Skip to content

Commit 4b737a9

Browse files
zpavlinoviczpavlinovic
committed
internal/sarif: compute relative paths for findings
And also make sure the paths are not added in binary mode. Updates golang/go#61347 Change-Id: If48fe57215cdecb01b8b687fbe042aae584f1d6d Reviewed-on: https://go-review.googlesource.com/c/vuln/+/558016 Reviewed-by: Maceo Thompson <[email protected]> TryBot-Result: Gopher Robot <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Run-TryBot: Zvonimir Pavlinovic <[email protected]>
1 parent 7bf0c05 commit 4b737a9

File tree

5 files changed

+193
-64
lines changed

5 files changed

+193
-64
lines changed

cmd/govulncheck/testdata/common/testfiles/source-call/source_call_sarif.ct

Lines changed: 88 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
113113
"locations": [
114114
{
115115
"physicalLocation": {
116-
"artifactLocation": {},
116+
"artifactLocation": {
117+
"uri": "go.mod",
118+
"uriBaseId": "%SRCROOT%"
119+
},
117120
"region": {
118121
"startLine": 1
119122
}
@@ -131,7 +134,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
131134
"locations": [
132135
{
133136
"physicalLocation": {
134-
"artifactLocation": {},
137+
"artifactLocation": {
138+
"uri": "go.mod",
139+
"uriBaseId": "%SRCROOT%"
140+
},
135141
"region": {
136142
"startLine": 1
137143
}
@@ -148,7 +154,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
148154
"module": "golang.org/vuln",
149155
"location": {
150156
"physicalLocation": {
151-
"artifactLocation": {},
157+
"artifactLocation": {
158+
"uri": "vuln.go",
159+
"uriBaseId": "%SRCROOT%"
160+
},
152161
"region": {
153162
"startLine": 14,
154163
"startColumn": 20
@@ -163,7 +172,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
163172
"module": "github.com/tidwall/gjson",
164173
"location": {
165174
"physicalLocation": {
166-
"artifactLocation": {},
175+
"artifactLocation": {
176+
"uri": "gjson.go",
177+
"uriBaseId": "%GOMODCACHE%"
178+
},
167179
"region": {
168180
"startLine": 297,
169181
"startColumn": 12
@@ -178,7 +190,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
178190
"module": "github.com/tidwall/gjson",
179191
"location": {
180192
"physicalLocation": {
181-
"artifactLocation": {},
193+
"artifactLocation": {
194+
"uri": "gjson.go",
195+
"uriBaseId": "%GOMODCACHE%"
196+
},
182197
"region": {
183198
"startLine": 1881,
184199
"startColumn": 36
@@ -193,7 +208,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
193208
"module": "github.com/tidwall/gjson",
194209
"location": {
195210
"physicalLocation": {
196-
"artifactLocation": {},
211+
"artifactLocation": {
212+
"uri": "gjson.go",
213+
"uriBaseId": "%GOMODCACHE%"
214+
},
197215
"region": {
198216
"startLine": 220,
199217
"startColumn": 17
@@ -222,7 +240,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
222240
"module": "golang.org/vuln",
223241
"location": {
224242
"physicalLocation": {
225-
"artifactLocation": {},
243+
"artifactLocation": {
244+
"uri": "vuln.go",
245+
"uriBaseId": "%SRCROOT%"
246+
},
226247
"region": {
227248
"startLine": 14,
228249
"startColumn": 20
@@ -237,7 +258,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
237258
"module": "github.com/tidwall/gjson",
238259
"location": {
239260
"physicalLocation": {
240-
"artifactLocation": {},
261+
"artifactLocation": {
262+
"uri": "gjson.go",
263+
"uriBaseId": "%GOMODCACHE%"
264+
},
241265
"region": {
242266
"startLine": 297,
243267
"startColumn": 12
@@ -252,7 +276,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
252276
"module": "github.com/tidwall/gjson",
253277
"location": {
254278
"physicalLocation": {
255-
"artifactLocation": {},
279+
"artifactLocation": {
280+
"uri": "gjson.go",
281+
"uriBaseId": "%GOMODCACHE%"
282+
},
256283
"region": {
257284
"startLine": 1881,
258285
"startColumn": 36
@@ -267,7 +294,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
267294
"module": "github.com/tidwall/gjson",
268295
"location": {
269296
"physicalLocation": {
270-
"artifactLocation": {},
297+
"artifactLocation": {
298+
"uri": "gjson.go",
299+
"uriBaseId": "%GOMODCACHE%"
300+
},
271301
"region": {
272302
"startLine": 2587,
273303
