added fullDescription to FileIssueNode and SastIssueNode

kerenr-jfrog · kerenr-jfrog · commit b108c8cdad51 · 2025-03-17T17:32:22.000+02:00
diff --git a/src/main/java/com/jfrog/ide/common/nodes/FileIssueNode.java b/src/main/java/com/jfrog/ide/common/nodes/FileIssueNode.java
@@ -23,6 +23,8 @@ public class FileIssueNode extends IssueNode implements SubtitledTreeNode {
     @JsonProperty()
     private String ruleID;
 
+    private String fullDescription;
+
     // Empty constructor for deserialization
     @SuppressWarnings("unused")
     protected FileIssueNode() {
@@ -36,12 +38,21 @@ public FileIssueNode(String title, String filePath, int rowStart, int colStart,
         this.severity = severity;
         this.ruleID = ruleID;
     }
-    public FileIssueNode(String title, String reason, SourceCodeScanType reportType, Severity severity, String ruleID){
+
+    // Constructor for building FileIssueNode with fullDescription param
+    public FileIssueNode(String title, String filePath, int rowStart, int colStart, int rowEnd, int colEnd, String reason, String lineSnippet, SourceCodeScanType reportType, Severity severity, String ruleID, String fullDescription) {
+        this(title, filePath, rowStart, colStart, rowEnd, colEnd, reason, lineSnippet, reportType, severity, ruleID);
+        this.fullDescription = fullDescription;
+    }
+
+    // Temporary constructor for ScaIssueNode that currently not passing location info
+    public FileIssueNode(String title, String reason, SourceCodeScanType reportType, Severity severity, String ruleID, String fullDescription){
         this.title = title;
         this.reason = reason;
         this.reporterType = reportType;
         this.severity = severity;
         this.ruleID = ruleID;
+        this.fullDescription = fullDescription;
         this.findingInfo = new FindingInfo();
     }
 
diff --git a/src/main/java/com/jfrog/ide/common/nodes/SastIssueNode.java b/src/main/java/com/jfrog/ide/common/nodes/SastIssueNode.java
@@ -18,11 +18,18 @@ public class SastIssueNode extends FileIssueNode {
     private SastIssueNode() {
     }
 
+    @SuppressWarnings("unused")
     public SastIssueNode(String name, String filePath, int rowStart, int colStart, int rowEnd, int colEnd, String reason, String lineSnippet, FindingInfo[][] codeFlows, Severity severity, String ruleID) {
         super(name, filePath, rowStart, colStart, rowEnd, colEnd, reason, lineSnippet, SourceCodeScanType.SAST, severity, ruleID);
         this.codeFlows = codeFlows;
     }
 
+    // Constructor for building SastIssueNode with fullDescription param
+    public SastIssueNode(String name, String filePath, int rowStart, int colStart, int rowEnd, int colEnd, String reason, String lineSnippet, FindingInfo[][] codeFlows, Severity severity, String ruleID, String fullDescription) {
+        super(name, filePath, rowStart, colStart, rowEnd, colEnd, reason, lineSnippet, SourceCodeScanType.SAST, severity, ruleID, fullDescription);
+        this.codeFlows = codeFlows;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
diff --git a/src/main/java/com/jfrog/ide/common/nodes/ScaIssueNode.java b/src/main/java/com/jfrog/ide/common/nodes/ScaIssueNode.java
@@ -16,11 +16,12 @@ public class ScaIssueNode extends FileIssueNode {
     private String fixedVersions;
 
     // Empty constructor for deserialization
+    @SuppressWarnings("unused")
     ScaIssueNode() {
     }
 
