From 30fbd0e611993c22ef8cb0601c80aca772a7cb92 Mon Sep 17 00:00:00 2001 From: Admon Sasson Date: Wed, 24 Mar 2021 09:52:59 +0200 Subject: [PATCH] feat: map 'critical' severity to 'error' in sarif format --- src/cli/commands/test/open-source-sarif-output.ts | 1 + test/jest/unit/sarif.spec.ts | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/cli/commands/test/open-source-sarif-output.ts b/src/cli/commands/test/open-source-sarif-output.ts index 107f6ab712..34fc92e0c0 100644 --- a/src/cli/commands/test/open-source-sarif-output.ts +++ b/src/cli/commands/test/open-source-sarif-output.ts @@ -117,6 +117,7 @@ export function getResults(testResult): sarif.Result[] { export function getLevel(vuln: AnnotatedIssue) { switch (vuln.severity) { + case SEVERITY.CRITICAL: case SEVERITY.HIGH: return 'error'; case SEVERITY.MEDIUM: diff --git a/test/jest/unit/sarif.spec.ts b/test/jest/unit/sarif.spec.ts index 890d2a51aa..e9ba010de0 100644 --- a/test/jest/unit/sarif.spec.ts +++ b/test/jest/unit/sarif.spec.ts @@ -11,6 +11,7 @@ describe('createSarifOutputForOpenSource', () => { expect(run.tool.driver.name).toEqual('Snyk Open Source'); expect(run.tool.driver.rules).toHaveLength(1); expect(run.results).toHaveLength(1); + expect(run.results?.[0].level === 'error'); }); describe('replace lock-file to manifest-file', () => { @@ -63,7 +64,7 @@ function getTestResult(testResultOverride = {}, vulnOverride = {}): TestResult { semver: { vulnerable: ['<6.12.3'], }, - severity: SEVERITY.HIGH, + severity: SEVERITY.CRITICAL, title: 'Prototype Pollution', from: [ 'PROJECT_NAME@1.0.0',