"startColumn": 21
@@ -282,7 +312,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
282312
"module": "github.com/tidwall/gjson",
283313
"location": {
284314
"physicalLocation": {
285-
"artifactLocation": {},
315+
"artifactLocation": {
316+
"uri": "gjson.go",
317+
"uriBaseId": "%GOMODCACHE%"
318+
},
286319
"region": {
287320
"startLine": 2631,
288321
"startColumn": 21
@@ -297,7 +330,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
297330
"module": "github.com/tidwall/gjson",
298331
"location": {
299332
"physicalLocation": {
300-
"artifactLocation": {},
333+
"artifactLocation": {
334+
"uri": "gjson.go",
335+
"uriBaseId": "%GOMODCACHE%"
336+
},
301337
"region": {
302338
"startLine": 220,
303339
"startColumn": 17
@@ -321,7 +357,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
321357
"locations": [
322358
{
323359
"physicalLocation": {
324-
"artifactLocation": {},
360+
"artifactLocation": {
361+
"uri": "go.mod",
362+
"uriBaseId": "%SRCROOT%"
363+
},
325364
"region": {
326365
"startLine": 1
327366
}
@@ -338,7 +377,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
338377
"module": "golang.org/vuln",
339378
"location": {
340379
"physicalLocation": {
341-
"artifactLocation": {},
380+
"artifactLocation": {
381+
"uri": "vuln.go",
382+
"uriBaseId": "%SRCROOT%"
383+
},
342384
"region": {
343385
"startLine": 13,
344386
"startColumn": 16
@@ -353,7 +395,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
353395
"module": "golang.org/x/text",
354396
"location": {
355397
"physicalLocation": {
356-
"artifactLocation": {},
398+
"artifactLocation": {
399+
"uri": "language/parse.go",
400+
"uriBaseId": "%GOMODCACHE%"
401+
},
357402
"region": {
358403
"startLine": 228,
359404
"startColumn": 6
@@ -382,7 +427,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
382427
"module": "golang.org/vuln",
383428
"location": {
384429
"physicalLocation": {
385-
"artifactLocation": {},
430+
"artifactLocation": {
431+
"uri": "vuln.go",
432+
"uriBaseId": "%SRCROOT%"
433+
},
386434
"region": {
387435
"startLine": 13,
388436
"startColumn": 16
@@ -397,7 +445,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
397445
"module": "golang.org/x/text",
398446
"location": {
399447
"physicalLocation": {
400-
"artifactLocation": {},
448+
"artifactLocation": {
449+
"uri": "language/parse.go",
450+
"uriBaseId": "%GOMODCACHE%"
451+
},
401452
"region": {
402453
"startLine": 228,
403454
"startColumn": 6
@@ -421,7 +472,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
421472
"locations": [
422473
{
423474
"physicalLocation": {
424-
"artifactLocation": {},
475+
"artifactLocation": {
476+
"uri": "go.mod",
477+
"uriBaseId": "%SRCROOT%"
478+
},
425479
"region": {
426480
"startLine": 1
427481
}
@@ -438,7 +492,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
438492
"module": "golang.org/vuln",
439493
"location": {
440494
"physicalLocation": {
441-
"artifactLocation": {},
495+
"artifactLocation": {
496+
"uri": "vuln.go",
497+
"uriBaseId": "%SRCROOT%"
498+
},
442499
"region": {
443500
"startLine": 14,
444501
"startColumn": 20
@@ -453,7 +510,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
453510
"module": "github.com/tidwall/gjson",
454511
"location": {
455512
"physicalLocation": {
456-
"artifactLocation": {},
513+
"artifactLocation": {
514+
"uri": "gjson.go",
515+
"uriBaseId": "%GOMODCACHE%"
516+
},
457517
"region": {
458518
"startLine": 296,
459519
"startColumn": 17
@@ -482,7 +542,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
482542
"module": "golang.org/vuln",
483543
"location": {
484544
"physicalLocation": {
485-
"artifactLocation": {},
545+
"artifactLocation": {
546+
"uri": "vuln.go",
547+
"uriBaseId": "%SRCROOT%"
548+
},
486549
"region": {
487550
"startLine": 14,
488551
"startColumn": 20
@@ -497,7 +560,10 @@ $ govulncheck -C ${moddir}/vuln -format sarif ./...
497560
"module": "github.com/tidwall/gjson",
498561
"location": {
499562
"physicalLocation": {
500-
"artifactLocation": {},
563+
"artifactLocation": {
564+
"uri": "gjson.go",
565+
"uriBaseId": "%GOMODCACHE%"
566+
},
501567
"region": {
502568
"startLine": 296,
503569
"startColumn": 17

