Fix sarif convert (#922)

xray/audit/jas/jasmanager.go

@@ -131,7 +131,7 @@ func deleteJasProcessFiles(configFile string, resultFile string) error {
 	return errorutils.CheckError(err)
 }
 
-func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils.JasScanType) ([]utils.SourceCodeScanResult, error) {
+func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils.JasScanType) (results []utils.SourceCodeScanResult, err error) {
 	// Read Sarif format results generated from the Jas scanner
 	report, err := sarif.Open(resultsFileName)
 	if errorutils.CheckError(err) != nil {
@@ -142,28 +142,32 @@ func getSourceCodeScanResults(resultsFileName, workingDir string, scanType utils
 		// Jas scanners returns results in a single run entry
 		sarifResults = report.Runs[0].Results
 	}
-	return convertSarifResultsToSourceCodeScanResults(sarifResults, workingDir, scanType), nil
+	resultPointers := convertSarifResultsToSourceCodeScanResults(sarifResults, workingDir, scanType)
+	for _, res := range resultPointers {
+		results = append(results, *res)
+	}
+	return results, nil
 }
 
-func convertSarifResultsToSourceCodeScanResults(sarifResults []*sarif.Result, workingDir string, scanType utils.JasScanType) []utils.SourceCodeScanResult {
-	var sourceCodeScanResults []utils.SourceCodeScanResult
+func convertSarifResultsToSourceCodeScanResults(sarifResults []*sarif.Result, workingDir string, scanType utils.JasScanType) []*utils.SourceCodeScanResult {
+	var sourceCodeScanResults []*utils.SourceCodeScanResult
 	for _, sarifResult := range sarifResults {
 		// Describes a request to “suppress” a result (to exclude it from result lists)
 		if len(sarifResult.Suppressions) > 0 {
 			continue
 		}
 		// Convert
-		sourceCodeScanResult := utils.IsSarifResultExistsInSourceCodeScanResults(sarifResult, workingDir, &sourceCodeScanResults)
-		if sourceCodeScanResult == nil {
-			sourceCodeScanResult = utils.ConvertSarifResultToSourceCodeScanResult(sarifResult, workingDir, &sourceCodeScanResults)
-			sourceCodeScanResults = append(sourceCodeScanResults, *sourceCodeScanResult)
-		}
-		// Set specific Jas scan attributes
-		if scanType == utils.Secrets {
-			sourceCodeScanResult.Text = hideSecret(utils.GetResultLocationSnippet(sarifResult.Locations[0]))
+		currentResult := utils.GetResultIfExists(sarifResult, workingDir, sourceCodeScanResults)
+		if currentResult == nil {
+			currentResult = utils.ConvertSarifResultToSourceCodeScanResult(sarifResult, workingDir)
+			// Set specific Jas scan attributes
+			if scanType == utils.Secrets {
+				currentResult.Text = hideSecret(utils.GetResultLocationSnippet(sarifResult.Locations[0]))
+			}
+			sourceCodeScanResults = append(sourceCodeScanResults, currentResult)
 		}
 		if scanType == utils.Sast {
-			sourceCodeScanResult.CodeFlow = append(sourceCodeScanResult.CodeFlow, utils.GetResultCodeFlows(sarifResult, workingDir)...)
+			currentResult.CodeFlow = append(currentResult.CodeFlow, utils.GetResultCodeFlows(sarifResult, workingDir)...)
 		}
 	}
 	return sourceCodeScanResults

xray/utils/analyzermanager.go

@@ -96,7 +96,7 @@ type SourceCodeScanResult struct {
 	SourceCodeLocation
 	Severity string
 	Type     string
-	CodeFlow [][]SourceCodeLocation
+	CodeFlow []*[]SourceCodeLocation
 }
 
 type ExtendedScanResults struct {

xray/utils/resultstable.go

@@ -400,7 +400,7 @@ func toSourceCodeCodeFlowRow(result SourceCodeScanResult, isTable bool) (flows [
 	}
 	for _, flowStack := range result.CodeFlow {
 		rowFlow := []formats.SourceCodeLocationRow{}
-		for _, location := range flowStack {
+		for _, location := range *flowStack {
 			rowFlow = append(rowFlow, formats.SourceCodeLocationRow{
 				File:       location.File,
 				LineColumn: location.LineColumn,

xray/utils/sarifutils.go

@@ -8,19 +8,19 @@ import (
 )
 
 // If exists SourceCodeScanResult with the same location as the provided SarifResult, return it
-func IsSarifResultExistsInSourceCodeScanResults(result *sarif.Result, workingDir string, results *[]SourceCodeScanResult) *SourceCodeScanResult {
+func GetResultIfExists(result *sarif.Result, workingDir string, results []*SourceCodeScanResult) *SourceCodeScanResult {
 	file := ExtractRelativePath(GetResultFileName(result), workingDir)
 	lineCol := GetResultLocationInFile(result)
 	text := *result.Message.Text
-	for _, result := range *results {
+	for _, result := range results {
 		if result.File == file && result.LineColumn == lineCol && result.Text == text {
-			return &result
+			return result
 		}
 	}
 	return nil
 }
 
-func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir string, results *[]SourceCodeScanResult) *SourceCodeScanResult {
+func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir string) *SourceCodeScanResult {
 	file := ExtractRelativePath(GetResultFileName(result), workingDir)
 	lineCol := GetResultLocationInFile(result)
 	text := *result.Message.Text
@@ -36,7 +36,7 @@ func ConvertSarifResultToSourceCodeScanResult(result *sarif.Result, workingDir s
 	}
 }
 
-func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows [][]SourceCodeLocation) {
+func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows []*[]SourceCodeLocation) {
 	if len(result.CodeFlows) == 0 {
 		return
 	}
@@ -49,14 +49,14 @@ func GetResultCodeFlows(result *sarif.Result, workingDir string) (flows [][]Sour
 	return
 }
 
-func extractThreadFlows(threadFlows []*sarif.ThreadFlow, workingDir string) (flows [][]SourceCodeLocation) {
+func extractThreadFlows(threadFlows []*sarif.ThreadFlow, workingDir string) (flows []*[]SourceCodeLocation) {
 	for _, threadFlow := range threadFlows {
 		if threadFlow == nil || len(threadFlow.Locations) == 0 {
 			continue
 		}
 		flow := extractStackTraceLocations(threadFlow.Locations, workingDir)
 		if len(flow) > 0 {
-			flows = append(flows, flow)
+			flows = append(flows, &flow)
 		}
 	}
 	return