CodeSecTools/codesectools/sasts/tools/Coverity/sast.py at 9007c2b75c4e570f98c1645d53fbd484a9fa18ab · OPPIDA/CodeSecTools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"""Defines the SAST integration for Coverity.

This module provides the `CoveritySAST` class, which configures and orchestrates
the execution of Coverity scans using the core SAST framework.
"""

from pathlib import Path

from codesectools.sasts.core.sast import BuildlessSAST
from codesectools.sasts.core.sast.properties import SASTProperties
from codesectools.sasts.core.sast.requirements import Binary, SASTRequirements
from codesectools.sasts.tools.Coverity.parser import (
    CoverityAnalysisResult,
)


class CoveritySAST(BuildlessSAST):
    """SAST integration for Coverity.

    Attributes:
        name (str): The name of the SAST tool.
        supported_languages (list[str]): A list of supported programming languages.
        extra_languages (list[str]): Languages supported by the tool itself but not codesectools.
        supported_dataset_names (list[str]): A list of names of compatible datasets.
        properties (SASTProperties): The properties of the SAST tool.
        requirements (SASTRequirements): The requirements for the SAST tool.
        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
        valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
        output_files (list[tuple[Path, bool]]): A list of expected output files and
            whether they are required.
        parser (type[CoverityAnalysisResult]): The parser class for the tool's results.

    """

    name = "Coverity"
    supported_languages = ["c", "java"]
    extra_languages = [
        "csharp",
        "dart",
        "go",
        "javascript",
        "kotlin",
        "objective-c",
        "php",
        "python",
        "ruby",
        "apex",
        "swift",
        "typescript",
    ]
    supported_dataset_names = ["BenchmarkJava", "CVEfixes"]
    properties = SASTProperties(free=False, offline=True)
    requirements = SASTRequirements(
        full_reqs=[
            Binary(
                "coverity",
                url="https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/installing_coverity_analysis_components.html",
            ),
            Binary(
                "cov-analyze",
                url="https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/installing_coverity_analysis_components.html",
            ),
            Binary(
                "cov-format-errors",
                url="https://documentation.blackduck.com/bundle/coverity-docs/page/deploy-install-guide/topics/installing_coverity_analysis_components.html",
            ),
        ],
        partial_reqs=[],
    )
    commands = [
        ["coverity", "capture", "--disable-build-command-inference"],
        ["cov-analyze", "--dir", "idir", "--all-security", "--disable-spotbugs"],
        ["cov-format-errors", "--dir", "idir", "--json-output-v10", "coverity.json"],
    ]
    valid_codes = [0]
    output_files = [(Path("coverity.json"), True)]
    parser = CoverityAnalysisResult