parser-cov: accept the [important] flag in checker line

... in case someone pastes the text directly from a web browser. For now the parser discards the information about presence of the flag rather than propagating it. This is justified by the fact that the parser should be fed by the data produced by `writer-cov`, which does not produce such a flag. Resolves: https://issues.redhat.com/browse/OSH-682 Closes: #186
csutils · Jun 10, 2024 · be42568 · be42568
1 parent 4c3e321
commit be42568
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 1 deletion.
diff --git a/src/lib/parser-cov.cc b/src/lib/parser-cov.cc
@@ -32,7 +32,7 @@
 #include <boost/algorithm/string.hpp>
 
 #define RE_CHECKER_LINE_ANNOT " *\\([^)]+\\)"
-#define RE_CHECKER_LINE_SUFFIX "(?: \\[#def[0-9]+\\])?"
+#define RE_CHECKER_LINE_SUFFIX "(?: \\[#def[0-9]+\\])?(?: \\[important\\])?"
 
 namespace CovParserImpl {
 

diff --git a/tests/csgrep/0126-cov-parser-imp-flag-args.txt b/tests/csgrep/0126-cov-parser-imp-flag-args.txt
@@ -0,0 +1 @@
+--mode=json
diff --git a/tests/csgrep/0126-cov-parser-imp-flag-stdin.txt b/tests/csgrep/0126-cov-parser-imp-flag-stdin.txt
@@ -0,0 +1,3 @@
+Error: SIGMA.container_requesting_net_raw (CWE-269): [#def1] [important]
+unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml:184: Sigma main event: The Kubernetes container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.
+unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml:184: remediation: Explicitly remove the `NET_RAW` capability for a container by adding either `NET_RAW` or `ALL` to the `securityContext.capabilities.drop` list, avoid adding the `NET_RAW` capability to the `securityContext.capabilities.add` list.
diff --git a/tests/csgrep/0126-cov-parser-imp-flag-stdout.txt b/tests/csgrep/0126-cov-parser-imp-flag-stdout.txt
@@ -0,0 +1,26 @@
+{
+    "defects": [
+        {
+            "checker": "SIGMA.container_requesting_net_raw",
+            "cwe": 269,
+            "tool": "coverity",
+            "key_event_idx": 0,
+            "events": [
+                {
+                    "file_name": "unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml",
+                    "line": 184,
+                    "event": "Sigma main event",
+                    "message": "The Kubernetes container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.",
+                    "verbosity_level": 0
+                },
+                {
+                    "file_name": "unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml",
+                    "line": 184,
+                    "event": "remediation",
+                    "message": "Explicitly remove the `NET_RAW` capability for a container by adding either `NET_RAW` or `ALL` to the `securityContext.capabilities.drop` list, avoid adding the `NET_RAW` capability to the `securityContext.capabilities.add` list.",
+                    "verbosity_level": 1
+                }
+            ]
+        }
+    ]
+}
diff --git a/tests/csgrep/CMakeLists.txt b/tests/csgrep/CMakeLists.txt
@@ -169,3 +169,4 @@ test_csgrep("0122-json-parser-cov-v10-column"         )
 test_csgrep("0123-csgrep-hash-v1"                     )
 test_csgrep("0124-sarif-writer-imp"                   )
 test_csgrep("0125-sarif-parser-bom"                   )
+test_csgrep("0126-cov-parser-imp-flag"                )