Added support for sarif

Author: Pavel Bansky

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Microsoft.DevSkim.CLI.csproj

@@ -9,18 +9,13 @@
     <ApplicationIcon />
     <PackageId>Microsoft.DevSkim.CLI</PackageId>
     <Product>Microsoft DevSkim Command Line Interface</Product>
-    <Version>0.1.9</Version>
+    <Version>0.1.10</Version>
     <Authors>Microsoft</Authors>
     <Company>Microsoft</Company>
     <Copyright>(c) Microsoft Corporation. All rights reserved</Copyright>
     <Description>DevSkim is a framework and Language analyzer that provide inline security analysis</Description>    
   </PropertyGroup>
 
-  <ItemGroup>
-    <None Remove="Resources\devskim-rules.json" />
-    <None Remove="soubor.txt" />
-  </ItemGroup>
-
   <ItemGroup>
     <EmbeddedResource Include="Resources\devskim-rules.json" />
   </ItemGroup>

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Resources/devskim-rules.json

@@ -51,7 +51,7 @@
     "rule_info": "DS185832.md",
     "patterns": [
       {
-        "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+)\\)",
+        "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)",
         "type": "regex",
         "modifiers": null,
         "scopes": [
@@ -66,7 +66,7 @@
         "name": "Change to strcpy_s (Recommended for VC++)",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+)\\)",
+          "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -80,7 +80,7 @@
         "name": "Change to strlcpy",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+)\\)",
+          "pattern": "\\bstrcpy\\s*\\(([^,]+),([^,]+?)\\)",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -113,7 +113,7 @@
     "rule_info": "DS111237.md",
     "patterns": [
       {
-        "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+        "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
         "type": "regex",
         "modifiers": null,
         "scopes": [
@@ -128,7 +128,7 @@
         "name": "Change to strcpy_s (Recommended for VC++)",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+          "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -142,7 +142,7 @@
         "name": "Change to strlcpy",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+          "pattern": "\\bstrncpy\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -175,7 +175,7 @@
     "rule_info": "DS141863.md",
     "patterns": [
       {
-        "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+)\\)",
+        "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)",
         "type": "regex",
         "modifiers": null,
         "scopes": [
@@ -190,7 +190,7 @@
         "name": "Change to strcat_s (Recommended for VC++)",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+)\\)",
+          "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -204,7 +204,7 @@
         "name": "Change to strlcat",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+)\\)",
+          "pattern": "\\bstrcat\\s*\\(([^,]+),([^,]+?)\\)",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -237,7 +237,7 @@
     "rule_info": "DS108330.md",
     "patterns": [
       {
-        "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+        "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
         "type": "regex",
         "modifiers": null,
         "scopes": [
@@ -252,7 +252,7 @@
         "name": "Change to strcat_s (Recommended for VC++)",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+          "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -266,7 +266,7 @@
         "name": "Change to strlcat",
         "type": "regex-replace",
         "pattern": {
-          "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+)\\)+",
+          "pattern": "\\bstrncat\\s*\\(([^,]+),([^,]+),([^,]+?)\\)+",
           "type": "regex",
           "modifiers": null,
           "scopes": [
@@ -872,7 +872,7 @@
   },
   {
     "id": "DS113286",
-    "name": "Do not include user-input directoy in format strings",
+    "name": "Do not include user-input directly in format strings",
     "overrides": null,
     "schema_version": 0,
     "tags": [

src/Microsoft.DevSkim/Microsoft.DevSkim.CLI/Writers/SarifWriter.cs

@@ -33,7 +33,9 @@ public override void WriteIssue(IssueRecord issue)
                                                                  issue.Issue.Boundary.Length
                                                        ));
             resultItem.Snippet = issue.TextSample;
-            resultItem.Fixes = GetFixits(issue);
+
+            if (issue.Issue.Rule.Fixes != null)
+                resultItem.Fixes = GetFixits(issue);
 
             resultItem.Locations = new List<CodeAnalysis.Sarif.Location>();
             resultItem.Locations.Add(loc);
@@ -47,11 +49,16 @@ public override void FlushAndClose()
             sarifLog.Version = SarifVersion.OneZeroZero;
             Run runItem = new Run();
             runItem.Tool = new Tool();
-            runItem.Tool.FullName = "Microsoft DevSkim CLI";
-            runItem.Tool.Name = "DevSkim";
-            runItem.Tool.Version = Assembly.GetEntryAssembly()
-                                           .GetCustomAttribute<AssemblyInformationalVersionAttribute>()
-                                           .InformationalVersion;
+            Assembly entryAssembly = Assembly.GetEntryAssembly();
+
+            runItem.Tool.Name = entryAssembly.GetName()
+                                 .Name;
+
+            runItem.Tool.FullName = entryAssembly.GetCustomAttribute<AssemblyProductAttribute>()
+                                                 .Product;
+
+            runItem.Tool.Version = entryAssembly.GetCustomAttribute<AssemblyInformationalVersionAttribute>()
+                                                .InformationalVersion;
 
             runItem.Results = _results;
             runItem.Rules = _rules;
@@ -122,6 +129,7 @@ private void AddRuleToSarifRule(Rule devskimRule)
             if (!_rules.ContainsKey(devskimRule.Id))
             {
                 CodeAnalysis.Sarif.Rule sarifRule = new CodeAnalysis.Sarif.Rule();
+                sarifRule.Id = devskimRule.Id;
                 sarifRule.Name = devskimRule.Name;
                 sarifRule.FullDescription = devskimRule.Description;
                 sarifRule.HelpUri = new Uri("https://github.com/Microsoft/DevSkim/blob/master/guidance/" + devskimRule.RuleInfo);