Merge pull request #7207 from Checkmarx/AST-54409

fix(query): fix CWE field not appearing in KICS CLI and sarif reports
Checkmarx · Jul 30, 2024 · f0cf78d · f0cf78d
2 parents f707b51 + c833aa8
commit f0cf78d
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 6 deletions.
diff --git a/.github/scripts/docs-generator/query-page-generator/query-page-generator.py b/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
@@ -181,12 +181,20 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
         doc_template = f.read()
 
     for key, query_data in queries_database.items():
+        cwe = query_data.get('cwe', '')
+        if cwe == '':
+            cwe = 'Ongoing'
+        else:
+            cwe_url = f'https://cwe.mitre.org/data/definitions/{cwe}.html'
+            cwe = f'<a href="{cwe_url}" onclick="newWindowOpenerSafe(event, \'{cwe_url}\')">{cwe}</a>'
+
         query_doc = doc_template
         query_doc = doc_template.replace('<QUERY_ID>', key).replace(
             '<QUERY_NAME>', query_data.get('queryName')).replace(
             '<PLATFORM>', query_data.get('platform')).replace(
             '<SEVERITY>', format_severity(query_data.get('severity'))).replace(
             '<CATEGORY>', query_data.get('category')).replace(
+            '<CWE>', cwe).replace(
             '<GITHUB_URL>', query_data.get('githubUrl')).replace(
             '<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
             '<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(

diff --git a/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md b/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md
@@ -20,6 +20,7 @@ hide:
 -   **Platform:** <PLATFORM>
 -   **Severity:** <SEVERITY>
 -   **Category:** <CATEGORY>
+-   **CWE:** <CWE>
 -   **URL:** [Github](<GITHUB_URL>)
 
 ### Description

diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json
@@ -72,6 +72,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,
@@ -97,6 +98,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,

diff --git a/e2e/fixtures/E2E_CLI_086_RESULT.json b/e2e/fixtures/E2E_CLI_086_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,

diff --git a/e2e/fixtures/E2E_CLI_087_RESULT.json b/e2e/fixtures/E2E_CLI_087_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,

diff --git a/e2e/fixtures/E2E_CLI_088_RESULT.json b/e2e/fixtures/E2E_CLI_088_RESULT.json
@@ -32,6 +32,7 @@
       "query_url": "https://docs.kics.io/latest/secrets/",
       "severity": "HIGH",
       "platform": "Common",
+      "cwe": "798",
       "cloud_provider": "COMMON",
       "category": "Secret Management",
       "experimental": false,

diff --git a/pkg/engine/secrets/inspector.go b/pkg/engine/secrets/inspector.go
@@ -527,6 +527,7 @@ func (c *Inspector) addVulnerability(basePaths []string, file *model.FileMetadat
 				VulnLines:        hideSecret(&linesVuln, issueLine, query, &c.SecretTracker),
 				IssueType:        "RedundantAttribute",
 				Platform:         SecretsQueryMetadata["platform"],
+				CWE:              SecretsQueryMetadata["cwe"],
 				Severity:         model.SeverityHigh,
 				QueryURI:         SecretsQueryMetadata["descriptionUrl"],
 				Category:         SecretsQueryMetadata["category"],

diff --git a/pkg/engine/secrets/inspector_test.go b/pkg/engine/secrets/inspector_test.go
@@ -478,10 +478,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: false,
 		wantRegLen:     1,
@@ -508,10 +509,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: true,
 		wantRegLen:     0,
@@ -538,10 +540,11 @@ var testNewInspectorInputs = []struct {
 			"severity": "HIGH",
 			"category": "Secret Management",
 			"descriptionText": "Query to find passwords and secrets in infrastructure code.",
-			"descriptionUrl": "https://kics.io/",
+			"descriptionUrl": "https://docs.kics.io/latest/secrets/",
 			"platform": "Common",
 			"descriptionID": "d69d8a89",
-			"cloudProvider": "common"
+			"cloudProvider": "common",
+			"cwe": "798"
 		  }`,
 		disableSecrets: false,
 		wantRegLen:     1,