From 8ffdc21bf9fd7d35b1b1c071ecb9e3943443475a Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 8 Nov 2023 16:14:04 +0200 Subject: [PATCH 1/4] on SCA always show results with location --- xray/utils/resultwriter.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xray/utils/resultwriter.go b/xray/utils/resultwriter.go index 5d7702841..335e3cc40 100644 --- a/xray/utils/resultwriter.go +++ b/xray/utils/resultwriter.go @@ -330,7 +330,9 @@ func getXrayIssueLocationIfValidExists(tech coreutils.Technology, run *sarif.Run return } if strings.TrimSpace(descriptorPath) == "" { - return + descriptorPath = "Package Descriptor" + } else { + descriptorPath = "file://" + descriptorPath } return sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri("file://" + descriptorPath))), nil } From 5c41f39525ec3b0c6fac05b0ba801b3408bab52d Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 8 Nov 2023 16:29:10 +0200 Subject: [PATCH 2/4] fix --- xray/utils/resultwriter.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/utils/resultwriter.go b/xray/utils/resultwriter.go index 335e3cc40..d7cb0d955 100644 --- a/xray/utils/resultwriter.go +++ b/xray/utils/resultwriter.go @@ -334,7 +334,7 @@ func getXrayIssueLocationIfValidExists(tech coreutils.Technology, run *sarif.Run } else { descriptorPath = "file://" + descriptorPath } - return sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri("file://" + descriptorPath))), nil + return sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri(descriptorPath))), nil } func addXrayRule(ruleId, ruleDescription, maxCveScore, summary, markdownDescription string, run *sarif.Run) { From f97522430f5e613e997cd80ce04ff0cb52bcea6b Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 8 Nov 2023 16:37:37 +0200 Subject: [PATCH 3/4] fix validation for normal sarif --- xray/utils/resultwriter.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xray/utils/resultwriter.go b/xray/utils/resultwriter.go index d7cb0d955..f7ab95f42 100644 --- a/xray/utils/resultwriter.go +++ b/xray/utils/resultwriter.go @@ -331,10 +331,8 @@ func getXrayIssueLocationIfValidExists(tech coreutils.Technology, run *sarif.Run } if strings.TrimSpace(descriptorPath) == "" { descriptorPath = "Package Descriptor" - } else { - descriptorPath = "file://" + descriptorPath } - return sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri(descriptorPath))), nil + return sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri("file://" + descriptorPath))), nil } func addXrayRule(ruleId, ruleDescription, maxCveScore, summary, markdownDescription string, run *sarif.Run) { From 6d49f428e874c24949f1d4799b3a04a1c6021ebe Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 8 Nov 2023 16:39:05 +0200 Subject: [PATCH 4/4] fix tests --- xray/utils/resultwriter_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/utils/resultwriter_test.go b/xray/utils/resultwriter_test.go index b6fa06d11..18d053261 100644 --- a/xray/utils/resultwriter_test.go +++ b/xray/utils/resultwriter_test.go @@ -163,7 +163,7 @@ func TestGetXrayIssueLocationIfValidExists(t *testing.T) { name: "No descriptor information", tech: coreutils.Pip, run: CreateRunWithDummyResults().WithInvocations([]*sarif.Invocation{invocation}), - expectedOutput: nil, + expectedOutput: sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation().WithArtifactLocation(sarif.NewArtifactLocation().WithUri("file://Package Descriptor"))), }, { name: "One descriptor information",