Merge pull request #11 from OPPIDA/fix/various

nolliv22 · web-flow · commit 84129bb5a57e · 2025-11-13T12:46:23.000+01:00
diff --git a/codesectools/cli.py b/codesectools/cli.py
@@ -160,7 +160,10 @@ def get_downloadable() -> dict[str, DownloadableRequirement | Dataset]:
 
 
 @cli.command(hidden=download_hidden)
-def download(name: download_arg_type = download_arg_value, test: bool = False) -> None:
+def download(
+    name: download_arg_type = download_arg_value,
+    test: Annotated[bool, typer.Option(hidden=True)] = False,
+) -> None:
     """Download and install any missing resources that are available for download."""
     if name is None:
         print("All downloadable resources have been retrieved.")
diff --git a/codesectools/datasets/BenchmarkJava/dataset.py b/codesectools/datasets/BenchmarkJava/dataset.py
@@ -22,17 +22,13 @@ class TestCode(File):
     Inherits from the base `File` class and adds a `vuln_type` attribute
     specific to this dataset.
 
-    Attributes:
-        vuln_type (str): The type of vulnerability present in the file.
-
     """
 
     def __init__(
         self,
         filepath: Path,
         content: str | bytes,
         cwes: list[CWE],
-        vuln_type: str,
         has_vuln: bool,
     ) -> None:
         """Initialize a TestCode instance.
@@ -41,16 +37,13 @@ def __init__(
             filepath: The path to the file.
             content: The content of the file, as a string or bytes.
             cwes: A list of CWEs associated with the file.
-            vuln_type: The type of vulnerability.
             has_vuln: A boolean indicating if the vulnerability is real or a false positive test case.
 
         """
         super().__init__(
             filepath=filepath, content=content, cwes=cwes, has_vuln=has_vuln
         )
 
-        self.vuln_type = vuln_type
-
 
 class BenchmarkJava(PrebuiltFileDataset):
     """Represents the BenchmarkJava dataset.
@@ -151,14 +144,12 @@ def load_dataset(self) -> list[TestCode]:
             filepath = testcode_dir / filename
             content = filepath.read_text()
             cwes = [CWEs.from_id(int(row[3]))]
-            vuln_type = row[1]
             has_vuln = True if row[2] == "true" else False
             files.append(
                 TestCode(
                     filepath.relative_to(self.directory),
                     content,
                     cwes,
-                    vuln_type,
                     has_vuln,
                 )
             )
diff --git a/codesectools/sasts/core/sast/__init__.py b/codesectools/sasts/core/sast/__init__.py
@@ -35,6 +35,7 @@
     USER_OUTPUT_DIR,
     MissingFile,
     NonZeroExit,
+    render_command,
     run_command,
 )
 
@@ -52,7 +53,7 @@ class SAST(ABC):
         supported_datasets (list[Dataset]): A list of supported dataset classes.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         environ (dict[str, str]): Environment variables to set for commands.
         output_files (list[tuple[Path, bool]]): Expected output files and
@@ -89,46 +90,15 @@ def __init__(self) -> None:
         Set up supported datasets, the output directory, and requirement status.
         """
         self.supported_datasets = [
-            DATASETS_ALL[d] for d in self.supported_dataset_names
+            DATASETS_ALL[d]
+            for d in self.supported_dataset_names
+            if DATASETS_ALL[d].is_cached()
         ]
         self.output_dir = USER_OUTPUT_DIR / self.name
         self.requirements.name = self.name
         self.status = self.requirements.get_status()
         self.missing = self.requirements.get_missing()
 
-    def render_command(self, command: list[str], map: dict[str, str]) -> list[str]:
-        """Render a command template by replacing placeholders with values.
-
-        Args:
-            command: The command template as a list of strings.
-            map: A dictionary of placeholders to their replacement values.
-
-        Returns:
-            The rendered command as a list of strings.
-
-        """
-        _command = command.copy()
-        for pattern, value in map.items():
-            for i, arg in enumerate(_command):
-                # Check if optional argument can be used
-                if isinstance(arg, tuple):
-                    default_arg, optional_arg = arg
-                    if pattern in optional_arg:
-                        _command[i] = arg.replace(pattern, value)
-                    else:
-                        _command[i] = default_arg
-                else:
-                    if pattern in arg:
-                        _command[i] = arg.replace(pattern, value)
-
-        # Remove not rendered part of the command:
-        __command = []
-        for part in _command:
-            if not ("{" in part and "}" in part):
-                __command.append(part)
-
-        return __command
-
     def run_analysis(
         self, lang: str, project_dir: Path, output_dir: Path, **kwargs: Any
     ) -> None:
@@ -165,7 +135,7 @@ def run_analysis(
             command_output = ""
             start = time.time()
             for command in self.commands:
-                rendered_command = self.render_command(command, render_variables)
+                rendered_command = render_command(command, render_variables)
                 retcode, out = run_command(rendered_command, project_dir, self.environ)
                 command_output += out
                 if retcode not in self.valid_codes:
diff --git a/codesectools/sasts/tools/Bearer/sast.py b/codesectools/sasts/tools/Bearer/sast.py
@@ -26,7 +26,7 @@ class BearerSAST(BuildlessSAST):
         supported_dataset_names (list[str]): A list of names of compatible datasets.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         output_files (list[tuple[Path, bool]]): A list of expected output files and
             whether they are required.
diff --git a/codesectools/sasts/tools/Coverity/sast.py b/codesectools/sasts/tools/Coverity/sast.py
@@ -25,7 +25,7 @@ class CoveritySAST(BuildlessSAST):
         supported_dataset_names (list[str]): A list of names of compatible datasets.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         output_files (list[tuple[Path, bool]]): A list of expected output files and
             whether they are required.
diff --git a/codesectools/sasts/tools/Cppcheck/parser.py b/codesectools/sasts/tools/Cppcheck/parser.py
@@ -79,7 +79,7 @@ def __init__(self, output_dir: Path, xml_tree: ElementTree, cmdout: dict) -> Non
                         filepath=Path(error.xpath("location")[0].get("file")),
                         checker=error.get("id"),
                         category=category,
-                        cwe=CWEs.from_id(error.get("cwe", -1)),
+                        cwe=CWEs.from_id(int(error.get("cwe", -1))),
                         message=error.get("msg"),
                         lines=[
                             int(location.get("line"))
diff --git a/codesectools/sasts/tools/Cppcheck/sast.py b/codesectools/sasts/tools/Cppcheck/sast.py
@@ -24,7 +24,7 @@ class CppcheckSAST(PrebuiltBuildlessSAST):
         supported_dataset_names (list[str]): A list of names of compatible datasets.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         output_files (list[tuple[Path, bool]]): A list of expected output files and
             whether they are required.
diff --git a/codesectools/sasts/tools/SemgrepCE/sast.py b/codesectools/sasts/tools/SemgrepCE/sast.py
@@ -26,7 +26,7 @@ class SemgrepCESAST(BuildlessSAST):
         supported_dataset_names (list[str]): A list of names of compatible datasets.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         output_files (list[tuple[Path, bool]]): A list of expected output files and
             whether they are required.
diff --git a/codesectools/sasts/tools/SnykCode/parser.py b/codesectools/sasts/tools/SnykCode/parser.py
@@ -54,7 +54,7 @@ class SnykCodeAnalysisResult(AnalysisResult):
     metadata, including timings, file lists, and defects.
     """
 
-    normalize_lang_names = {"cpp": ["c", "cpp"]}
+    normalize_lang_names = {"java": ["java"], "cpp": ["c", "cpp"]}
 
     def __init__(self, output_dir: Path, result_data: dict, cmdout: dict) -> None:
         """Initialize a SnykCodeAnalysisResult instance.
@@ -83,7 +83,7 @@ def __init__(self, output_dir: Path, result_data: dict, cmdout: dict) -> None:
             for result in run["results"]:
                 rule_index = result["ruleIndex"]
                 lang, *_, checker = result["ruleId"].split("/")
-                if self.lang not in self.normalize_lang_names[lang]:
+                if self.lang not in self.normalize_lang_names.get(lang, []):
                     continue
 
                 start = (
diff --git a/codesectools/sasts/tools/SnykCode/sast.py b/codesectools/sasts/tools/SnykCode/sast.py
@@ -22,7 +22,7 @@ class SnykCodeSAST(BuildlessSAST):
         supported_dataset_names (list[str]): A list of names of compatible datasets.
         properties (SASTProperties): The properties of the SAST tool.
         requirements (SASTRequirements): The requirements for the SAST tool.
-        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendred and executed.
+        commands (list[list[Union[str, tuple[str]]]]): The list of commands templates to be rendered and executed.
         valid_codes (list[int]): A list of exit codes indicating that the command did not fail.
         output_files (list[tuple[Path, bool]]): A list of expected output files and
             whether they are required.
diff --git a/codesectools/sasts/tools/SpotBugs/parser.py b/codesectools/sasts/tools/SpotBugs/parser.py
@@ -77,6 +77,7 @@ def __init__(self, output_dir: Path, result_data: dict, cmdout: dict) -> None:
                 rule_index = result["ruleIndex"]
                 checker = result["ruleId"]
 
