff --git a/libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json b/libs/hdf-converters/sample_jsons/gosec_mapper/gosec-hdf.json
diff --git a/...jsons/gosec_mapper/gosec-hdf-withraw.json → ...gosec_mapper/grype-gosec-hdf-withraw.json b/...jsons/gosec_mapper/gosec-hdf-withraw.json → ...gosec_mapper/grype-gosec-hdf-withraw.json
@@ -7,8 +7,8 @@
   "statistics": {},
   "profiles": [
     {
-      "name": "Gosec scanner",
-      "title": "gosec",
+      "name": "gosec Scan",
+      "title": "gosec Scan",
       "version": "dev",
       "supports": [],
       "attributes": [],
@@ -17,14 +17,13 @@
       "controls": [
         {
           "tags": {
-            "nist": ["SI-10"],
+            "nist": [
+              "SI-10"
+            ],
             "cwe": {
               "id": "22",
               "url": "https://cwe.mitre.org/data/definitions/22.html"
-            },
-            "nosec": "",
-            "suppressions": "",
-            "confidence": "HIGH"
+            }
           },
           "refs": [],
           "source_location": {},
@@ -35,46 +34,46 @@
           "results": [
             {
               "status": "failed",
-              "code_desc": "82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:83, column:14",
+              "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 83\nColumn: 14",
+              "message": "HIGH confidence of rule violation at:\n82: \t\tcase tar.TypeReg:\n83: \t\t\tf, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))\n84: \t\t\tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "code_desc": "51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go, line:52, column:27",
+              "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\presenter\\template\\presenter.go\nLine: 52\nColumn: 27",
+              "message": "HIGH confidence of rule violation at:\n51: \n52: \ttemplateContents, err := os.ReadFile(expandedPathToTemplateFile)\n53: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "code_desc": "95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:96, column:12",
+              "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 96\nColumn: 12",
+              "message": "HIGH confidence of rule violation at:\n95: func isPossibleSBOM(userInput string) bool {\n96: \tf, err := os.Open(userInput)\n97: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "code_desc": "86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go, line:87, column:15",
+              "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\grype\\pkg\\syft_sbom_provider.go\nLine: 87\nColumn: 15",
+              "message": "HIGH confidence of rule violation at:\n86: \n87: \tsbom, err := os.Open(expandedPath)\n88: \tif err != nil {\n",
               "start_time": ""
             },
             {
               "status": "failed",
-              "code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22",
+              "code_desc": "Rule G304 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
+              "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
             }
           ]
         },
         {
           "tags": {
-            "nist": ["SI-2", "RA-5"],
+            "nist": [
+              "SI-2",
+              "RA-5"
+            ],
             "cwe": {
               "id": "276",
               "url": "https://cwe.mitre.org/data/definitions/276.html"
-            },
-            "nosec": "",
-            "suppressions": "",
-            "confidence": "HIGH"
+            }
           },
           "refs": [],
           "source_location": {},
@@ -85,22 +84,22 @@
           "results": [
             {
               "status": "failed",
-              "code_desc": "18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go, line:19, column:22",
+              "code_desc": "Rule G302 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\cmd\\report_writer.go\nLine: 19\nColumn: 22",
+              "message": "HIGH confidence of rule violation at:\n18: \tdefault:\n19: \t\treportFile, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)\n20: \n",
               "start_time": ""
             }
           ]
         },
         {
           "tags": {
-            "nist": ["SI-2", "RA-5"],
+            "nist": [
+              "SI-2",
+              "RA-5"
+            ],
             "cwe": {
               "id": "276",
               "url": "https://cwe.mitre.org/data/definitions/276.html"
-            },
-            "nosec": "",
-            "suppressions": "",
-            "confidence": "HIGH"
+            }
           },
           "refs": [],
           "source_location": {},
@@ -111,22 +110,28 @@
           "results": [
             {
               "status": "failed",
-              "code_desc": "76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
-              "message": "C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go, line:77, column:15",
+              "code_desc": "Rule G301 violation detected at:\nFile: C:\\Users\\AGILLUM\\OneDrive - The MITRE Corporation\\Documents\\Code\\grype-0.34.4\\internal\\file\\tar.go\nLine: 77\nColumn: 15",
+              "message": "HIGH confidence of rule violation at:\n76: \t\t\tif _, err := os.Stat(target); err != nil {\n77: \t\t\t\tif err := os.MkdirAll(target, 0755); err != nil {\n78: \t\t\t\t\treturn fmt.Errorf(\"failed to mkdir (%s): %w\", target, err)\n",
               "start_time": ""
             }
           ]
         }
       ],
-      "sha256": "9109339ee9544698a40d378e6389f61273596593fa61f3aef97aa1a1cf58261c"
+      "sha256": "3968d46e62c53b3dc1977f9598d9ad93192f9ae13237d0c493b945e7bd27c28d"
     }
   ],
   "passthrough": {
     "auxiliary_data": [
       {
-        "name": "Gosec",
+        "name": "gosec",
         "data": {
-          "Golang errors": {}
+          "Golang errors": {},
+          "Stats": {
+            "files": 199,
+            "lines": 12401,
+            "nosec": 0,
+            "found": 7
+          }
         }
       }
     ],
@@ -255,4 +260,4 @@
       "GosecVersion": "dev"
     }
   }
-}
+}