@fabasoad/sarif-to-slack 1.3.1 → 1.3.3

package/test-data/sarif/codeql-go.sarif

@@ -1 +1 @@
-{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"CodeQL","organization":"GitHub","semanticVersion":"2.19.0","notifications":[{"id":"go/diagnostics/extraction-errors","name":"go/diagnostics/extraction-errors","shortDescription":{"text":"Extraction errors"},"fullDescription":{"text":"List all extraction errors for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"List all extraction errors for files in the source code directory.","id":"go/diagnostics/extraction-errors","kind":"diagnostic","name":"Extraction errors"}},{"id":"go/diagnostics/successfully-extracted-files","name":"go/diagnostics/successfully-extracted-files","shortDescription":{"text":"Extracted files"},"fullDescription":{"text":"List all files that were extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["successfully-extracted-files"],"description":"List all files that were extracted.","id":"go/diagnostics/successfully-extracted-files","kind":"diagnostic","name":"Extracted files"}},{"id":"go/baseline/expected-extracted-files","name":"go/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}},{"id":"cli/sip-enablement","name":"cli/sip-enablement","shortDescription":{"text":"macOS SIP enablement status"},"fullDescription":{"text":"macOS SIP enablement status"},"defaultConfiguration":{"enabled":true}}],"rules":[{"id":"go/stack-trace-exposure","name":"go/stack-trace-exposure","shortDescription":{"text":"Information exposure through a stack trace"},"fullDescription":{"text":"Information from a stack trace propagates to an external user. Stack traces can unintentionally reveal implementation details that are useful to an attacker for developing a subsequent exploit."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-209","external/cwe/cwe-497"],"description":"Information from a stack trace propagates to an external user.\n              Stack traces can unintentionally reveal implementation details\n              that are useful to an attacker for developing a subsequent exploit.","id":"go/stack-trace-exposure","kind":"path-problem","name":"Information exposure through a stack trace","precision":"high","problem.severity":"error","security-severity":"5.4"}},{"id":"go/unvalidated-url-redirection","name":"go/unvalidated-url-redirection","shortDescription":{"text":"Open URL redirect"},"fullDescription":{"text":"Open URL redirection based on unvalidated user input may cause redirection to malicious web sites."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-601"],"description":"Open URL redirection based on unvalidated user input\n              may cause redirection to malicious web sites.","id":"go/unvalidated-url-redirection","kind":"path-problem","name":"Open URL redirect","precision":"high","problem.severity":"warning","security-severity":"6.1"}},{"id":"go/bad-redirect-check","name":"go/bad-redirect-check","shortDescription":{"text":"Bad redirect check"},"fullDescription":{"text":"A redirect check that checks for a leading slash but not two leading slashes or a leading slash followed by a backslash is incomplete."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-601"],"description":"A redirect check that checks for a leading slash but not two\n              leading slashes or a leading slash followed by a backslash is\n              incomplete.","id":"go/bad-redirect-check","kind":"path-problem","name":"Bad redirect check","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"go/weak-crypto-key","name":"go/weak-crypto-key","shortDescription":{"text":"Use of a weak cryptographic key"},"fullDescription":{"text":"Using a weak cryptographic key can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-326"],"description":"Using a weak cryptographic key can allow an attacker to compromise security.","id":"go/weak-crypto-key","kind":"path-problem","name":"Use of a weak cryptographic key","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/insecure-tls","name":"go/insecure-tls","shortDescription":{"text":"Insecure TLS configuration"},"fullDescription":{"text":"If an application supports insecure TLS versions or ciphers, it may be vulnerable to machine-in-the-middle and other attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-327"],"description":"If an application supports insecure TLS versions or ciphers, it may be vulnerable to\n              machine-in-the-middle and other attacks.","id":"go/insecure-tls","kind":"path-problem","name":"Insecure TLS configuration","precision":"very-high","problem.severity":"warning","security-severity":"7.5"}},{"id":"go/request-forgery","name":"go/request-forgery","shortDescription":{"text":"Uncontrolled data used in network request"},"fullDescription":{"text":"Sending network requests with user-controlled data allows for request forgery attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-918"],"description":"Sending network requests with user-controlled data allows for request forgery attacks.","id":"go/request-forgery","kind":"path-problem","name":"Uncontrolled data used in network request","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"go/allocation-size-overflow","name":"go/allocation-size-overflow","shortDescription":{"text":"Size computation for allocation may overflow"},"fullDescription":{"text":"When computing the size of an allocation based on the size of a large object, the result may overflow and cause a runtime panic."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-190"],"description":"When computing the size of an allocation based on the size of a large object,\n              the result may overflow and cause a runtime panic.","id":"go/allocation-size-overflow","kind":"path-problem","name":"Size computation for allocation may overflow","precision":"high","problem.severity":"warning","security-severity":"8.1"}},{"id":"go/sql-injection","name":"go/sql-injection","shortDescription":{"text":"Database query built from user-controlled sources"},"fullDescription":{"text":"Building a database query from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-089"],"description":"Building a database query from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/sql-injection","kind":"path-problem","name":"Database query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"go/unsafe-quoting","name":"go/unsafe-quoting","shortDescription":{"text":"Potentially unsafe quoting"},"fullDescription":{"text":"If a quoted string literal is constructed from data that may itself contain quotes, the embedded data could (accidentally or intentionally) change the structure of the overall string."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-078","external/cwe/cwe-089","external/cwe/cwe-094"],"description":"If a quoted string literal is constructed from data that may itself contain quotes,\n              the embedded data could (accidentally or intentionally) change the structure of\n              the overall string.","id":"go/unsafe-quoting","kind":"path-problem","name":"Potentially unsafe quoting","precision":"high","problem.severity":"warning","security-severity":"9.3"}},{"id":"go/regex/missing-regexp-anchor","name":"go/regex/missing-regexp-anchor","shortDescription":{"text":"Missing regular expression anchor"},"fullDescription":{"text":"Regular expressions without anchors can be vulnerable to bypassing."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"Regular expressions without anchors can be vulnerable to bypassing.","id":"go/regex/missing-regexp-anchor","kind":"problem","name":"Missing regular expression anchor","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/incomplete-url-scheme-check","name":"go/incomplete-url-scheme-check","shortDescription":{"text":"Incomplete URL scheme check"},"fullDescription":{"text":"Checking for the \"javascript:\" URL scheme without also checking for \"vbscript:\" and \"data:\" suggests a logic error or even a security vulnerability."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","correctness","external/cwe/cwe-020"],"description":"Checking for the \"javascript:\" URL scheme without also checking for \"vbscript:\"\n              and \"data:\" suggests a logic error or even a security vulnerability.","id":"go/incomplete-url-scheme-check","kind":"problem","name":"Incomplete URL scheme check","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/incomplete-hostname-regexp","name":"go/incomplete-hostname-regexp","shortDescription":{"text":"Incomplete regular expression for hostnames"},"fullDescription":{"text":"Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"Matching a URL or hostname against a regular expression that contains an unescaped\n              dot as part of the hostname might match more hostnames than expected.","id":"go/incomplete-hostname-regexp","kind":"path-problem","name":"Incomplete regular expression for hostnames","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/suspicious-character-in-regex","name":"go/suspicious-character-in-regex","shortDescription":{"text":"Suspicious characters in a regular expression"},"fullDescription":{"text":"If a literal bell character or backspace appears in a regular expression, the start of text or word boundary may have been intended."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"If a literal bell character or backspace appears in a regular expression, the start of text or word boundary may have been intended.","id":"go/suspicious-character-in-regex","kind":"path-problem","name":"Suspicious characters in a regular expression","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/email-injection","name":"go/email-injection","shortDescription":{"text":"Email content injection"},"fullDescription":{"text":"Incorporating untrusted input directly into an email message can enable content spoofing, which in turn may lead to information leaks and other security issues."