Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor output writer #514

Merged
merged 53 commits into from
Oct 16, 2023
Merged

Refactor output writer #514

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
b62cdee
Add Sast and Review tests
attiasas Sep 21, 2023
9fe0e79
add sast test, fix other jas
attiasas Sep 21, 2023
213885a
start adding review tests
attiasas Sep 21, 2023
bb45375
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Sep 27, 2023
cf521d3
done output tests
attiasas Sep 27, 2023
9e12379
done tests implementation, start combine writer
attiasas Sep 28, 2023
e7f823a
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Sep 28, 2023
55359f4
fix tests
attiasas Sep 28, 2023
9fcc04f
combine Jas output
attiasas Sep 28, 2023
e1d5a1c
combine more
attiasas Sep 28, 2023
da4f7bb
more combine
attiasas Oct 1, 2023
31ee4f4
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 1, 2023
a743ed6
rename subTitleDepth
attiasas Oct 3, 2023
b3f0a3c
combine more
attiasas Oct 3, 2023
96cbf22
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 3, 2023
3040fda
combine more
attiasas Oct 3, 2023
007822e
combine more
attiasas Oct 4, 2023
2c3ffaf
finish markdown table
attiasas Oct 4, 2023
648f50e
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 4, 2023
5d217ee
tidy
attiasas Oct 4, 2023
55e06f0
done combine implementations
attiasas Oct 5, 2023
b5457f1
done merge
attiasas Oct 5, 2023
25f72be
combine sast tests
attiasas Oct 5, 2023
cdfd14e
combine iac tests
attiasas Oct 5, 2023
845b917
combine applicable tests
attiasas Oct 5, 2023
a2d580c
finish combine review comment content
attiasas Oct 5, 2023
1d6d3a1
fix static test
attiasas Oct 5, 2023
1fac667
combine more, add tests for summary structure
attiasas Oct 8, 2023
7828e24
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 8, 2023
07fe11c
fix merge
attiasas Oct 8, 2023
6437b98
done content tests
attiasas Oct 8, 2023
ed1ed43
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 8, 2023
1d82c6b
add tests to comment content filter
attiasas Oct 8, 2023
35a32a6
cleanup
attiasas Oct 8, 2023
b8b4a82
fix scan all pull requests tests
attiasas Oct 9, 2023
7bd8dcd
start fix scan pull request
attiasas Oct 9, 2023
b438381
fix tests
attiasas Oct 9, 2023
6bdb0d1
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 9, 2023
c77c9fc
finish all output writer tests
attiasas Oct 9, 2023
fa8142c
start adjust content format, spaces and new lines
attiasas Oct 9, 2023
196b149
fix tests
attiasas Oct 9, 2023
5f2072a
fix all tests
attiasas Oct 10, 2023
8d3c082
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 10, 2023
8953f81
fix tests
attiasas Oct 10, 2023
e2b188d
fix tests
attiasas Oct 10, 2023
d578f57
fix pip tests
attiasas Oct 10, 2023
618bf91
fix
attiasas Oct 10, 2023
75fadb3
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 11, 2023
2d45ff2
fix merge
attiasas Oct 11, 2023
5d0698c
remove unused
attiasas Oct 11, 2023
ed92fd2
Merge remote-tracking branch 'upstream/dev' into add_sast_and_review_…
attiasas Oct 15, 2023
f0cce5a
review changes
attiasas Oct 16, 2023
96ca263
remove comments
attiasas Oct 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
combine Jas output
  • Loading branch information
@attiasas
attiasas committed Sep 28, 2023
commit 9fcc04fe54a72ef4458c40bdc174cb81f60fba19
59 changes: 55 additions & 4 deletions utils/outputwriter/outputwriter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,6 @@ type OutputWriter interface {
SetVcsProvider(provider vcsutils.VcsProvider)
UntitledForJasMsg() string

ApplicableCveReviewContent(severity, finding, fullDetails, cve, cveDetails, impactedDependency, remediation string) string
// IacReviewContent(severity, finding, fullDetails string) string
SastReviewContent(severity, finding, fullDetails string, codeFlows [][]formats.Location) string

