Fix Bug number AST-34230 - Sarif report outOfRange issue (#639)

* Fix Bug number AST-34230 - Sarif report outOfRange issue * fix litter --------- Co-authored-by: Pedro Lopes <[email protected]> Co-authored-by: Pedro Lopes <[email protected]>
Checkmarx · Jan 12, 2024 · 3285e90 · 3285e90
1 parent 6468014
commit 3285e90
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 11 deletions.
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -83,6 +83,7 @@ const (
 	apiDocumentationFlagDescription         = "Swagger folder/file filter for API-Security scan. Example: ./swagger.json"
 	summaryCreatedAtLayout                  = "2006-01-02, 15:04:05"
 	glTimeFormat                            = "2006-01-02T15:04:05"
+	sarifNodeFileLength                     = 2
 )
 
 var summaryFormats = []string{
@@ -1620,18 +1621,20 @@ func parseSarifResultSast(result *wrappers.ScanResult, scanResults []wrappers.Sa
 
 	for _, node := range result.ScanResultData.Nodes {
 		var scanLocation wrappers.SarifLocation
-		scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:]
-		if node.Line <= 0 {
-			continue
+		if len(node.FileName) >= sarifNodeFileLength {
+			scanLocation.PhysicalLocation.ArtifactLocation.URI = node.FileName[1:]
+			if node.Line <= 0 {
+				continue
+			}
+			scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{}
+			scanLocation.PhysicalLocation.Region.StartLine = node.Line
+			column := node.Column
+			length := node.Length
+			scanLocation.PhysicalLocation.Region.StartColumn = column
+			scanLocation.PhysicalLocation.Region.EndColumn = column + length
+
+			scanResult.Locations = append(scanResult.Locations, scanLocation)
 		}
-		scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{}
-		scanLocation.PhysicalLocation.Region.StartLine = node.Line
-		column := node.Column
-		length := node.Length
-		scanLocation.PhysicalLocation.Region.StartColumn = column
-		scanLocation.PhysicalLocation.Region.EndColumn = column + length
-
-		scanResult.Locations = append(scanResult.Locations, scanLocation)
 	}
 
 	scanResults = append(scanResults, scanResult)

diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go
@@ -9,6 +9,7 @@ import (
 
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
 	"github.com/checkmarx/ast-cli/internal/params"
+	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"gotest.tools/assert"
 )
 
@@ -39,6 +40,14 @@ func TestRunGetResultsByScanIdSarifFormat(t *testing.T) {
 	os.Remove(fmt.Sprintf("%s.%s", fileName, printer.FormatSarif))
 }
 
+func TestParseSarifEmptyResultSast(t *testing.T) {
+	emptyResult := &wrappers.ScanResult{}
+	result := parseSarifResultSast(emptyResult, nil)
+	if result != nil {
+		t.Errorf("Expected nil result for empty ScanResultData.Nodes, got %v", result)
+	}
+}
+
 func TestRunGetResultsByScanIdSonarFormat(t *testing.T) {
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")