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-640"],"description":"Incorporating untrusted input directly into an email message can enable\n              content spoofing, which in turn may lead to information leaks and other\n              security issues.","id":"go/email-injection","kind":"path-problem","name":"Email content injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/disabled-certificate-check","name":"go/disabled-certificate-check","shortDescription":{"text":"Disabled TLS certificate check"},"fullDescription":{"text":"If an application disables TLS certificate checking, it may be vulnerable to man-in-the-middle attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-295"],"description":"If an application disables TLS certificate checking, it may be vulnerable to\n              man-in-the-middle attacks.","id":"go/disabled-certificate-check","kind":"problem","name":"Disabled TLS certificate check","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"go/missing-jwt-signature-check","name":"go/missing-jwt-signature-check","shortDescription":{"text":"Missing JWT signature check"},"fullDescription":{"text":"Failing to check the JSON Web Token (JWT) signature may allow an attacker to forge their own tokens."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-347"],"description":"Failing to check the JSON Web Token (JWT) signature may allow an attacker to forge their own tokens.","id":"go/missing-jwt-signature-check","kind":"path-problem","name":"Missing JWT signature check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"go/uncontrolled-allocation-size","name":"go/uncontrolled-allocation-size","shortDescription":{"text":"Slice memory allocation with excessive size value"},"fullDescription":{"text":"Allocating memory for slices with the built-in make function from user-controlled sources can lead to a denial of service."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-770"],"description":"Allocating memory for slices with the built-in make function from user-controlled sources can lead to a denial of service.","id":"go/uncontrolled-allocation-size","kind":"path-problem","name":"Slice memory allocation with excessive size value","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/insecure-hostkeycallback","name":"go/insecure-hostkeycallback","shortDescription":{"text":"Use of insecure HostKeyCallback implementation"},"fullDescription":{"text":"Detects insecure SSL client configurations with an implementation of the `HostKeyCallback` that accepts all host keys."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-322"],"description":"Detects insecure SSL client configurations with an implementation of the `HostKeyCallback` that accepts all host keys.","id":"go/insecure-hostkeycallback","kind":"path-problem","name":"Use of insecure HostKeyCallback implementation","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"go/clear-text-logging","name":"go/clear-text-logging","shortDescription":{"text":"Clear-text logging of sensitive information"},"fullDescription":{"text":"Logging sensitive information without encryption or hashing can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-312","external/cwe/cwe-315","external/cwe/cwe-359"],"description":"Logging sensitive information without encryption or hashing can\n              expose it to an attacker.","id":"go/clear-text-logging","kind":"path-problem","name":"Clear-text logging of sensitive information","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/constant-oauth2-state","name":"go/constant-oauth2-state","shortDescription":{"text":"Use of constant `state` value in OAuth 2.0 URL"},"fullDescription":{"text":"Using a constant value for the `state` in the OAuth 2.0 URL makes the application susceptible to CSRF attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-352"],"description":"Using a constant value for the `state` in the OAuth 2.0 URL makes the application\n              susceptible to CSRF attacks.","id":"go/constant-oauth2-state","kind":"path-problem","name":"Use of constant `state` value in OAuth 2.0 URL","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"go/insecure-randomness","name":"go/insecure-randomness","shortDescription":{"text":"Use of insufficient randomness as the key of a cryptographic algorithm"},"fullDescription":{"text":"Using insufficient randomness as the key of a cryptographic algorithm can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-338"],"description":"Using insufficient randomness as the key of a cryptographic algorithm can allow an attacker to compromise security.","id":"go/insecure-randomness","kind":"path-problem","name":"Use of insufficient randomness as the key of a cryptographic algorithm","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"go/unsafe-unzip-symlink","name":"go/unsafe-unzip-symlink","shortDescription":{"text":"Arbitrary file write extracting an archive containing symbolic links"},"fullDescription":{"text":"Extracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten. Extracting symbolic links in particular requires resolving previously extracted links to ensure the destination directory is not escaped."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022"],"description":"Extracting files from a malicious zip archive without validating that the\n              destination file path is within the destination directory can cause files outside\n              the destination directory to be overwritten. Extracting symbolic links in particular\n              requires resolving previously extracted links to ensure the destination directory\n              is not escaped.","id":"go/unsafe-unzip-symlink","kind":"path-problem","name":"Arbitrary file write extracting an archive containing symbolic links","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/zipslip","name":"go/zipslip","shortDescription":{"text":"Arbitrary file access during archive extraction (\"Zip Slip\")"},"fullDescription":{"text":"Extracting files from a malicious ZIP file, or similar type of archive, without validating that the destination file path is within the destination directory can allow an attacker to unexpectedly gain access to resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022"],"description":"Extracting files from a malicious ZIP file, or similar type of archive, without\n              validating that the destination file path is within the destination directory\n              can allow an attacker to unexpectedly gain access to resources.","id":"go/zipslip","kind":"path-problem","name":"Arbitrary file access during archive extraction (\"Zip Slip\")","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/path-injection","name":"go/path-injection","shortDescription":{"text":"Uncontrolled data used in path expression"},"fullDescription":{"text":"Accessing paths influenced by users can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022","external/cwe/cwe-023","external/cwe/cwe-036","external/cwe/cwe-073","external/cwe/cwe-099"],"description":"Accessing paths influenced by users can allow an attacker to access\n              unexpected resources.","id":"go/path-injection","kind":"path-problem","name":"Uncontrolled data used in path expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/command-injection","name":"go/command-injection","shortDescription":{"text":"Command built from user-controlled sources"},"fullDescription":{"text":"Building a system command from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-078"],"description":"Building a system command from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/command-injection","kind":"path-problem","name":"Command built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/incorrect-integer-conversion","name":"go/incorrect-integer-conversion","shortDescription":{"text":"Incorrect conversion between integer types"},"fullDescription":{"text":"Converting the result of `strconv.Atoi`, `strconv.ParseInt`, and `strconv.ParseUint` to integer types of smaller bit size can produce unexpected values."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-681"],"description":"Converting the result of `strconv.Atoi`, `strconv.ParseInt`,\n              and `strconv.ParseUint` to integer types of smaller bit size\n              can produce unexpected values.","id":"go/incorrect-integer-conversion","kind":"path-problem","name":"Incorrect conversion between integer types","precision":"very-high","problem.severity":"warning","security-severity":"8.1"}},{"id":"go/xml/xpath-injection","name":"go/xml/xpath-injection","shortDescription":{"text":"XPath injection"},"fullDescription":{"text":"Building an XPath expression from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-643"],"description":"Building an XPath expression from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/xml/xpath-injection","kind":"path-problem","name":"XPath injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/reflected-xss","name":"go/reflected-xss","shortDescription":{"text":"Reflected cross-site scripting"},"fullDescription":{"text":"Writing user input directly to an HTTP response allows for a cross-site scripting vulnerability."