-    public ScaIssueNode(String title, String reason, Severity severity, String ruleID, Applicability applicability, List<List<ImpactPath>> impactPaths, String fixedVersions) {
-        super(title,  reason,  SourceCodeScanType.SCA,  severity,  ruleID);
+    public ScaIssueNode(String title, String reason, Severity severity, String ruleID, Applicability applicability, List<List<ImpactPath>> impactPaths, String fixedVersions, String fullDescription) {
+        super(title,  reason,  SourceCodeScanType.SCA,  severity,  ruleID, fullDescription);
         this.applicability = applicability;
         this.impactPaths = impactPaths;
         this.isDirectDependency = isDirectDependency(impactPaths, ruleID);
diff --git a/src/main/java/com/jfrog/ide/common/parse/SarifParser.java b/src/main/java/com/jfrog/ide/common/parse/SarifParser.java
@@ -6,7 +6,9 @@
 import com.jetbrains.qodana.sarif.model.*;
 import com.jfrog.ide.common.nodes.FileIssueNode;
 import com.jfrog.ide.common.nodes.FileTreeNode;
+import com.jfrog.ide.common.nodes.SastIssueNode;
 import com.jfrog.ide.common.nodes.ScaIssueNode;
+import com.jfrog.ide.common.nodes.subentities.FindingInfo;
 import com.jfrog.ide.common.nodes.subentities.ImpactPath;
 import com.jfrog.ide.common.nodes.subentities.Severity;
 import com.jfrog.ide.common.nodes.subentities.SourceCodeScanType;
@@ -17,31 +19,46 @@
 import java.io.*;
 import java.util.*;
 
+/**
+ * SarifParser is responsible for parsing SARIF reports and converting them into a list of FileTreeNode objects.
+ */
 public class SarifParser {
     private final Log log;
 
+    /**
+     * Constructor for SarifParser.
+     *
+     * @param log the logger to be used for logging errors and information.
+     */
     SarifParser(Log log) {
         this.log = log;
     }
 
+    /**
+     * Parses the given SARIF report output and returns a list of FileTreeNode objects.
+     *
+     * @param output the SARIF report as a string.
+     * @return a list of FileTreeNode objects representing the parsed findings.
+     * @throws NoSuchElementException if no runs are found in the SARIF report.
+     */
     List<FileTreeNode> parse (String output) {
         Reader reader = new StringReader(output);
-
         SarifReport report = SarifUtil.readReport(reader);
-        // extract SCA run object from SARIF
-
         List<Run> runs = report.getRuns();
         if (runs.isEmpty()) {
             log.error("No runs found in SARIF report");
             throw new NoSuchElementException("No runs found in the scan SARIF report");
         }
-
         return new ArrayList<>(parseScanFindings(runs));
     }
 
-
+    /**
+     * Parses the scan findings from the given list of runs.
+     *
+     * @param runs the list of runs from the SARIF report.
+     * @return a list of FileTreeNode objects representing the parsed findings.
+     */
     private List<FileTreeNode> parseScanFindings(List<Run> runs){
-        // a method for parsing SCA findings and build FileTreeNodes and IssueNodes
         List<FileTreeNode> fileTreeNodes = new ArrayList<>();
 
         for (Run run : runs) {
@@ -81,30 +98,79 @@ private List<FileTreeNode> parseScanFindings(List<Run> runs){
         return fileTreeNodes;
     }
 
-
+    /**
+     * Generates a ScaIssueNode from the given rule and result.
+     *
+     * @param rule   the reporting descriptor rule.
+     * @param result the result from the SARIF report.
+     * @return a ScaIssueNode representing the issue.
+     */
     private FileIssueNode generateScaFileIssueNode(ReportingDescriptor rule, Result result){
         Applicability applicability = Applicability.fromSarif(Objects.requireNonNull(result.getProperties()).get("applicability").toString());
         String fixedVersions = Objects.requireNonNull(result.getProperties()).get("fixedVersion").toString();
         List<List<ImpactPath>> impactPaths = new ObjectMapper().convertValue(Objects.requireNonNull(rule.getProperties()).get("impactPaths"), new TypeReference<>() {
         });
         Severity severity = Severity.fromSarif(result.getLevel().toString());
         String fullDescription = rule.getFullDescription().getText();
+        String reason = result.getMessage().getText();
 
