From 731d0d51cecd936e20e60827e05a71f5d50be612 Mon Sep 17 00:00:00 2001 From: Matthieu MOREL Date: Thu, 17 Jun 2021 14:21:42 +0200 Subject: [PATCH] Results must always be present in the SARIF report (#650) * Don't omit empty results * Add tests --- report/sarif/sarif_suite_test.go | 13 +++++++++++++ report/sarif/sarif_test.go | 25 +++++++++++++++++++++++++ report/sarif/types.go | 2 +- 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 report/sarif/sarif_suite_test.go create mode 100644 report/sarif/sarif_test.go diff --git a/report/sarif/sarif_suite_test.go b/report/sarif/sarif_suite_test.go new file mode 100644 index 0000000000..6b198be39d --- /dev/null +++ b/report/sarif/sarif_suite_test.go @@ -0,0 +1,13 @@ +package sarif_test + +import ( + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +func TestRules(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Sarif Formatters Suite") +} diff --git a/report/sarif/sarif_test.go b/report/sarif/sarif_test.go new file mode 100644 index 0000000000..e22794174e --- /dev/null +++ b/report/sarif/sarif_test.go @@ -0,0 +1,25 @@ +package sarif_test + +import ( + "bytes" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/securego/gosec/v2" + "github.com/securego/gosec/v2/report/sarif" +) + +var _ = Describe("Sarif Formatter", func() { + BeforeEach(func() { + }) + Context("when converting to Sarif issues", func() { + It("sarif formatted report should contain the result", func() { + buf := new(bytes.Buffer) + reportInfo := gosec.NewReportInfo([]*gosec.Issue{}, &gosec.Metrics{}, map[string][]gosec.Error{}).WithVersion("v2.7.0") + err := sarif.WriteReport(buf, reportInfo, []string{}) + result := buf.String() + Expect(err).ShouldNot(HaveOccurred()) + Expect(result).To(ContainSubstring("\"results\": [")) + }) + }) +}) diff --git a/report/sarif/types.go b/report/sarif/types.go index cfd83656b3..db49bd141c 100644 --- a/report/sarif/types.go +++ b/report/sarif/types.go @@ -1041,7 +1041,7 @@ type Run struct { RedactionTokens []string `json:"redactionTokens,omitempty"` // The set of results contained in an SARIF log. The results array can be omitted when a run is solely exporting rules metadata. It must be present (but may be empty) if a log file represents an actual scan. - Results []*Result `json:"results,omitempty"` + Results []*Result `json:"results"` // Automation details that describe the aggregate of runs to which this run belongs. RunAggregates []*RunAutomationDetails `json:"runAggregates,omitempty"`