Is the property 'codeFlows' supported?

[arronlai]

Hi. I'm using this component on my website to show some scanning results, and now I'm facing a problem. Comparing to the Sarif VSCode extension, I found this component does not show code flows, is there any solution to support this property ?

sarif file:

{ "schema": "https://json.schemastore.org/sarif-2.1.0.json", "version": "2.1.0", "runs": [{ "tool": { "driver": { "name": "CODEQL", "organization": "sast", "semanticVersion": "2.4.1", "rules": [{ "id": "11", "name": "go命令执行", "shortDescription": { "text": "go命令执行", "markdown": "" }, "fullDescription": { "text": "", "markdown": "漏洞详情:\n + 要点1:[参考链接](https://domain.com/)\n ```go\nfmt.Println(\"aaa\")\n```\n + 要点2:测试" }, "defaultConfiguration": { "enabled": true, "level": "error" }, "properties": { "ruleKey": "go-exec-cmd", "riskLevel": 3, "tags": [ "security", "cwe-078" ] } }, { "id": "12", "name": "go测试规则", "shortDescription": { "text": "go测试规则", "markdown": "" }, "fullDescription": { "text": "测试规则描述", "markdown": "" }, "defaultConfiguration": { "enabled": true, "level": "warning" }, "properties": { "ruleKey": "go-test-rule", "riskLevel": 2, "tags": [ "security", "test" ] } } ] } }, "artifacts": [{ "location": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" } }, { "location": { "uri": "handler/handler.go", "uriBaseId": "%SRCROOT%" } }, { "location": { "uri": "api/infra/zebra/zebra.pb.go", "uriBaseId": "%SRCROOT%" } } ], "results": [{ "ruleId": "11", "fingerprints": { "vulId": "2354" }, "hostedViewerUri": "http://domain.com/result?id=2354", "message": { "text": "命令执行时接受外部[输入参数](1)，最终执行到[系统调用](2)" }, "locations": [{ "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 22, "startColumn": 43, "endColumn": 50, "endLine": 22, "snippet": "master.Bind(\\\"zebra_post\\\").Insert" } } }], "partialFingerprints": { "primaryLocationLineHash": "d11dee0b20ca483:1", "primaryLocationStartColumnFingerprint": "13" }, "codeFlows": [{ "threadFlows": [{ "locations": [{ "location": { "physicalLocation": { "artifactLocation": { "uri": "handler/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 20, "startColumn": 48, "endColumn": 51, "endLine": 20, "snippet": "" } }, "message": { "text": "污点源变量req" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "api/infra/zebra/zebra.pb.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 131, "startColumn": 7, "endColumn": 8, "endLine": 131, "snippet": "" } }, "message": { "text": "污点传播定义x" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 22, "startColumn": 43, "endColumn": 50, "endLine": 22, "snippet": "" } }, "message": { "text": "污点汇聚点content" } } } ] }] }], "relatedLocations": [{ "id": 1, "physicalLocation": { "artifactLocation": { "uri": "handler/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 20, "startColumn": 48, "endColumn": 51, "endLine": 20, "snippet": "" } }, "message": { "text": "外部污点参数" } }, { "id": 2, "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 22, "startColumn": 43, "endColumn": 50, "endLine": 22, "snippet": "" } }, "message": { "text": "系统调用点" } } ] }, { "ruleId": "12", "fingerprints": { "vulId": "2355" }, "hostedViewerUri": "http://domain.com/result?id=2355", "message": { "text": "命令执行[用户外部输入参数](1)" }, "locations": [{ "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 36, "startColumn": 15, "endColumn": 18, "endLine": 36, "snippet": "e.Bind()" } } }], "partialFingerprints": { "primaryLocationLineHash": "d8df578734f98695:1", "primaryLocationStartColumnFingerprint": "13" }, "codeFlows": [{ "threadFlows": [{ "locations": [{ "location": { "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 32, "startColumn": 9, "endColumn": 39, "endLine": 32, "snippet": "" } }, "message": { "text": "调用GetRPCMeta" } } }, { "location": { "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 36, "startColumn": 15, "endColumn": 18, "endLine": 36, "snippet": "" } }, "message": { "text": "污点传播定义x" } } } ] }] }], "relatedLocations": [{ "id": 1, "physicalLocation": { "artifactLocation": { "uri": "model/handler.go", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": 32, "startColumn": 9, "endColumn": 39, "endLine": 32, "snippet": "" } }, "message": { "text": "grpc入参" } }] } ] }] }

In VSCode:

On web: