diff --git a/cli/cppcheckexecutor.cpp b/cli/cppcheckexecutor.cpp index ea9ea273bee..19794b63a57 100644 --- a/cli/cppcheckexecutor.cpp +++ b/cli/cppcheckexecutor.cpp @@ -104,6 +104,16 @@ namespace { picojson::object properties; properties["precision"] = picojson::value(sarifPrecision(finding)); properties["problem.severity"] = picojson::value(sarifSeverity(finding)); + double securitySeverity = 0; + if (finding.severity == Severity::error && !ErrorLogger::isCriticalErrorId(finding.id)) + securitySeverity = 9.9; // We see undefined behavior + //else if (finding.severity == Severity::warning) + // securitySeverity = 5.1; // We see potential undefined behavior + if (securitySeverity > 0) { + properties["security-severity"] = picojson::value(securitySeverity); + const picojson::array tags{picojson::value("security")}; + properties["tags"] = picojson::value(tags); + } rule["properties"] = picojson::value(properties); ret.emplace_back(rule); @@ -145,10 +155,6 @@ namespace { message["text"] = picojson::value(finding.shortMessage()); res["message"] = picojson::value(message); res["ruleId"] = picojson::value(finding.id); - // partialFingerprints.hash - picojson::object partialFingerprints; - partialFingerprints["hash"] = picojson::value(getHash(finding)); - res["partialFingerprints"] = picojson::value(partialFingerprints); results.emplace_back(res); } return results; @@ -206,18 +212,10 @@ namespace { static std::string sarifPrecision(const ErrorMessage& errmsg) { if (errmsg.certainty == Certainty::inconclusive) - return "normal"; + return "medium"; return "high"; } - static std::string getHash(const ErrorMessage& errmsg) { - const std::string s = errmsg.toString(false, "{file}:{line}:{column}: {message} {id} {code}", "{file}:{line}:{column} {info} {code}"); - std::ostringstream os; - //std::cout << s << std::endl; - os << std::hex << std::hash {}(s); - return os.str(); - } - std::vector mFindings; }; diff --git a/test/cli/helloworld_test.py b/test/cli/helloworld_test.py index 663170c5fb6..48aec331126 100644 --- a/test/cli/helloworld_test.py +++ b/test/cli/helloworld_test.py @@ -333,4 +333,9 @@ def test_sarif(): assert res['version'] == '2.1.0' assert res['runs'][0]['results'][0]['locations'][0]['physicalLocation']['artifactLocation']['uri'] == 'helloworld/main.c' assert res['runs'][0]['results'][0]['ruleId'] == 'zerodiv' - assert res['runs'][0]['results'][0]['message']['text'] == 'Division by zero.' + assert res['runs'][0]['tool']['driver']['rules'][0]['id'] == 'zerodiv' + assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['precision'] == 'high' + assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['problem.severity'] == 'warning' + assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['security-severity'] > 9.5 + assert 'security' in res['runs'][0]['tool']['driver']['rules'][0]['properties']['tags'] + assert re.match(r'[0-9]+(.[0-9]+)+', res['runs'][0]['tool']['driver']['semanticVersion'])