CXFLW-1490 added code for upload sarif issue. (#1412)

Co-authored-by: Satyam Chaurasia <[email protected]>
checkmarx-ltd · Dec 10, 2024 · 6981f75 · 6981f75
1 parent 85bd078
commit 6981f75
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/src/main/java/com/checkmarx/flow/config/SarifProperties.java b/src/main/java/com/checkmarx/flow/config/SarifProperties.java
@@ -31,6 +31,9 @@ public class SarifProperties {
 
     @Getter
     @Setter
+
+    private boolean sourceNodefound = false;
+
     private boolean enableOriginalUriBaseIds = false;
 
 
@@ -39,6 +42,7 @@ public class SarifProperties {
     private String srcRootPath = "%SRCROOT%";
 
 
+
     private Map<String, String> severityMap = new HashMap<>();
     private Map<String, String> securitySeverityMap = new HashMap<>();
 

diff --git a/src/main/java/com/checkmarx/flow/custom/SarifIssueTracker.java b/src/main/java/com/checkmarx/flow/custom/SarifIssueTracker.java
@@ -240,7 +240,11 @@ private void generateSastResults(ScanResults results, List<SarifVulnerability> r
                         List<Map<String, Object>> additionalDetails = (List<Map<String, Object>>) issue.getAdditionalDetails().get("results");
                         additionalDetails.forEach((element) -> {
                             Map<String, Object> result = element;
-                            Integer pathNodeId = Integer.valueOf(1); // First Node is added by Above Issue Detail
+                            Integer pathNodeId = 1; // First Node is added by Above Issue Detail
+                            boolean isKeyPresent = result.containsKey(pathNodeId.toString());
+                            if (!isKeyPresent && properties.isSourceNodefound()) {
+                                pathNodeId = findLowestIntegerKey(result);
+                            }
                             while (result.containsKey(pathNodeId.toString())) {
                                 // Add all Nodes till Sink
                                 Map<String, String> node = (Map<String, String>) result.get(pathNodeId.toString());
@@ -378,6 +382,26 @@ private void generateSastResults(ScanResults results, List<SarifVulnerability> r
         }
 
     }
+ public static Integer findLowestIntegerKey(Map<String, Object> map) {
+        Integer lowestKey = null;
+
+        for (String key : map.keySet()) {
+            try {
+                // Attempt to parse the key as an integer
+                int intKey = Integer.parseInt(key);
+
+                // Update the lowest key if needed
+                if (lowestKey == null || intKey < lowestKey) {
+                    lowestKey = intKey;
+                }
+            } catch (NumberFormatException e) {
+                // Skip non-integer keys
+                log.info("Skipping non-integer key: " + key);
+            }
+        }
+
+        return lowestKey;
+    }
 
 
     public static Set<String> getFirstDirectories(List<String> filePaths) {
@@ -616,4 +640,4 @@ public static class UriBase {
         private String uriBaseID;
     }
 
-}
+}