cmd/govulncheck/testdata/common/testfiles/source-module/source_module_sarif.ct

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,10 @@ $ govulncheck -format sarif -scan module -C ${moddir}/vuln
113113
"locations": [
114114
{
115115
"physicalLocation": {
116-
"artifactLocation": {},
116+
"artifactLocation": {
117+
"uri": "go.mod",
118+
"uriBaseId": "%SRCROOT%"
119+
},
117120
"region": {
118121
"startLine": 1
119122
}
@@ -131,7 +134,10 @@ $ govulncheck -format sarif -scan module -C ${moddir}/vuln
131134
"locations": [
132135
{
133136
"physicalLocation": {
134-
"artifactLocation": {},
137+
"artifactLocation": {
138+
"uri": "go.mod",
139+
"uriBaseId": "%SRCROOT%"
140+
},
135141
"region": {
136142
"startLine": 1
137143
}
@@ -149,7 +155,10 @@ $ govulncheck -format sarif -scan module -C ${moddir}/vuln
149155
"locations": [
150156
{
151157
"physicalLocation": {
152-
"artifactLocation": {},
158+
"artifactLocation": {
159+
"uri": "go.mod",
160+
"uriBaseId": "%SRCROOT%"
161+
},
153162
"region": {
154163
"startLine": 1
155164
}
@@ -167,7 +176,10 @@ $ govulncheck -format sarif -scan module -C ${moddir}/vuln
167176
"locations": [
168177
{
169178
"physicalLocation": {
170-
"artifactLocation": {},
179+
"artifactLocation": {
180+
"uri": "go.mod",
181+
"uriBaseId": "%SRCROOT%"
182+
},
171183
"region": {
172184
"startLine": 1
173185
}

cmd/govulncheck/testdata/common/testfiles/source-package/source_package_sarif.ct

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,10 @@ $ govulncheck -format sarif -scan package -C ${moddir}/vuln .
113113
"locations": [
114114
{
115115
"physicalLocation": {
116-
"artifactLocation": {},
116+
"artifactLocation": {
117+
"uri": "go.mod",
118+
"uriBaseId": "%SRCROOT%"
119+
},
117120
"region": {
118121
"startLine": 1
119122
}
@@ -131,7 +134,10 @@ $ govulncheck -format sarif -scan package -C ${moddir}/vuln .
131134
"locations": [
132135
{
133136
"physicalLocation": {
134-
"artifactLocation": {},
137+
"artifactLocation": {
138+
"uri": "go.mod",
139+
"uriBaseId": "%SRCROOT%"
140+
},
135141
"region": {
136142
"startLine": 1
137143
}
@@ -149,7 +155,10 @@ $ govulncheck -format sarif -scan package -C ${moddir}/vuln .
149155
"locations": [
150156
{
151157
"physicalLocation": {
152-
"artifactLocation": {},
158+
"artifactLocation": {
159+
"uri": "go.mod",
160+
"uriBaseId": "%SRCROOT%"
161+
},
153162
"region": {
154163
"startLine": 1
155164
}
@@ -167,7 +176,10 @@ $ govulncheck -format sarif -scan package -C ${moddir}/vuln .
167176
"locations": [
168177
{
169178
"physicalLocation": {
170-
"artifactLocation": {},
179+
"artifactLocation": {
180+
"uri": "go.mod",
181+
"uriBaseId": "%SRCROOT%"
182+
},
171183
"region": {
172184
"startLine": 1
173185
}

0 commit comments

Comments
 (0)