diff --git a/pathfinder-rules/android/WebViewJavaScriptEnabled.cql b/pathfinder-rules/android/WebViewJavaScriptEnabled.cql index 125c9fc7..3c967583 100644 --- a/pathfinder-rules/android/WebViewJavaScriptEnabled.cql +++ b/pathfinder-rules/android/WebViewJavaScriptEnabled.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-079 + * @ruleprovider android */ FROM method_invocation AS mi WHERE mi.getName() == "setJavaScriptEnabled" && "true" in mi.getArgumentName() diff --git a/pathfinder-rules/android/WebViewaddJavascriptInterface.cql b/pathfinder-rules/android/WebViewaddJavascriptInterface.cql index 4a3dca91..bf42bb02 100644 --- a/pathfinder-rules/android/WebViewaddJavascriptInterface.cql +++ b/pathfinder-rules/android/WebViewaddJavascriptInterface.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-079 + * @ruleprovider android */ predicate isJavaScriptEnabled(method_invocation mi) { diff --git a/pathfinder-rules/android/WebViewsetAllowContentAccess.cql b/pathfinder-rules/android/WebViewsetAllowContentAccess.cql index 5da9e677..eff355e7 100644 --- a/pathfinder-rules/android/WebViewsetAllowContentAccess.cql +++ b/pathfinder-rules/android/WebViewsetAllowContentAccess.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-079 + * @ruleprovider android */ FROM method_invocation AS mi WHERE mi.getName() == "setAllowContentAccess" && "true" in mi.getArgumentName() diff --git a/pathfinder-rules/android/WebViewsetAllowFileAccess.cql b/pathfinder-rules/android/WebViewsetAllowFileAccess.cql index 5caf2938..ea409694 100644 --- a/pathfinder-rules/android/WebViewsetAllowFileAccess.cql +++ b/pathfinder-rules/android/WebViewsetAllowFileAccess.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-079 + * @ruleprovider android */ FROM method_invocation AS mi WHERE mi.getName() == "setAllowFileAccess" && "true" in mi.getArgumentName() diff --git a/pathfinder-rules/android/WebViewsetAllowFileAccessFromFileURLs.cql b/pathfinder-rules/android/WebViewsetAllowFileAccessFromFileURLs.cql index c949c15e..4f342ad2 100644 --- a/pathfinder-rules/android/WebViewsetAllowFileAccessFromFileURLs.cql +++ b/pathfinder-rules/android/WebViewsetAllowFileAccessFromFileURLs.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-079 + * @ruleprovider android */ FROM method_invocation AS mi WHERE mi.getName() == "setAllowFileAccessFromFileURLs" && "true" in mi.getArgumentName() diff --git a/pathfinder-rules/java/BlowfishUsage.cql b/pathfinder-rules/java/BlowfishUsage.cql index 1a07a860..75055d74 100644 --- a/pathfinder-rules/java/BlowfishUsage.cql +++ b/pathfinder-rules/java/BlowfishUsage.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-327 + * @ruleprovider java */ FROM method_invocation AS mi diff --git a/pathfinder-rules/java/DefaultHttpClient.cql b/pathfinder-rules/java/DefaultHttpClient.cql index da75cc3c..02b80186 100644 --- a/pathfinder-rules/java/DefaultHttpClient.cql +++ b/pathfinder-rules/java/DefaultHttpClient.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-326 + * @ruleprovider java */ FROM ClassInstanceExpr AS cie diff --git a/pathfinder-rules/java/InsecureRandom.cql b/pathfinder-rules/java/InsecureRandom.cql index b07fce7a..d6f28c3a 100644 --- a/pathfinder-rules/java/InsecureRandom.cql +++ b/pathfinder-rules/java/InsecureRandom.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-330 + * @ruleprovider java */ FROM method_invocation AS mi diff --git a/pathfinder-rules/java/RC4Usage.cql b/pathfinder-rules/java/RC4Usage.cql index a93d86fb..3182f505 100644 --- a/pathfinder-rules/java/RC4Usage.cql +++ b/pathfinder-rules/java/RC4Usage.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-327 + * @ruleprovider java */ FROM method_invocation AS mi diff --git a/pathfinder-rules/java/SHA1Usage.cql b/pathfinder-rules/java/SHA1Usage.cql index 707234ee..fb615ea7 100644 --- a/pathfinder-rules/java/SHA1Usage.cql +++ b/pathfinder-rules/java/SHA1Usage.