Add util to combine sarif reports

jfrog · Sep 3, 2024 · 51f173d · 51f173d
1 parent 1c73919
commit 51f173d
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/formats/sarifutils/sarifutils.go b/formats/sarifutils/sarifutils.go
@@ -17,6 +17,43 @@ func NewReport() (*sarif.Report, error) {
 	return report, nil
 }
 
+func CombineReports(reports ...*sarif.Report) (combined *sarif.Report, err error) {
+	if combined, err = NewReport(); err != nil {
+		return
+	}
+	runByTools := map[string]*sarif.Run{}
+	for _, report := range reports {
+		for _, run := range report.Runs {
+			toolName := GetRunToolName(run)
+			if _, ok := runByTools[toolName]; !ok {
+				runByTools[toolName] = run
+				continue
+			}
+			for _, rule := range GetRunRules(run) {
+				actualRule := runByTools[toolName].AddRule(rule.ID)
+				for _, result := range GetRuleResults(run, rule.ID) {
+					// Update result ruleId to the actual rule ID in the combined report and add the result to the combined report
+					result.RuleID = &actualRule.ID
+					runByTools[toolName].AddResult(result)
+				}
+			}
+		}
+	}
+	for _, run := range runByTools {
+		combined.AddRun(run)
+	}
+	return
+}
+
+func GetRuleResults(run *sarif.Run, ruleId string) (results []*sarif.Result) {
+	for _, result := range run.Results {
+		if resultRuleId := GetResultRuleId(result); resultRuleId == ruleId {
+			results = append(results, result)
+		}
+	}
+	return
+}
+
 func NewPhysicalLocation(physicalPath string) *sarif.PhysicalLocation {
 	return &sarif.PhysicalLocation{
 		ArtifactLocation: &sarif.ArtifactLocation{

diff --git a/utils/securityJobSummary.go b/utils/securityJobSummary.go
@@ -3,6 +3,7 @@ package utils
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path/filepath"
 	"sort"
 	"strings"
@@ -14,11 +15,13 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-security/formats"
+	"github.com/jfrog/jfrog-cli-security/formats/sarifutils"
 	"github.com/jfrog/jfrog-cli-security/resources"
 	"github.com/jfrog/jfrog-cli-security/utils/jasutils"
 	"github.com/jfrog/jfrog-cli-security/utils/severityutils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
+	"github.com/owenrumney/go-sarif/v2/sarif"
 )
 
 const (
@@ -191,6 +194,37 @@ func RecordSarifOutput(cmdResults *Results) (err error) {
 	return manager.RecordWithIndex(out, commandsummary.SarifReport)
 }
 
+func CombineSarifOutputFiles(dataFilePaths []string) (data []byte, err error) {
+	if len(dataFilePaths) == 0 {
+		return
+	}
+	// Load the content of the files
+	reports := []*sarif.Report{}
+	for _, dataFilePath := range dataFilePaths {
+		if report, e := loadSarifReport(dataFilePath); e != nil {
+			err = errors.Join(err, e)
+		} else {
+			reports = append(reports, report)
+		}
+	}
+	if err != nil {
+		return
+	}
+	combined, err := sarifutils.CombineReports(reports...)
+	if err != nil {
+		return
+	}
+	return JSONMarshalNotEscaped(combined)
+}
+
+func loadSarifReport(dataFilePath string) (report *sarif.Report, err error) {
+	fileData, err := os.ReadFile(dataFilePath)
+	if err != nil {
+		return
+	}
+	return sarif.FromBytes(fileData)
+}
+
 func updateSummaryNamesToRelativePath(summary *formats.ResultsSummary, wd string) {
 	for i, scan := range summary.Scans {
 		if scan.Target == "" {