sast-scan icon indicating copy to clipboard operation
sast-scan copied to clipboard

Published 20 hours ago verified publisher icon AppThreat

Use uriBaseId to specify root for relative urls

Open prabhu opened this issue 5 years ago • 1 comments

For some tools that generate relative urls such as gitleaks, pmd the code auto-prefixes workspace for each result to make the location absolute. As per SARIF specification, it should be possible to specify uriBaseId and retain relative urls.

https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.html#_Toc16012377 - section 3.4.14

This should also improve performance by a few seconds since we dont have to do things like this.

https://github.com/AppThreat/sast-scan/blob/master/lib/convert.py#L261 https://github.com/AppThreat/sast-scan/blob/master/lib/xml_parser.py#L50

prabhu avatar Jan 14 '20 10:01 prabhu

Example:

"originalUriBaseIds": {
        "PROJECTROOT": {
          "uri": "file://build.example.com/work/"
        },
        "SRCROOT": {
          "uri": " src/",
          "uriBaseId": "PROJECTROOT"
        },
        "BINROOT": {
          "uri": " bin/",
          "uriBaseId": "PROJECTROOT"
        }
}

prabhu avatar Jan 17 '20 11:01 prabhu