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-328 + * @ruleprovider java */ FROM method_invocation AS mi diff --git a/pathfinder-rules/java/UnEncryptedSocketConnection.cql b/pathfinder-rules/java/UnEncryptedSocketConnection.cql index 5fb695ae..ee38e470 100644 --- a/pathfinder-rules/java/UnEncryptedSocketConnection.cql +++ b/pathfinder-rules/java/UnEncryptedSocketConnection.cql @@ -8,6 +8,7 @@ * @precision medium * @tags security * external/cwe/cwe-319 + * @ruleprovider java */ FROM ClassInstanceExpr AS cie diff --git a/sourcecode-parser/cmd/ci.go b/sourcecode-parser/cmd/ci.go index 5143f36a..65cdbbef 100644 --- a/sourcecode-parser/cmd/ci.go +++ b/sourcecode-parser/cmd/ci.go @@ -9,11 +9,23 @@ import ( "path/filepath" "strings" + "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/shivasurya/code-pathfinder/sourcecode-parser/graph" "github.com/spf13/cobra" ) +type Rule struct { + ID string `json:"id"` + Description string `json:"description"` + Impact string `json:"impact"` + Severity string `json:"severity"` + Passed bool `json:"passed" default:"true"` + Query string `json:"query"` + RuleProvider string `json:"rule_provider"` +} + var ciCmd = &cobra.Command{ Use: "ci", Short: "Scan a project for vulnerabilities with ruleset in ci mode", @@ -53,12 +65,13 @@ var ciCmd = &cobra.Command{ for _, rule := range ruleset { queryInput := ParseQuery(rule) rulesetResult := make(map[string]interface{}) - result, err := processQuery(queryInput, codeGraph, output) + result, err := processQuery(queryInput.Query, codeGraph, output) - if output == "json" { + if output == "json" || output == "sarif" { var resultObject map[string]interface{} json.Unmarshal([]byte(result), &resultObject) //nolint:all - rulesetResult["query"] = queryInput + rulesetResult["query"] = queryInput.Query + rulesetResult["rule"] = queryInput rulesetResult["result"] = resultObject outputResult = append(outputResult, rulesetResult) } else { @@ -97,15 +110,74 @@ var ciCmd = &cobra.Command{ fmt.Println("Error writing output file: ", err) } } + } else if output == "sarif" { + sarifReport, err := generateSarifReport(outputResult) + if err != nil { + fmt.Println("Error generating sarif report: ", err) + os.Exit(1) + } + if graph.IsGitHubActions() { + // append GITHUB_WORKSPACE to output file path + outputFile = os.Getenv("GITHUB_WORKSPACE") + "/" + outputFile + } + if err := sarifReport.WriteFile(outputFile); err != nil { + fmt.Println("Error writing sarif report: ", err) + os.Exit(1) + } } }, } +func generateSarifReport(results []map[string]interface{}) (*sarif.Report, error) { + report, err := sarif.New(sarif.Version210) + if err != nil { + return nil, err + } + run := sarif.NewRunWithInformationURI("CodePathFinder", "https://codepathfinder.dev") + for _, result := range results { + localresult := result["result"].(map[string]interface{}) //nolint:all + resultSet := localresult["result_set"].([]interface{}) //nolint:all + pb := sarif.NewPropertyBag() + rule := result["rule"].(Rule) //nolint:all + pb.Add("impact", rule.Impact) + pb.Add("ruleProvider", rule.RuleProvider) + + run.AddRule(rule.ID). + WithDescription(rule.Description). + WithProperties(pb.Properties). + WithMarkdownHelp("# markdown") + + for _, finding := range resultSet { + findingMap := finding.(map[string]interface{}) //nolint:all + file, _ := findingMap["file"].(string) //nolint:all + line, _ := findingMap["line"].(float64) //nolint:all + // convert line to int + lineInt := int(line) + + run.CreateResultForRule(rule.ID). + WithLevel(strings.ToLower(rule.Severity)). + WithMessage(sarif.NewTextMessage(rule.Description)). + AddLocation( + sarif.NewLocationWithPhysicalLocation( + sarif.NewPhysicalLocation(). + WithArtifactLocation( + sarif.NewSimpleArtifactLocation(file), + ).WithRegion( + sarif.NewSimpleRegion(lineInt, lineInt), + ), + ), + ) + } + } + report.AddRun(run) + return report, nil +} + func init() { rootCmd.AddCommand(ciCmd) - ciCmd.Flags().StringP("output", "o", "", "Supported output format: json") + ciCmd.Flags().StringP("output", "o", "", "Supported output format: json, sarif") ciCmd.Flags().StringP("output-file", "f", "", "Output file path") - ciCmd.Flags().StringP("project", "p", "", "Project