MarkInCenter(content string) string
MarkAsDetails(summary, content string) string
}
Expand Down Expand Up @@ -263,9 +259,64 @@ func GetFallbackReviewCommentContent(content string, location formats.Location,
return MarkdownComment(ReviewCommentId) + GetLocationDescription(location) + content + writer.Footer()
}

func ApplicableCveReviewContent(severity, finding, fullDetails, cve, cveDetails, impactedDependency, remediation string, writer OutputWriter) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s%s\n",
contextualAnalysisTitle,
writer.MarkInCenter(GetApplicabilityMarkdownDescription(writer.FormattedSeverity(severity, "Applicable"), cve, impactedDependency, finding)),
writer.MarkAsDetails("Description", fullDetails),
writer.MarkAsDetails("CVE details", cveDetails)),
)
if len(remediation) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
writer.MarkAsDetails("Remediation", remediation)),
)
}
return contentBuilder.String()
}

func IacReviewContent(severity, finding, fullDetails string, writer OutputWriter) string {
return fmt.Sprintf("\n%s%s%s\n",
iacTitle,
writer.MarkInCenter(GetJasMarkdownDescription(writer.FormattedSeverity(severity, "Applicable"), finding)),
writer.MarkAsDetails("Full description", fullDetails))
}

func SastReviewContent(severity, finding, fullDetails string, codeFlows [][]formats.Location, writer OutputWriter) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s\n",
sastTitle,
writer.MarkInCenter(GetJasMarkdownDescription(writer.FormattedSeverity(severity, "Applicable"), finding)),
writer.MarkAsDetails("Full description", fullDetails),
))

if len(codeFlows) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
writer.MarkAsDetails("Code Flows", sastCodeFlowsReviewContent(codeFlows, writer)),
))
}
return contentBuilder.String()
}

func sastCodeFlowsReviewContent(codeFlows [][]formats.Location, writer OutputWriter) string {
var contentBuilder strings.Builder
for _, flow := range codeFlows {
contentBuilder.WriteString(writer.MarkAsDetails("Vulnerable data flow analysis result", sastDataFlowLocationsReviewContent(flow)))
}
return contentBuilder.String()
}

func sastDataFlowLocationsReviewContent(flow []formats.Location) string {
var contentBuilder strings.Builder
for _, location := range flow {
contentBuilder.WriteString(fmt.Sprintf(`
%s %s (at %s line %d)
`,
"↘️",
MarkAsQuote(location.Snippet),
location.File,
location.StartLine,
))
}
return contentBuilder.String()
}
61 changes: 0 additions & 61 deletions utils/outputwriter/simplifiedoutput.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,67 +130,6 @@ func (smo *SimplifiedOutput) VulnerabilitiesContent(vulnerabilities []formats.Vu
return contentBuilder.String()
}

func (smo *SimplifiedOutput) ApplicableCveReviewContent(severity, finding, fullDetails, cve, cveDetails, impactedDependency, remediation string) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s%s\n",
contextualAnalysisTitle,
smo.MarkInCenter(GetApplicabilityMarkdownDescription(smo.FormattedSeverity(severity, "Applicable"), cve, impactedDependency, finding)),
smo.MarkAsDetails("Description", fullDetails),
smo.MarkAsDetails("CVE details", cveDetails)),
)
if len(remediation) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
smo.MarkAsDetails("Remediation", remediation)),
)
}
return contentBuilder.String()
}

// func (smo *SimplifiedOutput) IacReviewContent(severity, finding, fullDetails string) string {
// return fmt.Sprintf("\n%s%s%s\n",
// iacTitle,
// smo.MarkInCenter(GetJasMarkdownDescription(smo.FormattedSeverity(severity, "Applicable"), finding)),
// smo.MarkAsDetails("Full description", fullDetails))
// }

func (smo *SimplifiedOutput) SastReviewContent(severity, finding, fullDetails string, codeFlows [][]formats.Location) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s\n",
sastTitle,
smo.MarkInCenter(GetJasMarkdownDescription(smo.FormattedSeverity(severity, "Applicable"), finding)),
smo.MarkAsDetails("Full description", fullDetails),
))
if len(codeFlows) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
smo.MarkAsDetails("Code Flows", smo.sastCodeFlowsReviewContent(codeFlows)),
))
}
return contentBuilder.String()
}

func (smo *SimplifiedOutput) sastCodeFlowsReviewContent(codeFlows [][]formats.Location) string {
var contentBuilder strings.Builder
for _, flow := range codeFlows {
contentBuilder.WriteString(smo.MarkAsDetails("Vulnerable data flow analysis result", smo.sastDataFlowLocationsReviewContent(flow)))
}
return contentBuilder.String()
}

func (smo *SimplifiedOutput) sastDataFlowLocationsReviewContent(flow []formats.Location) string {
var contentBuilder strings.Builder
for _, location := range flow {
contentBuilder.WriteString(fmt.Sprintf(`
%s %s (at %s line %d)
`,
"↘️",
MarkAsQuote(location.Snippet),
location.File,
location.StartLine,
))
}
return contentBuilder.String()
}

func (smo *SimplifiedOutput) LicensesContent(licenses []formats.LicenseRow) string {
if len(licenses) == 0 {
return ""
Expand Down
4 changes: 2 additions & 2 deletions utils/outputwriter/simplifiedoutput_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,7 @@ func TestSimplifiedOutput_ApplicableCveReviewContent(t *testing.T) {
so := &SimplifiedOutput{}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
output := so.ApplicableCveReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.cve, tc.cveDetails, tc.impactedDependency, tc.remediation)
output := ApplicableCveReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.cve, tc.cveDetails, tc.impactedDependency, tc.remediation, so)
assert.Equal(t, tc.expectedOutput, output)
})
}
Expand Down Expand Up @@ -383,7 +383,7 @@ func TestSimplifiedOutput_SastReviewContent(t *testing.T) {
so := &SimplifiedOutput{}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
output := so.SastReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.codeFlows)
output := SastReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.codeFlows, so)
assert.Equal(t, tc.expectedOutput, output)
})
}
Expand Down
62 changes: 0 additions & 62 deletions utils/outputwriter/standardoutput.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,68 +117,6 @@ func (so *StandardOutput) VulnerabilitiesContent(vulnerabilities []formats.Vulne
return contentBuilder.String()
}

func (so *StandardOutput) ApplicableCveReviewContent(severity, finding, fullDetails, cve, cveDetails, impactedDependency, remediation string) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s%s\n",
contextualAnalysisTitle,
so.MarkInCenter(GetApplicabilityMarkdownDescription(so.FormattedSeverity(severity, "Applicable"), cve, impactedDependency, finding)),
so.MarkAsDetails("Description", fullDetails),
so.MarkAsDetails("CVE details", cveDetails)),
)
if len(remediation) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
so.MarkAsDetails("Remediation", remediation)),
)
}
return contentBuilder.String()
}

// func (so *StandardOutput) IacReviewContent(severity, finding, fullDetails string) string {
// return fmt.Sprintf("\n%s%s%s\n",
// iacTitle,
// so.MarkInCenter(GetJasMarkdownDescription(so.FormattedSeverity(severity, "Applicable"), finding)),
// so.MarkAsDetails("Full description", fullDetails))
// }

func (so *StandardOutput) SastReviewContent(severity, finding, fullDetails string, codeFlows [][]formats.Location) string {
var contentBuilder strings.Builder
contentBuilder.WriteString(fmt.Sprintf("\n%s%s%s\n",
sastTitle,
so.MarkInCenter(GetJasMarkdownDescription(so.FormattedSeverity(severity, "Applicable"), finding)),
so.MarkAsDetails("Full description", fullDetails),
))

if len(codeFlows) > 0 {
contentBuilder.WriteString(fmt.Sprintf("%s\n",
so.MarkAsDetails("Code Flows", so.sastCodeFlowsReviewContent(codeFlows)),
))
}
return contentBuilder.String()
}

func (so *StandardOutput) sastCodeFlowsReviewContent(codeFlows [][]formats.Location) string {
var contentBuilder strings.Builder
for _, flow := range codeFlows {
contentBuilder.WriteString(so.MarkAsDetails("Vulnerable data flow analysis result", so.sastDataFlowLocationsReviewContent(flow)))
}
return contentBuilder.String()
}

