diff --git a/.codacy/codacy.yaml b/.codacy/codacy.yaml index 0be11e4e..df705345 100644 --- a/.codacy/codacy.yaml +++ b/.codacy/codacy.yaml @@ -3,13 +3,11 @@ runtimes: - java@17.0.10 - node@22.2.0 - python@3.11.11 - - flutter@3.7.2 tools: - eslint@9.38.0 - lizard@1.17.31 + - opengrep@1.16.4 - pmd@6.55.0 - pylint@3.3.9 - revive@1.12.0 - - opengrep@1.16.2 - trivy@0.69.3 - - dartanalyzer@3.7.2 diff --git a/go.mod b/go.mod index c30efc30..283a6fe5 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module codacy/cli-v2 -go 1.22.4 +go 1.22.12 require ( github.com/fatih/color v1.18.0 diff --git a/integration-tests/config-discover/expected/codacy.yaml b/integration-tests/config-discover/expected/codacy.yaml index 53b46cdc..4d68ca4f 100644 --- a/integration-tests/config-discover/expected/codacy.yaml +++ b/integration-tests/config-discover/expected/codacy.yaml @@ -7,7 +7,7 @@ tools: - dartanalyzer@3.7.2 - eslint@8.57.0 - lizard@1.17.31 - - opengrep@1.16.2 + - opengrep@1.16.4 - pmd@7.11.0 - pylint@3.3.6 - trivy@0.69.3 diff --git a/integration-tests/config-discover/expected/tools-configs/languages-config.yaml b/integration-tests/config-discover/expected/tools-configs/languages-config.yaml index 9d685b32..aab8accb 100644 --- a/integration-tests/config-discover/expected/tools-configs/languages-config.yaml +++ b/integration-tests/config-discover/expected/tools-configs/languages-config.yaml @@ -11,6 +11,10 @@ tools: languages: [C, CPP, CSharp, Erlang, Fortran, Go, Java, Javascript, Kotlin, Lua, Objective C, PHP, Python, Ruby, Rust, Scala, Solidity, Swift, TypeScript] extensions: [.c, .cc, .cpp, .cs, .cxx, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .m, .mjs, .opal, .php, .podspec, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .ts, .tsx, .vue] files: [] + - name: opengrep + languages: [Apex, C, CPP, CSharp, Dockerfile, Go, Java, Javascript, Kotlin, PHP, PLSQL, Python, Ruby, Rust, SQL, Scala, Shell, Swift, Terraform, TypeScript, YAML] + extensions: [.bash, .c, .cc, .cls, .cpp, .cs, .cxx, .dockerfile, .env, .fnc, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .mjs, .opal, .pck, .php, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .podspec, .prc, .py, .rake, .rb, .rlib, .rs, .scala, .sh, .sql, .swift, .tf, .tpb, .tps, .trg, .trigger, .ts, .tsx, .tyb, .typ, .vue, .yaml, .yml] + files: [] - name: pmd languages: [Apex, JSP, Java, Javascript, PLSQL, SQL, Velocity, VisualForce, XML] extensions: [.cls, .component, .fnc, .java, .js, .jsm, .jsp, .jsx, .mjs, .page, .pck, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .pom, .prc, .sql, .tpb, .tps, .trg, .trigger, .tyb, .typ, .vm, .vue, .wsdl, .xml, .xsl] @@ -23,10 +27,6 @@ tools: languages: [Go] extensions: [.go] files: [] - - name: opengrep - languages: [Apex, C, CPP, CSharp, Dockerfile, Go, Java, Javascript, Kotlin, PHP, PLSQL, Python, Ruby, Rust, SQL, Scala, Shell, Swift, Terraform, TypeScript, YAML] - extensions: [.bash, .c, .cc, .cls, .cpp, .cs, .cxx, .dockerfile, .env, .fnc, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .mjs, .opal, .pck, .php, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .podspec, .prc, .py, .rake, .rb, .rlib, .rs, .scala, .sh, .sql, .swift, .tf, .tpb, .tps, .trg, .trigger, .ts, .tsx, .tyb, .typ, .vue, .yaml, .yml] - files: [] - name: trivy languages: [C, CPP, CSharp, Dart, Dockerfile, Elixir, Go, JSON, Java, Javascript, PHP, Python, Ruby, Rust, Scala, Swift, Terraform, TypeScript, XML, YAML] extensions: [.c, .cc, .cpp, .cs, .cxx, .dart, .dockerfile, .env, .ex, .exs, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .json, .jsx, .mjs, .opal, .php, .podspec, .pom, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .tf, .ts, .tsx, .vue, .wsdl, .xml, .xsl, .yaml, .yml] diff --git a/integration-tests/init-with-token/expected/codacy.yaml b/integration-tests/init-with-token/expected/codacy.yaml index 18fae4b6..c610a1a8 100644 --- a/integration-tests/init-with-token/expected/codacy.yaml +++ b/integration-tests/init-with-token/expected/codacy.yaml @@ -5,7 +5,7 @@ runtimes: tools: - eslint@8.57.0 - lizard@1.17.31 - - opengrep@1.16.2 + - opengrep@1.16.4 - pmd@6.55.0 - pylint@3.3.9 - trivy@0.69.3 diff --git a/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml b/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml index 0bf11561..f8dbacfa 100644 --- a/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml +++ b/integration-tests/init-with-token/expected/tools-configs/languages-config.yaml @@ -1,11 +1,15 @@ tools: - name: eslint - languages: [Javascript] - extensions: [.js, .jsm, .jsx, .mjs, .vue] + languages: [Javascript, TypeScript] + extensions: [.js, .jsm, .jsx, .mjs, .ts, .tsx, .vue] files: [] - name: lizard - languages: [Java, Javascript, Python] - extensions: [.java, .js, .jsm, .jsx, .mjs, .py, .vue] + languages: [Java, Javascript, Python, TypeScript] + extensions: [.java, .js, .jsm, .jsx, .mjs, .py, .ts, .tsx, .vue] + files: [] + - name: opengrep + languages: [Java, Javascript, Python, TypeScript] + extensions: [.java, .js, .jsm, .jsx, .mjs, .py, .ts, .tsx, .vue] files: [] - name: pmd languages: [Java, Javascript] @@ -15,11 +19,7 @@ tools: languages: [Python] extensions: [.py] files: [] - - name: opengrep - languages: [Java, Javascript, Python] - extensions: [.java, .js, .jsm, .jsx, .mjs, .py, .vue] - files: [] - name: trivy - languages: [JSON, Java, Javascript, Python] - extensions: [.java, .js, .jsm, .json, .jsx, .mjs, .py, .vue] - files: [Pipfile.lock, gradle.lockfile, package-lock.json, package.json, pnpm-lock.yaml, poetry.lock, pom.xml, requirements.txt, uv.lock, yarn.lock] + languages: [JSON, Java, Javascript, Python, TypeScript] + extensions: [.java, .js, .jsm, .json, .jsx, .mjs, .py, .ts, .tsx, .vue] + files: [Pipfile.lock, gradle.lockfile, package-lock.json, package.json, pnpm-lock.yaml, poetry.lock, pom.xml, requirements.txt, uv.lock, yarn.lock] \ No newline at end of file diff --git a/integration-tests/init-without-token/expected/codacy.yaml b/integration-tests/init-without-token/expected/codacy.yaml index e723e133..1e0c9e1b 100644 --- a/integration-tests/init-without-token/expected/codacy.yaml +++ b/integration-tests/init-without-token/expected/codacy.yaml @@ -8,7 +8,7 @@ tools: - dartanalyzer@3.7.2 - eslint@8.57.0 - lizard@1.17.31 - - opengrep@1.16.2 + - opengrep@1.16.4 - pmd@7.11.0 - pylint@3.3.6 - revive@1.7.0 diff --git a/integration-tests/init-without-token/expected/tools-configs/languages-config.yaml b/integration-tests/init-without-token/expected/tools-configs/languages-config.yaml index 8981a44c..ca44d896 100644 --- a/integration-tests/init-without-token/expected/tools-configs/languages-config.yaml +++ b/integration-tests/init-without-token/expected/tools-configs/languages-config.yaml @@ -11,6 +11,10 @@ tools: languages: [C, CPP, CSharp, Erlang, Fortran, Go, Java, Javascript, Kotlin, Lua, Objective C, PHP, Python, Ruby, Rust, Scala, Solidity, Swift, TypeScript] extensions: [.c, .cc, .cpp, .cs, .cxx, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .m, .mjs, .opal, .php, .podspec, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .ts, .tsx, .vue] files: [] + - name: opengrep + languages: [Apex, C, CPP, CSharp, Dockerfile, Go, Java, Javascript, Kotlin, PHP, PLSQL, Python, Ruby, Rust, SQL, Scala, Shell, Swift, Terraform, TypeScript, YAML] + extensions: [.bash, .c, .cc, .cls, .cpp, .cs, .cxx, .dockerfile, .env, .fnc, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .mjs, .opal, .pck, .php, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .podspec, .prc, .py, .rake, .rb, .rlib, .rs, .scala, .sh, .sql, .swift, .tf, .tpb, .tps, .trg, .trigger, .ts, .tsx, .tyb, .typ, .vue, .yaml, .yml] + files: [] - name: pmd languages: [Apex, JSP, Java, Javascript, PLSQL, SQL, Velocity, VisualForce, XML] extensions: [.cls, .component, .fnc, .java, .js, .jsm, .jsp, .jsx, .mjs, .page, .pck, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .pom, .prc, .sql, .tpb, .tps, .trg, .trigger, .tyb, .typ, .vm, .vue, .wsdl, .xml, .xsl] @@ -23,10 +27,6 @@ tools: languages: [Go] extensions: [.go] files: [] - - name: opengrep - languages: [Apex, C, CPP, CSharp, Dockerfile, Go, Java, Javascript, Kotlin, PHP, PLSQL, Python, Ruby, Rust, SQL, Scala, Shell, Swift, Terraform, TypeScript, YAML] - extensions: [.bash, .c, .cc, .cls, .cpp, .cs, .cxx, .dockerfile, .env, .fnc, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .jsx, .kt, .kts, .mjs, .opal, .pck, .php, .pkb, .pkh, .pks, .plb, .pld, .plh, .pls, .podspec, .prc, .py, .rake, .rb, .rlib, .rs, .scala, .sh, .sql, .swift, .tf, .tpb, .tps, .trg, .trigger, .ts, .tsx, .tyb, .typ, .vue, .yaml, .yml] - files: [] - name: trivy languages: [C, CPP, CSharp, Dart, Dockerfile, Elixir, Go, JSON, Java, Javascript, PHP, Python, Ruby, Rust, Scala, Swift, Terraform, TypeScript, XML, YAML] extensions: [.c, .cc, .cpp, .cs, .cxx, .dart, .dockerfile, .env, .ex, .exs, .gemspec, .go, .h, .hpp, .ino, .java, .jbuilder, .js, .jsm, .json, .jsx, .mjs, .opal, .php, .podspec, .pom, .py, .rake, .rb, .rlib, .rs, .scala, .swift, .tf, .ts, .tsx, .vue, .wsdl, .xml, .xsl, .yaml, .yml] diff --git a/plugins/tools/opengrep/plugin.yaml b/plugins/tools/opengrep/plugin.yaml index 8a9fc326..646fdc2c 100644 --- a/plugins/tools/opengrep/plugin.yaml +++ b/plugins/tools/opengrep/plugin.yaml @@ -1,6 +1,6 @@ name: opengrep description: Opengrep is an open-source static analysis tool and community fork of Semgrep for finding bugs and enforcing code standards. -default_version: 1.16.2 +default_version: 1.16.4 download: url_template: "https://github.com/opengrep/opengrep/releases/download/v{{.Version}}/opengrep_{{.OS}}_{{.Arch}}{{.Extension}}" file_name_template: "opengrep_{{.OS}}_{{.Arch}}" diff --git a/plugins/tools/opengrep/test/expected.sarif b/plugins/tools/opengrep/test/expected.sarif index c787de20..db8a6082 100644 --- a/plugins/tools/opengrep/test/expected.sarif +++ b/plugins/tools/opengrep/test/expected.sarif @@ -1,197 +1,197 @@ { - "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", - "runs": [ + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "invocations": [ { - "invocations": [ - { - "executionSuccessful": true, - "toolExecutionNotifications": [] - } - ], - "results": [ - { - "fingerprints": { - "matchBasedId/v1": "d68b4b5aa90adf170c15bd2f15e46001e617fb546c1f75c00cb31e0294e948f00f38ae86c9dc5b943eb415eb6b1b152f55a6c8e1ce45174821189099b69c499a_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 26, - "endLine": 14, - "snippet": { - "text": " user_input = \"ls -la\"" - }, - "startColumn": 5, - "startLine": 14 - } - } - } - ], - "message": { - "text": "Hardcoded password detected" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + "executionSuccessful": true, + "toolExecutionNotifications": [] + } + ], + "results": [ + { + "fingerprints": { + "matchBasedId/v1": "d68b4b5aa90adf170c15bd2f15e46001e617fb546c1f75c00cb31e0294e948f00f38ae86c9dc5b943eb415eb6b1b152f55a6c8e1ce45174821189099b69c499a_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" }, - { - "fingerprints": { - "matchBasedId/v1": "fb709112486f440290f4ceb370b2530e2dc80ac719854debf8ef1cd92d493ff791afaadf0240b41f9365d69fef012c8b8a04e2a1b67ff651ff621d8c93d1bfda_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 37, - "endLine": 20, - "snippet": { - "text": " password = \"mysecretpassword123\" # opengrep: python.lang.security.audit.hardcoded-password.hardcoded-password" - }, - "startColumn": 5, - "startLine": 20 - } - } - } - ], - "message": { - "text": "Hardcoded password detected" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + "region": { + "endColumn": 26, + "endLine": 14, + "snippet": { + "text": " user_input = \"ls -la\"" + }, + "startColumn": 5, + "startLine": 14 + } + } + } + ], + "message": { + "text": "Hardcoded password detected" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + }, + { + "fingerprints": { + "matchBasedId/v1": "fb709112486f440290f4ceb370b2530e2dc80ac719854debf8ef1cd92d493ff791afaadf0240b41f9365d69fef012c8b8a04e2a1b67ff651ff621d8c93d1bfda_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" }, - { - "fingerprints": { - "matchBasedId/v1": "ab899bcac588e9ca6eb62e2f3622c585458008ecbd31be21c538a80b2f34238826af6d34710506d190469ec9e2e6068fd0dc05f2f1e483fcc32dfa5dbce29a11_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 43, - "endLine": 26, - "snippet": { - "text": " data = b\"cos\\nsystem\\n(S'ls -la'\\ntR.