to analyze") + ciCmd.Flags().StringP("project", "p", "", "Source code to analyze") ciCmd.Flags().StringP("ruleset", "r", "", "Ruleset to use example: cfp/java or directory path") } @@ -178,20 +250,55 @@ func downloadRuleset(ruleset string) ([]string, error) { return rules, nil } -func ParseQuery(query string) string { +func ParseQuery(query string) Rule { // split query into lines lines := strings.Split(query, "\n") findLineFound := false + commentLineFound := false query = "" + comment := "" + rule := Rule{} for _, line := range lines { // check if line starts with : - if strings.HasPrefix(strings.TrimSpace(line), "predicate") || strings.HasPrefix(strings.TrimSpace(line), "FROM") { + if strings.HasPrefix(strings.TrimSpace(line), "/*") { //nolint:all + comment += line + commentLineFound = true + } else if strings.HasPrefix(strings.TrimSpace(line), "predicate") || strings.HasPrefix(strings.TrimSpace(line), "FROM") { findLineFound = true query += line + " " } else if findLineFound { query += line + " " + } else if commentLineFound { + comment += line + key, value := ParseCommentLine(line) + switch key { + case "@id": + rule.ID = value + case "@description": + rule.Description = value + case "@problem.severity": + rule.Severity = value + case "@security-severity": + rule.Impact = value + case "@ruleprovider": + rule.RuleProvider = value + } + } else if strings.HasPrefix(strings.TrimSpace(line), "*/") { + commentLineFound = false } } - query = strings.TrimSpace(query) - return query + rule.Query = strings.TrimSpace(query) + return rule +} + +func ParseCommentLine(line string) (key, value string) { + // parse comment start with "* @name " + comment := strings.TrimSpace(line) + comment = strings.TrimPrefix(comment, "*") + comment = strings.TrimSpace(comment) + parts := strings.Split(comment, " ") + if len(parts) > 1 { + return parts[0], strings.Join(parts[1:], " ") + } + return "", "" } diff --git a/sourcecode-parser/cmd/ci_test.go b/sourcecode-parser/cmd/ci_test.go index 1ade3f46..01ca1a82 100644 --- a/sourcecode-parser/cmd/ci_test.go +++ b/sourcecode-parser/cmd/ci_test.go @@ -20,7 +20,7 @@ func TestCiCmd(t *testing.T) { { name: "Basic CI command", args: []string{"ci", "--help"}, - expectedOutput: "Scan a project for vulnerabilities with ruleset in ci mode\n\nUsage:\n pathfinder ci [flags]\n\nFlags:\n -h, --help help for ci\n -o, --output string Supported output format: json\n -f, --output-file string Output file path\n -p, --project string Project to analyze\n -r, --ruleset string Ruleset to use example: cfp/java or directory path\n", + expectedOutput: "Scan a project for vulnerabilities with ruleset in ci mode\n\nUsage:\n pathfinder ci [flags]\n\nFlags:\n -h, --help help for ci\n -o, --output string Supported output format: json, sarif\n -f, --output-file string Output file path\n -p, --project string Source code to analyze\n -r, --ruleset string Ruleset to use example: cfp/java or directory path\n", }, } @@ -64,37 +64,41 @@ func TestParseQuery(t *testing.T) { tests := []struct { name string input string - expected string + expected Rule }{ { name: "Single predicate", input: "predicate foo()\n{\n bar\n}", - expected: "predicate foo() { bar }", + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "predicate foo() { bar }", RuleProvider: ""}, }, { name: "Multiple predicates", input: "some code\npredicate foo()\n{\n bar\n}\npredicate baz()\n{\n qux\n}", - expected: "predicate foo() { bar } predicate baz() { qux }", - }, + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "predicate foo() { bar } predicate baz() { qux }", RuleProvider: ""}}, { name: "FROM clause", input: "SELECT *\nFROM table\nWHERE condition", - expected: "FROM table WHERE condition", + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "FROM table WHERE condition", RuleProvider: ""}, }, { name: "Mixed predicates and FROM", input: "predicate foo()\n{\n bar\n}\nSELECT *\nFROM table\nWHERE condition", - expected: "predicate foo() { bar } SELECT * FROM table WHERE