refactor: move SARIF merging logic to utils package

- Moved the `mergeSarifOutputs` function from `analyze.go` to `utils/sarif.go` for better code organization.
- Updated the `analyze.go` file to use the new utility function for merging SARIF outputs.
- Enhanced the `Rule` struct in the utils package to use `map[string]interface{}` for properties.

Author: andrzej-janczak

cmd/analyze.go

@@ -11,6 +11,8 @@ import (
 	"os"
 	"path/filepath"
 
+	"codacy/cli-v2/utils"
+
 	"github.com/spf13/cobra"
 )
 
@@ -265,7 +267,7 @@ var analyzeCmd = &cobra.Command{
 			}
 
 			// Merge all SARIF outputs
-			if err := mergeSarifOutputs(sarifOutputs, outputFile); err != nil {
+			if err := utils.MergeSarifOutputs(sarifOutputs, outputFile); err != nil {
 				log.Fatalf("Failed to merge SARIF outputs: %v", err)
 			}
 		} else {
@@ -292,82 +294,3 @@ func runTool(workDirectory string, toolName string, args []string, outputFile st
 		log.Printf("Warning: Unsupported tool: %s\n", toolName)
 	}
 }
-
-func mergeSarifOutputs(inputFiles []string, outputFile string) error {
-	var mergedSarif Sarif
-	mergedSarif.Runs = make([]struct {
-		Tool struct {
-			Driver struct {
-				Name    string `json:"name"`
-				Version string `json:"version"`
-				Rules   []struct {
-					ID               string `json:"id"`
-					HelpURI          string `json:"helpUri"`
-					ShortDescription struct {
-						Text string `json:"text"`
-					} `json:"shortDescription"`
-				} `json:"rules"`
-			} `json:"driver"`
-		} `json:"tool"`
-		Artifacts []struct {
-			Location struct {
-				URI string `json:"uri"`
-			} `json:"location"`
-		} `json:"artifacts"`
-		Results []struct {
-			Level   string `json:"level"`
-			Message struct {
-				Text string `json:"text"`
-			} `json:"message"`
-			Locations []struct {
-				PhysicalLocation struct {
-					ArtifactLocation struct {
-						URI   string `json:"uri"`
-						Index int    `json:"index"`
-					} `json:"artifactLocation"`
-					Region struct {
-						StartLine   int `json:"startLine"`
-						StartColumn int `json:"startColumn"`
-						EndLine     int `json:"endLine"`
-						EndColumn   int `json:"endColumn"`
-					} `json:"region"`
-				} `json:"physicalLocation"`
-			} `json:"locations"`
-			RuleID    string `json:"ruleId"`
-			RuleIndex int    `json:"ruleIndex"`
-		} `json:"results"`
-	}, 0)
-
-	for _, file := range inputFiles {
-		data, err := os.ReadFile(file)
-		if err != nil {
-			if os.IsNotExist(err) {
-				// Skip if file doesn't exist (tool might have failed)
-				continue
-			}
-			return fmt.Errorf("failed to read SARIF file %s: %w", file, err)
-		}
-
-		var sarif Sarif
-		if err := json.Unmarshal(data, &sarif); err != nil {
-			return fmt.Errorf("failed to parse SARIF file %s: %w", file, err)
-		}
-
-		mergedSarif.Runs = append(mergedSarif.Runs, sarif.Runs...)
-	}
-
-	// Create output file
-	out, err := os.Create(outputFile)
-	if err != nil {
-		return fmt.Errorf("failed to create output file: %w", err)
-	}
-	defer out.Close()
-
-	encoder := json.NewEncoder(out)
-	encoder.SetIndent("", "  ")
-	if err := encoder.Encode(mergedSarif); err != nil {
-		return fmt.Errorf("failed to write merged SARIF: %w", err)
-	}
-
-	return nil
-}

results.sarif

@@ -0,0 +1,122 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Trivy",
+          "version": "0.59.1",
+          "informationUri": "https://github.com/aquasecurity/trivy",
+          "rules": [
+            {
+              "id": "CVE-2024-21538",
+              "shortDescription": {
+                "text": "cross-spawn: regular expression denial of service"
+              },
+              "properties": {
+                "precision": "very-high",
+                "security-severity": "7.5",
+                "tags": [
+                  "vulnerability",
+                  "security",
+                  "HIGH"
+                ]
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CVE-2024-21538",
+          "level": "error",
+          "message": {
+            "text": "Package: cross-spawn\nInstalled Version: 7.0.3\nVulnerability CVE-2024-21538\nSeverity: HIGH\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "tools/testdata/repositories/trivy/src/package-lock.json"
+                },
+                "region": {
+                  "startLine": 515,
+                  "startColumn": 1
+                }
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": "Pylint",
+          "version": "3.3.6",
+          "informationUri": "https://pylint.org",
+          "rules": null
+        }
+      },
+      "results": []
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": "PMD",
+          "version": "6.55.0",
+          "informationUri": "https://pmd.github.io/pmd/",
+          "rules": [
+            {
+              "id": "UnusedPrivateField",
+              "shortDescription": {
+                "text": "Avoid unused private fields such as 'x'."
+              },
+              "properties": {
+                "priority": 3,
+                "ruleset": "Best Practices",
+                "tags": [
+                  "Best Practices"
+                ]
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "UnusedPrivateField",
+          "level": "",
+          "message": {
+            "text": "Avoid unused private fields such as 'x'."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "/Users/czak/GIT/codacy/codacy-cli-v2/tools/testdata/repositories/pmd/RulesBreaker.java"
+                },
+                "region": {
+                  "startLine": 18,
+                  "startColumn": 17
+                }
+              }
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "tool": {
+        "driver": {
+          "name": "ESLint",
+          "version": "9.3.0",
+          "informationUri": "https://eslint.org",
+          "rules": []
+        }
+      },
+      "results": []
+    }
+  ]
+}

utils/sarif.go

@@ -2,6 +2,8 @@ package utils
 
 import (
 	"encoding/json"
+	"fmt"
+	"os"
 )
 
 // PylintIssue represents a single issue in Pylint's JSON output
@@ -41,9 +43,9 @@ type Driver struct {
 }
 
 type Rule struct {
-	ID               string            `json:"id"`
-	ShortDescription MessageText       `json:"shortDescription"`
-	Properties       map[string]string `json:"properties"`
+	ID               string                 `json:"id"`
+	ShortDescription MessageText            `json:"shortDescription"`
+	Properties       map[string]interface{} `json:"properties"`
 }
 
 type Result struct {
@@ -169,3 +171,44 @@ func createEmptySarifReport() []byte {
 	sarifData, _ := json.MarshalIndent(emptyReport, "", "  ")
 	return sarifData
 }
+
+// MergeSarifOutputs combines multiple SARIF files into a single output file
+func MergeSarifOutputs(inputFiles []string, outputFile string) error {
+	var mergedSarif SarifReport
+	mergedSarif.Version = "2.1.0"
+	mergedSarif.Schema = "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json"
+	mergedSarif.Runs = make([]Run, 0)
+
+	for _, file := range inputFiles {
+		data, err := os.ReadFile(file)
+		if err != nil {
+			if os.IsNotExist(err) {
+				// Skip if file doesn't exist (tool might have failed)
+				continue
+			}
+			return fmt.Errorf("failed to read SARIF file %s: %w", file, err)
+		}
+
+		var sarif SarifReport
+		if err := json.Unmarshal(data, &sarif); err != nil {
+			return fmt.Errorf("failed to parse SARIF file %s: %w", file, err)
+		}
+
+		mergedSarif.Runs = append(mergedSarif.Runs, sarif.Runs...)
+	}
+
+	// Create output file
+	out, err := os.Create(outputFile)
+	if err != nil {
+		return fmt.Errorf("failed to create output file: %w", err)
+	}
+	defer out.Close()
+
+	encoder := json.NewEncoder(out)
+	encoder.SetIndent("", "  ")
+	if err := encoder.Encode(mergedSarif); err != nil {
+		return fmt.Errorf("failed to write merged SARIF: %w", err)
+	}
+
+	return nil
+}