From 49c0eed3a423f00c872b5c3c9f1bbca9e8aae799 Mon Sep 17 00:00:00 2001 From: Martin Costello Date: Fri, 20 Oct 2023 22:13:08 +0100 Subject: [PATCH] :bug: SAST detect new GitHub app slug for CodeQL (#3591) * Fix SAST no longer working for CodeQL The app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits. Signed-off-by: martincostello * Fix lint warning Fix lint warning. Signed-off-by: martincostello --------- Signed-off-by: martincostello --- checks/sast.go | 7 ++++- checks/sast_test.go | 71 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 2 deletions(-) diff --git a/checks/sast.go b/checks/sast.go index d7ed2991c35..57cdd003fe8 100644 --- a/checks/sast.go +++ b/checks/sast.go @@ -36,7 +36,12 @@ const CheckSAST = "SAST" var errInvalid = errors.New("invalid") -var sastTools = map[string]bool{"github-code-scanning": true, "lgtm-com": true, "sonarcloud": true} +var sastTools = map[string]bool{ + "github-advanced-security": true, + "github-code-scanning": true, + "lgtm-com": true, + "sonarcloud": true, +} var allowedConclusions = map[string]bool{"success": true, "neutral": true} diff --git a/checks/sast_test.go b/checks/sast_test.go index 5e653a8e4a4..c4d13d12596 100644 --- a/checks/sast_test.go +++ b/checks/sast_test.go @@ -60,7 +60,53 @@ func Test_SAST(t *testing.T) { expected: checker.CheckResult{Score: -1}, }, { - name: "Successful SAST checker should return success status", + name: "Successful SAST checker should return success status for github-advanced-security", + commits: []clients.Commit{ + { + AssociatedMergeRequest: clients.PullRequest{ + MergedAt: time.Now().Add(time.Hour - 1), + }, + }, + }, + searchresult: clients.SearchResponse{}, + checkRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + App: clients.CheckRunApp{ + Slug: "github-advanced-security", + }, + }, + }, + expected: checker.CheckResult{ + Score: 10, + }, + }, + { + name: "Successful SAST checker should return success status for github-code-scanning", + commits: []clients.Commit{ + { + AssociatedMergeRequest: clients.PullRequest{ + MergedAt: time.Now().Add(time.Hour - 1), + }, + }, + }, + searchresult: clients.SearchResponse{}, + checkRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + App: clients.CheckRunApp{ + Slug: "github-code-scanning", + }, + }, + }, + expected: checker.CheckResult{ + Score: 10, + }, + }, + { + name: "Successful SAST checker should return success status for lgtm", commits: []clients.Commit{ { AssociatedMergeRequest: clients.PullRequest{ @@ -82,6 +128,29 @@ func Test_SAST(t *testing.T) { Score: 10, }, }, + { + name: "Successful SAST checker should return success status for sonarcloud", + commits: []clients.Commit{ + { + AssociatedMergeRequest: clients.PullRequest{ + MergedAt: time.Now().Add(time.Hour - 1), + }, + }, + }, + searchresult: clients.SearchResponse{}, + checkRuns: []clients.CheckRun{ + { + Status: "completed", + Conclusion: "success", + App: clients.CheckRunApp{ + Slug: "sonarcloud", + }, + }, + }, + expected: checker.CheckResult{ + Score: 10, + }, + }, { name: "Failed SAST checker should return success status", commits: []clients.Commit{