Sonarqube report invalid columns
LeoLogeart opened this issue · comments
The startColumn and endColumn attributes of the sonarqube json output are respectively the start index and end index of the vulnerabilities. Sonar is thus unable to import the vulnerabilities.
The start and end column should be added to libast in order to easily get this value in mobfscan.
After further investigation it looks like the position libsast is retrieving is the position of the match from the beginning of the document
Yes that's what I meant by the start and end "index". It would probably be preferable to add the column matching in libast and applying them on mobsfscan rather than simply removing them from mobsfscan.
Yes, but meanwhile I created a PR to remove the columns, this way we can import it on sonarqube and another to insert the match on the description
PR is merged.
Hi @ajinabraham - could you make a release including this fix? We'd like to report our results to sonarqube.
Thanks
Will do shortly, I am working on some fixes and this will go along.