diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index c041935..e30aee4 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1113,6 +1113,11 @@ type found_dependency = { ; ?resolved_url: string option; transitivity: transitivity; + (* Path to the manifest file that defines the project containing this dependency + * + * Examples: package.json, nested/folder/pom.xml + *) + ?manifest_path: fpath option; (* Path to the lockfile that contains this dependency. * * Examples: package-lock.json, nested/folder/requirements.txt, go.mod diff --git a/semgrep_output_v1.jsonschema b/semgrep_output_v1.jsonschema index 057c5d8..6e8959b 100644 --- a/semgrep_output_v1.jsonschema +++ b/semgrep_output_v1.jsonschema @@ -888,6 +888,7 @@ }, "resolved_url": { "type": "string" }, "transitivity": { "$ref": "#/definitions/transitivity" }, + "manifest_path": { "$ref": "#/definitions/fpath" }, "lockfile_path": { "$ref": "#/definitions/fpath" }, "line_number": { "type": "integer" }, "children": { diff --git a/semgrep_output_v1.proto b/semgrep_output_v1.proto index 5b2ced2..0889400 100644 --- a/semgrep_output_v1.proto +++ b/semgrep_output_v1.proto @@ -1,6 +1,6 @@ // Generated by jsonschema2protobuf. DO NOT EDIT! // Source file: semgrep_output_v1.jsonschema -// Source file sha256 digest: a1bfa497a5f60d9ccfc5bff6297bc05ccc7ff1580818dd702b8076f763a7244f +// Source file sha256 digest: 235ced0bfa8997aadde6ebe23db1441374f7efd076cf97f00a47d55a95582b2d syntax = "proto3"; @@ -315,6 +315,7 @@ message FoundDependency { map allowed_hashes = 24443075; string resolved_url = 359565789; google.protobuf.Any transitivity = 299525532; + string manifest_path = 277099501; string lockfile_path = 249238697; int64 line_number = 82464417; repeated DependencyChild children = 164828051; diff --git a/semgrep_output_v1.py b/semgrep_output_v1.py index 42787d8..701cc6b 100644 --- a/semgrep_output_v1.py +++ b/semgrep_output_v1.py @@ -4489,6 +4489,7 @@ class FoundDependency: allowed_hashes: Dict[str, List[str]] transitivity: Transitivity resolved_url: Optional[str] = None + manifest_path: Optional[Fpath] = None lockfile_path: Optional[Fpath] = None line_number: Optional[int] = None children: Optional[List[DependencyChild]] = None @@ -4504,6 +4505,7 @@ def from_json(cls, x: Any) -> 'FoundDependency': allowed_hashes=_atd_read_assoc_object_into_dict(_atd_read_list(_atd_read_string))(x['allowed_hashes']) if 'allowed_hashes' in x else _atd_missing_json_field('FoundDependency', 'allowed_hashes'), transitivity=Transitivity.from_json(x['transitivity']) if 'transitivity' in x else _atd_missing_json_field('FoundDependency', 'transitivity'), resolved_url=_atd_read_string(x['resolved_url']) if 'resolved_url' in x else None, + manifest_path=Fpath.from_json(x['manifest_path']) if 'manifest_path' in x else None, lockfile_path=Fpath.from_json(x['lockfile_path']) if 'lockfile_path' in x else None, line_number=_atd_read_int(x['line_number']) if 'line_number' in x else None, children=_atd_read_list(DependencyChild.from_json)(x['children']) if 'children' in x else None, @@ -4521,6 +4523,8 @@ def to_json(self) -> Any: res['transitivity'] = (lambda x: x.to_json())(self.transitivity) if self.resolved_url is not None: res['resolved_url'] = _atd_write_string(self.resolved_url) + if self.manifest_path is not None: + res['manifest_path'] = (lambda x: x.to_json())(self.manifest_path) if self.lockfile_path is not None: res['lockfile_path'] = (lambda x: x.to_json())(self.lockfile_path) if self.line_number is not None: diff --git a/semgrep_output_v1.ts b/semgrep_output_v1.ts index 312dff1..fdcae3f 100644 --- a/semgrep_output_v1.ts +++ b/semgrep_output_v1.ts @@ -483,6 +483,7 @@ export type FoundDependency = { allowed_hashes: Map; resolved_url?: string; transitivity: Transitivity; + manifest_path?: Fpath; lockfile_path?: Fpath; line_number?: number /*int*/; children?: DependencyChild[]; @@ -2462,6 +2463,7 @@ export function writeFoundDependency(x: FoundDependency, context: any = x): any 'allowed_hashes': _atd_write_required_field('FoundDependency', 'allowed_hashes', _atd_write_assoc_map_to_object(_atd_write_array(_atd_write_string)), x.allowed_hashes, x), 'resolved_url': _atd_write_optional_field(_atd_write_string, x.resolved_url, x), 'transitivity': _atd_write_required_field('FoundDependency', 'transitivity', writeTransitivity, x.transitivity, x), + 'manifest_path': _atd_write_optional_field(writeFpath, x.manifest_path, x), 'lockfile_path': _atd_write_optional_field(writeFpath, x.lockfile_path, x), 'line_number': _atd_write_optional_field(_atd_write_int, x.line_number, x), 'children': _atd_write_optional_field(_atd_write_array(writeDependencyChild), x.children, x), @@ -2477,6 +2479,7 @@ export function