[BUG] null reference in sonarqube parser

[Jiri-Stary]

Describe the bug
Inccorect handling of sonarqube issues such as kubernetes one in sonarqube-mapper.ts that do not have summary or CVE

TypeError: Cannot read properties of undefined (reading 'match')

To Reproduce
Steps to reproduce the behavior:

mitre/saf:1.4.8 convert sonarqube2hdf -n *** -u *** --auth *** -o ./hdf/sonarqube_scan.json

use example sonar issue

{
"key": "57b3733b-d416-4b4e-87da-b77d4edde2ab",
"rule": "kubernetes:S6870",
"severity": "MAJOR",
"component": "myproject:helm/mlr/templates/jupyter/deployment.yaml",
"project": "myproject",
"line": 34,
"hash": "723c0daa435bdafaa7aa13d3ae06ca5e",
"textRange": {
"startLine": 34,
"endLine": 34,
"startOffset": 19,
"endOffset": 30
},
"flows": [],
"status": "OPEN",
"message": "Specify a storage limit for this container.",
"effort": "5min",
"debt": "5min",
"author": "",
"tags": [],
"creationDate": "2025-01-23T14:01:27+0000",
"updateDate": "2025-01-23T14:01:27+0000",
"type": "VULNERABILITY",
"branch": "Jiri-Stary-patch",
"scope": "MAIN",
"quickFixAvailable": false,
"messageFormattings": [],
"codeVariants": [],
"cleanCodeAttribute": "COMPLETE",
"cleanCodeAttributeCategory": "INTENTIONAL",
"impacts": [
{
"softwareQuality": "MAINTAINABILITY",
"severity": "MEDIUM"
},
{
"softwareQuality": "SECURITY",
"severity": "MEDIUM"
}
],
"issueStatus": "OPEN",
"prioritizedRule": false
},

Expected behavior
not crash

• Can you please add better undefined input handling ?
  issue?.summary instead of issue.summary should be enough

function parseNistTags(issue: Issue): string[] {
  const tags: string[] = [];
  issue.sysTags?.forEach((sysTag) => {
    if (sysTag.toLowerCase().startsWith('owasp-')) {
      const identifier = [
        sysTag.toLowerCase().replace('owasp-', '').toUpperCase()
      ];
      tags.push(...OWASP_NIST_MAPPING.nistFilterNoDefault(identifier));
    }
  });
  // CWE IDs are embedded inside of the HTML summary
  issue.summary.match(/CWE-\d\d\d?\d?\d?\d?\d/gi)?.forEach((match) => {
    tags.push(...CWE_NIST_MAPPING.nistFilter(match.split('-')[1]));
  });
  return tags;
}

[Amndeep7]

Hi @Jiri-Stary. Thanks for calling this bug to our attention. Could you please try hitting the api/rules/show endpoint on your sonarqube instance so that we can get the full output of what that particular rule is returning? The full url will look something like this: https://sonarqube.your.domain/api/rules/show?key="kubernetes:S6870"

Once I have the sample, I'll be able to test locally and make the fix.

[Jiri-Stary]

