search

Swordfish-Security / hub-tool-converters

Набор конвертеров/парсеров отчетов о сканировании из формата сканера в формат AppSec.HUB
https://appsec-hub.ru/
Apache License 2.0
6 stars 4 forks source link

[gosec][sarif]: Ошибки конвертации - необработанное исключение при парсинге отчёта #27

Open nluzgin opened 1 week ago

nluzgin commented 1 week ago

gosec - securego/gosec:2.21.2 конвертор - https://github.com/Swordfish-Security/hub-tool-converters/commit/c58f09386482dd1eee87dc57890644b076b03182

тут мог быть пример файла, но у меня DLP

Запуск скана gosec: gosec \ -fmt=${REPORT_FORMAT} \ -no-fail \ -out=${REPORT_FILE} \ ./...

Запуск конвертации: python main.py \ --type ${CONVERT_TYPE} \ --scanner ${SCAN_TOOL} \ --format ${SCAN_FORMAT} \ --filename ${REPORT_FILE} \ --output ${CONVERTED_REPORT_FILE} \ --name ${CI_PROJECT_NAME} \ --url ${CI_PROJECT_URL} \ --branch ${CI_COMMIT_BRANCH} \ --commit ${CI_COMMIT_SHA} \ --build-tool "${APPSECHUB_BUILD_TOOL}"

SCAN_TOOL - gosec SCAN_FORMAT - sarif

Возникает exception: Traceback (most recent call last): File "/scripts/main.py", line 106, in <module> results = parser.get_findings(f, '') File "/scripts/converters/parsers/sarif.py", line 34, in get_findings items.extend(self.__get_items_from_run(run)) File "/scripts/converters/parsers/sarif.py", line 45, in __get_items_from_run item = get_item(result, rules, artifacts, run_date) File "/scripts/converters/parsers/sarif.py", line 414, in get_item finding.mitigation = "\n".join( TypeError: sequence item 0: expected str instance, NoneType found

nluzgin commented 1 week ago

UPD: Json прожевал, сариф - нет

WDN2010 commented 1 week ago

gosec_scan_results.sarif.txt