\"" - }, - "startColumn": 5, - "startLine": 26 - } - } - } - ], - "message": { - "text": "Hardcoded password detected" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + "region": { + "endColumn": 37, + "endLine": 20, + "snippet": { + "text": " password = \"mysecretpassword123\" # opengrep: python.lang.security.audit.hardcoded-password.hardcoded-password" + }, + "startColumn": 5, + "startLine": 20 + } + } + } + ], + "message": { + "text": "Hardcoded password detected" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + }, + { + "fingerprints": { + "matchBasedId/v1": "ab899bcac588e9ca6eb62e2f3622c585458008ecbd31be21c538a80b2f34238826af6d34710506d190469ec9e2e6068fd0dc05f2f1e483fcc32dfa5dbce29a11_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" }, - { - "fingerprints": { - "matchBasedId/v1": "5c6d33cba2da3f1092652370087a5fe5eb394bc1675e593c3cef420f2a26e97bea82e0caa8741a5c13a09ca85f1e1015deb2928958516de72c2fcddb84acc215_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 26, - "endLine": 15, - "snippet": { - "text": " os.system(user_input) # opengrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" - }, - "startColumn": 5, - "startLine": 15 - } - } - } - ], - "message": { - "text": "Unsafe command execution with os.system" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.os-system.os-system" + "region": { + "endColumn": 43, + "endLine": 26, + "snippet": { + "text": " data = b\"cos\\nsystem\\n(S'ls -la'\\ntR.\"" + }, + "startColumn": 5, + "startLine": 26 + } + } + } + ], + "message": { + "text": "Hardcoded password detected" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password" + }, + { + "fingerprints": { + "matchBasedId/v1": "5c6d33cba2da3f1092652370087a5fe5eb394bc1675e593c3cef420f2a26e97bea82e0caa8741a5c13a09ca85f1e1015deb2928958516de72c2fcddb84acc215_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" }, - { - "fingerprints": { - "matchBasedId/v1": "129aec3858c4c532da6214fac11e10c87bc7789d07f1651dc6e82f1d62ccfb29cc6e3fdd44320f3b06bad930ffa2bf454f75d03768ebfc8aed12191cbc3496b7_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 23, - "endLine": 27, - "snippet": { - "text": " pickle.loads(data) # opengrep: python.lang.security.audit.pickle.avoid-pickle" - }, - "startColumn": 5, - "startLine": 27 - } - } - } - ], - "message": { - "text": "Unsafe deserialization with pickle" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle" + "region": { + "endColumn": 26, + "endLine": 15, + "snippet": { + "text": " os.system(user_input) # opengrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" + }, + "startColumn": 5, + "startLine": 15 + } + } + } + ], + "message": { + "text": "Unsafe command execution with os.system" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.os-system.os-system" + }, + { + "fingerprints": { + "matchBasedId/v1": "129aec3858c4c532da6214fac11e10c87bc7789d07f1651dc6e82f1d62ccfb29cc6e3fdd44320f3b06bad930ffa2bf454f75d03768ebfc8aed12191cbc3496b7_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" }, - { - "fingerprints": { - "matchBasedId/v1": "912dfe82da41aeee9a4a4c9c195d94f60e63458f1094080e0e24585c6f7894c5822ca61ad89cd45cd56d30f0016802a9e87805d429e4fd751c6917e003c3c3f7_0" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "test_file.py", - "uriBaseId": "%SRCROOT%" - }, - "region": { - "endColumn": 43, - "endLine": 16, - "snippet": { - "text": " subprocess.run(user_input, shell=True) # opengrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" - }, - "startColumn": 5, - "startLine": 16 - } - } - } - ], - "message": { - "text": "Unsafe command execution with shell=True" - }, - "properties": {}, - "ruleId": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" + "region": { + "endColumn": 23, + "endLine": 27, + "snippet": { + "text": " pickle.loads(data) # opengrep: