json-writer: print level key in SARIF output

... so that users can easily filter results according to their severity. Fixes: #80 Co-authored-by: Kamil Dudka <[email protected]> Co-authored-by: Lukáš Zaoral <[email protected]>
csutils · Aug 26, 2022 · a3eac76 · a3eac76
1 parent d9ede63
commit a3eac76
Show file tree

Hide file tree

Showing 7 changed files with 12,242 additions and 0 deletions.
diff --git a/src/json-writer.cc b/src/json-writer.cc
@@ -214,6 +214,24 @@ static void sarifEncodeMsg(PTree *pDst, const std::string& text)
     pDst->put_child("message", msg);
 }
 
+static void sarifEncodeLevel(PTree *result, const std::string &event) {
+    std::string level = event;
+
+    // cut the [...] suffix from event if present
+    size_t pos = event.find('[');
+    if (std::string::npos != pos)
+        level = event.substr(0U, pos);
+
+    // go through events that denote warning level
+    for (const char *str : {"error", "warning", "note"}) {
+        if (str == level) {
+            // encode in the output if matched
+            result->put<std::string>("level", level);
+            return;
+        }
+    }
+}
+
 static void sarifEncodeLoc(PTree *pLoc, const Defect &def, unsigned idx)
 {
     // location ID within the result
@@ -291,6 +309,9 @@ void SarifTreeEncoder::appendDef(const Defect &def)
         // update CWE map
         cweMap_[ruleId] = def.cwe;
 
+    // key event severity level
+    sarifEncodeLevel(&result, keyEvt.event);
+
     // key event location
     PTree loc;
     sarifEncodeLoc(&loc, def, def.keyEventIdx);