Test SARIF formatter for spec compliance (#1240)

* Validate SARIF output against spec in tests * Ensure SARIF formatter outputs valid locations
terraform-linters · Oct 18, 2021 · a0ce720 · a0ce720
1 parent 3e4aa4a
commit a0ce720
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 4 deletions.
diff --git a/formatter/sarif.go b/formatter/sarif.go
@@ -17,7 +17,7 @@ func (f *Formatter) sarifPrint(issues tflint.Issues, tferr *tflint.Error, source
 	report.AddRun(run)
 
 	for _, issue := range issues {
-		rule := run.AddRule(issue.Rule.Name()).WithHelpURI(issue.Rule.Link())
+		rule := run.AddRule(issue.Rule.Name()).WithHelpURI(issue.Rule.Link()).WithDescription("")
 
 		var level string
 		switch issue.Rule.Severity() {
@@ -31,14 +31,23 @@ func (f *Formatter) sarifPrint(issues tflint.Issues, tferr *tflint.Error, source
 			panic(fmt.Errorf("Unexpected lint type: %s", issue.Rule.Severity()))
 		}
 
+		endLine := issue.Range.End.Line
+		if endLine == 0 {
+			endLine = 1
+		}
+		endColumn := issue.Range.End.Column
+		if endColumn == 0 {
+			endColumn = 1
+		}
+
 		location := sarif.NewPhysicalLocation().
 			WithArtifactLocation(sarif.NewSimpleArtifactLocation(issue.Range.Filename)).
 			WithRegion(
 				sarif.NewRegion().
 					WithStartLine(issue.Range.Start.Line).
 					WithStartColumn(issue.Range.Start.Column).
-					WithEndLine(issue.Range.End.Line).
-					WithEndColumn(issue.Range.End.Column),
+					WithEndLine(endLine).
+					WithEndColumn(endColumn),
 			)
 
 		run.AddResult(rule.ID).

diff --git a/formatter/sarif_test.go b/formatter/sarif_test.go
@@ -5,7 +5,9 @@ import (
 	"testing"
 
 	hcl "github.com/hashicorp/hcl/v2"
+	"github.com/stretchr/testify/assert"
 	"github.com/terraform-linters/tflint/tflint"
+	"github.com/xeipuuv/gojsonschema"
 )
 
 func Test_sarifPrint(t *testing.T) {
@@ -59,7 +61,9 @@ func Test_sarifPrint(t *testing.T) {
           "rules": [
             {
               "id": "test_rule",
-              "shortDescription": null,
+              "shortDescription": {
+                "text": ""
+              },
               "helpUri": "https://github.com"
             }
           ]
@@ -91,6 +95,68 @@ func Test_sarifPrint(t *testing.T) {
       ]
     }
   ]
+}`,
+		},
+		{
+			Name: "Issues with SARIF-invalid position are output correctly",
+			Issues: tflint.Issues{
+				{
+					Rule:    &testRule{},
+					Message: "test",
+					Range: hcl.Range{
+						Filename: "test.tf",
+						Start:    hcl.Pos{Line: 1, Column: 1},
+						End:      hcl.Pos{Line: 0, Column: 0},
+					},
+				},
+			},
+			Error: &tflint.Error{},
+			Stdout: `{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "tflint",
+          "informationUri": "https://github.com/terraform-linters/tflint",
+          "rules": [
+            {
+              "id": "test_rule",
+              "shortDescription": {
+                "text": ""
+              },
+              "helpUri": "https://github.com"
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "test_rule",
+          "level": "error",
+          "message": {
+            "text": "test"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "test.tf"
+                },
+                "region": {
+                  "startLine": 1,
+                  "startColumn": 1,
+                  "endLine": 1,
+                  "endColumn": 1
+                }
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
 }`,
 		},
 	}
@@ -105,5 +171,13 @@ func Test_sarifPrint(t *testing.T) {
 		if stdout.String() != tc.Stdout {
 			t.Fatalf("Failed %s test: expected=%s, stdout=%s", tc.Name, tc.Stdout, stdout.String())
 		}
+
+		schemaLoader := gojsonschema.NewReferenceLoader("http://json.schemastore.org/sarif-2.1.0")
+		result, err := gojsonschema.Validate(schemaLoader, gojsonschema.NewStringLoader(stdout.String()))
+
+		assert.NoError(t, err)
+		for _, err := range result.Errors() {
+			t.Error(err)
+		}
 	}
 }
diff --git a/go.mod b/go.mod
@@ -30,8 +30,10 @@ require (
 	github.com/sourcegraph/go-lsp v0.0.0-20200429204803-219e11d77f5d
 	github.com/sourcegraph/jsonrpc2 v0.1.0
 	github.com/spf13/afero v1.6.0
+	github.com/stretchr/testify v1.7.0
 	github.com/terraform-linters/tflint-plugin-sdk v0.9.1
 	github.com/terraform-linters/tflint-ruleset-aws v0.8.0
+	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/zclconf/go-cty v1.9.1
 	github.com/zclconf/go-cty-yaml v1.0.2
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
@@ -47,6 +49,7 @@ require (
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
 	github.com/aws/aws-sdk-go v1.40.54 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
 	github.com/golang/protobuf v1.4.2 // indirect
 	github.com/google/go-querystring v1.0.0 // indirect
@@ -62,9 +65,12 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/oklog/run v1.0.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/ulikunitz/xz v0.5.8 // indirect
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	go.opencensus.io v0.22.4 // indirect
 	golang.org/x/mod v0.4.2 // indirect
 	golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6 // indirect
@@ -75,4 +81,5 @@ require (
 	google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d // indirect
 	google.golang.org/grpc v1.32.0 // indirect
 	google.golang.org/protobuf v1.25.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
 )
diff --git a/go.sum b/go.sum
@@ -298,6 +298,12 @@ github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvC
 github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
 github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY=
 github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
+github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
+github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=