SARIF output shows incorrect rule properties

Question

SARIF output shows incorrect rule properties

nierz opened this issue 4 months ago · comments

Describe the bug
GitLeaks pre v8.18.2 used to show the rule IDs in the SARIF output in the following way:

     "rules": [
      {
       "id": "adafruit-api-key",
       "name": "Adafruit API Key",
       "shortDescription": {
        "text": "(?i)(?:adafruit)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      {
       "id": "adobe-client-id",
       "name": "Adobe Client ID (OAuth Web)",
       "shortDescription": {
        "text": "(?i)(?:adobe)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      ...more rules
    ]

However, in GitLeaks v8.18.2 this was changed to:

     "rules": [
      {
       "id": "adafruit-api-key",
       "name": "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.",
       "shortDescription": {
        "text": "(?i)(?:adafruit)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      {
       "id": "adobe-client-id",
       "name": "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.",
       "shortDescription": {
        "text": "(?i)(?:adobe)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
       }
      },
      ...more rules
    ]

As you can see, the properties are wrong. The name actually changed to be a description.

To Reproduce
Steps to reproduce the behavior:

Simply run gitleaks with SARIF report format on any directory. For instance:

gitleaks detect . --report-format sarif --report-path result.json

Expected behavior
The name property should have the actual name (like it used to do), and the new name that looks like a description should go into a different SARIF property - fullDescription is a good one, here's an example from KICS's SARIF output:

"rules": [
  {
	  "id": "fd54f200-402c-4333-a5a4-36ef6709af2f",
	  "name": "Missing User Instruction",
	  "shortDescription": {
		  "text": "Missing User Instruction"
	  },
	  "fullDescription": {
		  "text": "A user should be specified in the dockerfile, otherwise the image will run as root"
	  },
   ...
  }

Basic Info:

OS: Mac OS
Gitleaks Version: 8.18.2

cc @zricethezav

Baruch Odem (Rothkoff) · Answer 1 · Thu Mar 07 2024 02:09:53 GMT+0800 (China Standard Time)

It was done by #1300.

cc @LironJit