func (so *StandardOutput) sastDataFlowLocationsReviewContent(flow []formats.Location) string {
var contentBuilder strings.Builder
for _, location := range flow {
contentBuilder.WriteString(fmt.Sprintf(`
%s %s (at %s line %d)
`,
"↘️",
MarkAsQuote(location.Snippet),
location.File,
location.StartLine,
))
}
return contentBuilder.String()
}

func (so *StandardOutput) Footer() string {
return fmt.Sprintf(`
---%s`, so.MarkInCenter(CommentGeneratedByFrogbot))
Expand Down
4 changes: 2 additions & 2 deletions utils/outputwriter/standardoutput_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ func TestStandardOutput_ApplicableCveReviewContent(t *testing.T) {
so := &StandardOutput{}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
output := so.ApplicableCveReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.cve, tc.cveDetails, tc.impactedDependency, tc.remediation)
output := ApplicableCveReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.cve, tc.cveDetails, tc.impactedDependency, tc.remediation, so)
assert.Equal(t, tc.expectedOutput, output)
})
}
Expand Down Expand Up @@ -407,7 +407,7 @@ func TestStandardOutput_SastReviewContent(t *testing.T) {
so := &StandardOutput{}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
output := so.SastReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.codeFlows)
output := SastReviewContent(tc.severity, tc.finding, tc.fullDetails, tc.codeFlows, so)
assert.Equal(t, tc.expectedOutput, output)
})
}
Expand Down
6 changes: 4 additions & 2 deletions utils/reviewcomment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,14 +139,15 @@ func generateApplicabilityReviewContent(issue formats.Evidence, relatedCve forma
if relatedVulnerability.JfrogResearchInformation != nil {
remediation = relatedVulnerability.JfrogResearchInformation.Remediation
}
return outputwriter.GenerateReviewCommentContent(writer.ApplicableCveReviewContent(
return outputwriter.GenerateReviewCommentContent(outputwriter.ApplicableCveReviewContent(
relatedVulnerability.Severity,
issue.Reason,
relatedCve.Applicability.ScannerDescription,
relatedCve.Id,
relatedVulnerability.Summary,
fmt.Sprintf("%s:%s", relatedVulnerability.ImpactedDependencyName, relatedVulnerability.ImpactedDependencyVersion),
remediation,
writer,
), writer)
}

Expand All @@ -160,11 +161,12 @@ func generateSourceCodeReviewContent(commentType ReviewCommentType, issue format
writer,
), writer)
case SastComment:
return outputwriter.GenerateReviewCommentContent(writer.SastReviewContent(
return outputwriter.GenerateReviewCommentContent(outputwriter.SastReviewContent(
issue.Severity,
issue.Finding,
issue.ScannerDescription,
issue.CodeFlow,
writer,
), writer)
}
return
Expand Down
4 changes: 2 additions & 2 deletions utils/reviewcomment_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ func TestGetNewReviewComments(t *testing.T) {
Type: ApplicableComment,
CommentInfo: vcsclient.PullRequestComment{
CommentInfo: vcsclient.CommentInfo{
Content: outputwriter.GenerateReviewCommentContent(repo.ApplicableCveReviewContent("Low", "", "", "CVE-2023-4321", "summary-2", "component-C:", ""), repo.OutputWriter),
Content: outputwriter.GenerateReviewCommentContent(outputwriter.ApplicableCveReviewContent("Low", "", "", "CVE-2023-4321", "summary-2", "component-C:", "", repo.OutputWriter), repo.OutputWriter),
},
PullRequestDiff: vcsclient.PullRequestDiff{
OriginalFilePath: "file1",
Expand Down Expand Up @@ -231,7 +231,7 @@ func TestGetNewReviewComments(t *testing.T) {
Type: SastComment,
CommentInfo: vcsclient.PullRequestComment{
CommentInfo: vcsclient.CommentInfo{
Content: outputwriter.GenerateReviewCommentContent(repo.SastReviewContent("High", "XSS Vulnerability", "", [][]formats.Location{}), repo.OutputWriter),
Content: outputwriter.GenerateReviewCommentContent(outputwriter.SastReviewContent("High", "XSS Vulnerability", "", [][]formats.Location{}, repo.OutputWriter), repo.OutputWriter),
},
PullRequestDiff: vcsclient.PullRequestDiff{
OriginalFilePath: "file1",
Expand Down
Loading