Sanitize physical location URI in SARIF reports generated

rm3l · rm3l · commit 60416897ba54 · 2021-11-05T22:20:32.000+01:00
diff --git a/sarif/sarif.go b/sarif/sarif.go
@@ -221,8 +221,14 @@ func FromContainerScan(containerScanReport containerscan.ContainerScan) (SarifRe
 	return sarifReport, nil
 }
 
+const pathUriReplacement = "_"
+
 func toPathUri(input string) string {
-	return fmt.Sprintf("file://%s", input)
+	var inputSanitized = strings.ReplaceAll(input, ":", pathUriReplacement)
+	inputSanitized = strings.ReplaceAll(inputSanitized, " ", pathUriReplacement)
+	inputSanitized = strings.ReplaceAll(inputSanitized, "(", pathUriReplacement)
+	inputSanitized = strings.ReplaceAll(inputSanitized, ")", pathUriReplacement)
+	return inputSanitized
 }
 
 func (report SarifReport) WriteTo(outputPath string) error {

Original file line number	Diff line number	Diff line change
`@@ -221,8 +221,14 @@ func FromContainerScan(containerScanReport containerscan.ContainerScan) (SarifRe`
`221`	`221`	`return sarifReport, nil`
`222`	`222`	`}`
`223`	`223`
	`224`	`+const pathUriReplacement = "_"`
	`225`	`+`
`224`	`226`	`func toPathUri(input string) string {`
`225`		`- return fmt.Sprintf("file://%s", input)`
	`227`	`+ var inputSanitized = strings.ReplaceAll(input, ":", pathUriReplacement)`
	`228`	`+ inputSanitized = strings.ReplaceAll(inputSanitized, " ", pathUriReplacement)`
	`229`	`+ inputSanitized = strings.ReplaceAll(inputSanitized, "(", pathUriReplacement)`
	`230`	`+ inputSanitized = strings.ReplaceAll(inputSanitized, ")", pathUriReplacement)`
	`231`	`+ return inputSanitized`
`226`	`232`	`}`
`227`	`233`
`228`	`234`	`func (report SarifReport) WriteTo(outputPath string) error {`