-        return new ScaIssueNode(SourceCodeScanType.SCA.getScannerIssueTitle(), fullDescription, severity, rule.getId(), applicability, impactPaths, fixedVersions);
+        return new ScaIssueNode(SourceCodeScanType.SCA.getScannerIssueTitle(), reason, severity, rule.getId(), applicability, impactPaths, fixedVersions, fullDescription);
     }
 
+    /**
+     * Generates a FileIssueNode for JAS from the given rule, result, reporter, and file path.
+     *
+     * @param rule      the reporting descriptor rule.
+     * @param result    the result from the SARIF report.
+     * @param reporter  the source code scan type.
+     * @param filePath  the file path where the issue was found.
+     * @return a FileIssueNode representing the issue.
+     */
     private FileIssueNode generateJasFileIssueNode(ReportingDescriptor rule, Result result, SourceCodeScanType reporter, String filePath){
         Severity severity = Severity.fromSarif(result.getLevel().toString());
-        String fullDescription = rule.getFullDescription().getText(); // TODO: is needed?
+        String fullDescription = rule.getFullDescription().getText();
         int rowStart = result.getLocations().get(0).getPhysicalLocation().getRegion().getStartLine();
         int colStart = result.getLocations().get(0).getPhysicalLocation().getRegion().getStartColumn();
         int rowEnd = result.getLocations().get(0).getPhysicalLocation().getRegion().getEndLine();
         int colEnd = result.getLocations().get(0).getPhysicalLocation().getRegion().getEndColumn();
         String lineSnippet = result.getLocations().get(0).getPhysicalLocation().getRegion().getSnippet().getText();
         String reason = result.getMessage().getText();
+        if (reporter.equals(SourceCodeScanType.SAST)) {
+            FindingInfo[][] codeFlows = convertCodeFlowsToFindingInfo(result.getCodeFlows());
+            return new SastIssueNode(reporter.getScannerIssueTitle(), filePath, rowStart, colStart, rowEnd, colEnd, reason,
+                    lineSnippet, codeFlows, severity, rule.getId(), fullDescription);
+        }
 
         return new FileIssueNode(reporter.getScannerIssueTitle(), filePath, rowStart, colStart, rowEnd, colEnd, reason,
-                lineSnippet, reporter, severity, rule.getId());
+                lineSnippet, reporter, severity, rule.getId(), fullDescription);
+    }
+
+    private static FindingInfo[][] convertCodeFlowsToFindingInfo(List<CodeFlow> codeFlows) {
+        if (codeFlows == null || codeFlows.isEmpty()) {
+            return null;
+        }
+        List<ThreadFlow> flows = codeFlows.get(0).getThreadFlows();
+        if (flows == null || flows.isEmpty()) {
+            return null;
+        }
+        FindingInfo[][] results = new FindingInfo[flows.size()][];
+        for (int i = 0; i < flows.size(); i++) {
+            ThreadFlow flow = flows.get(i);
+            List<ThreadFlowLocation> locations = flow.getLocations();
+            results[i] = new FindingInfo[locations.size()];
+            for (int j = 0; j < locations.size(); j++) {
+                PhysicalLocation location = locations.get(j).getLocation().getPhysicalLocation();
+                results[i][j] = new FindingInfo(
+                    location.getArtifactLocation().getUri(),
+                    location.getRegion().getStartLine(),
+                    location.getRegion().getStartColumn(),
+                    location.getRegion().getEndLine(),
+                    location.getRegion().getEndColumn(),
+                    location.getRegion().getSnippet().getText()
+                );
+            }
+        }
+        return results;
     }
 
 
diff --git a/src/test/java/com/jfrog/ide/common/parse/SarifParserTest.java b/src/test/java/com/jfrog/ide/common/parse/SarifParserTest.java
@@ -0,0 +1,11 @@
+package com.jfrog.ide.common.parse;
+
+import org.testng.annotations.Test;
+
+public class SarifParserTest {
+
+    @Test
+    public void setUp() {
+
+    }
+}
