Newlines in SARIF parser code blocks (DefectDojo#9932)

* code delimiters on separate lines * update unit tests
dogboat · May 1, 2024 · 28a7c0f · 28a7c0f
1 parent 29b16af
commit 28a7c0f
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 37 deletions.
diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py
@@ -271,7 +271,7 @@ def get_description(result, rule):
         )
         description += f"**Result message:** {message}\n"
     if get_snippet(result) is not None:
-        description += f"**Snippet:**\n```{get_snippet(result)}```\n"
+        description += f"**Snippet:**\n```\n{get_snippet(result)}\n```\n"
     if rule is not None:
         if "name" in rule:
             description += f"**{_('Rule name')}:** {rule.get('name')}\n"

diff --git a/unittests/tools/test_sarif_parser.py b/unittests/tools/test_sarif_parser.py
@@ -52,8 +52,10 @@ def test_example2_report(self):
             self.assertEqual("High", item.severity)
             description = """**Result message:** Variable "ptr" was used without being initialized. It was declared [here](0).
 **Snippet:**
-```add_core(ptr, offset, val);
-    return;```
+```
+add_core(ptr, offset, val);
+    return;
+```
 **Rule short description:** A variable was used without being initialized.
 **Rule full description:** A variable was used without being initialized. This can result in runtime errors such as null reference exceptions.
 **Code flow:**
@@ -329,36 +331,42 @@ def test_gitleaks(self):
                 self.assertEqual("Medium", finding.severity)
                 description = """**Result message:** AWS Access Key secret detected
 **Snippet:**
-```      \"raw_source_code_extract\": \"AKIAIOSFODNN7EXAMPLE\",```"""
-                self.assertEqual(description, finding.description)
-                self.assertEqual(
-                    "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json",
-                    finding.file_path,
-                )
-                self.assertEqual(13, finding.line)
-            with self.subTest(i=3):
-                finding = findings[3]
-                self.assertEqual("AWS Access Key secret detected", finding.title)
-                self.assertEqual("Medium", finding.severity)
-                description = """**Result message:** AWS Access Key secret detected
+```
+      \"raw_source_code_extract\": \"AKIAIOSFODNN7EXAMPLE\",
+```"""
+            self.assertEqual(description, finding.description)
+            self.assertEqual(
+                "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_1_vuln.json",
+                finding.file_path,
+            )
+            self.assertEqual(13, finding.line)
+        with self.subTest(i=3):
+            finding = findings[3]
+            self.assertEqual("AWS Access Key secret detected", finding.title)
+            self.assertEqual("Medium", finding.severity)
+            description = """**Result message:** AWS Access Key secret detected
 **Snippet:**
-```      \"raw_source_code_extract\": \"AKIAIOSFODNN7EXAMPLE\",```"""
-                self.assertEqual(description, finding.description)
-                self.assertEqual(
-                    "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json",
-                    finding.file_path,
-                )
-                self.assertEqual(44, finding.line)
-            with self.subTest(i=7):
-                finding = findings[7]
-                self.assertEqual("AWS Access Key secret detected", finding.title)
-                self.assertEqual("Medium", finding.severity)
-                description = """**Result message:** AWS Access Key secret detected
+```
+      \"raw_source_code_extract\": \"AKIAIOSFODNN7EXAMPLE\",
+```"""
+            self.assertEqual(description, finding.description)
+            self.assertEqual(
+                "dojo/unittests/scans/gitlab_secret_detection_report/gitlab_secret_detection_report_3_vuln.json",
+                finding.file_path,
+            )
+            self.assertEqual(44, finding.line)
+        with self.subTest(i=7):
+            finding = findings[7]
+            self.assertEqual("AWS Access Key secret detected", finding.title)
+            self.assertEqual("Medium", finding.severity)
+            description = """**Result message:** AWS Access Key secret detected
 **Snippet:**
-```        self.assertEqual(\"AWS\\nAKIAIOSFODNN7EXAMPLE\", first_finding.description)```"""
-                self.assertEqual(description, finding.description)
-                self.assertEqual("dojo/unittests/tools/test_gitlab_secret_detection_report_parser.py", finding.file_path)
-                self.assertEqual(37, finding.line)
+```
+        self.assertEqual(\"AWS\\nAKIAIOSFODNN7EXAMPLE\", first_finding.description)
+```"""
+            self.assertEqual(description, finding.description)
+            self.assertEqual("dojo/unittests/tools/test_gitlab_secret_detection_report_parser.py", finding.file_path)
+            self.assertEqual(37, finding.line)
 
     def test_flawfinder(self):
         with open(path.join(path.dirname(__file__), "../scans/sarif/flawfinder.sarif")) as testfile:
@@ -376,7 +384,9 @@ def test_flawfinder(self):
                 self.assertEqual("High", finding.severity)
                 description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).
 **Snippet:**
-```      is.setstate(std::ios::failbit);```
+```
+      is.setstate(std::ios::failbit);
+```
 **Rule name:** random/setstate
 **Rule short description:** This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327)."""
                 self.assertEqual(description, finding.description)
@@ -397,7 +407,9 @@ def test_flawfinder(self):
                 self.assertEqual("Info", finding.severity)
                 description = """**Result message:** buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120).
 **Snippet:**
-```    std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);```
+```
+    std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);
+```
 **Rule name:** buffer/memcpy
 **Rule short description:** Does not check for buffer overflows when copying to destination (CWE-120)."""
                 self.assertEqual(description, finding.description)
@@ -418,7 +430,9 @@ def test_flawfinder(self):
                 self.assertEqual("High", finding.severity)
                 description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).
 **Snippet:**
-```      if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {```
+```
+      if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {
+```
 **Rule name:** buffer/sscanf
 **Rule short description:** The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)."""
                 self.assertEqual(description, finding.description)
@@ -448,7 +462,9 @@ def test_flawfinder_interfacev2(self):
                 self.assertEqual("High", finding.severity)
                 description = """**Result message:** random/setstate:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327).
 **Snippet:**
-```      is.setstate(std::ios::failbit);```
+```
+      is.setstate(std::ios::failbit);
+```
 **Rule name:** random/setstate
 **Rule short description:** This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327)."""
                 self.assertEqual(description, finding.description)
@@ -466,7 +482,9 @@ def test_flawfinder_interfacev2(self):
                 self.assertEqual("Info", finding.severity)
                 description = """**Result message:** buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120).
 **Snippet:**
-```    std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);```
+```
+    std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);
+```
 **Rule name:** buffer/memcpy
 **Rule short description:** Does not check for buffer overflows when copying to destination (CWE-120)."""
                 self.assertEqual(description, finding.description)
@@ -484,7 +502,9 @@ def test_flawfinder_interfacev2(self):
                 self.assertEqual("High", finding.severity)
                 description = """**Result message:** buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).
 **Snippet:**
-```      if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {```
+```
+      if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {
+```
 **Rule name:** buffer/sscanf
 **Rule short description:** The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)."""
                 self.assertEqual(description, finding.description)
@@ -521,10 +541,12 @@ def test_codeql_snippet_report(self):
             description = """**Result message:** Keyword argument 'request' is not a supported parameter name of [function create](1).
 **Snippet:**
 ```
+
         response = make_response(redirect('/'))
         response = libsession.create(request=request, response=response, username=username)
         return response
 
+
 ```
 **Rule name:** py/call/wrong-named-argument
 **Rule short description:** Wrong name for an argument in a call