python.lang.security.audit.pickle.avoid-pickle" + }, + "startColumn": 5, + "startLine": 27 } - ], - "tool": { - "driver": { - "name": "Opengrep OSS", - "rules": null, - "semanticVersion": "1.16.2" + } + } + ], + "message": { + "text": "Unsafe deserialization with pickle" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle" + }, + { + "fingerprints": { + "matchBasedId/v1": "912dfe82da41aeee9a4a4c9c195d94f60e63458f1094080e0e24585c6f7894c5822ca61ad89cd45cd56d30f0016802a9e87805d429e4fd751c6917e003c3c3f7_0" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "test_file.py", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "endColumn": 43, + "endLine": 16, + "snippet": { + "text": " subprocess.run(user_input, shell=True) # opengrep: python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" + }, + "startColumn": 5, + "startLine": 16 } + } } + ], + "message": { + "text": "Unsafe command execution with shell=True" + }, + "properties": {}, + "ruleId": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true" + } + ], + "tool": { + "driver": { + "name": "Opengrep OSS", + "rules": null, + "semanticVersion": "1.16.4" } - ], - "version": "2.1.0" + } + } + ], + "version": "2.1.0" } \ No newline at end of file diff --git a/plugins/tools/opengrep/test/src/.codacy/codacy.yaml b/plugins/tools/opengrep/test/src/.codacy/codacy.yaml index 2ddb1f52..45af8d16 100644 --- a/plugins/tools/opengrep/test/src/.codacy/codacy.yaml +++ b/plugins/tools/opengrep/test/src/.codacy/codacy.yaml @@ -1,4 +1,4 @@ runtimes: - python@3.11.11 tools: - - opengrep@1.16.2 + - opengrep@1.16.4 diff --git a/plugins/tools/revive/test/expected.sarif b/plugins/tools/revive/test/expected.sarif index 980ad2de..e8f5d615 100644 --- a/plugins/tools/revive/test/expected.sarif +++ b/plugins/tools/revive/test/expected.sarif @@ -3,25 +3,6 @@ "runs": [ { "results": [ - { - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "bad.go" - }, - "region": { - "startColumn": 10, - "startLine": 9 - } - } - } - ], - "message": { - "text": "should omit type int from declaration of var foo; it will be inferred from the right-hand side" - }, - "ruleId": "var-declaration" - }, { "locations": [ { @@ -31,15 +12,15 @@ }, "region": { "startColumn": 1, - "startLine": 1 + "startLine": 7 } } } ], "message": { - "text": "should have a package comment" + "text": "comment on exported function BadFunction should be of the form \"BadFunction ...\"" }, - "ruleId": "package-comments" + "ruleId": "exported" }, { "locations": [ @@ -50,13 +31,13 @@ }, "region": { "startColumn": 1, - "startLine": 7 + "startLine": 22 } } } ], "message": { - "text": "comment on exported function BadFunction should be of the form \"BadFunction ...\"" + "text": "comment on exported function LongLine should be of the form \"LongLine ...\"" }, "ruleId": "exported" }, @@ -69,13 +50,13 @@ }, "region": { "startColumn": 1, - "startLine": 22 + "startLine": 27 } } } ], "message": { - "text": "comment on exported function LongLine should be of the form \"LongLine ...\"" + "text": "comment on exported function NakedReturn should be of the form \"NakedReturn ...\"" }, "ruleId": "exported" }, @@ -88,15 +69,15 @@ }, "region": { "startColumn": 1, - "startLine": 27 + "startLine": 1 } } } ], "message": { - "text": "comment on exported function NakedReturn should be of the form \"NakedReturn ...\"" + "text": "should have a package comment" }, - "ruleId": "exported" + "ruleId": "package-comments" }, { "locations": [ @@ -211,6 +192,25 @@ "text": "parameter 'unused' seems to be unused, consider removing or renaming it as _" }, "ruleId": "unused-parameter" + }, + { + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "bad.go" + }, + "region": { + "startColumn": 10, + "startLine": 9 + } + } + } + ], + "message": { + "text": "should omit type int from declaration of var foo; it will be inferred from the right-hand side" + }, + "ruleId": "var-declaration" } ], "tool": { @@ -223,4 +223,4 @@ } ], "version": "2.1.0" -} \ No newline at end of file +} diff --git a/plugins/tools/trivy/test/expected.sarif