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-079","external/cwe/cwe-116"],"description":"Writing user input directly to an HTTP response allows for\n              a cross-site scripting vulnerability.","id":"go/reflected-xss","kind":"path-problem","name":"Reflected cross-site scripting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"go/summary/lines-of-code","name":"go/summary/lines-of-code","shortDescription":{"text":"Total lines of Go code in the database"},"fullDescription":{"text":"The total number of lines of Go code across all extracted files, including auto-generated files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","lines-of-code","debug"],"description":"The total number of lines of Go code across all extracted files, including auto-generated files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments.","id":"go/summary/lines-of-code","kind":"metric","name":"Total lines of Go code in the database"}}]},"extensions":[{"name":"codeql/go-queries","semanticVersion":"1.0.8+e99d7db428fc3981c9a1f03f03a024ac40e52f54","locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/go-all","semanticVersion":"2.0.0+e99d7db428fc3981c9a1f03f03a024ac40e52f54","taxa":[{"id":"ext/net.http.model.yml/2/15","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.http.model.yml"},"region":{"startLine":55,"startColumn":9,"endLine":55,"endColumn":9}}}},{"id":"ext/net.url.model.yml/0/15","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.url.model.yml"},"region":{"startLine":21,"startColumn":9,"endLine":21,"endColumn":9}}}},{"id":"ext/net.url.model.yml/0/22","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.url.model.yml"},"region":{"startLine":28,"startColumn":9,"endLine":28,"endColumn":9}}}}],"locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/go-all/2.0.0/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/go-all/2.0.0/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/threat-models","semanticVersion":"1.0.8+e99d7db428fc3981c9a1f03f03a024ac40e52f54","locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/threat-models/1.0.8/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/threat-models/1.0.8/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]}]},"invocations":[{"toolExecutionNotifications":[{"message":{"text":"Extraction failed with error This application uses version go1.23 of the source-processing packages but runs version go1.24 of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go."},"level":"error","descriptor":{"id":"go/diagnostics/extraction-errors","index":0},"properties":{"formattedMessage":{"text":"Extraction failed with error This application uses version go1.23 of the source-processing packages but runs version go1.24 of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go."}}},{"message":{"text":"Extraction failed in main.go with error package requires newer Go version go1.24 (application built with go1.23)"},"level":"error","descriptor":{"id":"go/diagnostics/extraction-errors","index":0},"properties":{"formattedMessage":{"text":"Extraction failed in main.go with error package requires newer Go version go1.24 (application built with go1.23)"}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"go.mod","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/diagnostics/successfully-extracted-files","index":1},"properties":{"formattedMessage":{"text":""}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/diagnostics/successfully-extracted-files","index":1},"properties":{"formattedMessage":{"text":""}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/baseline/expected-extracted-files","index":2},"properties":{"formattedMessage":{"text":""}}},{"message":{"text":""},"level":"note","timeUtc":"2025-05-09T07:59:00.815+00:00","descriptor":{"id":"cli/sip-enablement","index":3},"properties":{"attributes":{"isEnabled":true},"visibility":{"statusPage":false,"telemetry":true}}}],"executionSuccessful":true}],"artifacts":[{"location":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}},{"location":{"uri":"go.mod","uriBaseId":"%SRCROOT%","index":1}}],"results":[{"ruleId":"go/command-injection","ruleIndex":24,"rule":{"id":"go/command-injection","index":24},"message":{"text":"This command depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"e9584120171099c2:1","primaryLocationStartColumnFingerprint":"32"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":39}},"message":{"text":"selection of URL"}},"taxa":[{"index":0,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"source"}}]},{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":47}},"message":{"text":"call to Query"}},"taxa":[{"index":1,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"step"}}]},{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":58}},"message":{"text":"call to Get"}},"taxa":[{"index":2,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"step"}}]}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":39}},"message":{"text":"user-provided value"}}]}],"columnKind":"utf16CodeUnits","properties":{"semmle.formatSpecifier":"sarifv2.1.0","metricResults":[{"rule":{"id":"go/summary/lines-of-code","index":28},"ruleId":"go/summary/lines-of-code","ruleIndex":28,"value":14,"baseline":14}]}}]}
+{"$schema":"https://json.schemastore.org/sarif-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"sectools sast","organization":"GitHub","semanticVersion":"2.19.0","notifications":[{"id":"go/diagnostics/extraction-errors","name":"go/diagnostics/extraction-errors","shortDescription":{"text":"Extraction errors"},"fullDescription":{"text":"List all extraction errors for files in the source code directory."},"defaultConfiguration":{"enabled":true},"properties":{"description":"List all extraction errors for files in the source code directory.","id":"go/diagnostics/extraction-errors","kind":"diagnostic","name":"Extraction errors"}},{"id":"go/diagnostics/successfully-extracted-files","name":"go/diagnostics/successfully-extracted-files","shortDescription":{"text":"Extracted files"},"fullDescription":{"text":"List all files that were extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["successfully-extracted-files"],"description":"List all files that were extracted.","id":"go/diagnostics/successfully-extracted-files","kind":"diagnostic","name":"Extracted files"}},{"id":"go/baseline/expected-extracted-files","name":"go/baseline/expected-extracted-files","shortDescription":{"text":"Expected extracted files"},"fullDescription":{"text":"Files appearing in the source archive that are expected to be extracted."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["expected-extracted-files","telemetry"]}},{"id":"cli/sip-enablement","name":"cli/sip-enablement","shortDescription":{"text":"macOS SIP enablement status"},"fullDescription":{"text":"macOS SIP enablement status"},"defaultConfiguration":{"enabled":true}}],"rules":[{"id":"go/stack-trace-exposure","name":"go/stack-trace-exposure","shortDescription":{"text":"Information exposure through a stack trace"},"fullDescription":{"text":"Information from a stack trace propagates to an external user. Stack traces can unintentionally reveal implementation details that are useful to an attacker for developing a subsequent exploit."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-209","external/cwe/cwe-497"],"description":"Information from a stack trace propagates to an external user.\n              Stack traces can unintentionally reveal implementation details\n              that are useful to an attacker for developing a subsequent exploit.","id":"go/stack-trace-exposure","kind":"path-problem","name":"Information exposure through a stack trace","precision":"high","problem.severity":"error","security-severity":"5.4"}},{"id":"go/unvalidated-url-redirection","name":"go/unvalidated-url-redirection","shortDescription":{"text":"Open URL redirect"},"fullDescription":{"text":"Open URL redirection based on unvalidated user input may cause redirection to malicious web sites."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-601"],"description":"Open URL redirection based on unvalidated user input\n              may cause redirection to malicious web sites.","id":"go/unvalidated-url-redirection","kind":"path-problem","name":"Open URL redirect","precision":"high","problem.severity":"warning","security-severity":"6.1"}},{"id":"go/bad-redirect-check","name":"go/bad-redirect-check","shortDescription":{"text":"Bad redirect check"},"fullDescription":{"text":"A redirect check that checks for a leading slash but not two leading slashes or a leading slash followed by a backslash is incomplete."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-601"],"description":"A redirect check that checks for a leading slash but not two\n              leading slashes or a leading slash followed by a backslash is\n              incomplete.","id":"go/bad-redirect-check","kind":"path-problem","name":"Bad redirect check","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"go/weak-crypto-key","name":"go/weak-crypto-key","shortDescription":{"text":"Use of a weak cryptographic key"},"fullDescription":{"text":"Using a weak cryptographic key can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-326"],"description":"Using a weak cryptographic key can allow an attacker to compromise security.","id":"go/weak-crypto-key","kind":"path-problem","name":"Use of a weak cryptographic key","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/insecure-tls","name":"go/insecure-tls","shortDescription":{"text":"Insecure TLS configuration"},"fullDescription":{"text":"If an application supports insecure TLS versions or ciphers, it may be vulnerable to machine-in-the-middle and other attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-327"],"description":"If an application supports insecure TLS versions or ciphers, it may be vulnerable to\n              machine-in-the-middle and other attacks.","id":"go/insecure-tls","kind":"path-problem","name":"Insecure TLS configuration","precision":"very-high","problem.severity":"warning","security-severity":"7.5"}},{"id":"go/request-forgery","name":"go/request-forgery","shortDescription":{"text":"Uncontrolled data used in network request"},"fullDescription":{"text":"Sending network requests with user-controlled data allows for request forgery attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-918"],"description":"Sending network requests with user-controlled data allows for request forgery attacks.","id":"go/request-forgery","kind":"path-problem","name":"Uncontrolled data used in network request","precision":"high","problem.severity":"error","security-severity":"9.1"}},{"id":"go/allocation-size-overflow","name":"go/allocation-size-overflow","shortDescription":{"text":"Size computation for allocation may overflow"},"fullDescription":{"text":"When computing the size of an allocation based on the size of a large object, the result may overflow and cause a runtime panic."