json-writer: add CWE links to mitre.org in SARIF

kdudka · kdudka · commit d57f93ba6837 · 2022-04-13T13:27:29.000+02:00
diff --git a/src/json-writer.cc b/src/json-writer.cc
@@ -165,13 +165,21 @@ void SarifTreeEncoder::serializeCweMap()
 
         PTree cweList;
         const auto cwe = item.second;
-        const auto cweStr = "CWE-" + std::to_string(cwe);
-        appendNode(&cweList, PTree(cweStr));
+        const auto cweStr = std::to_string(cwe);
+        appendNode(&cweList, PTree("CWE-" + cweStr));
 
+        // properties.cwe[]
         PTree props;
         props.put_child("cwe", cweList);
         rule.put_child("properties", props);
 
+        // help.text
+        PTree help;
+        const auto helpText =
+            "https://cwe.mitre.org/data/definitions/" + cweStr + ".html";
+        help.put<std::string>("text", helpText);
+        rule.put_child("help", help);
+
         appendNode(&ruleList, rule);
     }
 
diff --git a/tests/csgrep/81-sarif-writer-stdout.txt b/tests/csgrep/81-sarif-writer-stdout.txt
@@ -15,6 +15,9 @@
                                 "cwe": [
                                     "CWE-762"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/762.html"
                             }
                         },
                         {
@@ -23,6 +26,9 @@
                                 "cwe": [
                                     "CWE-252"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/252.html"
                             }
                         },
                         {
@@ -31,6 +37,9 @@
                                 "cwe": [
                                     "CWE-569"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/569.html"
                             }
                         },
                         {
@@ -39,6 +48,9 @@
                                 "cwe": [
                                     "CWE-569"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/569.html"
                             }
                         },
                         {
@@ -47,6 +59,9 @@
                                 "cwe": [
                                     "CWE-561"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/561.html"
                             }
                         },
                         {
@@ -55,6 +70,9 @@
                                 "cwe": [
                                     "CWE-561"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/561.html"
                             }
                         },
                         {
@@ -63,6 +81,9 @@
                                 "cwe": [
                                     "CWE-561"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/561.html"
                             }
                         },
                         {
@@ -71,6 +92,9 @@
                                 "cwe": [
                                     "CWE-476"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/476.html"
                             }
                         },
                         {
@@ -79,6 +103,9 @@
                                 "cwe": [
                                     "CWE-687"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/687.html"
                             }
                         },
                         {
@@ -87,6 +114,9 @@
                                 "cwe": [
                                     "CWE-119"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/119.html"
                             }
                         },
                         {
@@ -95,6 +125,9 @@
                                 "cwe": [
                                     "CWE-119"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/119.html"
                             }
                         },
                         {
@@ -103,6 +136,9 @@
                                 "cwe": [
                                     "CWE-125"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/125.html"
                             }
                         },
                         {
@@ -111,6 +147,9 @@
                                 "cwe": [
                                     "CWE-686"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/686.html"
                             }
                         },
                         {
@@ -119,6 +158,9 @@
                                 "cwe": [
                                     "CWE-404"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/404.html"
                             }
                         },
                         {
@@ -127,6 +169,9 @@
                                 "cwe": [
                                     "CWE-404"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/404.html"
                             }
                         },
                         {
@@ -135,6 +180,9 @@
                                 "cwe": [
                                     "CWE-170"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/170.html"
                             }
                         },
                         {
@@ -143,6 +191,9 @@
                                 "cwe": [
                                     "CWE-120"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/120.html"
                             }
                         },
                         {
@@ -151,6 +202,9 @@
                                 "cwe": [
                                     "CWE-367"
                                 ]
+                            },
+                            "help": {
+                                "text": "https://cwe.mitre.org/data/definitions/367.html"
                             }
                         }
                     ]