Hi @Amndeep7 , many thanks for looking into this

{
    "rule": {
        "key": "kubernetes:S6870",
        "repo": "kubernetes",
        "name": "Storage limits should be enforced",
        "createdAt": "2024-09-07T11:54:31+0000",
        "mdDesc": "",
        "severity": "MAJOR",
        "status": "READY",
        "isTemplate": false,
        "tags": [],
        "sysTags": [],
        "lang": "kubernetes",
        "langName": "Kubernetes",
        "params": [],
        "defaultDebtRemFnType": "CONSTANT_ISSUE",
        "debtRemFnType": "CONSTANT_ISSUE",
        "type": "VULNERABILITY",
        "defaultRemFnType": "CONSTANT_ISSUE",
        "defaultRemFnBaseEffort": "5min",
        "remFnType": "CONSTANT_ISSUE",
        "remFnBaseEffort": "5min",
        "remFnOverloaded": false,
        "scope": "ALL",
        "isExternal": false,
        "descriptionSections": [
            {
                "key": "root_cause",
                "content": "<p>Ephemeral storage is a type of storage that is temporary and non-persistent, meaning it does not retain data once the process is terminated. In the\ncontext of Kubernetes, ephemeral storage is used for storing temporary files that a running container can write and read.</p>\n<p>The issue at hand pertains to the creation of a container without any defined limits for this ephemeral storage. This means that the container can\npotentially consume as much ephemeral storage as is available on the node where it is running.</p>\n<h3>What is the potential impact?</h3>\n<h4>Resource exhaustion</h4>\n<p>Without a defined limit, a container can consume all available ephemeral storage on a node. This can lead to resource exhaustion, where no more\nstorage is available for other containers or processes running on the same node. This could cause these other containers or processes to fail or\nperform poorly.</p>\n<h4>Unpredictable application behavior</h4>\n<p>If a container exhausts the available ephemeral storage, it can lead to unpredictable application behavior. For instance, if an application\nattempts to write to the ephemeral storage and there is no space left, it may crash or exhibit other unexpected behaviors.</p>"
            },
            {
                "key": "how_to_fix",
                "content": "<h4>Noncompliant code example</h4>\n<pre data-diff-id=\"1\" data-diff-type=\"noncompliant\">\napiVersion: v1\nkind: Pod\nmetadata:\n  name: example\nspec:\n  containers:\n    - name: web # Noncompliant\n      image: nginx\n      volumeMounts:\n        - name: ephemeral\n          mountPath: \"/tmp\"\n</pre>\n<pre data-diff-id=\"2\" data-diff-type=\"noncompliant\">\napiVersion: v1\nkind: Pod\nmetadata:\n  name: example\nspec:\n  containers:\n    - name: web # Noncompliant\n      image: nginx\n      volumeMounts:\n        - name: ephemeral\n          mountPath: \"/tmp\"\n</pre>\n<h4>Compliant solution</h4>\n<pre data-diff-id=\"1\" data-diff-type=\"compliant\">\napiVersion: v1\nkind: Pod\nmetadata:\n  name: example\nspec:\n  containers:\n    - name: web\n      image: nginx\n      resources:\n        limits:\n          ephemeral-storage: \"2Gi\"\n      volumeMounts:\n        - name: ephemeral\n          mountPath: \"/tmp\"\n</pre>\n<pre data-diff-id=\"2\" data-diff-type=\"compliant\">\napiVersion: v1\nkind: LimitRange\nmetadata:\n  name: storage-limit-range\n  namespace: namespace-with-limit-range\nspec:\n  limits:\n  - default:\n      ephemeral-storage: \"10Mi\"\n    type: Container\n---\napiVersion: v1\nkind: Pod\nmetadata:\n  name: example\n  namespace: namespace-with-limit-range\nspec:\n  containers:\n    - name: web\n      image: nginx\n      volumeMounts:\n        - name: ephemeral\n          mountPath: \"/tmp\"\n</pre>\n<h3>How does this work?</h3>\n<p>A limit can be set through the property <code>resources.limits.ephemeral-storage</code> of a container. Alternatively, a default limit for a\nnamespace can be set with <code>LimitRange</code> through <code>spec.limits[].default.ephemeral-storage</code>.</p>"
            },
            {
                "key": "resources",
                "content": "<h3>Documentation</h3>\n<ul>\n  <li> Kubernetes Documentation - <a href=\"https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/\">Resource Management for\n  Pods and Containers</a> </li>\n</ul>\n<h3>Standards</h3>\n<ul>\n  <li> CWE - <a href=\"https://cwe.mitre.org/data/definitions/770\">CWE-770 - Allocation of Resources Without Limits or Throttling</a> </li>\n</ul>"
            }
        ],
        "educationPrinciples": [],
        "updatedAt": "2024-12-01T03:55:56+0000",
        "cleanCodeAttribute": "COMPLETE",
        "cleanCodeAttributeCategory": "INTENTIONAL",
        "impacts": [
            {
                "softwareQuality": "MAINTAINABILITY",
                "severity": "MEDIUM"
            },
            {
                "softwareQuality": "SECURITY",
                "severity": "MEDIUM"
            }
        ]
    },
    "actives": []
}