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-190"],"description":"When computing the size of an allocation based on the size of a large object,\n              the result may overflow and cause a runtime panic.","id":"go/allocation-size-overflow","kind":"path-problem","name":"Size computation for allocation may overflow","precision":"high","problem.severity":"warning","security-severity":"8.1"}},{"id":"go/sql-injection","name":"go/sql-injection","shortDescription":{"text":"Database query built from user-controlled sources"},"fullDescription":{"text":"Building a database query from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-089"],"description":"Building a database query from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/sql-injection","kind":"path-problem","name":"Database query built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"go/unsafe-quoting","name":"go/unsafe-quoting","shortDescription":{"text":"Potentially unsafe quoting"},"fullDescription":{"text":"If a quoted string literal is constructed from data that may itself contain quotes, the embedded data could (accidentally or intentionally) change the structure of the overall string."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-078","external/cwe/cwe-089","external/cwe/cwe-094"],"description":"If a quoted string literal is constructed from data that may itself contain quotes,\n              the embedded data could (accidentally or intentionally) change the structure of\n              the overall string.","id":"go/unsafe-quoting","kind":"path-problem","name":"Potentially unsafe quoting","precision":"high","problem.severity":"warning","security-severity":"9.3"}},{"id":"go/regex/missing-regexp-anchor","name":"go/regex/missing-regexp-anchor","shortDescription":{"text":"Missing regular expression anchor"},"fullDescription":{"text":"Regular expressions without anchors can be vulnerable to bypassing."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"Regular expressions without anchors can be vulnerable to bypassing.","id":"go/regex/missing-regexp-anchor","kind":"problem","name":"Missing regular expression anchor","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/incomplete-url-scheme-check","name":"go/incomplete-url-scheme-check","shortDescription":{"text":"Incomplete URL scheme check"},"fullDescription":{"text":"Checking for the \"javascript:\" URL scheme without also checking for \"vbscript:\" and \"data:\" suggests a logic error or even a security vulnerability."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","correctness","external/cwe/cwe-020"],"description":"Checking for the \"javascript:\" URL scheme without also checking for \"vbscript:\"\n              and \"data:\" suggests a logic error or even a security vulnerability.","id":"go/incomplete-url-scheme-check","kind":"problem","name":"Incomplete URL scheme check","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/incomplete-hostname-regexp","name":"go/incomplete-hostname-regexp","shortDescription":{"text":"Incomplete regular expression for hostnames"},"fullDescription":{"text":"Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"Matching a URL or hostname against a regular expression that contains an unescaped\n              dot as part of the hostname might match more hostnames than expected.","id":"go/incomplete-hostname-regexp","kind":"path-problem","name":"Incomplete regular expression for hostnames","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/suspicious-character-in-regex","name":"go/suspicious-character-in-regex","shortDescription":{"text":"Suspicious characters in a regular expression"},"fullDescription":{"text":"If a literal bell character or backspace appears in a regular expression, the start of text or word boundary may have been intended."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["correctness","security","external/cwe/cwe-20"],"description":"If a literal bell character or backspace appears in a regular expression, the start of text or word boundary may have been intended.","id":"go/suspicious-character-in-regex","kind":"path-problem","name":"Suspicious characters in a regular expression","precision":"high","problem.severity":"warning","security-severity":"7.8"}},{"id":"go/email-injection","name":"go/email-injection","shortDescription":{"text":"Email content injection"},"fullDescription":{"text":"Incorporating untrusted input directly into an email message can enable content spoofing, which in turn may lead to information leaks and other security issues."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-640"],"description":"Incorporating untrusted input directly into an email message can enable\n              content spoofing, which in turn may lead to information leaks and other\n              security issues.","id":"go/email-injection","kind":"path-problem","name":"Email content injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/disabled-certificate-check","name":"go/disabled-certificate-check","shortDescription":{"text":"Disabled TLS certificate check"},"fullDescription":{"text":"If an application disables TLS certificate checking, it may be vulnerable to man-in-the-middle attacks."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-295"],"description":"If an application disables TLS certificate checking, it may be vulnerable to\n              man-in-the-middle attacks.","id":"go/disabled-certificate-check","kind":"problem","name":"Disabled TLS certificate check","precision":"high","problem.severity":"warning","security-severity":"7.5"}},{"id":"go/missing-jwt-signature-check","name":"go/missing-jwt-signature-check","shortDescription":{"text":"Missing JWT signature check"},"fullDescription":{"text":"Failing to check the JSON Web Token (JWT) signature may allow an attacker to forge their own tokens."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-347"],"description":"Failing to check the JSON Web Token (JWT) signature may allow an attacker to forge their own tokens.","id":"go/missing-jwt-signature-check","kind":"path-problem","name":"Missing JWT signature check","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"go/uncontrolled-allocation-size","name":"go/uncontrolled-allocation-size","shortDescription":{"text":"Slice memory allocation with excessive size value"},"fullDescription":{"text":"Allocating memory for slices with the built-in make function from user-controlled sources can lead to a denial of service."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-770"],"description":"Allocating memory for slices with the built-in make function from user-controlled sources can lead to a denial of service.","id":"go/uncontrolled-allocation-size","kind":"path-problem","name":"Slice memory allocation with excessive size value","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/insecure-hostkeycallback","name":"go/insecure-hostkeycallback","shortDescription":{"text":"Use of insecure HostKeyCallback implementation"},"fullDescription":{"text":"Detects insecure SSL client configurations with an implementation of the `HostKeyCallback` that accepts all host keys."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-322"],"description":"Detects insecure SSL client configurations with an implementation of the `HostKeyCallback` that accepts all host keys.","id":"go/insecure-hostkeycallback","kind":"path-problem","name":"Use of insecure HostKeyCallback implementation","precision":"high","problem.severity":"warning","security-severity":"8.2"}},{"id":"go/clear-text-logging","name":"go/clear-text-logging","shortDescription":{"text":"Clear-text logging of sensitive information"},"fullDescription":{"text":"Logging sensitive information without encryption or hashing can expose it to an attacker."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-312","external/cwe/cwe-315","external/cwe/cwe-359"],"description":"Logging sensitive information without encryption or hashing can\n              expose it to an attacker.","id":"go/clear-text-logging","kind":"path-problem","name":"Clear-text logging of sensitive information","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/constant-oauth2-state","name":"go/constant-oauth2-state","shortDescription":{"text":"Use of constant `state` value in OAuth 2.0 URL"},"fullDescription":{"text":"Using a constant value for the `state` in the OAuth 2.0 URL makes the application susceptible to CSRF attacks."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-352"],"description":"Using a constant value for the `state` in the OAuth 2.0 URL makes the application\n              susceptible to CSRF attacks.","id":"go/constant-oauth2-state","kind":"path-problem","name":"Use of constant `state` value in OAuth 2.0 URL","precision":"high","problem.severity":"error","security-severity":"8.8"}},{"id":"go/insecure-randomness","name":"go/insecure-randomness","shortDescription":{"text":"Use of insufficient randomness as the key of a cryptographic algorithm"},"fullDescription":{"text":"Using insufficient randomness as the key of a cryptographic algorithm can allow an attacker to compromise security."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-338"],"description":"Using insufficient randomness as the key of a cryptographic algorithm can allow an attacker to compromise security.","id":"go/insecure-randomness","kind":"path-problem","name":"Use of insufficient randomness as the key of a cryptographic algorithm","precision":"high","problem.severity":"error","security-severity":"7.8"}},{"id":"go/unsafe-unzip-symlink","name":"go/unsafe-unzip-symlink","shortDescription":{"text":"Arbitrary file write extracting an archive containing symbolic links"},"fullDescription":{"text":"Extracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten. Extracting symbolic links in particular requires resolving previously extracted links to ensure the destination directory is not escaped."