condition", + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "predicate foo() { bar } SELECT * FROM table WHERE condition", RuleProvider: ""}, }, { name: "No matching lines", - input: "Some random\ntext without\nmatching lines", - expected: "", + input: "cmd.Rule(cmd.Rule{ID:\"\", Description:\"\", Impact:\"\", Severity:\"\", Passed:false, Query:\"\", RuleProvider:\"\"})", + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "", RuleProvider: ""}, }, { name: "Empty input", input: "", - expected: "", + expected: Rule{ID: "", Description: "", Impact: "", Severity: "", Passed: false, Query: "", RuleProvider: ""}, + }, + { + name: "Single line comment", + input: "/**\n * @name Android WebView JavaScript settings\n * @description Enabling setAllowFileAccessFromFileURLs leak s&&box access to file:/// URLs.\n * @kind problem\n * @id java/Android/webview-javascript-enabled\n * @problem.severity warning\n * @security-severity 6.1\n * @precision medium\n * @tags security\n * external/cwe/cwe-079\n * @ruleprovider android\n */\nFROM method_invocation AS mi\nWHERE mi.getName() == \"setAllowFileAccessFromFileURLs\" && \"true\" in mi.getArgumentName()\nSELECT mi.getName(), \"File access enabled\"", + expected: Rule{ID: "java/Android/webview-javascript-enabled", Description: "Enabling setAllowFileAccessFromFileURLs leak s&&box access to file:/// URLs.", Impact: "6.1", Severity: "warning", Passed: false, Query: "FROM method_invocation AS mi WHERE mi.getName() == \"setAllowFileAccessFromFileURLs\" && \"true\" in mi.getArgumentName() SELECT mi.getName(), \"File access enabled\"", RuleProvider: "android"}, }, } diff --git a/sourcecode-parser/cmd/query.go b/sourcecode-parser/cmd/query.go index 296ede84..c179fb4d 100644 --- a/sourcecode-parser/cmd/query.go +++ b/sourcecode-parser/cmd/query.go @@ -128,7 +128,7 @@ func processQuery(input string, codeGraph *graph.CodeGraph, output string) (stri parsedQuery.Expression = strings.SplitN(parts[1], "SELECT", 2)[0] } entities, formattedOutput := graph.QueryEntities(codeGraph, parsedQuery) - if output == "json" { + if output == "json" || output == "sarif" { analytics.ReportEvent(analytics.QueryCommandJSON) // convert struct to query_results results := make(map[string]interface{}) diff --git a/sourcecode-parser/go.mod b/sourcecode-parser/go.mod index 323d84e2..b3ba70dd 100644 --- a/sourcecode-parser/go.mod +++ b/sourcecode-parser/go.mod @@ -15,6 +15,7 @@ require ( require ( github.com/fatih/color v1.17.0 + github.com/owenrumney/go-sarif/v2 v2.3.3 github.com/stretchr/testify v1.9.0 ) diff --git a/sourcecode-parser/go.sum b/sourcecode-parser/go.sum index 701c4899..ba1806f0 100644 --- a/sourcecode-parser/go.sum +++ b/sourcecode-parser/go.sum @@ -1,5 +1,6 @@ github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ= github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -8,17 +9,28 @@ github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI github.com/expr-lang/expr v1.16.9/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/owenrumney/go-sarif/v2 v2.3.3 h1:ubWDJcF5i3L/EIOER+ZyQ03IfplbSU1BLOE26uKQIIU= +github.com/owenrumney/go-sarif/v2 v2.3.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posthog/posthog-go v1.2.20 h1:gH62ssImK6xRKbYgmaW+sIPqvXBtu6iYjRR3f4lLIoA= @@ -32,18 +44,32 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/sourcecode-parser/go.work.sum b/sourcecode-parser/go.work.sum index 11a2e8a2..777f6dd6 100644 --- a/sourcecode-parser/go.work.sum +++ b/sourcecode-parser/go.work.sum @@ -1,8 +1,10 @@ +github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/posthog/posthog-go v1.2.20 h1:gH62ssImK6xRKbYgmaW+sIPqvXBtu6iYjRR3f4lLIoA= -github.com/posthog/posthog-go v1.2.20/go.mod h1:QjlpryJtfYLrZF2GUkAhejH4E7WlDbdKkvOi5hLmkdg= +github.com/kr/pty v1.1.1 h1:VkoXIwSboBpnk99O/KFauAEILuNHv5DVFKZMBN/gUgw= +github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= @@ -10,9 +12,16 @@ github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= +github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= +github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM=