Merge pull request #1271 from WordPress/1270-add-ctrf-export-format

Add CTRF export format for reports (admin + WP-CLI)

Co-authored-by: davidperezgar <davidperez@git.wordpress.org>
Co-authored-by: Luc45 <lucasbustamante@git.wordpress.org>
Co-authored-by: ernilambar <nilambar@git.wordpress.org>
Co-authored-by: frantorres <frantorres@git.wordpress.org>

Author: 5 people

assets/js/plugin-check-admin.js

@@ -247,6 +247,10 @@
 				format: 'json',
 				label: defaultString( 'exportJson' ),
 			},
+			{
+				format: 'ctrf',
+				label: defaultString( 'exportCtrf' ),
+			},
 			{
 				format: 'markdown',
 				label: defaultString( 'exportMarkdown' ),

docs/CLI.md

@@ -20,16 +20,18 @@ Applies after evaluating `--checks`.
 : Ignore error codes provided as an argument in comma-separated values.
 
 [--format=<format>]
-: Format to display the results. Options are table, csv, json, strict-table, strict-csv, and strict-json. The default will be a table.
+: Format to display the results. Options are table, csv, json, ctrf, strict-table, strict-csv, strict-json, and strict-ctrf. The default will be a table.
 ---
 default: table
 options:
   - table
   - csv
   - json
+  - ctrf
   - strict-table
   - strict-csv
   - strict-json
+  - strict-ctrf
 ---
 