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,9 @@`
`15`	`15`	`"cwe": [`
`16`	`16`	`"CWE-762"`
`17`	`17`	`]`
	`18`	`+ },`
	`19`	`+ "help": {`
	`20`	`+ "text": "https://cwe.mitre.org/data/definitions/762.html"`
`18`	`21`	`}`
`19`	`22`	`},`
`20`	`23`	`{`
`@@ -23,6 +26,9 @@`
`23`	`26`	`"cwe": [`
`24`	`27`	`"CWE-252"`
`25`	`28`	`]`
	`29`	`+ },`
	`30`	`+ "help": {`
	`31`	`+ "text": "https://cwe.mitre.org/data/definitions/252.html"`
`26`	`32`	`}`
`27`	`33`	`},`
`28`	`34`	`{`
`@@ -31,6 +37,9 @@`
`31`	`37`	`"cwe": [`
`32`	`38`	`"CWE-569"`
`33`	`39`	`]`
	`40`	`+ },`
	`41`	`+ "help": {`
	`42`	`+ "text": "https://cwe.mitre.org/data/definitions/569.html"`
`34`	`43`	`}`
`35`	`44`	`},`
`36`	`45`	`{`
`@@ -39,6 +48,9 @@`
`39`	`48`	`"cwe": [`
`40`	`49`	`"CWE-569"`
`41`	`50`	`]`
	`51`	`+ },`
	`52`	`+ "help": {`
	`53`	`+ "text": "https://cwe.mitre.org/data/definitions/569.html"`
`42`	`54`	`}`
`43`	`55`	`},`
`44`	`56`	`{`
`@@ -47,6 +59,9 @@`
`47`	`59`	`"cwe": [`
`48`	`60`	`"CWE-561"`
`49`	`61`	`]`
	`62`	`+ },`
	`63`	`+ "help": {`
	`64`	`+ "text": "https://cwe.mitre.org/data/definitions/561.html"`
`50`	`65`	`}`
`51`	`66`	`},`
`52`	`67`	`{`
`@@ -55,6 +70,9 @@`
`55`	`70`	`"cwe": [`
`56`	`71`	`"CWE-561"`
`57`	`72`	`]`
	`73`	`+ },`
	`74`	`+ "help": {`
	`75`	`+ "text": "https://cwe.mitre.org/data/definitions/561.html"`
`58`	`76`	`}`
`59`	`77`	`},`
`60`	`78`	`{`
`@@ -63,6 +81,9 @@`
`63`	`81`	`"cwe": [`
`64`	`82`	`"CWE-561"`
`65`	`83`	`]`
	`84`	`+ },`
	`85`	`+ "help": {`
	`86`	`+ "text": "https://cwe.mitre.org/data/definitions/561.html"`
`66`	`87`	`}`
`67`	`88`	`},`
`68`	`89`	`{`
`@@ -71,6 +92,9 @@`
`71`	`92`	`"cwe": [`
`72`	`93`	`"CWE-476"`
`73`	`94`	`]`
	`95`	`+ },`
	`96`	`+ "help": {`
	`97`	`+ "text": "https://cwe.mitre.org/data/definitions/476.html"`
`74`	`98`	`}`
`75`	`99`	`},`
`76`	`100`	`{`
`@@ -79,6 +103,9 @@`
`79`	`103`	`"cwe": [`
`80`	`104`	`"CWE-687"`
`81`	`105`	`]`
	`106`	`+ },`
	`107`	`+ "help": {`
	`108`	`+ "text": "https://cwe.mitre.org/data/definitions/687.html"`
`82`	`109`	`}`
`83`	`110`	`},`
`84`	`111`	`{`
`@@ -87,6 +114,9 @@`
`87`	`114`	`"cwe": [`
`88`	`115`	`"CWE-119"`
`89`	`116`	`]`
	`117`	`+ },`
	`118`	`+ "help": {`
	`119`	`+ "text": "https://cwe.mitre.org/data/definitions/119.html"`
`90`	`120`	`}`
`91`	`121`	`},`
`92`	`122`	`{`
`@@ -95,6 +125,9 @@`
`95`	`125`	`"cwe": [`
`96`	`126`	`"CWE-119"`
`97`	`127`	`]`
	`128`	`+ },`
	`129`	`+ "help": {`
	`130`	`+ "text": "https://cwe.mitre.org/data/definitions/119.html"`
`98`	`131`	`}`
`99`	`132`	`},`
`100`	`133`	`{`
`@@ -103,6 +136,9 @@`
`103`	`136`	`"cwe": [`
`104`	`137`	`"CWE-125"`
`105`	`138`	`]`
	`139`	`+ },`
	`140`	`+ "help": {`
	`141`	`+ "text": "https://cwe.mitre.org/data/definitions/125.html"`
`106`	`142`	`}`
`107`	`143`	`},`
`108`	`144`	`{`
`@@ -111,6 +147,9 @@`
`111`	`147`	`"cwe": [`
`112`	`148`	`"CWE-686"`
`113`	`149`	`]`
	`150`	`+ },`
	`151`	`+ "help": {`
	`152`	`+ "text": "https://cwe.mitre.org/data/definitions/686.html"`
`114`	`153`	`}`
`115`	`154`	`},`
`116`	`155`	`{`
`@@ -119,6 +158,9 @@`
`119`	`158`	`"cwe": [`
`120`	`159`	`"CWE-404"`
`121`	`160`	`]`
	`161`	`+ },`
	`162`	`+ "help": {`
	`163`	`+ "text": "https://cwe.mitre.org/data/definitions/404.html"`
`122`	`164`	`}`
`123`	`165`	`},`
`124`	`166`	`{`
`@@ -127,6 +169,9 @@`
`127`	`169`	`"cwe": [`
`128`	`170`	`"CWE-404"`
`129`	`171`	`]`
	`172`	`+ },`
	`173`	`+ "help": {`
	`174`	`+ "text": "https://cwe.mitre.org/data/definitions/404.html"`
`130`	`175`	`}`
`131`	`176`	`},`
`132`	`177`	`{`
`@@ -135,6 +180,9 @@`
`135`	`180`	`"cwe": [`
`136`	`181`	`"CWE-170"`
`137`	`182`	`]`
	`183`	`+ },`
	`184`	`+ "help": {`
	`185`	`+ "text": "https://cwe.mitre.org/data/definitions/170.html"`
`138`	`186`	`}`
`139`	`187`	`},`
`140`	`188`	`{`
`@@ -143,6 +191,9 @@`
`143`	`191`	`"cwe": [`
`144`	`192`	`"CWE-120"`
`145`	`193`	`]`
	`194`	`+ },`
	`195`	`+ "help": {`
	`196`	`+ "text": "https://cwe.mitre.org/data/definitions/120.html"`
`146`	`197`	`}`
`147`	`198`	`},`
`148`	`199`	`{`
`@@ -151,6 +202,9 @@`
`151`	`202`	`"cwe": [`
`152`	`203`	`"CWE-367"`
`153`	`204`	`]`
	`205`	`+ },`
	`206`	`+ "help": {`
	`207`	`+ "text": "https://cwe.mitre.org/data/definitions/367.html"`
`154`	`208`	`}`
`155`	`209`	`}`
`156`	`210`	`]`