Parse gosec results

Author: ggabarrin

README.md

@@ -70,10 +70,11 @@ The extension allows you to import the output from SAST tools into notes, making
 
 Currently supported tools include:
 
-- semgrep (https://semgrep.dev/)
 - bandit (https://bandit.readthedocs.io/en/latest/)
 - brakeman (https://brakemanscanner.org/)
 - checkov (https://www.checkov.io/)
+- gosec (https://github.com/securego/gosec)
+- semgrep (https://semgrep.dev/)
 
 ## Extension Settings
 

src/parsers/gosec.ts

@@ -0,0 +1,32 @@
+'use strict';
+
+import * as vscode from 'vscode';
+import { ToolFinding } from '../models/toolFinding';
+
+class GosecParser {
+  static parse(fileContent: string) {
+    const toolFindings: ToolFinding[] = [];
+
+    try {
+      const gosecFindings = JSON.parse(fileContent).Issues;
+      gosecFindings.map((gosecFinding: any) => {
+        // uri
+        const uri = vscode.Uri.file(gosecFinding.file);
+
+        // range
+        const line = gosecFinding.line;
+        const range = new vscode.Range(line - 1, 0, line - 1, 0);
+
+        // instantiate tool finding and add to list
+        const toolFinding = new ToolFinding(uri, range, gosecFinding.details);
+        toolFindings.push(toolFinding);
+      });
+    } catch {
+      /* empty */
+    }
+
+    return toolFindings;
+  }
+}
+
+export { GosecParser };

src/webviews/importToolResultsWebview.ts

@@ -5,6 +5,7 @@ import { commentController } from '../controllers/comments';
 import { BanditParser } from '../parsers/bandit';
 import { BrakemanParser } from '../parsers/brakeman';
 import { CheckovParser } from '../parsers/checkov';
+import { GosecParser } from '../parsers/gosec';
 import { SemgrepParser } from '../parsers/semgrep';
 import { ToolFinding } from '../models/toolFinding';
 import { saveNoteComment } from '../helpers';
@@ -86,6 +87,7 @@ export class ImportToolResultsWebview implements vscode.WebviewViewProvider {
             <option value="bandit">bandit (JSON)</option>
             <option value="brakeman">brakeman (JSON)</option>
             <option value="checkov">checkov (JSON)</option>
+            <option value="gosec">gosec (JSON)</option>
             <option value="semgrep">semgrep (JSON)</option>
             </select>
             </p>
@@ -124,6 +126,10 @@ function processToolFile(
       toolFindings = CheckovParser.parse(fileContent);
       break;
     }
+    case 'gosec': {
+      toolFindings = GosecParser.parse(fileContent);
+      break;
+    }
     case 'semgrep': {
       toolFindings = SemgrepParser.parse(fileContent);
       break;