 [--categories]
@@ -86,6 +88,7 @@ options:
 wp plugin check akismet
 wp plugin check akismet --checks=late_escaping
 wp plugin check akismet --format=json
+wp plugin check akismet --format=ctrf
 wp plugin check akismet --mode=update
 ```
 

includes/Admin/Admin_Page.php

@@ -207,6 +207,7 @@ public function enqueue_scripts() {
 					'strings'                         => array(
 						'exportCsv'      => __( 'Export CSV', 'plugin-check' ),
 						'exportJson'     => __( 'Export JSON', 'plugin-check' ),
+						'exportCtrf'     => __( 'Export CTRF', 'plugin-check' ),
 						'exportMarkdown' => __( 'Export Markdown', 'plugin-check' ),
 						'exporting'      => __( 'Preparing export…', 'plugin-check' ),
 						'exportError'    => __( 'Export failed.', 'plugin-check' ),

includes/CLI/Plugin_Check_Command.php

@@ -43,9 +43,11 @@ final class Plugin_Check_Command {
 		'table',
 		'csv',
 		'json',
+		'ctrf',
 		'strict-table',
 		'strict-csv',
 		'strict-json',
+		'strict-ctrf',
 	);
 
 	/**
@@ -78,16 +80,18 @@ public function __construct( Plugin_Context $plugin_context ) {
 	 * : Ignore error codes provided as an argument in comma-separated values.
 	 *
 	 * [--format=<format>]
-	 * : Format to display the results. Options are table, csv, json, strict-table, strict-csv, and strict-json. The default will be a table.
+	 * : Format to display the results. Options are table, csv, json, ctrf, strict-table, strict-csv, strict-json, and strict-ctrf. The default will be a table.
 	 * ---
 	 * default: table
 	 * options:
 	 *   - table
 	 *   - csv
 	 *   - json
+	 *   - ctrf
 	 *   - strict-table
 	 *   - strict-csv
 	 *   - strict-json
+	 *   - strict-ctrf
 	 * ---
 	 *
 	 * [--categories]
@@ -324,6 +328,19 @@ static function ( $dirs ) use ( $excluded_files ) {
 			}
 		}
 
+		// Handle CTRF formats.
+		if ( Results_Exporter::FORMAT_CTRF === $options['format'] || 'strict-' . Results_Exporter::FORMAT_CTRF === $options['format'] ) {
+			$ctrf_report = Results_Exporter::to_ctrf_json(
+				$all_results,
+				array(
+					'timestamp_iso' => gmdate( 'c' ),
+				)
+			);
+
+			WP_CLI::line( $ctrf_report );
+			return;
+		}
+
 		// Handle strict-* formats.
 		if ( str_starts_with( $options['format'], 'strict-' ) ) {
 			$base_format = substr( $options['format'], 7 );

includes/Utilities/Results_Exporter.php

@@ -40,6 +40,14 @@ final class Results_Exporter {
 	 */
 	public const FORMAT_MARKDOWN = 'markdown';
 
+	/**
+	 * CTRF export format slug.
+	 *
+	 * @since 2.0.0
+	 * @var string
+	 */
+	public const FORMAT_CTRF = 'ctrf';
+
 	/**
 	 * Normalises the errors and warnings arrays into grouped results by file.
 	 *
@@ -111,7 +119,7 @@ public static function get_flat_results( array $grouped_results ) {
 	public static function export( array $errors, array $warnings, $format, array $args = array() ) {
 		$format = strtolower( (string) $format );
 
-		if ( ! in_array( $format, array( self::FORMAT_CSV, self::FORMAT_JSON, self::FORMAT_MARKDOWN ), true ) ) {
+		if ( ! in_array( $format, array( self::FORMAT_CSV, self::FORMAT_JSON, self::FORMAT_MARKDOWN, self::FORMAT_CTRF ), true ) ) {
 			throw new InvalidArgumentException( __( 'Unsupported export format.', 'plugin-check' ) );
 		}
 
@@ -132,6 +140,10 @@ public static function export( array $errors, array $warnings, $format, array $a
 				$content   = self::to_markdown( $grouped, $args );
 				$mime_type = 'text/markdown';
 				break;
+			case self::FORMAT_CTRF:
+				$content   = self::to_ctrf_json( $flat, $args );
+				$mime_type = 'application/json';
+				break;
 			case self::FORMAT_CSV:
 			default:
 				$content   = self::to_csv( $flat );
@@ -165,6 +177,8 @@ private static function build_filename( $slug, $timestamp, $format ) {
 		$extension = $format;
 		if ( self::FORMAT_MARKDOWN === $format ) {
 			$extension = 'md';
+		} elseif ( self::FORMAT_CTRF === $format ) {
+			$extension = 'ctrf.json';
 		}
 
 		return sprintf( '%1$s-%2$s.%3$s', $normalized_slug, $timestamp, $extension );
@@ -189,6 +203,133 @@ private static function to_json( array $grouped_results, array $args ) {
 		return wp_json_encode( $payload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES );
 	}
 
+	/**
+	 * Generates CTRF JSON content for the results.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param array $flat_results Flat list of results including the file name.
+	 * @param array $args         Additional arguments.
+	 * @return string CTRF JSON export content.
+	 */
+	public static function to_ctrf_json( array $flat_results, array $args = array() ) {
