Skip to content

Latest commit

 

History

History
 
 

sarif-to-markdown

@security-alert/sarif-to-markdown

Convert SARIF format to Markdown text.

Supported safari version: v2.1.0

Install

Install with npm:

npm install @security-alert/sarif-to-markdown

Example

input.sarif:

{
  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "CodeQL command-line toolchain",
          "organization": "GitHub",
          "semanticVersion": "2.2.4",
          "rules": [
            {
              "id": "js/xss",
              "name": "js/xss",
              "shortDescription": {
                "text": "Client-side cross-site scripting"
              },
              "fullDescription": {
                "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
              },
              "defaultConfiguration": {
                "level": "error"
              },
              "properties": {
                "tags": [
                  "security",
                  "external/cwe/cwe-079",
                  "external/cwe/cwe-116"
                ],
                "kind": "path-problem",
                "precision": "high",
                "name": "Client-side cross-site scripting",
                "description": "Writing user input directly to the DOM allows for\n              a cross-site scripting vulnerability.",
                "id": "js/xss",
                "problem.severity": "error"
              }
            }
          ]
        }
      },
      "artifacts": [
        {
          "location": {
            "uri": "examples/Xss.js",
            "uriBaseId": "%SRCROOT%",
            "index": 0
          }
        }
      ],
      "results": [
        {
          "ruleId": "js/xss",
          "ruleIndex": 0,
          "message": {
            "text": "Cross-site scripting vulnerability due to [user-provided value](1)."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "examples/Xss.js",
                  "uriBaseId": "%SRCROOT%",
                  "index": 0
                },
                "region": {
                  "startLine": 4,
                  "startColumn": 20,
                  "endColumn": 56
                }
              }
            }
          ],
          "partialFingerprints": {
            "primaryLocationLineHash": "f10617abe5e779f0:1",
            "primaryLocationStartColumnFingerprint": "15"
          },
          "codeFlows": [
            {
              "threadFlows": [
                {
                  "locations": [
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 2,
                            "startColumn": 16,
                            "endColumn": 33
                          }
                        },
                        "message": {
                          "text": "document.location"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 2,
                            "startColumn": 16,
                            "endColumn": 38
                          }
                        },
                        "message": {
                          "text": "documen ... on.href"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 2,
                            "startColumn": 9,
                            "endColumn": 38
                          }
                        },
                        "message": {
                          "text": "href"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 3,
                            "startColumn": 17,
                            "endColumn": 21
                          }
                        },
                        "message": {
                          "text": "href"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 3,
                            "startColumn": 17,
                            "endColumn": 59
                          }
                        },
                        "message": {
                          "text": "href.su ... t=\")+8)"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 3,
                            "startColumn": 9,
                            "endColumn": 59
                          }
                        },
                        "message": {
                          "text": "deflt"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 4,
                            "startColumn": 39,
                            "endColumn": 44
                          }
                        },
                        "message": {
                          "text": "deflt"
                        }
                      }
                    },
                    {
                      "location": {
                        "physicalLocation": {
                          "artifactLocation": {
                            "uri": "examples/Xss.js",
                            "uriBaseId": "%SRCROOT%",
                            "index": 0
                          },
                          "region": {
                            "startLine": 4,
                            "startColumn": 20,
                            "endColumn": 56
                          }
                        },
                        "message": {
                          "text": "\"<OPTIO ... PTION>\""
                        }
                      }
                    }
                  ]
                }
              ]
            }
          ],
          "relatedLocations": [
            {
              "id": 1,
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "examples/Xss.js",
                  "uriBaseId": "%SRCROOT%",
                  "index": 0
                },
                "region": {
                  "startLine": 2,
                  "startColumn": 16,
                  "endColumn": 33
                }
              },
              "message": {
                "text": "user-provided value"
              }
            }
          ]
        }
      ],
      "newlineSequences": [
        "\r\n",
        "\n",
        "",
        ""
      ],
      "columnKind": "utf16CodeUnits",
      "properties": {
        "semmle.formatSpecifier": "sarifv2.1.0"
      }
    }
  ]
}

output.md


Rules

js/xss (severity: error)

Client-side cross-site scripting

Details
{
    "driver": {
        "name": "CodeQL command-line toolchain",
        "organization": "GitHub",
        "semanticVersion": "2.2.4",
        "rules": [
            {
                "id": "js/xss",
                "name": "js/xss",
                "shortDescription": {
                    "text": "Client-side cross-site scripting"
                },
                "fullDescription": {
                    "text": "Writing user input directly to the DOM allows for a cross-site scripting vulnerability."
                },
                "defaultConfiguration": {
                    "level": "error"
                },
                "properties": {
                    "tags": [
                        "security",
                        "external/cwe/cwe-079",
                        "external/cwe/cwe-116"
                    ],
                    "kind": "path-problem",
                    "precision": "high",
                    "name": "Client-side cross-site scripting",
                    "description": "Writing user input directly to the DOM allows for\n              a cross-site scripting vulnerability.",
                    "id": "js/xss",
                    "problem.severity": "error"
                }
            }
        ]
    }
}

Results

  • js/xss: Cross-site scripting vulnerability due to [user-provided value](1).

https://github.com/owner/repo/blob/master/base/examples/Xss.js#L4


Changelog

See Releases page.

Running tests

Install devDependencies and Run npm test:

npm test

Contributing

Pull requests and stars are always welcome.

For bugs and feature requests, please create an issue.

  1. Fork it!
  2. Create your feature branch: git checkout -b my-new-feature
  3. Commit your changes: git commit -am 'Add some feature'
  4. Push to the branch: git push origin my-new-feature
  5. Submit a pull request :D

Author

License

MIT © azu