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022"],"description":"Extracting files from a malicious zip archive without validating that the\n              destination file path is within the destination directory can cause files outside\n              the destination directory to be overwritten. Extracting symbolic links in particular\n              requires resolving previously extracted links to ensure the destination directory\n              is not escaped.","id":"go/unsafe-unzip-symlink","kind":"path-problem","name":"Arbitrary file write extracting an archive containing symbolic links","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/zipslip","name":"go/zipslip","shortDescription":{"text":"Arbitrary file access during archive extraction (\"Zip Slip\")"},"fullDescription":{"text":"Extracting files from a malicious ZIP file, or similar type of archive, without validating that the destination file path is within the destination directory can allow an attacker to unexpectedly gain access to resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022"],"description":"Extracting files from a malicious ZIP file, or similar type of archive, without\n              validating that the destination file path is within the destination directory\n              can allow an attacker to unexpectedly gain access to resources.","id":"go/zipslip","kind":"path-problem","name":"Arbitrary file access during archive extraction (\"Zip Slip\")","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/path-injection","name":"go/path-injection","shortDescription":{"text":"Uncontrolled data used in path expression"},"fullDescription":{"text":"Accessing paths influenced by users can allow an attacker to access unexpected resources."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-022","external/cwe/cwe-023","external/cwe/cwe-036","external/cwe/cwe-073","external/cwe/cwe-099"],"description":"Accessing paths influenced by users can allow an attacker to access\n              unexpected resources.","id":"go/path-injection","kind":"path-problem","name":"Uncontrolled data used in path expression","precision":"high","problem.severity":"error","security-severity":"7.5"}},{"id":"go/command-injection","name":"go/command-injection","shortDescription":{"text":"Command built from user-controlled sources"},"fullDescription":{"text":"Building a system command from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-078"],"description":"Building a system command from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/command-injection","kind":"path-problem","name":"Command built from user-controlled sources","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/incorrect-integer-conversion","name":"go/incorrect-integer-conversion","shortDescription":{"text":"Incorrect conversion between integer types"},"fullDescription":{"text":"Converting the result of `strconv.Atoi`, `strconv.ParseInt`, and `strconv.ParseUint` to integer types of smaller bit size can produce unexpected values."},"defaultConfiguration":{"enabled":true,"level":"warning"},"properties":{"tags":["security","external/cwe/cwe-190","external/cwe/cwe-681"],"description":"Converting the result of `strconv.Atoi`, `strconv.ParseInt`,\n              and `strconv.ParseUint` to integer types of smaller bit size\n              can produce unexpected values.","id":"go/incorrect-integer-conversion","kind":"path-problem","name":"Incorrect conversion between integer types","precision":"very-high","problem.severity":"warning","security-severity":"8.1"}},{"id":"go/xml/xpath-injection","name":"go/xml/xpath-injection","shortDescription":{"text":"XPath injection"},"fullDescription":{"text":"Building an XPath expression from user-controlled sources is vulnerable to insertion of malicious code by the user."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-643"],"description":"Building an XPath expression from user-controlled sources is vulnerable to insertion of\n              malicious code by the user.","id":"go/xml/xpath-injection","kind":"path-problem","name":"XPath injection","precision":"high","problem.severity":"error","security-severity":"9.8"}},{"id":"go/reflected-xss","name":"go/reflected-xss","shortDescription":{"text":"Reflected cross-site scripting"},"fullDescription":{"text":"Writing user input directly to an HTTP response allows for a cross-site scripting vulnerability."},"defaultConfiguration":{"enabled":true,"level":"error"},"properties":{"tags":["security","external/cwe/cwe-079","external/cwe/cwe-116"],"description":"Writing user input directly to an HTTP response allows for\n              a cross-site scripting vulnerability.","id":"go/reflected-xss","kind":"path-problem","name":"Reflected cross-site scripting","precision":"high","problem.severity":"error","security-severity":"6.1"}},{"id":"go/summary/lines-of-code","name":"go/summary/lines-of-code","shortDescription":{"text":"Total lines of Go code in the database"},"fullDescription":{"text":"The total number of lines of Go code across all extracted files, including auto-generated files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments."},"defaultConfiguration":{"enabled":true},"properties":{"tags":["summary","lines-of-code","debug"],"description":"The total number of lines of Go code across all extracted files, including auto-generated files. This is a useful metric of the size of a database. For all files that were seen during the build, this query counts the lines of code, excluding whitespace or comments.","id":"go/summary/lines-of-code","kind":"metric","name":"Total lines of Go code in the database"}}]},"extensions":[{"name":"codeql/go-queries","semanticVersion":"1.0.8+e99d7db428fc3981c9a1f03f03a024ac40e52f54","locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/go-all","semanticVersion":"2.0.0+e99d7db428fc3981c9a1f03f03a024ac40e52f54","taxa":[{"id":"ext/net.http.model.yml/2/15","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.http.model.yml"},"region":{"startLine":55,"startColumn":9,"endLine":55,"endColumn":9}}}},{"id":"ext/net.url.model.yml/0/15","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.url.model.yml"},"region":{"startLine":21,"startColumn":9,"endLine":21,"endColumn":9}}}},{"id":"ext/net.url.model.yml/0/22","properties":{"CodeQL/DataExtensionLocation":{"artifactLocation":{"uri":"ext/net.url.model.yml"},"region":{"startLine":28,"startColumn":9,"endLine":28,"endColumn":9}}}}],"locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/go-all/2.0.0/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/go-all/2.0.0/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]},{"name":"codeql/threat-models","semanticVersion":"1.0.8+e99d7db428fc3981c9a1f03f03a024ac40e52f54","locations":[{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/threat-models/1.0.8/","description":{"text":"The QL pack root directory."},"properties":{"tags":["CodeQL/LocalPackRoot"]}},{"uri":"file:///Users/john.doe/.local/bin/codeql/qlpacks/codeql/go-queries/1.0.8/.codeql/libraries/codeql/threat-models/1.0.8/qlpack.yml","description":{"text":"The QL pack definition file."},"properties":{"tags":["CodeQL/LocalPackDefinitionFile"]}}]}]},"invocations":[{"toolExecutionNotifications":[{"message":{"text":"Extraction failed with error This application uses version go1.23 of the source-processing packages but runs version go1.24 of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go."},"level":"error","descriptor":{"id":"go/diagnostics/extraction-errors","index":0},"properties":{"formattedMessage":{"text":"Extraction failed with error This application uses version go1.23 of the source-processing packages but runs version go1.24 of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go."}}},{"message":{"text":"Extraction failed in main.go with error package requires newer Go version go1.24 (application built with go1.23)"},"level":"error","descriptor":{"id":"go/diagnostics/extraction-errors","index":0},"properties":{"formattedMessage":{"text":"Extraction failed in main.go with error package requires newer Go version go1.24 (application built with go1.23)"}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"go.mod","uriBaseId":"%SRCROOT%","index":1}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/diagnostics/successfully-extracted-files","index":1},"properties":{"formattedMessage":{"text":""}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/diagnostics/successfully-extracted-files","index":1},"properties":{"formattedMessage":{"text":""}}},{"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}}}],"message":{"text":""},"level":"none","descriptor":{"id":"go/baseline/expected-extracted-files","index":2},"properties":{"formattedMessage":{"text":""}}},{"message":{"text":""},"level":"note","timeUtc":"2025-05-09T07:59:00.815+00:00","descriptor":{"id":"cli/sip-enablement","index":3},"properties":{"attributes":{"isEnabled":true},"visibility":{"statusPage":false,"telemetry":true}}}],"executionSuccessful":true}],"artifacts":[{"location":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0}},{"location":{"uri":"go.mod","uriBaseId":"%SRCROOT%","index":1}}],"results":[{"ruleId":"go/command-injection","ruleIndex":24,"rule":{"id":"go/command-injection","index":24},"message":{"text":"This command depends on a [user-provided value](1)."},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":58}}}],"partialFingerprints":{"primaryLocationLineHash":"e9584120171099c2:1","primaryLocationStartColumnFingerprint":"32"},"codeFlows":[{"threadFlows":[{"locations":[{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":39}},"message":{"text":"selection of URL"}},"taxa":[{"index":0,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"source"}}]},{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":47}},"message":{"text":"call to Query"}},"taxa":[{"index":1,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"step"}}]},{"location":{"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":58}},"message":{"text":"call to Get"}},"taxa":[{"index":2,"toolComponent":{"index":1},"properties":{"CodeQL/DataflowRole":"step"}}]}]}]}],"relatedLocations":[{"id":1,"physicalLocation":{"artifactLocation":{"uri":"main.go","uriBaseId":"%SRCROOT%","index":0},"region":{"startLine":10,"startColumn":34,"endColumn":39}},"message":{"text":"user-provided value"}}]}],"columnKind":"utf16CodeUnits","properties":{"semmle.formatSpecifier":"sarifv2.1.0","metricResults":[{"rule":{"id":"go/summary/lines-of-code","index":28},"ruleId":"go/summary/lines-of-code","ruleIndex":28,"value":14,"baseline":14}]}}]}

package/test-data/sarif/runs-1-extensions-1-results-0.sarif

@@ -6,11 +6,11 @@
       "tool": {
         "driver": {
           "language": "en-US",
-          "name": "Snyk Open Source"
+          "name": "sectools sca"
         },
         "extensions": [
           {
-            "name": "Snyk Open Source Extension",
+            "name": "Snyk Open Source",
             "properties": {
               "artifactsScanned": 6
             },

package/test-data/sarif/snyk-hex.sarif

@@ -5,7 +5,7 @@
     {
       "tool": {
         "driver": {
-          "name": "Snyk Open Source",
+          "name": "sectools sca",
           "properties": {
             "artifactsScanned": 6
           },

package/tests/integration/SendSarifToSlack.spec.ts

@@ -1,36 +1,12 @@
+import { z, ZodSafeParseResult } from 'zod';
 import {
   Color,
-  LogLevel,
   RepresentationType, SarifFileExtension,
   SarifToSlackClient,
   SendIf
-} from '../../src'
+} from '../../src';
 
 describe('(integration): SendSarifToSlack', (): void => {
-  function processLogLevel(logLevel?: string): LogLevel | undefined {
-    if (!logLevel) {
-      return undefined
-    }
-    switch (logLevel.toLowerCase()) {
-      case 'silly':
-        return LogLevel.Silly
-      case 'trace':
-        return LogLevel.Trace
-      case 'debug':
-        return LogLevel.Debug
-      case 'info':
-        return LogLevel.Info
-      case 'warning':
-        return LogLevel.Warning
-      case 'error':
-        return LogLevel.Error
-      case 'fatal':
-        return LogLevel.Fatal
-      default:
-        throw new Error(`Unknown log level: ${logLevel}`)
-    }
-  }
-
   function processSarifExtension(extension: string): SarifFileExtension {
     const allowed: string[] = ['sarif', 'json']
     if (allowed.includes(extension)) {
@@ -62,6 +38,18 @@ describe('(integration): SendSarifToSlack', (): void => {
         return RepresentationType.CompactTotalPerLevel
       case 'compact-total-per-severity':
         return RepresentationType.CompactTotalPerSeverity
+      case 'table-group-by-run-per-level':
+        return RepresentationType.TableGroupByRunPerLevel
+      case 'table-group-by-run-per-severity':
+        return RepresentationType.TableGroupByRunPerSeverity
+      case 'table-group-by-tool-name-per-level':
+        return RepresentationType.TableGroupByToolNamePerLevel
+      case 'table-group-by-tool-name-per-severity':
+        return RepresentationType.TableGroupByToolNamePerSeverity
+      case 'table-group-by-sarif-per-level':
+        return RepresentationType.TableGroupBySarifPerLevel
+      case 'table-group-by-sarif-per-severity':
+        return RepresentationType.TableGroupBySarifPerSeverity
       default:
         return undefined
     }
@@ -101,64 +89,66 @@ describe('(integration): SendSarifToSlack', (): void => {
     }
   }
 
