scs:chore - improve tests asserts and code cleaning (ZupIT#828)

Previously the mock output from success tests was a bit hard to read and
understand, and we was not asserting that the formatter was parsing
correctly the output from security code scan.

This commit improve the tests to use .sln files from examples
directory and new asserts was added to verify that the output was
parsed correctly and all fields from vulnerability struct was filled.

The schema definition and enums was also moved from scs/entities and
scs/enums to scs package and changed to be private.

Updates ZupIT#718

Signed-off-by: Matheus Alcantara <[email protected]>

config/dist/dist.go

@@ -16,12 +16,10 @@ package dist
 
 const falseString = "false"
 
-var (
-	// standAlone is a build flag used to check if build is stand alone.
-	//
-	// The value passed is a raw string contaning true or false.
-	standAlone string = falseString
-)
+// standAlone is a build flag used to check if build is stand alone.
+//
+// The value passed is a raw string contaning true or false.
+var standAlone string = falseString
 
 const (
 	// StandAlone represents the build mode without Docker support.

internal/enums/errors/errors.go

@@ -28,11 +28,6 @@ var ErrGitLowerVersion = errors.New("{HORUSEC_CLI} Error Git version is lower of
 
 var ErrDockerNotInstalled = errors.New("{HORUSEC_CLI} Error Docker not found. Please check and try again")
 
-// Occurs when CsProj not found in dotnet project
-
-var ErrSolutionNotFound = errors.New("{HORUSEC_CLI} Security code scan failed to execute," +
-	" specify a solution file. The current working directory does not contain a solution file")
-
 // Occurs when not found rails project
 
 var ErrNotFoundRailsProject = errors.New("{HORUSEC_CLI} Error not found rails project syntax")

internal/services/docker/docker_api.go

@@ -55,7 +55,6 @@ type Docker interface {
 // Note that these comments was copied and paste from the docker client implementation
 // from github.com/docker/docker/client.
 type Client interface {
-
 	// ContainerCreate creates a new container based in the given configuration.
 	// It can be associated with a name, but it's not mandatory.
 	ContainerCreate(

internal/services/engines/swift/rule_manager.go

@@ -39,7 +39,7 @@ func rules() []engine.Rule {
 		NewTLS13NotUsed(),
 		NewDTLS12NotUsed(),
 		NewCoreDataDatabase(),
-		//NewSQLiteDatabase(),
+		// NewSQLiteDatabase(),
 
 		// Or rules
 		NewWeakDesCryptoCipher(),

internal/services/formatters/csharp/scs/entities.go

@@ -0,0 +1,142 @@
+// Copyright 2021 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package scs
+
+import (
+	"fmt"
+	"path/filepath"
+	"strconv"
+	"strings"
+)
+
+type (
+	scsAnalysis struct {
+		Runs []*scsRun `json:"runs"`
+	}
+
+	scsRun struct {
+		Results []*scsResult `json:"results"`
+		Tool    scsTool      `json:"tool"`
+	}
+
+	scsResult struct {
+		RuleID    string         `json:"ruleId"`
+		Message   scsMessage     `json:"message"`
+		Locations []*scsLocation `json:"locations"`
+	}
+
+	scsTool struct {
+		Driver scsDriver `json:"driver"`
+	}
+
+	scsDriver struct {
+		Rules []*scsRule `json:"rules"`
+	}
+
+	scsRule struct {
+		ID              string     `json:"id"`
+		FullDescription scsMessage `json:"fullDescription"`
+		HelpURI         string     `json:"helpUri"`
+	}
+
+	scsMessage struct {
+		Text string `json:"text"`
+	}
+
+	scsLocation struct {
+		PhysicalLocation scsPhysicalLocation `json:"physicalLocation"`
+	}
+
+	scsPhysicalLocation struct {
+		ArtifactLocation scsArtifactLocation `json:"artifactLocation"`
+		Region           scsRegion           `json:"region"`
+	}
+
+	scsArtifactLocation struct {
+		URI string `json:"uri"`
+	}
+
+	scsRegion struct {
+		StartLine   int `json:"startLine"`
+		StartColumn int `json:"startColumn"`
+	}
+)
+
+func (a *scsAnalysis) getRun() *scsRun {
+	if len(a.Runs) > 0 {
+		return a.Runs[0]
+	}
+
+	return nil
+}
+
+func (a *scsAnalysis) vulnerabilitiesByID() map[string]*scsRule {
+	run := a.getRun()
+
+	vulnMap := make(map[string]*scsRule, len(run.Tool.Driver.Rules))
+
+	for _, rule := range run.Tool.Driver.Rules {
+		vulnMap[rule.ID] = rule
+	}
+
+	return vulnMap
+}
+
+func (r *scsResult) getLine() string {
+	if len(r.Locations) > 0 {
+		return strconv.Itoa(r.Locations[0].PhysicalLocation.Region.StartLine)
+	}
+
+	return ""
+}
+
+func (r *scsResult) getColumn() string {
+	if len(r.Locations) > 0 {
+		return strconv.Itoa(r.Locations[0].PhysicalLocation.Region.StartColumn)
+	}
+
+	return ""
+}
+
+func (r *scsResult) getVulnName() string {
+	return r.Message.Text
+}
+
+func (r *scsResult) getFile() string {
+	if len(r.Locations) > 0 {
+		// Since the scs will always run on Docker, we need to convert each slash ('/') to the specific OS slash.
+		return filepath.FromSlash(
+			strings.ReplaceAll(r.Locations[0].PhysicalLocation.ArtifactLocation.URI, "file:///src/", ""),
+		)
+	}
+
+	return ""
+}
+
+func (r *scsRule) getFullDescription() string {
+	fullDescription := strings.ReplaceAll(r.FullDescription.Text, "{", "")
+	fullDescription = strings.ReplaceAll(fullDescription, "}", "")
+	return fullDescription
+}
+
+func (r *scsRule) getDescription(vulnName string) string {
+	if r.HelpURI == "" {
+		return vulnName
+	}
+
+	return fmt.Sprintf("%s\n%s For more information, check the following url (%s).",
+		vulnName, r.getFullDescription(), r.HelpURI,
+	)
+}