From 08a542264d11022ce659dd411cef18a6d1609bce Mon Sep 17 00:00:00 2001 From: Daniel D'Avella Date: Tue, 3 Dec 2024 14:28:08 -0500 Subject: [PATCH 1/2] Move finding ID to SARIF base class --- src/codemodder/codeql.py | 28 ++++------------------------ src/codemodder/result.py | 26 +++++++++++++++++++++++++- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/src/codemodder/codeql.py b/src/codemodder/codeql.py index f595edc9..fc3fd2bb 100644 --- a/src/codemodder/codeql.py +++ b/src/codemodder/codeql.py @@ -3,7 +3,6 @@ from typing_extensions import Self -from codemodder.codetf import Finding, Rule from codemodder.result import LineInfo, ResultSet, SarifLocation, SarifResult from codemodder.sarifs import AbstractSarifToolDetector @@ -40,29 +39,10 @@ class CodeQLResult(SarifResult): location_type = CodeQLLocation @classmethod - def from_sarif( - cls, sarif_result, sarif_run, truncate_rule_id: bool = False - ) -> Self: - return cls( - rule_id=( - rule_id := cls.extract_rule_id( - sarif_result, sarif_run, truncate_rule_id - ) - ), - locations=cls.extract_locations(sarif_result), - codeflows=cls.extract_code_flows(sarif_result), - related_locations=cls.extract_related_locations(sarif_result), - finding_id=rule_id, - finding=Finding( - id=rule_id, - rule=Rule( - id=sarif_result.get("correlationGuid", rule_id), - name=rule_id, - # TODO: map to URL - # url=, - ), - ), - ) + def rule_url_from_id(cls, result: dict, run: dict, rule_id: str) -> str: + del result, run, rule_id + # TODO: Implement this method to return the specific rule URL + return "https://codeql.github.com/codeql-query-help/" class CodeQLResultSet(ResultSet): diff --git a/src/codemodder/result.py b/src/codemodder/result.py index d0d74ea8..42c0bf5f 100644 --- a/src/codemodder/result.py +++ b/src/codemodder/result.py @@ -11,7 +11,7 @@ from libcst._position import CodeRange from typing_extensions import Self -from codemodder.codetf import Finding +from codemodder.codetf import Finding, Rule from .utils.abc_dataclass import ABCDataclass @@ -86,6 +86,26 @@ class SarifResult(SASTResult, ABCDataclass): def from_sarif( cls, sarif_result, sarif_run, truncate_rule_id: bool = False ) -> Self: + rule_id = cls.extract_rule_id(sarif_result, sarif_run, truncate_rule_id) + finding_id = cls.extract_finding_id(sarif_result) or rule_id + return cls( + rule_id=rule_id, + locations=cls.extract_locations(sarif_result), + codeflows=cls.extract_code_flows(sarif_result), + related_locations=cls.extract_related_locations(sarif_result), + finding_id=finding_id, + finding=Finding( + id=finding_id, + rule=Rule( + id=rule_id, + name=rule_id, + url=cls.rule_url_from_id(sarif_result, sarif_run, rule_id), + ), + ), + ) + + @classmethod + def rule_url_from_id(cls, result: dict, run: dict, rule_id: str) -> str: raise NotImplementedError @classmethod @@ -139,6 +159,10 @@ def extract_rule_id(cls, result, sarif_run, truncate_rule_id: bool = False) -> s raise ValueError("Could not extract rule id from sarif result.") + @classmethod + def extract_finding_id(cls, result) -> str | None: + return result.get("guid") or result.get("correlationGuid") + def same_line(pos: CodeRange, location: Location) -> bool: return pos.start.line == location.start.line and pos.end.line == location.end.line From 6b45f18db1d7658731452634419fce4bcd6d3673 Mon Sep 17 00:00:00 2001 From: Daniel D'Avella Date: Tue, 3 Dec 2024 15:35:39 -0500 Subject: [PATCH 2/2] Include codeflows when filtering applicable findings --- src/codemodder/file_context.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/codemodder/file_context.py b/src/codemodder/file_context.py index 7efe7ac3..5aaec3c0 100644 --- a/src/codemodder/file_context.py +++ b/src/codemodder/file_context.py @@ -58,6 +58,11 @@ def get_findings_for_location(self, line_number: int): location.start.line <= line_number <= location.end.line for location in result.locations ) + or any( + location.start.line <= line_number <= location.end.line + for codeflow in result.codeflows + for location in codeflow + ) and result.finding is not None ]