ADD: Minimal sarif output for clamscan#1674
Open
ivanchubb wants to merge 2 commits intoCisco-Talos:mainfrom
Open
ADD: Minimal sarif output for clamscan#1674ivanchubb wants to merge 2 commits intoCisco-Talos:mainfrom
ivanchubb wants to merge 2 commits intoCisco-Talos:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes: #1673
This is a PR to add a SARIF format output for clamscan. This feature will help with users who run clamav in CI pipelines and are taking actions based on the output.
This PR Is a pretty minimal implementation and the SARIF schema allows for A LOT more fidelity on the nature of the scan, it's environment, and findings. However, this is my first PR to the repo and I feel like it's big enough already. The next iteration of this would have to involve some changes to how clamscan finds infected files, right now it just logs them to stdout/stderr. In order to get that into a sarif output it'd involve storing those findings in a data structure along with which signature was associated with a positive finding. After that, when formatting, the SARIF ruleID field is a good 1:1 match for signature id.
Additionally, I broke the print_version() function up so that there is now an option to get the db build info without printing to screen as well as adding the
--sarif=FILEoption and help text.Note: I put this change in clamscan.c since it had the
s_infostruct. If it belongs better in output.c or misc.c, I can move it, but sinces_infois declared inglobal.hand none of the files in/commoninclude it already, I figured ya'll wouldn't want it there.example of the sarif output on a successful run: