diff --git a/xray/audit/jas/jasmanager.go b/xray/audit/jas/jasmanager.go index 3b191d0cb..1c8dc2568 100644 --- a/xray/audit/jas/jasmanager.go +++ b/xray/audit/jas/jasmanager.go @@ -131,7 +131,7 @@ func deleteJasProcessFiles(configFile string, resultFile string) error { return errorutils.CheckError(err) } -func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils.JasScanType) ([]utils.SourceCodeScanResult, error) { +func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils.JasScanType) (results []utils.SourceCodeScanResult, err error) { // Read Sarif format results generated from the Jas scanner report, err := sarif.Open(resultsFileName) if errorutils.CheckError(err) != nil { @@ -142,28 +142,32 @@ func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils // Jas scanners returns results in a single run entry sarifResults = report.Runs[0].Results } - return convertSarifResultsToSourceCodeScanResults(sarifResults, workingDir, scanType), nil + resultPointers := convertSarifResultsToSourceCodeScanResults(sarifResults, workingDir, scanType) + for _, res := range resultPointers { + results = append(results, *res) + } + return results, nil } -func convertSarifResultsToSourceCodeScanResults(sarifResults []*sarif.Result, workingDir string, scanType utils.JasScanType) []utils.SourceCodeScanResult { - var sourceCodeScanResults []utils.SourceCodeScanResult +func convertSarifResultsToSourceCodeScanResults(sarifResults []*sarif.Result, workingDir string, scanType utils.JasScanType) []*utils.SourceCodeScanResult { + var sourceCodeScanResults []*utils.SourceCodeScanResult for _, sarifResult := range sarifResults { // Describes a request to “suppress” a result (to exclude it from result lists) if len(sarifResult.Suppressions) > 0 { continue } // Convert - sourceCodeScanResult := utils.IsSarifResultExistsInSourceCodeScanResults(sarifResult, workingDir, &sourceCodeScanResults) - if sourceCodeScanResult == nil { - sourceCodeScanResult = utils.ConvertSarifResultToSourceCodeScanResult(sarifResult, workingDir, &sourceCodeScanResults) - sourceCodeScanResults = append(sourceCodeScanResults, *sourceCodeScanResult) - } - // Set specific Jas scan attributes - if scanType == utils.Secrets { - sourceCodeScanResult.Text = hideSecret(utils.GetResultLocationSnippet(sarifResult.Locations[0])) + currentResult := utils.GetResultIfExists(sarifResult, workingDir, sourceCodeScanResults) + if currentResult == nil { + currentResult = utils.ConvertSarifResultToSourceCodeScanResult(sarifResult, workingDir) + // Set specific Jas scan attributes + if scanType == utils.Secrets { + currentResult.Text = hideSecret(utils.GetResultLocationSnippet(sarifResult.Locations[0])) + } + sourceCodeScanResults = append(sourceCodeScanResults, currentResult) } if scanType == utils.Sast { - sourceCodeScanResult.CodeFlow = append(sourceCodeScanResult.CodeFlow, utils.GetResultCodeFlows(sarifResult, workingDir)...) + currentResult.CodeFlow = append(currentResult.CodeFlow, utils.GetResultCodeFlows(sarifResult, workingDir)...) } } return sourceCodeScanResults diff --git a/xray/utils/analyzermanager.go b/xray/utils/analyzermanager.go index ad928ecc7..48fa16c36 100644 --- a/xray/utils/analyzermanager.go +++ b/xray/utils/analyzermanager.go @@ -96,7 +96,7 @@ type SourceCodeScanResult struct { SourceCodeLocation Severity string Type string - CodeFlow [][]SourceCodeLocation + CodeFlow []*[]SourceCodeLocation } type ExtendedScanResults struct { diff --git a/xray/utils/resultstable.go b/xray/utils/resultstable.go index da607d17d..917109b4a 100644 --- a/xray/utils/resultstable.go +++ b/xray/utils/resultstable.go @@ -400,7 +400,7 @@ func toSourceCodeCodeFlowRow(result SourceCodeScanResult, isTable bool) (flows [ } for _, flowStack := range result.CodeFlow { rowFlow := []formats.SourceCodeLocationRow{} - for _, location := range flowStack { + for _, location := range *flowStack { rowFlow = append(rowFlow, formats.SourceCodeLocationRow{ File: location.File, LineColumn: location.LineColumn, diff --git a/xray/utils/sarifutils.go b/xray/utils/sarifutils.go index 1f77ed161..0fb9ef5d9 100644 --- a/xray/utils/sarifutils.go +++ b/xray/utils/sarifutils.go @@ -8,19 +8,19 @@ import ( ) // If exists SourceCodeScanResult with the same location as the provided SarifResult, return it -func IsSarifResultExistsInSourceCodeScanResults(result *sarif.Result, workingDir string, results *[]SourceCodeScanResult) *SourceCodeScanResult { +func GetResultIfExists(result *sarif.Result, workingDir string, results []*SourceCodeScanResult) *SourceCodeScanResult { file := ExtractRelativePath(GetResultFileName(result), workingDir) lineCol := GetResultLocationInFile(result) text := *result.Message.Text - for _, result := range *results { + for _, result := range results { if result.File == file && result.LineColumn == lineCol && result.Text == text { - return &result + return result } } return nil } -func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir string, results *[]SourceCodeScanResult) *SourceCodeScanResult { +func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir string) *SourceCodeScanResult { file := ExtractRelativePath(GetResultFileName(result), workingDir) lineCol := GetResultLocationInFile(result) text := *result.Message.Text @@ -36,7 +36,7 @@ func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir s } } -func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows [][]SourceCodeLocation) { +func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows []*[]SourceCodeLocation) { if len(result.CodeFlows) == 0 { return } @@ -49,14 +49,14 @@ func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows [][]Sour return } -func extractThreadFlows(threadFlows []*sarif.ThreadFlow, workingDir string) (flows [][]SourceCodeLocation) { +func extractThreadFlows(threadFlows []*sarif.ThreadFlow, workingDir string) (flows []*[]SourceCodeLocation) { for _, threadFlow := range threadFlows { if threadFlow == nil || len(threadFlow.Locations) == 0 { continue } flow := extractStackTraceLocations(threadFlow.Locations, workingDir) if len(flow) > 0 { - flows = append(flows, flow) + flows = append(flows, &flow) } } return