grabbing the value of applicability from the sarif and checking by it.

also added the right types
eyalk007 · Sep 3, 2024 · 4fa2643 · 4fa2643
1 parent ca8535e
commit 4fa2643
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 4 deletions.
diff --git a/build.gradle b/build.gradle
@@ -4,7 +4,7 @@ import java.net.http.HttpResponse
 import java.nio.file.Paths
 
 plugins {
-    id "org.jetbrains.intellij" version "1.16.0"
+    id "org.jetbrains.intellij" version "1.17.0"
     id "java"
     id "maven-publish"
     id "de.undercouch.download" version "5.3.0"

diff --git a/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java b/src/main/java/com/jfrog/ide/idea/inspections/JFrogSecurityWarning.java
@@ -52,7 +52,7 @@ public JFrogSecurityWarning(
         this.codeFlows = codeFlows;
     }
 
-    public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter) {
+    public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter, Rule rule) {
         this(getFirstRegion(result).getStartLine() - 1,
                 getFirstRegion(result).getStartColumn() - 1,
                 getFirstRegion(result).getEndLine() - 1,
@@ -62,7 +62,7 @@ public JFrogSecurityWarning(SarifResult result, SourceCodeScanType reporter) {
                 result.getRuleId(),
                 getFirstRegion(result).getSnippet().getText(),
                 reporter,
-                !result.getKind().equals("pass"),
+                (!result.getKind().equals("pass") && (rule.getRuleProperties().map(properties -> !properties.getApplicability().equals("not_applicable")).orElse(true))),
                 Severity.fromSarif(result.getSeverity()),
                 convertCodeFlowsToFindingInfo(result.getCodeFlows())
         );

diff --git a/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java b/src/main/java/com/jfrog/ide/idea/scan/ScanBinaryExecutor.java
@@ -260,7 +260,8 @@ protected boolean isPackageTypeSupported(PackageManagerType type) {
     protected List<JFrogSecurityWarning> parseOutputSarif(Path outputFile) throws IOException {
         Output output = getOutputObj(outputFile);
         List<JFrogSecurityWarning> warnings = new ArrayList<>();
-        output.getRuns().forEach(run -> run.getResults().stream().filter(SarifResult::isNotSuppressed).forEach(result -> warnings.add(new JFrogSecurityWarning(result, scanType))));
+
+        output.getRuns().forEach(run -> run.getResults().stream().filter(SarifResult::isNotSuppressed).forEach(result -> warnings.add(new JFrogSecurityWarning(result, scanType, run.getRuleFromRunById(result.getRuleId())))));
 
         Optional<Run> run = output.getRuns().stream().findFirst();
         if (run.isPresent()) {

diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java b/src/main/java/com/jfrog/ide/idea/scan/data/Rule.java
@@ -3,6 +3,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import java.util.Objects;
+import java.util.Optional;
 
 public class Rule {
 
@@ -15,6 +16,9 @@ public class Rule {
     @JsonProperty("fullDescription")
     private Message fullDescription;
 
+    @JsonProperty("properties")
+    private RuleProperties properties;
+
     public String getId() {
         return id;
     }
@@ -43,6 +47,10 @@ public void setFullDescription(Message fullDescription) {
         this.fullDescription = fullDescription;
     }
 
+    public Optional<RuleProperties> getRuleProperties() {
+        return Optional.ofNullable(properties);
+    }
+
     @Override
     public int hashCode() {
         return Objects.hash(id);

diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java b/src/main/java/com/jfrog/ide/idea/scan/data/RuleProperties.java
@@ -0,0 +1,15 @@
+package com.jfrog.ide.idea.scan.data;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import lombok.Getter;
+
+@Getter
+public class RuleProperties {
+
+    @JsonProperty("conclusion")
+    private String conclusion;
+
+    @JsonProperty("applicability")
+    private String applicability;
+
+}
diff --git a/src/main/java/com/jfrog/ide/idea/scan/data/Run.java b/src/main/java/com/jfrog/ide/idea/scan/data/Run.java
@@ -39,6 +39,15 @@ public List<SarifResult> getResults() {
         return results;
     }
 
+    public Rule getRuleFromRunById(String ruleId) {
+            List<Rule> rules = this.getTool().getDriver().getRules();
+            return rules.stream()
+                    .filter(rule -> rule.getId().equals(ruleId))
+                    .findFirst()
+                    .orElseThrow(() -> new NoSuchElementException("No rule found with id: " + ruleId));
+
+    }
+
     public void setResults(List<SarifResult> results) {
         this.results = results;
     }