Skip to content

Commit 3963365

Browse files
committed
feat(attestation): add optional severity_score to PolicySASTFinding
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev> Made-with: Cursor
1 parent 45fa952 commit 3963365

6 files changed

Lines changed: 146 additions & 9 deletions

File tree

app/controlplane/api/gen/frontend/attestation/v1/crafting_state.ts

Lines changed: 25 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/jsonschema/attestation.v1.PolicySASTFinding.jsonschema.json

Lines changed: 38 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/controlplane/api/gen/jsonschema/attestation.v1.PolicySASTFinding.schema.json

Lines changed: 38 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/attestation/crafter/api/attestation/v1/crafting_state.pb.go

Lines changed: 16 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/attestation/crafter/api/attestation/v1/crafting_state.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -355,6 +355,8 @@ message PolicySASTFinding {
355355
string code_snippet = 6;
356356
// Suggested fix
357357
string recommendation = 7;
358+
// Optional numeric severity score from the scanner (scale is tool-defined)
359+
optional double severity_score = 8;
358360
}
359361

360362
// Output schema for license violation findings from policy evaluation.

pkg/policies/findings/registry_test.go

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -154,6 +154,25 @@ func TestValidateFinding(t *testing.T) {
154154
assert.Equal(t, "java:S1234", f.GetRuleId())
155155
assert.Equal(t, "HIGH", f.GetSeverity())
156156
assert.Equal(t, "src/main/Handler.java", f.GetLocation())
157+
assert.Nil(t, f.SeverityScore)
158+
},
159+
},
160+
{
161+
name: "valid SAST finding with severity_score",
162+
findingType: "SAST",
163+
raw: map[string]any{
164+
"message": "SQL injection in handler",
165+
"rule_id": "java:S1234",
166+
"severity": "HIGH",
167+
"location": "src/main/Handler.java",
168+
"severity_score": 7.5,
169+
},
170+
checkFn: func(t *testing.T, msg interface{}) {
171+
t.Helper()
172+
f, ok := msg.(*v1.PolicySASTFinding)
173+
require.True(t, ok)
174+
require.NotNil(t, f.SeverityScore)
175+
assert.InDelta(t, 7.5, *f.SeverityScore, 1e-9)
157176
},
158177
},
159178
{
@@ -238,6 +257,7 @@ func TestValidateFinding(t *testing.T) {
238257
}
239258

240259
func TestSetViolationFinding(t *testing.T) {
260+
sastSeverityScore := 4.0
241261
tests := []struct {
242262
name string
243263
findingType string
@@ -265,16 +285,19 @@ func TestSetViolationFinding(t *testing.T) {
265285
name: "set SAST finding",
266286
findingType: "SAST",
267287
finding: &v1.PolicySASTFinding{
268-
Message: "test",
269-
RuleId: "go-sec:G101",
270-
Severity: "MEDIUM",
271-
Location: "main.go",
288+
Message: "test",
289+
RuleId: "go-sec:G101",
290+
Severity: "MEDIUM",
291+
Location: "main.go",
292+
SeverityScore: &sastSeverityScore,
272293
},
273294
checkFn: func(t *testing.T, v *v1.PolicyEvaluation_Violation) {
274295
t.Helper()
275296
f := v.GetSast()
276297
require.NotNil(t, f)
277298
assert.Equal(t, "go-sec:G101", f.GetRuleId())
299+
require.NotNil(t, f.SeverityScore)
300+
assert.InDelta(t, 4.0, *f.SeverityScore, 1e-9)
278301
},
279302
},
280303
{

0 commit comments

Comments
 (0)