From be425687cfe687ade3717726a7870030b6974224 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 10 Jun 2024 16:04:23 +0200 Subject: [PATCH] parser-cov: accept the [important] flag in checker line ... in case someone pastes the text directly from a web browser. For now the parser discards the information about presence of the flag rather than propagating it. This is justified by the fact that the parser should be fed by the data produced by `writer-cov`, which does not produce such a flag. Resolves: https://issues.redhat.com/browse/OSH-682 Closes: https://github.com/csutils/csdiff/pull/186 --- src/lib/parser-cov.cc | 2 +- .../csgrep/0126-cov-parser-imp-flag-args.txt | 1 + .../csgrep/0126-cov-parser-imp-flag-stdin.txt | 3 +++ .../0126-cov-parser-imp-flag-stdout.txt | 26 +++++++++++++++++++ tests/csgrep/CMakeLists.txt | 1 + 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 tests/csgrep/0126-cov-parser-imp-flag-args.txt create mode 100644 tests/csgrep/0126-cov-parser-imp-flag-stdin.txt create mode 100644 tests/csgrep/0126-cov-parser-imp-flag-stdout.txt diff --git a/src/lib/parser-cov.cc b/src/lib/parser-cov.cc index 7caf46ba..b0b8be4c 100644 --- a/src/lib/parser-cov.cc +++ b/src/lib/parser-cov.cc @@ -32,7 +32,7 @@ #include #define RE_CHECKER_LINE_ANNOT " *\\([^)]+\\)" -#define RE_CHECKER_LINE_SUFFIX "(?: \\[#def[0-9]+\\])?" +#define RE_CHECKER_LINE_SUFFIX "(?: \\[#def[0-9]+\\])?(?: \\[important\\])?" namespace CovParserImpl { diff --git a/tests/csgrep/0126-cov-parser-imp-flag-args.txt b/tests/csgrep/0126-cov-parser-imp-flag-args.txt new file mode 100644 index 00000000..7df3c951 --- /dev/null +++ b/tests/csgrep/0126-cov-parser-imp-flag-args.txt @@ -0,0 +1 @@ +--mode=json diff --git a/tests/csgrep/0126-cov-parser-imp-flag-stdin.txt b/tests/csgrep/0126-cov-parser-imp-flag-stdin.txt new file mode 100644 index 00000000..51fd6176 --- /dev/null +++ b/tests/csgrep/0126-cov-parser-imp-flag-stdin.txt @@ -0,0 +1,3 @@ +Error: SIGMA.container_requesting_net_raw (CWE-269): [#def1] [important] +unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml:184: Sigma main event: The Kubernetes container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces. +unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml:184: remediation: Explicitly remove the `NET_RAW` capability for a container by adding either `NET_RAW` or `ALL` to the `securityContext.capabilities.drop` list, avoid adding the `NET_RAW` capability to the `securityContext.capabilities.add` list. diff --git a/tests/csgrep/0126-cov-parser-imp-flag-stdout.txt b/tests/csgrep/0126-cov-parser-imp-flag-stdout.txt new file mode 100644 index 00000000..ccd182ea --- /dev/null +++ b/tests/csgrep/0126-cov-parser-imp-flag-stdout.txt @@ -0,0 +1,26 @@ +{ + "defects": [ + { + "checker": "SIGMA.container_requesting_net_raw", + "cwe": 269, + "tool": "coverity", + "key_event_idx": 0, + "events": [ + { + "file_name": "unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml", + "line": 184, + "event": "Sigma main event", + "message": "The Kubernetes container requests the `NET_RAW` capability, either explicitly or by default, granting access to the host's network interfaces.", + "verbosity_level": 0 + }, + { + "file_name": "unpacked_remote_sources/cachito-gomod-with-deps/app/vertical-pod-autoscaler/hack/e2e/k8s-metrics-server.yaml", + "line": 184, + "event": "remediation", + "message": "Explicitly remove the `NET_RAW` capability for a container by adding either `NET_RAW` or `ALL` to the `securityContext.capabilities.drop` list, avoid adding the `NET_RAW` capability to the `securityContext.capabilities.add` list.", + "verbosity_level": 1 + } + ] + } + ] +} diff --git a/tests/csgrep/CMakeLists.txt b/tests/csgrep/CMakeLists.txt index 0eb6b87f..c620ca2f 100644 --- a/tests/csgrep/CMakeLists.txt +++ b/tests/csgrep/CMakeLists.txt @@ -169,3 +169,4 @@ test_csgrep("0122-json-parser-cov-v10-column" ) test_csgrep("0123-csgrep-hash-v1" ) test_csgrep("0124-sarif-writer-imp" ) test_csgrep("0125-sarif-parser-bom" ) +test_csgrep("0126-cov-parser-imp-flag" )