b/plugins/tools/trivy/test/expected.sarif index a568eb9b..4a542dba 100644 --- a/plugins/tools/trivy/test/expected.sarif +++ b/plugins/tools/trivy/test/expected.sarif @@ -14,54 +14,54 @@ "locations": [ { "message": { - "text": "package-lock.json: ajv@6.12.6" + "text": "requirements.txt: django@1.11.29" }, "physicalLocation": { "artifactLocation": { - "uri": "package-lock.json", + "uri": "requirements.txt", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 316, + "endLine": 1, "startColumn": 1, - "startLine": 302 + "startLine": 1 } } } ], "message": { - "text": "Package: ajv\nInstalled Version: 6.12.6\nVulnerability CVE-2025-69873\nSeverity: MEDIUM\nFixed Version: 8.18.0, 6.14.0\nLink: [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2021-33203\nSeverity: MEDIUM\nFixed Version: 2.2.24, 3.1.12, 3.2.4\nLink: [CVE-2021-33203](https://avd.aquasec.com/nvd/cve-2021-33203)" }, - "ruleId": "CVE-2025-69873", - "ruleIndex": 0 + "ruleId": "CVE-2021-33203", + "ruleIndex": 12 }, { - "level": "note", + "level": "error", "locations": [ { "message": { - "text": "package-lock.json: brace-expansion@1.1.11" + "text": "requirements.txt: django@1.11.29" }, "physicalLocation": { "artifactLocation": { - "uri": "package-lock.json", + "uri": "requirements.txt", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 357, + "endLine": 1, "startColumn": 1, - "startLine": 349 + "startLine": 1 } } } ], "message": { - "text": "Package: brace-expansion\nInstalled Version: 1.1.11\nVulnerability CVE-2025-5889\nSeverity: LOW\nFixed Version: 2.0.2, 1.1.12, 3.0.1, 4.0.1\nLink: [CVE-2025-5889](https://avd.aquasec.com/nvd/cve-2025-5889)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2022-36359\nSeverity: HIGH\nFixed Version: 3.2.15, 4.0.7\nLink: [CVE-2022-36359](https://avd.aquasec.com/nvd/cve-2022-36359)" }, - "ruleId": "CVE-2025-5889", - "ruleIndex": 1 + "ruleId": "CVE-2022-36359", + "ruleIndex": 9 }, { "level": "error", @@ -95,88 +95,88 @@ "locations": [ { "message": { - "text": "package-lock.json: js-yaml@4.1.0" + "text": "requirements.txt: django@1.11.29" }, "physicalLocation": { "artifactLocation": { - "uri": "package-lock.json", + "uri": "requirements.txt", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1003, + "endLine": 1, "startColumn": 1, - "startLine": 993 + "startLine": 1 } } } ], "message": { - "text": "Package: js-yaml\nInstalled Version: 4.1.0\nVulnerability CVE-2025-64718\nSeverity: MEDIUM\nFixed Version: 4.1.1, 3.14.2\nLink: [CVE-2025-64718](https://avd.aquasec.com/nvd/cve-2025-64718)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2024-45231\nSeverity: MEDIUM\nFixed Version: 5.1.1, 5.0.9, 4.2.16\nLink: [CVE-2024-45231](https://avd.aquasec.com/nvd/cve-2024-45231)" }, - "ruleId": "CVE-2025-64718", - "ruleIndex": 3 + "ruleId": "CVE-2024-45231", + "ruleIndex": 13 }, { - "level": "error", + "level": "warning", "locations": [ { "message": { - "text": "package-lock.json: minimatch@3.1.2" + "text": "requirements.txt: django@1.11.29" }, "physicalLocation": { "artifactLocation": { - "uri": "package-lock.json", + "uri": "requirements.txt", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1101, + "endLine": 1, "startColumn": 1, - "startLine": 1091 + "startLine": 1 } } } ], "message": { - "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-26996\nSeverity: HIGH\nFixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3\nLink: [CVE-2026-26996](https://avd.aquasec.com/nvd/cve-2026-26996)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-48432\nSeverity: MEDIUM\nFixed Version: 5.2.2, 5.1.10, 4.2.22\nLink: [CVE-2025-48432](https://avd.aquasec.com/nvd/cve-2025-48432)" }, - "ruleId": "CVE-2026-26996", - "ruleIndex": 4 + "ruleId": "CVE-2025-48432", + "ruleIndex": 14 }, { "level": "error", "locations": [ { "message": { - "text": "package-lock.json: minimatch@3.1.2" + "text": "requirements.txt: django@1.11.29" }, "physicalLocation": { "artifactLocation": { - "uri": "package-lock.json", + "uri": "requirements.txt", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1101, + "endLine": 1, "startColumn": 1, - "startLine": 1091 + "startLine": 1 } } } ], "message": { - "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-27903\nSeverity: HIGH\nFixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3\nLink: [CVE-2026-27903](https://avd.aquasec.com/nvd/cve-2026-27903)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-57833\nSeverity: HIGH\nFixed Version: 4.2.24, 5.1.12, 5.2.6\nLink: [CVE-2025-57833](https://avd.aquasec.com/nvd/cve-2025-57833)" }, - "ruleId": "CVE-2026-27903", - "ruleIndex": 5 + "ruleId": "CVE-2025-57833", + "ruleIndex": 10 }, { - "level": "error", + "level": "note", "locations": [ { "message": { - "text": "package-lock.json: minimatch@3.1.2" + "text": "package-lock.json: brace-expansion@1.1.11" }, "physicalLocation": { "artifactLocation": { @@ -185,18 +185,18 @@ }, "region": { "endColumn": 1, - "endLine": 1101, + "endLine": 357, "startColumn": 1, - "startLine": 1091 + "startLine": 349 } } } ], "message": { - "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-27904\nSeverity: HIGH\nFixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4\nLink: [CVE-2026-27904](https://avd.aquasec.com/nvd/cve-2026-27904)" + "text": "Package: brace-expansion\nInstalled Version: 1.1.11\nVulnerability CVE-2025-5889\nSeverity: LOW\nFixed Version: 2.0.2, 1.1.12, 3.0.1, 4.0.1\nLink: [CVE-2025-5889](https://avd.aquasec.com/nvd/cve-2025-5889)" }, - "ruleId": "CVE-2026-27904", - "ruleIndex": 6 + "ruleId": "CVE-2025-5889", + "ruleIndex": 1 }, { "level": "error", @@ -220,10 +220,10 @@ } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-64459\nSeverity: CRITICAL\nFixed Version: 5.2.8, 5.1.14, 4.2.26\nLink: [CVE-2025-64459](https://avd.aquasec.com/nvd/cve-2025-64459)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-64458\nSeverity: HIGH\nFixed Version: 5.2.8, 5.1.14, 4.2.26\nLink: [CVE-2025-64458](https://avd.aquasec.com/nvd/cve-2025-64458)" }, - "ruleId": "CVE-2025-64459", - "ruleIndex": 7 + "ruleId": "CVE-2025-64458", + "ruleIndex": 11 }, { "level": "error", @@ -247,145 +247,172 @@ } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2022-36359\nSeverity: HIGH\nFixed Version: 3.2.15, 4.0.7\nLink: [CVE-2022-36359](https://avd.aquasec.com/nvd/cve-2022-36359)" + "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-64459\nSeverity: CRITICAL\nFixed Version: 5.2.8, 5.1.14, 4.2.26\nLink: [CVE-2025-64459](https://avd.aquasec.com/nvd/cve-2025-64459)" }, - "ruleId": "CVE-2022-36359", + "ruleId": "CVE-2025-64459", "ruleIndex": 8 }, { - "level": "error", + "level": "warning", "locations": [ { "message": { - "text": "requirements.txt: django@1.11.29" + "text": "package-lock.json: js-yaml@4.1.0" }, "physicalLocation": { "artifactLocation": { - "uri": "requirements.txt", + "uri": "package-lock.json", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1, + "endLine": 1003, "startColumn": 1, - "startLine": 1 + "startLine": 993 } } } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-57833\nSeverity: HIGH\nFixed Version: 4.2.24, 5.1.12, 5.2.6\nLink: [CVE-2025-57833](https://avd.aquasec.com/nvd/cve-2025-57833)" + "text": "Package: js-yaml\nInstalled Version: 4.1.0\nVulnerability CVE-2025-64718\nSeverity: MEDIUM\nFixed Version: 4.1.1, 3.14.2\nLink: [CVE-2025-64718](https://avd.aquasec.com/nvd/cve-2025-64718)" }, - "ruleId": "CVE-2025-57833", - "ruleIndex": 9 + "ruleId": "CVE-2025-64718", + "ruleIndex": 4 + }, + { + "level": "warning", + "locations": [ + { + "message": { + "text": "package-lock.json: ajv@6.12.6" + }, + "physicalLocation": { + "artifactLocation": { + "uri": "package-lock.json", + "uriBaseId": "ROOTPATH" + }, + "region": { + "endColumn": 1, + "endLine": 316, + "startColumn": 1, + "startLine": 302 + } + } + } + ], + "message": { + "text": "Package: ajv\nInstalled Version: 6.12.6\nVulnerability CVE-2025-69873\nSeverity: MEDIUM\nFixed Version: 8.18.0, 6.14.0\nLink: [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873)" + }, + "ruleId": "CVE-2025-69873", + "ruleIndex": 0 }, { "level": "error", "locations": [ { "message": { - "text": "requirements.txt: django@1.11.29" + "text": "package-lock.json: minimatch@3.1.2" }, "physicalLocation": { "artifactLocation": { - "uri": "requirements.txt", + "uri": "package-lock.json", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1, + "endLine": 1101, "startColumn": 1, - "startLine": 1 + "startLine": 1091 } } } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-64458\nSeverity: HIGH\nFixed Version: 5.2.8, 5.1.14, 4.2.26\nLink: [CVE-2025-64458](https://avd.aquasec.com/nvd/cve-2025-64458)" + "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-26996\nSeverity: HIGH\nFixed Version: 10.2.1, 9.0.6, 8.0.5, 7.4.7, 6.2.1, 5.1.7, 4.2.4, 3.1.3\nLink: [CVE-2026-26996](https://avd.aquasec.com/nvd/cve-2026-26996)" }, - "ruleId": "CVE-2025-64458", - "ruleIndex": 10 + "ruleId": "CVE-2026-26996", + "ruleIndex": 5 }, { - "level": "warning", + "level": "error", "locations": [ { "message": { - "text": "requirements.txt: django@1.11.29" + "text": "package-lock.json: minimatch@3.1.2" }, "physicalLocation": { "artifactLocation": { - "uri": "requirements.txt", + "uri": "package-lock.json", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1, + "endLine": 1101, "startColumn": 1, - "startLine": 1 + "startLine": 1091 } } } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2021-33203\nSeverity: MEDIUM\nFixed Version: 2.2.24, 3.1.12, 3.2.4\nLink: [CVE-2021-33203](https://avd.aquasec.com/nvd/cve-2021-33203)" + "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-27903\nSeverity: HIGH\nFixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.3\nLink: [CVE-2026-27903](https://avd.aquasec.com/nvd/cve-2026-27903)" }, - "ruleId": "CVE-2021-33203", - "ruleIndex": 11 + "ruleId": "CVE-2026-27903", + "ruleIndex": 6 }, { - "level": "warning", + "level": "error", "locations": [ { "message": { - "text": "requirements.txt: django@1.11.29" + "text": "package-lock.json: minimatch@3.1.2" }, "physicalLocation": { "artifactLocation": { - "uri": "requirements.txt", + "uri": "package-lock.json", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1, + "endLine": 1101, "startColumn": 1, - "startLine": 1 + "startLine": 1091 } } } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2024-45231\nSeverity: MEDIUM\nFixed Version: 5.1.1, 5.0.9, 4.2.16\nLink: [CVE-2024-45231](https://avd.aquasec.com/nvd/cve-2024-45231)" + "text": "Package: minimatch\nInstalled Version: 3.1.2\nVulnerability CVE-2026-27904\nSeverity: HIGH\nFixed Version: 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, 3.1.4\nLink: [CVE-2026-27904](https://avd.aquasec.com/nvd/cve-2026-27904)" }, - "ruleId": "CVE-2024-45231", - "ruleIndex": 12 + "ruleId": "CVE-2026-27904", + "ruleIndex": 7 }, { - "level": "warning", + "level": "error", "locations": [ { "message": { - "text": "requirements.txt: django@1.11.29" + "text": "package-lock.json: flatted@3.3.1" }, "physicalLocation": { "artifactLocation": { - "uri": "requirements.txt", + "uri": "package-lock.json", "uriBaseId": "ROOTPATH" }, "region": { "endColumn": 1, - "endLine": 1, + "endLine": 823, "startColumn": 1, - "startLine": 1 + "startLine": 819 } } } ], "message": { - "text": "Package: django\nInstalled Version: 1.11.29\nVulnerability CVE-2025-48432\nSeverity: MEDIUM\nFixed Version: 5.2.2, 5.1.10, 4.2.22\nLink: [CVE-2025-48432](https://avd.aquasec.com/nvd/cve-2025-48432)" + "text": "Package: flatted\nInstalled Version: 3.3.1\nVulnerability CVE-2026-32141\nSeverity: HIGH\nFixed Version: 3.4.0\nLink: [CVE-2026-32141](https://avd.aquasec.com/nvd/cve-2026-32141)" }, - "ruleId": "CVE-2025-48432", - "ruleIndex": 13 + "ruleId": "CVE-2026-32141", + "ruleIndex": 3 } ], "tool": { @@ -400,4 +427,4 @@ } ], "version": "2.1.0" -} +} \ No newline at end of file diff --git a/plugins/tools/trivy/test/src/.codacy/codacy.yaml b/plugins/tools/trivy/test/src/.codacy/codacy.yaml index b47f29c7..52ddb387 100644 --- a/plugins/tools/trivy/test/src/.codacy/codacy.yaml +++ b/plugins/tools/trivy/test/src/.codacy/codacy.yaml @@ -1,3 +1,3 @@ runtimes: null tools: - - trivy@0.69.3 + - trivy@0.69.3 \ No newline at end of file