+		$timestamp_iso = isset( $args['timestamp_iso'] ) ? (string) $args['timestamp_iso'] : gmdate( 'c' );
+		$start_time    = isset( $args['start_timestamp_ms'] ) ? (int) $args['start_timestamp_ms'] : (int) round( microtime( true ) * 1000 );
+		$stop_time     = isset( $args['stop_timestamp_ms'] ) ? (int) $args['stop_timestamp_ms'] : $start_time;
+		$stop_time     = max( $start_time, $stop_time );
+		$tests         = array();
+		foreach ( $flat_results as $item ) {
+			$tests[] = self::build_ctrf_test( $item );
+		}
+
+		$payload = array(
+			'reportFormat' => 'CTRF',
+			'specVersion'  => '1.0.0',
+			'timestamp'    => $timestamp_iso,
+			'generatedBy'  => 'plugin-check',
+			'results'      => array(
+				'tool'    => array(
+					'name' => 'plugin-check',
+				),
+				'summary' => self::build_ctrf_summary( count( $tests ), $start_time, $stop_time ),
+				'tests'   => $tests,
+			),
+		);
+
+		return wp_json_encode( $payload, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES );
+	}
+
+	/**
+	 * Builds CTRF summary payload.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param int $test_count Total number of findings.
+	 * @param int $start_time Start timestamp in milliseconds.
+	 * @param int $stop_time  Stop timestamp in milliseconds.
+	 * @return array CTRF summary payload.
+	 */
+	private static function build_ctrf_summary( $test_count, $start_time, $stop_time ) {
+		return array(
+			'tests'   => $test_count,
+			'passed'  => 0,
+			'failed'  => $test_count,
+			'skipped' => 0,
+			'pending' => 0,
+			'other'   => 0,
+			'start'   => $start_time,
+			'stop'    => $stop_time,
+		);
+	}
+
+	/**
+	 * Builds CTRF labels for a single finding.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param array  $item Finding data.
+	 * @param string $code Normalized finding code.
+	 * @param string $type Normalized finding type.
+	 * @return array<string, bool|int|float|string> CTRF labels.
+	 */
+	private static function build_ctrf_labels( array $item, $code, $type ) {
+		$labels = array(
+			'code' => $code,
+		);
+
+		$optional_labels = array(
+			'findingType' => '' !== $type ? $type : null,
+			'severity'    => isset( $item['severity'] ) && '' !== $item['severity'] ? (int) $item['severity'] : null,
+			'docs'        => ! empty( $item['docs'] ) ? (string) $item['docs'] : null,
+			'link'        => ! empty( $item['link'] ) ? (string) $item['link'] : null,
+		);
+
+		return array_merge(
+			$labels,
+			array_filter(
+				$optional_labels,
+				static function ( $value ) {
+					return null !== $value;
+				}
+			)
+		);
+	}
+
+	/**
+	 * Builds a single CTRF test entry.
+	 *
+	 * @since 2.0.0
+	 *
+	 * @param array $item Finding data.
+	 * @return array CTRF test payload.
+	 */
+	private static function build_ctrf_test( array $item ) {
+		$line    = isset( $item['line'] ) ? (int) $item['line'] : 0;
+		$column  = isset( $item['column'] ) ? (int) $item['column'] : 0;
+		$file    = isset( $item['file'] ) ? (string) $item['file'] : '';
+		$code    = isset( $item['code'] ) ? (string) $item['code'] : 'unknown_code';
+		$type    = isset( $item['type'] ) ? (string) $item['type'] : '';
+		$message = isset( $item['message'] ) ? wp_strip_all_tags( (string) $item['message'] ) : '';
+
+		return array(
+			'name'      => sprintf( '%1$s (%2$s:%3$d:%4$d)', $code, $file, $line, $column ),
+			'status'    => 'failed',
+			'duration'  => 0,
+			'message'   => $message,
+			'line'      => $line,
+			'rawStatus' => $type,
+			'filePath'  => $file,
+			'type'      => 'static-analysis',
+			'extra'     => self::build_ctrf_labels( $item, $code, $type ),
+			'suite'     => array_filter(
+				array(
+					'plugin-check',
+					$file,
+				)
+			),
+		);
+	}
+
 	/**
 	 * Generates CSV content for the results.
 	 *

tests/behat/features/plugin-check.feature

@@ -166,6 +166,28 @@ Feature: Test that the WP-CLI command works.
       FILE:
       """
 
+    When I run the WP-CLI command `plugin check foo-single.php --format=ctrf`
+    Then STDOUT should be valid JSON
+    And STDOUT should contain:
+      """
+      "reportFormat": "CTRF"
+      """
+    And STDOUT should not contain:
+      """
+      FILE:
+      """
+
+    When I run the WP-CLI command `plugin check foo-single.php --format=strict-ctrf`
+    Then STDOUT should be valid JSON
+    And STDOUT should contain:
+      """
+      "reportFormat": "CTRF"
+      """
+    And STDOUT should not contain:
+      """
+      FILE:
+      """
+
   Scenario: Check plugin with special chars in plugin name
     Given a WP install with the Plugin Check plugin
     And a wp-content/plugins/johns-post-counter/johns-post-counter.php file: