Undetermined reason for undetermined contextual analysis status

jfrog · Aug 25, 2024 · d5c433a · d5c433a
1 parent ba47070
commit d5c433a
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 0 deletions.
diff --git a/formats/sarifutils/sarifutils.go b/formats/sarifutils/sarifutils.go
@@ -234,6 +234,21 @@ func GetRuleFullDescription(rule *sarif.ReportingDescriptor) string {
 	return ""
 }
 
+func GetRuleProperty(key string, rule *sarif.ReportingDescriptor) string {
+	if rule != nil && rule.Properties != nil && rule.Properties[key] != nil {
+		prop, ok := rule.Properties[key].(string)
+		if !ok {
+			return ""
+		}
+		return prop
+	}
+	return ""
+}
+
+func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string {
+	return GetRuleProperty("undetermined_reason", rule)
+}
+
 func GetRunRules(run *sarif.Run) []*sarif.ReportingDescriptor {
 	if run != nil && run.Tool.Driver != nil {
 		return run.Tool.Driver.Rules

diff --git a/formats/sarifutils/test_sarifutils.go b/formats/sarifutils/test_sarifutils.go
@@ -24,6 +24,19 @@ func CreateRunWithDummyResultAndRuleProperties(property, value string, result *s
 	return run
 }
 
+func CreateRunWithDummyResultAndRuleMultipleProperties(result *sarif.Result, properties, values []string) *sarif.Run {
+	run := sarif.NewRunWithInformationURI("", "")
+	if result.RuleID != nil {
+		run.AddRule(*result.RuleID)
+	}
+	run.AddResult(result)
+	run.Tool.Driver.Rules[0].Properties = make(sarif.Properties, len(properties))
+	for index, _ := range properties {
+		run.Tool.Driver.Rules[0].Properties[properties[index]] = values[index]
+	}
+	return run
+}
+
 func CreateResultWithLocations(msg, ruleId, level string, locations ...*sarif.Location) *sarif.Result {
 	return &sarif.Result{
 		Message:   *sarif.NewTextMessage(msg),

diff --git a/formats/simplejsonapi.go b/formats/simplejsonapi.go
@@ -96,6 +96,7 @@ type CveRow struct {
 type Applicability struct {
 	Status             string     `json:"status"`
 	ScannerDescription string     `json:"scannerDescription,omitempty"`
+	UndeterminedReason string     `json:"undeterminedReason,omitempty"`
 	Evidence           []Evidence `json:"evidence,omitempty"`
 }
 

diff --git a/utils/resultstable.go b/utils/resultstable.go
@@ -937,6 +937,7 @@ func getCveApplicabilityField(cveId string, applicabilityScanResults []*sarif.Ru
 		if rule, _ := applicabilityRun.GetRuleById(jasutils.CveToApplicabilityRuleId(cveId)); rule != nil {
 			applicability.ScannerDescription = sarifutils.GetRuleFullDescription(rule)
 			status := getApplicabilityStatusFromRule(rule)
+			applicability.UndeterminedReason = sarifutils.GetRuleUndeterminedReason(rule)
 			if status != "" {
 				applicabilityStatuses = append(applicabilityStatuses, status)
 			}

diff --git a/utils/resultstable_test.go b/utils/resultstable_test.go
@@ -722,6 +722,19 @@ func TestGetApplicableCveValue(t *testing.T) {
 				{Id: "testCve2", Applicability: &formats.Applicability{Status: jasutils.ApplicabilityUndetermined.String()}},
 			},
 		},
+		{
+			name: "undetermined with undetermined reason",
+			scanResults: &ExtendedScanResults{
+				ApplicabilityScanResults: []*sarif.Run{
+					sarifutils.CreateRunWithDummyResultAndRuleMultipleProperties(sarifutils.CreateDummyPassingResult("applic_testCve2"), []string{"applicability", "undetermined_reason"}, []string{"undetermined", "however"}),
+				},
+				EntitledForJas: true},
+			cves:           []services.Cve{{Id: "testCve2"}},
+			expectedResult: jasutils.ApplicabilityUndetermined,
+			expectedCves: []formats.CveRow{
+				{Id: "testCve2", Applicability: &formats.Applicability{Status: jasutils.ApplicabilityUndetermined.String(), UndeterminedReason: "however"}},
+			},
+		},
 	}
 
 	for _, testCase := range testCases {