-  test('Should send Sarif to Slack', async () => {
-    const client: SarifToSlackClient = await SarifToSlackClient.create({
-      webhookUrl: process.env.SARIF_TO_SLACK_WEBHOOK_URL as string,
-      username: process.env.SARIF_TO_SLACK_USERNAME,
-      iconUrl: process.env.SARIF_TO_SLACK_ICON_URL,
-      color: {
-        default: Color.from(process.env.SARIF_TO_SLACK_COLOR),
-        empty: Color.from(process.env.SARIF_TO_SLACK_COLOR_EMPTY),
-        byLevel: {
-          error: Color.from(process.env.SARIF_TO_SLACK_COLOR_ERROR),
-          warning: Color.from(process.env.SARIF_TO_SLACK_COLOR_WARNING),
-          note: Color.from(process.env.SARIF_TO_SLACK_COLOR_NOTE),
-          none: Color.from(process.env.SARIF_TO_SLACK_COLOR_NONE),
-          unknown: Color.from(process.env.SARIF_TO_SLACK_COLOR_UNKNOWN),
+  test('should send Sarif to Slack', async () => {
+    const recursiveParseResult: ZodSafeParseResult<boolean> = z
+      .stringbool()
+      .safeParse(process.env.SARIF_TO_SLACK_SARIF_PATH_RECURSIVE);
+    const sarifExtensionParseResult: ZodSafeParseResult<SarifFileExtension> = z
+      .string()
+      .transform(processSarifExtension)
+      .safeParse(process.env.SARIF_TO_SLACK_SARIF_FILE_EXTENSION);
+    const includeRunParseResult: ZodSafeParseResult<boolean> = z
+      .stringbool()
+      .safeParse(process.env.SARIF_TO_SLACK_INCLUDE_RUN);
+
+    const client: SarifToSlackClient = await SarifToSlackClient.create(
+      process.env.SARIF_TO_SLACK_WEBHOOK_URL as string,
+      {
+        username: process.env.SARIF_TO_SLACK_USERNAME,
+        iconUrl: process.env.SARIF_TO_SLACK_ICON_URL,
+        color: {
+          default: Color.from(process.env.SARIF_TO_SLACK_COLOR),
+          empty: Color.from(process.env.SARIF_TO_SLACK_COLOR_EMPTY),
+          byLevel: {
+            error: Color.from(process.env.SARIF_TO_SLACK_COLOR_ERROR),
+            warning: Color.from(process.env.SARIF_TO_SLACK_COLOR_WARNING),
+            note: Color.from(process.env.SARIF_TO_SLACK_COLOR_NOTE),
+            none: Color.from(process.env.SARIF_TO_SLACK_COLOR_NONE),
+            unknown: Color.from(process.env.SARIF_TO_SLACK_COLOR_UNKNOWN),
+          },
+          bySeverity: {
+            critical: Color.from(process.env.SARIF_TO_SLACK_COLOR_CRITICAL),
+            high: Color.from(process.env.SARIF_TO_SLACK_COLOR_HIGH),
+            medium: Color.from(process.env.SARIF_TO_SLACK_COLOR_MEDIUM),
+            low: Color.from(process.env.SARIF_TO_SLACK_COLOR_LOW),
+            none: Color.from(process.env.SARIF_TO_SLACK_COLOR_NONE),
+            unknown: Color.from(process.env.SARIF_TO_SLACK_COLOR_UNKNOWN),
+          },
+        },
+        sarif: {
+          path: process.env.SARIF_TO_SLACK_SARIF_PATH as string,
+          recursive: recursiveParseResult.success ? recursiveParseResult.data : false,
+          extension: sarifExtensionParseResult.success ? sarifExtensionParseResult.data : 'sarif',
+        },
+        header: {
+          include: process.env.SARIF_TO_SLACK_HEADER !== 'skip',
+          value: process.env.SARIF_TO_SLACK_HEADER,
+        },
+        footer: {
+          include: process.env.SARIF_TO_SLACK_FOOTER !== 'skip',
+          value: process.env.SARIF_TO_SLACK_FOOTER,
+        },
+        actor: {
+          include: process.env.SARIF_TO_SLACK_ACTOR !== 'skip',
+          value: process.env.SARIF_TO_SLACK_ACTOR,
         },
-        bySeverity: {
-          critical: Color.from(process.env.SARIF_TO_SLACK_COLOR_CRITICAL),
-          high: Color.from(process.env.SARIF_TO_SLACK_COLOR_HIGH),
-          medium: Color.from(process.env.SARIF_TO_SLACK_COLOR_MEDIUM),
-          low: Color.from(process.env.SARIF_TO_SLACK_COLOR_LOW),
-          none: Color.from(process.env.SARIF_TO_SLACK_COLOR_NONE),
-          unknown: Color.from(process.env.SARIF_TO_SLACK_COLOR_UNKNOWN),
+        run: {
+          include: includeRunParseResult.success ? includeRunParseResult.data : false,
         },
-      },
-      sarif: {
-        path: process.env.SARIF_TO_SLACK_SARIF_PATH as string,
-        recursive: process.env.SARIF_TO_SLACK_SARIF_PATH_RECURSIVE
-          ? process.env.SARIF_TO_SLACK_SARIF_PATH_RECURSIVE.toLowerCase() === 'true'
-          : false,
-        extension: process.env.SARIF_TO_SLACK_SARIF_FILE_EXTENSION
-          ? processSarifExtension(process.env.SARIF_TO_SLACK_SARIF_FILE_EXTENSION)
-          : 'sarif',
-      },
-      log: {
-        level: processLogLevel(process.env.SARIF_TO_SLACK_LOG_LEVEL),
-        template: process.env.SARIF_TO_SLACK_LOG_TEMPLATE,
-        colored: process.env.SARIF_TO_SLACK_LOG_COLORED
-          ? Boolean(process.env.SARIF_TO_SLACK_LOG_COLORED)
-          : true,
-      },
-      header: {
-        include: process.env.SARIF_TO_SLACK_HEADER !== 'skip',
-        value: process.env.SARIF_TO_SLACK_HEADER,
-      },
-      footer: {
-        include: process.env.SARIF_TO_SLACK_FOOTER !== 'skip',
-        value: process.env.SARIF_TO_SLACK_FOOTER,
-      },
-      actor: {
-        include: process.env.SARIF_TO_SLACK_ACTOR !== 'skip',
-        value: process.env.SARIF_TO_SLACK_ACTOR,
-      },
-      run: {
-        include: Boolean(process.env.SARIF_TO_SLACK_INCLUDE_RUN),
-      },
-      representation: processRepresentationType(process.env.SARIF_TO_SLACK_REPRESENTATION),
-      sendIf: processSendIf(process.env.SARIF_TO_SLACK_SEND_IF),
-    })
-    await client.send()
+        representation: processRepresentationType(process.env.SARIF_TO_SLACK_REPRESENTATION),
+        sendIf: processSendIf(process.env.SARIF_TO_SLACK_SEND_IF),
+      }
+    );
+    await client.send();
   })
 })

