[feat] Add Seqra report converter

Author: seqradev

tools/report-converter/codechecker_report_converter/analyzers/seqra/__init__.py

@@ -0,0 +1,7 @@
+# -------------------------------------------------------------------------
+#
+#  Part of the CodeChecker project, under the Apache License v2.0 with
+#  LLVM Exceptions. See LICENSE for license information.
+#  SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+#
+# -------------------------------------------------------------------------

tools/report-converter/codechecker_report_converter/analyzers/seqra/analyzer_result.py

@@ -0,0 +1,31 @@
+# -------------------------------------------------------------------------
+#
+#  Part of the CodeChecker project, under the Apache License v2.0 with
+#  LLVM Exceptions. See LICENSE for license information.
+#  SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+#
+# -------------------------------------------------------------------------
+
+import logging
+from typing import List
+
+from codechecker_report_converter.report import Report
+from codechecker_report_converter.report.parser import sarif
+
+from ..analyzer_result import AnalyzerResultBase
+
+
+LOG = logging.getLogger('report-converter')
+
+
+class AnalyzerResult(AnalyzerResultBase):
+    """ Transform analyzer result of the Seqra."""
+
+    TOOL_NAME = 'seqra'
+    NAME = 'Seqra Security-Focused Static Analyzer'
+    URL = 'https://seqra.dev/'
+
+    def get_reports(self, file_path: str) -> List[Report]:
+        """ Get reports from the given analyzer result file. """
+
+        return sarif.Parser().get_reports(file_path)

tools/report-converter/tests/unit/analyzers/seqra_output_test_files/UserProfileController.expected.plist

@@ -0,0 +1,251 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>diagnostics</key>
+	<array>
+		<dict>
+			<key>category</key>
+			<string>unknown</string>
+			<key>check_name</key>
+			<string>seqra.java.spring.xss</string>
+			<key>description</key>
+			<string>Controller returns an untrusted unvalidated data</string>
+			<key>issue_hash_content_of_line_in_context</key>
+			<string>9912049596cf713fc0bdaee7280274d8</string>
+			<key>location</key>
+			<dict>
+				<key>col</key>
+				<integer>1</integer>
+				<key>file</key>
+				<integer>0</integer>
+				<key>line</key>
+				<integer>18</integer>
+			</dict>
+			<key>path</key>
+			<array>
+				<dict>
+					<key>edges</key>
+					<array>
+						<dict>
+							<key>end</key>
+							<array>
+								<dict>
+									<key>col</key>
+									<integer>1</integer>
+									<key>file</key>
+									<integer>0</integer>
+									<key>line</key>
+									<integer>18</integer>
+								</dict>
+								<dict>
+									<key>col</key>
+									<integer>1</integer>
+									<key>file</key>
+									<integer>0</integer>
+									<key>line</key>
+									<integer>18</integer>
+								</dict>
+							</array>
+							<key>start</key>
+							<array>
+								<dict>
+									<key>col</key>
+									<integer>1</integer>
+									<key>file</key>
+									<integer>0</integer>
+									<key>line</key>
+									<integer>17</integer>
+								</dict>
+								<dict>
+									<key>col</key>
+									<integer>1</integer>
+									<key>file</key>
+									<integer>0</integer>
+									<key>line</key>
+									<integer>17</integer>
+								</dict>
+							</array>
+						</dict>
+					</array>
+					<key>kind</key>
+					<string>control</string>
+				</dict>
+				<dict>
+					<key>depth</key>
+					<integer>0</integer>
+					<key>kind</key>
+					<string>event</string>
+					<key>location</key>
+					<dict>
+						<key>col</key>
+						<integer>1</integer>
+						<key>file</key>
+						<integer>0</integer>
+						<key>line</key>
+						<integer>17</integer>
+					</dict>
+					<key>message</key>
+					<string>Method entry marks "message" as $PARAM</string>
+					<key>ranges</key>
+					<array>
+						<array>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>17</integer>
+							</dict>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>17</integer>
+							</dict>
+						</array>
+					</array>
+				</dict>
+				<dict>
+					<key>depth</key>
+					<integer>0</integer>
+					<key>kind</key>
+					<string>event</string>
+					<key>location</key>
+					<dict>
+						<key>col</key>
+						<integer>1</integer>
+						<key>file</key>
+						<integer>0</integer>
+						<key>line</key>
+						<integer>18</integer>
+					</dict>
+					<key>message</key>
+					<string>Takes $PARAM data at "message" and ends up with $PARAM data at a local variable</string>
+					<key>ranges</key>
+					<array>
+						<array>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+						</array>
+					</array>
+				</dict>
+				<dict>
+					<key>depth</key>
+					<integer>0</integer>
+					<key>kind</key>
+					<string>event</string>
+					<key>location</key>
+					<dict>
+						<key>col</key>
+						<integer>1</integer>
+						<key>file</key>
+						<integer>0</integer>
+						<key>line</key>
+						<integer>18</integer>
+					</dict>
+					<key>message</key>
+					<string>The returning value is assigned a value with $PARAM data</string>
+					<key>ranges</key>
+					<array>
+						<array>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+						</array>
+					</array>
+				</dict>
+				<dict>
+					<key>depth</key>
+					<integer>0</integer>
+					<key>kind</key>
+					<string>event</string>
+					<key>location</key>
+					<dict>
+						<key>col</key>
+						<integer>1</integer>
+						<key>file</key>
+						<integer>0</integer>
+						<key>line</key>
+						<integer>18</integer>
+					</dict>
+					<key>message</key>
+					<string>Controller returns an untrusted unvalidated data</string>
+					<key>ranges</key>
+					<array>
+						<array>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+							<dict>
+								<key>col</key>
+								<integer>1</integer>
+								<key>file</key>
+								<integer>0</integer>
+								<key>line</key>
+								<integer>18</integer>
+							</dict>
+						</array>
+					</array>
+				</dict>
+			</array>
+			<key>type</key>
+			<string>seqra</string>
+		</dict>
+	</array>
+	<key>files</key>
+	<array>
+		<string>files/UserProfileController.java</string>
+	</array>
+	<key>metadata</key>
+	<dict>
+		<key>analyzer</key>
+		<dict>
+			<key>name</key>
+			<string>seqra</string>
+		</dict>
+		<key>generated_by</key>
+		<dict>
+			<key>name</key>
+			<string>report-converter</string>
+			<key>version</key>
+			<string>x.y.z</string>
+		</dict>
+	</dict>
+</dict>
+</plist>