+                # Note: All file paths are relative to the application's class path, not the project source directory.
                 partial_filepath = Path(
                     result["locations"][0]["physicalLocation"]["artifactLocation"][
                         "uri"
diff --git a/codesectools/shared/cwe.py b/codesectools/shared/cwe.py
@@ -99,6 +99,7 @@ def __init__(self) -> None:
             "Research Concepts": "1000.csv",
         }
         self.directory = USER_CACHE_DIR / "cwe"
+        self.NOCWE = CWE(id=-1, name="	Missing or invalid CWE", description="None")
 
         try:
             self.cwes = self.load()
@@ -162,7 +163,7 @@ def from_string(self, cwe_string: str) -> CWE:
         if match := re.search(r"[CWE|cwe]-(\d+)", cwe_string):
             return self.from_id(int(match.group(1)))
         else:
-            return CWE(id=-1, name="Invalid CWE", description="None")
+            return self.NOCWE
 
     def from_id(self, cwe_id: int) -> CWE:
         """Get a CWE by its identifier.
@@ -177,7 +178,7 @@ def from_id(self, cwe_id: int) -> CWE:
         try:
             return self.cwes[self.cwes.index(cwe_id)]
         except ValueError:
-            return CWE(id=-1, name="Invalid CWE", description="None")
+            return self.NOCWE
 
 
 CWEs = CWEsCollection()
diff --git a/codesectools/utils.py b/codesectools/utils.py
@@ -39,6 +39,40 @@ def DEBUG() -> bool:
 
 
 # Subprocess wrapper
+def render_command(command: list[str], map: dict[str, str]) -> list[str]:
+    """Render a command template by replacing placeholders with values.
+
+    Args:
+        command: The command template as a list of strings.
+        map: A dictionary of placeholders to their replacement values.
+
+    Returns:
+        The rendered command as a list of strings.
+
+    """
+    _command = command.copy()
+    for pattern, value in map.items():
+        for i, arg in enumerate(_command):
+            # Check if optional argument can be used
+            if isinstance(arg, tuple):
+                default_arg, optional_arg = arg
+                if pattern in optional_arg:
+                    _command[i] = arg.replace(pattern, value)
+                else:
+                    _command[i] = default_arg
+            else:
+                if pattern in arg:
+                    _command[i] = arg.replace(pattern, value)
+
+    # Remove not rendered part of the command:
+    __command = []
+    for part in _command:
+        if not ("{" in part and "}" in part):
+            __command.append(part)
+
+    return __command
+
+
 def run_command(
     command: Sequence[str], cwd: Path, env: dict[str, str] | None = None
 ) -> tuple[int | None, str]:
diff --git a/docs/dataset/profiles/benchmarkjava.yaml b/docs/dataset/profiles/benchmarkjava.yaml
@@ -14,7 +14,7 @@ requirements:
 extra: |
   !!! info "Dataset content"
     
-      - `src/main/java/org/owasp/benchmark/testcode/*`
-      - `expectedresults-1.2.csv`
+      - Test files: `src/main/java/org/owasp/benchmark/testcode/*`
+      - Labeled data: `expectedresults-1.2.csv`
 
       *Downloaded from [OWASP-Benchmark/BenchmarkJava](https://github.com/OWASP-Benchmark/BenchmarkJava).*
diff --git a/docs/sast/profiles/cppcheck.yaml b/docs/sast/profiles/cppcheck.yaml
@@ -4,7 +4,7 @@ type: Data Flow Analysis (Compiled code)
 url: https://cppcheck.sourceforge.io/
 supported_version: 2.13.0
 supported_languages:
-  - C
+  - C/C++
 legal:
   license: GPL-3.0
   license_type: Copyleft
diff --git a/docs/sast/profiles/semgrepce.yaml b/docs/sast/profiles/semgrepce.yaml
@@ -4,7 +4,7 @@ type: Pattern matching
 url: https://github.com/semgrep/semgrep
 supported_version: 1.128.1
 supported_languages:
-  - C
+  - C/C++
   - Java
 legal:
   license: LGPL-2.1
diff --git a/docs/sast/profiles/snykcode.yaml b/docs/sast/profiles/snykcode.yaml
@@ -4,7 +4,7 @@ type: Data Flow Analysis (Source code)
 url: https://docs.snyk.io/scan-with-snyk/snyk-code
 supported_version: 1.1298.3
 supported_languages:
-  - C
+  - C/C++
   - Java
 legal:
   terms: SNYK TERMS OF SERVICE
diff --git a/tests/test_sasts.py b/tests/test_sasts.py
@@ -47,7 +47,7 @@ def update_sast_module_state() -> GeneratorType:
 TEST_CODES_DIR = Path("tests/testcodes").resolve()
 TEST_CODES = {
     "java": {"build_command": "javac {filename}"},
-    "c": {"build_command": "bear -- gcc {filename}"},
+    "c": {"build_command": "bear -- g++ {filename}"},
 }
 
 ARTIFACTS_ARG = {"java": ".", "c": "compile_commands.json"}
@@ -139,7 +139,9 @@ def test_sasts_analyze(monkeypatch: pytest.MonkeyPatch) -> None | AssertionError
 
                 SAST_RESULTS[sast_name].append(Path(temp_dir).name)
 
-                result = runner.invoke(sast_cli, ["analyze", lang, "--artifacts", "."])
+                result = runner.invoke(
+                    sast_cli, ["analyze", lang, "--artifacts", ARTIFACTS_ARG[lang]]
+                )
                 assert result.exit_code == 0
                 assert "--overwrite" in result.output
 