package/tests/representations/table/Table.spec.ts

@@ -0,0 +1,174 @@
+import Table from '../../../src/representations/table/Table';
+import { randomAlphabetic } from '../../../src/utils/StringUtils';
+
+describe('(unit): Table', (): void => {
+  describe('toString()', (): void => {
+    const TOTAL_HEADER = 'Total';
+
+    test.each([
+      [4, TOTAL_HEADER.length, 6],
+      [3, TOTAL_HEADER.length, 4],
+      [6, TOTAL_HEADER.length, 7],
+      [4, TOTAL_HEADER.length, 3],
+      [7, TOTAL_HEADER.length, 6],
+      [6, TOTAL_HEADER.length, 4],
+    ])('should pass when header=%s, total=%s and row=%s', (h: number, t: number, r: number): void => {
+      const expectedSize: number = Math.max(h, t, r);
+
+      const fill = (v: string, s: number, c: string = ' '): string => {
+        return v + (
+          v.length < s ? c.repeat(s - v.length) : ''
+        );
+      }
+
+      const main: string = randomAlphabetic(h);
+      const row: string = randomAlphabetic(r);
+      const column: string = randomAlphabetic(1);
+
+      const table = new Table({ main, columns: [column], rows: [row] });
+      table.set(0, 0, 1);
+      expect(table.toString()).toEqual(` | ${fill(main, expectedSize)} | ${column} | Total | 
+ | ${fill('-', expectedSize, '-')} | - | ----- | 
+ | ${fill(row, expectedSize)} | 1 | 1     | 
+ | ${fill('-', expectedSize, '-')} | - | ----- | 
+ | ${fill(TOTAL_HEADER, expectedSize)} | 1 | 1     | `);
+    });
+
+    test.each(
+      [[0, 1], [1, 0], [0, 0]]
+    )('should pass when rows size is %s and columns size is %s', (r: number, c: number): void => {
+      const table = new Table({
+        columns: Array.from({ length: c }, (): string => randomAlphabetic(1)),
+        rows: Array.from({ length: r }, (): string => randomAlphabetic(1)),
+      });
+      for (let i: number = 0; i < r; i++) {
+        for (let j: number = 0; j < c; j++) {
+          table.set(i, j, 1);
+        }
+      }
+      expect(table.toString()).toEqual('');
+    });
+  })
+
+ //  test('should prepare string correctly when "Total" is longer', (): void => {
+ //    const table = new Table({
+ //      rows: ['a', 'abc', 'ab'],
+ //      columns: ['x', 'xyz', 'xy']
+ //    })
+ //    table.set(0, 0, 1)
+ //    table.set(0, 1, 1)
+ //    table.set(0, 2, 1)
+ //    table.set(1, 0, 1)
+ //    table.set(2, 0, 1)
+ //    table.set(1, 1, 1)
+ //    table.set(2, 1, 1)
+ //    table.set(1, 2, 1)
+ //    table.set(2, 2, 1)
+ //    expect(table.toString()).toEqual(` |       | x | xyz | xy | Total |
+ // | ----- | - | --- | -- | ----- |
+ // | a     | 1 | 1   | 1  | 3     |
+ // | abc   | 1 | 1   | 1  | 3     |
+ // | ab    | 1 | 1   | 1  | 3     |
+ // | ----- | - | --- | -- | ----- |
+ // | Total | 3 | 3   | 3  | 9     | `)
+ //  })
+ //
+ //  test('should prepare string correctly when "Total" is shorter', (): void => {
+ //    const table = new Table({
+ //      rows: ['a', 'abcdef', 'ab'],
+ //      columns: ['x', 'xyz', 'xy']
+ //    })
+ //    table.set(0, 0, 1)
+ //    table.set(0, 1, 1)
+ //    table.set(0, 2, 99998)
+ //    table.set(1, 0, 1)
+ //    table.set(2, 0, 1)
+ //    table.set(1, 1, 1)
+ //    table.set(2, 1, 1)
+ //    table.set(1, 2, 1)
+ //    table.set(2, 2, 1)
+ //    expect(table.toString()).toEqual(` |        | x | xyz | xy     | Total  |
+ // | ------ | - | --- | ------ | ------ |
+ // | a      | 1 | 1   | 99998  | 100000 |
+ // | abcdef | 1 | 1   | 1      | 3      |
+ // | ab     | 1 | 1   | 1      | 3      |
+ // | ------ | - | --- | ------ | ------ |
+ // | Total  | 3 | 3   | 100000 | 100006 | `)
+ //  })
+ //
+ //  test('should prepare string correctly when rows less than columns', (): void => {
+ //    const table = new Table({
+ //      rows: ['a'],
+ //      columns: ['x', 'xyz', 'xy']
+ //    })
+ //    table.set(0, 0, 1)
+ //    table.set(0, 1, 1)
+ //    table.set(0, 2, 99998)
+ //    expect(table.toString()).toEqual(` |       | x | xyz | xy    | Total  |
+ // | ----- | - | --- | ----- | ------ |
+ // | a     | 1 | 1   | 99998 | 100000 |
+ // | ----- | - | --- | ----- | ------ |
+ // | Total | 1 | 1   | 99998 | 100000 | `)
+ //  })
+ //
+ //  test('should prepare string correctly when rows more than columns', (): void => {
+ //    const table = new Table({
+ //      rows: ['a', 'abcdef', 'ab'],
+ //      columns: ['x']
+ //    })
+ //    table.set(0, 0, 35000)
+ //    table.set(1, 0, 35000)
+ //    table.set(2, 0, 30000)
+ //    expect(table.toString()).toEqual(` |        | x      | Total  |
+ // | ------ | ------ | ------ |
+ // | a      | 35000  | 35000  |
+ // | abcdef | 35000  | 35000  |
+ // | ab     | 30000  | 30000  |
+ // | ------ | ------ | ------ |
+ // | Total  | 100000 | 100000 | `)
+ //  })
+ //
+ //  test('should prepare string correctly when row and column headers are short', (): void => {
+ //    const table = new Table({
+ //      rows: ['a', 'b', 'c'],
+ //      columns: ['x']
+ //    })
+ //    table.set(0, 0, 35000)
+ //    table.set(1, 0, 64999)
+ //    table.set(2, 0, 1)
+ //    expect(table.toString()).toEqual(` |       | x      | Total  |
+ // | ----- | ------ | ------ |
+ // | a     | 35000  | 35000  |
+ // | b     | 64999  | 64999  |
+ // | c     | 1      | 1      |
+ // | ----- | ------ | ------ |
+ // | Total | 100000 | 100000 | `)
+ //  })
+ //
+ //  test('should prepare string correctly when row and column headers are numbers', (): void => {
+ //    const table = new Table({
+ //      rows: ['1'],
+ //      columns: ['1']
+ //    })
+ //    table.set(0, 0, 1)
+ //    expect(table.toString()).toEqual(` |       | 1 | Total |
+ // | ----- | - | ----- |
+ // | 1     | 1 | 1     |
+ // | ----- | - | ----- |
+ // | Total | 1 | 1     | `)
+ //  })
+ //
+ //  test('should prepare string correctly when main header is longer than "Total"', (): void => {
+ //    const table = new Table({
+ //      main: 'abz',
+ //      rows: ['1'],
+ //      columns: ['1']
+ //    })
+ //    table.set(0, 0, 1)
+ //    expect(table.toString()).toEqual(` |       | 1 | Total |
+ // | ----- | - | ----- |
+ // | 1     | 1 | 1     |
+ // | ----- | - | ----- |
+ // | Total | 1 | 1     | `)
+ //  })
+})

package/dist/System.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=System.d.ts.map

package/dist/System.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"System.d.ts","sourceRoot":"","sources":["../src/System.ts"],"names":[],"mappings":""}

package/dist/System.js

@@ -1,15 +0,0 @@
-import { version, sha, buildAt } from './metadata.json';
-import Logger from './Logger';
-/**
- * This class prints metadata information into the logs, such as library version,
- * SHA and build time.
- * @internal
- */
-export default class System {
-    static initialize() {
-        Logger.info(`@fabasoad/sarif-to-slack version: ${version}`);
-        Logger.info(`@fabasoad/sarif-to-slack sha: ${sha}`);
-        Logger.info(`@fabasoad/sarif-to-slack built at: ${buildAt}`);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiU3lzdGVtLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL1N5c3RlbS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsT0FBTyxFQUFFLEdBQUcsRUFBRSxPQUFPLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQTtBQUN2RCxPQUFPLE1BQU0sTUFBTSxVQUFVLENBQUE7QUFFN0I7Ozs7R0FJRztBQUNILE1BQU0sQ0FBQyxPQUFPLE9BQU8sTUFBTTtJQUVsQixNQUFNLENBQUMsVUFBVTtRQUN0QixNQUFNLENBQUMsSUFBSSxDQUFDLHFDQUFxQyxPQUFPLEVBQUUsQ0FBQyxDQUFBO1FBQzNELE1BQU0sQ0FBQyxJQUFJLENBQUMsaUNBQWlDLEdBQUcsRUFBRSxDQUFDLENBQUE7UUFDbkQsTUFBTSxDQUFDLElBQUksQ0FBQyxzQ0FBc0MsT0FBTyxFQUFFLENBQUMsQ0FBQTtJQUM5RCxDQUFDO0NBQ0YifQ==

package/src/System.ts

@@ -1,16 +0,0 @@
-import { version, sha, buildAt } from './metadata.json'
-import Logger from './Logger'
-
-/**
- * This class prints metadata information into the logs, such as library version,
- * SHA and build time.
- * @internal
- */
-export default class System {
-
-  public static initialize(): void {
-    Logger.info(`@fabasoad/sarif-to-slack version: ${version}`)
-    Logger.info(`@fabasoad/sarif-to-slack sha: ${sha}`)
-    Logger.info(`@fabasoad/sarif-to-slack built at: ${buildAt}`)
-  }
-}