-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconvert_sarif_to_gitlab.py
86 lines (78 loc) · 3.7 KB
/
convert_sarif_to_gitlab.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
import json
from datetime import datetime
def sarif_to_gitlab(sarif_file, output_file):
# Load SARIF data
with open(sarif_file, 'r') as file:
sarif_data = json.load(file)
# Initialize GitLab report structure
gitlab_report = {
"version": "15.0.0",
"vulnerabilities": [],
"remediations": [],
"scan": {
"scanner": {
"id": "custom_sarif_import",
"name": "Custom SARIF Importer",
"version": "1.0",
"vendor": {
"name": "Custom Vendor" # Updated to be an object
}
},
"analyzer": {
"name": "Custom Analyzer",
"version": "1.0",
"id": "custom_analyzer", # Example ID, adjust as needed
"vendor": {
"name": "Custom Analyzer Vendor" # Example vendor, adjust as needed
}
},
"start_time": datetime.now().strftime("%Y-%m-%dT%H:%M:%S"),
"end_time": datetime.now().strftime("%Y-%m-%dT%H:%M:%S"),
"status": "success",
"type": "sast"
}
}
# Extract the informationUri link from SARIF data
link = ""
if "runs" in sarif_data and len(sarif_data["runs"]) > 0:
link = sarif_data["runs"][0].get("tool", {}).get("driver", {}).get("informationUri", "")
print("Extracted link:", link)
# Map SARIF data to GitLab format
for run in sarif_data.get("runs", []):
for result in run.get("results", []):
vulnerability = {
"id": result.get("ruleId"),
"category": "sast",
"name": result.get("message", {}).get("text"),
"message": result.get("message", {}).get("text"),
"description": result.get("message", {}).get("text"),
"severity": map_severity(result.get("properties", {}).get("nightvision-risk")), # Mapping function to ensure correct severity
"confidence": result.get("properties", {}).get("nightvision-confidence"),
"solution": f"For more information, refer to the detailed finding: {link}",
"scanner": gitlab_report["scan"]["scanner"],
"identifiers": [{"type": "cve", "name": result.get("ruleId"), "value": result.get("ruleId")}],
"location": {
"file": result.get("locations", [{}])[0].get("physicalLocation", {}).get("artifactLocation", {}).get("uri"),
}
}
# Conditionally add start and end lines if they are numbers
if isinstance(result.get("locations", [{}])[0].get("physicalLocation", {}).get("region", {}).get("startLine"), int):
vulnerability["location"]["start_line"] = result.get("locations", [{}])[0].get("physicalLocation", {}).get("region", {}).get("startLine")
if isinstance(result.get("locations", [{}])[0].get("physicalLocation", {}).get("region", {}).get("endLine"), int):
vulnerability["location"]["end_line"] = result.get("locations", [{}])[0].get("physicalLocation", {}).get("region", {}).get("endLine")
gitlab_report["vulnerabilities"].append(vulnerability)
# Write GitLab report to file
with open(output_file, 'w') as file:
json.dump(gitlab_report, file, indent=4)
def map_severity(sarif_severity):
"""Map SARIF severity to GitLab severity levels."""
severity_mapping = {
"CRITICAL": "Critical",
"HIGH": "High",
"MEDIUM": "Medium",
"LOW": "Low",
"INFO": "Info",
}
return severity_mapping.get(sarif_severity, "Unknown")
# Example usage
sarif_to_gitlab('results.sarif', 'gitlab_security_report.json')