readFoundDependency(x: any, context: any = x): FoundDependency { allowed_hashes: _atd_read_required_field('FoundDependency', 'allowed_hashes', _atd_read_assoc_object_into_map(_atd_read_array(_atd_read_string)), x['allowed_hashes'], x), resolved_url: _atd_read_optional_field(_atd_read_string, x['resolved_url'], x), transitivity: _atd_read_required_field('FoundDependency', 'transitivity', readTransitivity, x['transitivity'], x), + manifest_path: _atd_read_optional_field(readFpath, x['manifest_path'], x), lockfile_path: _atd_read_optional_field(readFpath, x['lockfile_path'], x), line_number: _atd_read_optional_field(_atd_read_int, x['line_number'], x), children: _atd_read_optional_field(_atd_read_array(readDependencyChild), x['children'], x), diff --git a/semgrep_output_v1_j.ml b/semgrep_output_v1_j.ml index 5aafdc5..d2c3849 100644 --- a/semgrep_output_v1_j.ml +++ b/semgrep_output_v1_j.ml @@ -402,6 +402,7 @@ type found_dependency = Semgrep_output_v1_t.found_dependency = { allowed_hashes: (string * string list) list; resolved_url: string option; transitivity: transitivity; + manifest_path: fpath option; lockfile_path: fpath option; line_number: int option; children: dependency_child list option; @@ -16087,6 +16088,17 @@ let write_found_dependency : _ -> found_dependency -> _ = ( write_transitivity ) ob x.transitivity; + (match x.manifest_path with None -> () | Some x -> + if !is_first then + is_first := false + else + Buffer.add_char ob ','; + Buffer.add_string ob "\"manifest_path\":"; + ( + write_fpath + ) + ob x; + ); (match x.lockfile_path with None -> () | Some x -> if !is_first then is_first := false @@ -16147,6 +16159,7 @@ let read_found_dependency = ( let field_allowed_hashes = ref (None) in let field_resolved_url = ref (None) in let field_transitivity = ref (None) in + let field_manifest_path = ref (None) in let field_lockfile_path = ref (None) in let field_line_number = ref (None) in let field_children = ref (None) in @@ -16164,7 +16177,7 @@ let read_found_dependency = ( match String.unsafe_get s pos with | 'g' -> ( if String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = '_' && String.unsafe_get s (pos+4) = 'r' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'f' then ( - 9 + 10 ) else ( -1 @@ -16192,7 +16205,7 @@ let read_found_dependency = ( ) | 8 -> ( if String.unsafe_get s pos = 'c' && String.unsafe_get s (pos+1) = 'h' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'l' && String.unsafe_get s (pos+4) = 'd' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' then ( - 8 + 9 ) else ( -1 @@ -16208,7 +16221,7 @@ let read_found_dependency = ( ) | 11 -> ( if String.unsafe_get s pos = 'l' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = '_' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 'u' && String.unsafe_get s (pos+7) = 'm' && String.unsafe_get s (pos+8) = 'b' && String.unsafe_get s (pos+9) = 'e' && String.unsafe_get s (pos+10) = 'r' then ( - 7 + 8 ) else ( -1 @@ -16237,12 +16250,26 @@ let read_found_dependency = ( ) ) | 13 -> ( - if String.unsafe_get s pos = 'l' && String.unsafe_get s (pos+1) = 'o' && String.unsafe_get s (pos+2) = 'c' && String.unsafe_get s (pos+3) = 'k' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'l' && String.unsafe_get s (pos+7) = 'e' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( - 6 - ) - else ( - -1 - ) + match String.unsafe_get s pos with + | 'l' -> ( + if String.unsafe_get s (pos+1) = 'o' && String.unsafe_get s (pos+2) = 'c' && String.unsafe_get s (pos+3) = 'k' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'l' && String.unsafe_get s (pos+7) = 'e' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( + 7 + ) + else ( + -1 + ) + ) + | 'm' -> ( + if String.unsafe_get s (pos+1) = 'a' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'i' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 's' && String.unsafe_get s (pos+7) = 't' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( + 6 + ) + else ( + -1 + ) + ) + | _ -> ( + -1 + ) ) | 14 -> ( if String.unsafe_get s pos = 'a' && String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'l' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'w' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'h' && String.unsafe_get s (pos+9) = 'a' && String.unsafe_get s (pos+10) = 's' && String.unsafe_get s (pos+11) = 'h' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 's' then ( @@ -16312,7 +16339,7 @@ let read_found_dependency = ( ); | 6 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_lockfile_path := ( + field_manifest_path := ( Some ( ( read_fpath @@ -16321,6 +16348,16 @@ let read_found_dependency = ( ); ) | 7 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_lockfile_path := ( + Some ( + ( + read_fpath + ) p lb + ) + ); + ) + | 8 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_line_number := ( Some ( @@ -16330,7 +16367,7 @@ let read_found_dependency = ( ) ); ) - | 8 -> + | 9 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_children := ( Some ( @@ -16340,7 +16377,7 @@ let read_found_dependency = ( ) ); ) - | 9 -> + | 10 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_git_ref := ( Some ( @@ -16367,7 +16404,7 @@ let read_found_dependency = ( match String.unsafe_get s pos with | 'g' -> ( if String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = '_' && String.unsafe_get s (pos+4) = 'r' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'f' then ( - 9 + 10 ) else ( -1 @@ -16395,7 +16432,7 @@ let read_found_dependency = ( ) | 8 -> ( if String.unsafe_get s pos = 'c' && String.unsafe_get s (pos+1) = 'h' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'l' && String.unsafe_get s (pos+4) = 'd' && String.unsafe_get s (pos+5) = 'r' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' then ( - 8 + 9 ) else ( -1 @@ -16411,7 +16448,7 @@ let read_found_dependency = ( ) | 11 -> ( if String.unsafe_get s pos = 'l' && String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = '_' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 'u' && String.unsafe_get s (pos+7) = 'm' && String.unsafe_get s (pos+8) = 'b' && String.unsafe_get s (pos+9) = 'e' && String.unsafe_get s (pos+10) = 'r' then ( - 7 + 8 ) else ( -1 @@ -16440,12 +16477,26 @@ let read_found_dependency = ( ) ) | 13 -> ( - if String.unsafe_get s pos = 'l' && String.unsafe_get s (pos+1) = 'o' && String.unsafe_get s (pos+2) = 'c' && String.unsafe_get s (pos+3) = 'k' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'l' && String.unsafe_get s (pos+7) = 'e' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( - 6 - ) - else ( - -1 - ) + match String.unsafe_get s pos with + | 'l' -> ( + if String.unsafe_get s (pos+1) = 'o' && String.unsafe_get s (pos+2) = 'c' && String.unsafe_get s (pos+3) = 'k' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'l' && String.unsafe_get s (pos+7) = 'e' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( + 7 + ) + else ( + -1 + ) + ) + | 'm' -> ( + if String.unsafe_get s (pos+1) = 'a' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'i' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 's' && String.unsafe_get s (pos+7) = 't' && String.unsafe_get s (pos+8) = '_' && String.unsafe_get s (pos+9) = 'p' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 't' && String.unsafe_get s (pos+12) = 'h' then ( + 6 + ) + else ( + -1 + ) + ) + | _ -> ( + -1 + ) ) | 14 -> ( if String.unsafe_get s pos = 'a' && String.unsafe_get s (pos+1) = 'l' && String.unsafe_get s (pos+2) = 'l' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'w' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'h' && String.unsafe_get s (pos+9) = 'a' && String.unsafe_get s (pos+10) = 's' && String.unsafe_get s (pos+11) = 'h' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 's' then ( @@ -16515,7 +16566,7 @@ let read_found_dependency = ( ); | 6 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_lockfile_path := ( + field_manifest_path := ( Some ( ( read_fpath @@ -16524,6 +16575,16 @@ let read_found_dependency = ( ); ) | 7 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_lockfile_path := ( + Some ( + ( + read_fpath + ) p lb + ) + ); + ) + | 8 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_line_number := ( Some ( @@ -16533,7 +16594,7 @@ let read_found_dependency = ( ) ); ) - | 8 -> + | 9 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_children := ( Some ( @@ -16543,7 +16604,7 @@ let read_found_dependency = ( ) ); ) - | 9 -> + | 10 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_git_ref := ( Some ( @@ -16568,6 +16629,7 @@ let read_found_dependency = ( allowed_hashes = (match !field_allowed_hashes with Some x -> x | None -> Atdgen_runtime.Oj_run.missing_field p "allowed_hashes"); resolved_url = !field_resolved_url; transitivity = (match !field_transitivity with Some x -> x | None -> Atdgen_runtime.Oj_run.missing_field p "transitivity"); + manifest_path = !field_manifest_path; lockfile_path = !field_lockfile_path; line_number = !field_line_number; children = !field_children; diff --git a/semgrep_output_v1_j.mli b/semgrep_output_v1_j.mli index dbfaec7..05e4edf 100644 --- a/semgrep_output_v1_j.mli +++ b/semgrep_output_v1_j.mli @@ -402,6 +402,7 @@ type found_dependency = Semgrep_output_v1_t.found_dependency = { allowed_hashes: (string * string list) list; resolved_url: string option; transitivity: transitivity; + manifest_path: fpath option; lockfile_path: fpath option; line_number: int option; children: dependency_child list option;