v1.0.X

cmd/audit.go

@@ -95,6 +95,7 @@ func runAuditPerf(cmd *cobra.Command, args []string) {
 	}
 
 	config := GetConfig()
+
 	policies_provided := GetPolicies()
 	policies_filtered := filterPolicies(policies_provided, config.Flags.Tags)
 

cmd/policy.go

@@ -11,31 +11,38 @@ import (
 	"gopkg.in/yaml.v3"
 )
 
+type PolicyFile struct {
+	Config    Config   `yaml:"Config"`
+	Version   string   `yaml:"Version"`
+	Namespace string   `yaml:"Namespace"`
+	Policies  []Policy `yaml:"Policies"`
+}
+
 type Config struct {
 	System struct {
-		RGVersion        string `yaml:"RGVersion"`
-		GossVersion      string `yaml:"GossVersion"`
-		InterceptVersion string `yaml:"InterceptVersion"`
-	} `yaml:"System"`
+		RGVersion        string `yaml:"RGVersion,omitempty"`
+		GossVersion      string `yaml:"GossVersion,omitempty"`
+		InterceptVersion string `yaml:"InterceptVersion,omitempty"`
+	} `yaml:"System,omitempty"`
 	Flags struct {
-		OutputType     string   `yaml:"output_type"`
-		Target         string   `yaml:"target"`
-		Ignore         []string `yaml:"ignore"`
-		Tags           []string `yaml:"tags"`
-		PolicySchedule string   `yaml:"policy_schedule"`
-		ReportSchedule string   `yaml:"report_schedule"`
-	} `yaml:"Flags"`
+		OutputType     string   `yaml:"output_type,omitempty"`
+		Target         string   `yaml:"target,omitempty"`
+		Ignore         []string `yaml:"ignore,omitempty"`
+		Tags           []string `yaml:"tags,omitempty"`
+		PolicySchedule string   `yaml:"policy_schedule,omitempty"`
+		ReportSchedule string   `yaml:"report_schedule,omitempty"`
+	} `yaml:"Flags,omitempty"`
 	Metadata struct {
 		HostOS          string `yaml:"host_os,omitempty"`
 		HostMAC         string `yaml:"host_mac,omitempty"`
 		HostARCH        string `yaml:"host_arch,omitempty"`
 		HostNAME        string `yaml:"host_name,omitempty"`
 		HostFingerprint string `yaml:"host_fingerprint,omitempty"`
 		HostInfo        string `yaml:"host_info,omitempty"`
-		MsgExitClean    string `yaml:"MsgExitClean"`
-		MsgExitWarning  string `yaml:"MsgExitWarning"`
-		MsgExitCritical string `yaml:"MsgExitCritical"`
-	} `yaml:"Metadata"`
+		MsgExitClean    string `yaml:"MsgExitClean,omitempty"`
+		MsgExitWarning  string `yaml:"MsgExitWarning,omitempty"`
+		MsgExitCritical string `yaml:"MsgExitCritical,omitempty"`
+	} `yaml:"Metadata,omitempty"`
 	Hooks []HookConfig `yaml:"Hooks"`
 }
 
@@ -111,13 +118,6 @@ type Runtime struct {
 	Observe string `yaml:"observe"`
 }
 
-type PolicyFile struct {
-	Config    Config   `yaml:"Config"`
-	Version   string   `yaml:"Version"`
-	Namespace string   `yaml:"Namespace"`
-	Policies  []Policy `yaml:"Policies"`
-}
-
 type PolicySourceType int
 
 const (
@@ -137,6 +137,8 @@ func LoadPolicyFile(filename string) (*PolicyFile, error) {
 		return nil, err
 	}
 
+	log.Debug().Interface("raw config", policyFile.Config).Msg("Raw Config data")
+
 	// Generate intercept_id for each policy, add its own ID as a tag for easy filtering with tags flag
 	for i := range policyFile.Policies {
 		policyFile.Policies[i].ID = NormalizePolicyName(policyFile.Policies[i].ID)

cmd/sarif.go

@@ -253,42 +253,48 @@ func GenerateSARIFReport(inputFile string, policy Policy) (SARIFReport, error) {
 		// Process ripgrep output and add results to SARIF report
 		for _, rgOutput := range rgOutputs {
 			if rgOutput.Type == "match" {
-				matchText := rgOutput.Data.Submatches[0].Match.Text
+
 				sarifLevel := calculateSARIFLevel(policy, environment)
 				levelProperty := sarifLevelToString(sarifLevel)
-				result := Result{
-					RuleID: policy.ID,
-					Level:  sarifLevel,
-					Message: Message{
-						Text: fmt.Sprintf("Policy violation: %s Matched text: %s", policy.Metadata.Name, matchText),
-					},
-					Locations: []Location{
-						{
-							PhysicalLocation: PhysicalLocation{
-								ArtifactLocation: ArtifactLocation{URI: rgOutput.Data.Path.Text},
-								Region: Region{
-									StartLine:   rgOutput.Data.LineNumber,
-									StartColumn: strings.Index(rgOutput.Data.Lines.Text, matchText) + 1,
-									EndColumn:   strings.Index(rgOutput.Data.Lines.Text, matchText) + len(matchText) + 1,
-									Snippet: Snippet{
-										Text: matchText,
+				for _, submatch := range rgOutput.Data.Submatches {
+					matchText := submatch.Match.Text
+					startColumn := strings.Index(rgOutput.Data.Lines.Text, matchText) + 1
+					endColumn := startColumn + len(matchText)
+
+					result := Result{
+						RuleID: policy.ID,
+						Level:  sarifLevel,
+						Message: Message{
+							Text: fmt.Sprintf("Policy violation: %s Matched text: %s", policy.Metadata.Name, matchText),
+						},
+						Locations: []Location{
+							{
+								PhysicalLocation: PhysicalLocation{
+									ArtifactLocation: ArtifactLocation{URI: rgOutput.Data.Path.Text},
+									Region: Region{
+										StartLine:   rgOutput.Data.LineNumber,
+										StartColumn: startColumn,
+										EndColumn:   endColumn,
+										Snippet: Snippet{
+											Text: matchText,
+										},
 									},
 								},
 							},
 						},
-					},
-					Properties: map[string]string{
-						"result-type":      "detail",
-						"observe-run-id":   policy.RunID,
-						"result-timestamp": timestamp,
-						"name":             policy.Metadata.Name,
-						"description":      policy.Metadata.Description,
-						"msg-error":        policy.Metadata.MsgError,
-						"msg-solution":     policy.Metadata.MsgSolution,
-						levelProperty:      "true",
-					},
+						Properties: map[string]string{
+							"result-type":      "detail",
+							"observe-run-id":   policy.RunID,
+							"result-timestamp": timestamp,
+							"name":             policy.Metadata.Name,
+							"description":      policy.Metadata.Description,
+							"msg-error":        policy.Metadata.MsgError,
+							"msg-solution":     policy.Metadata.MsgSolution,
+							levelProperty:      "true",
+						},
+					}
+					results = append(results, result)
 				}
-				results = append(results, result)
 			}
 		}
 	}