Skip to content

cbom reporting contextRegion line numbers, instead of specific line number (from region) #6

New issue
New issue
Open
#5
Open
cbom reporting contextRegion line numbers, instead of specific line number (from region)#6
#5
@mtcolman

Description

@mtcolman
mtcolman
opened on Dec 8, 2023

In the cbom.json, instead of reporting the specifc line of the finding, I get multiple lines:

"detectionContext": [
    {
        "additionalContext": "from hashlib import md5",
        "filePath": "sqli/dao/dummy.py",
        "lineNumbers": [
            1,
            2,
            3
        ]
    },

My output.sarif file gives two sections of detail on the finding: region and contextRegion. region gives the precise line(s) and this would be more useful in the cbom (in my opinion).

"detectionContext": [
    {
        "additionalContext": "from hashlib import md5",
        "filePath": "sqli/dao/dummy.py",
        "lineNumbers": [
            1
        ]
    },

Have created #5 with code update for this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions