From fb6f0109f0477e37476b2b043215957fa81296da Mon Sep 17 00:00:00 2001
From: Vipin Nair <vipin.nair01@sap.com>
Date: Fri, 28 Jun 2024 15:53:36 -0700
Subject: [PATCH] Fix #2345: SARIF output fix and some enhancements

- Fix the nesting level of `region` under the `results` property

- Enhance SARIF output
  - Add Clj-kondo `version` to the SARIF output
  - Add `endLine` and `endColumn` to the linting results
  - Add `helpUri`, `level` and `enabled` to the linting rules
---
 src/clj_kondo/impl/sarif.clj | 50 ++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/src/clj_kondo/impl/sarif.clj b/src/clj_kondo/impl/sarif.clj
index 29595a7eec..c1b34cfc09 100644
--- a/src/clj_kondo/impl/sarif.clj
+++ b/src/clj_kondo/impl/sarif.clj
@@ -1,36 +1,48 @@
 (ns clj-kondo.impl.sarif
-  (:require [clj-kondo.impl.config :as config]))
+  (:require
+   [clj-kondo.impl.config :as config]
+   [clj-kondo.impl.version :as version]))
 
 ;; https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md#simple-example
 
 (set! *warn-on-reflection* true)
 
-(defn finding->sarif [rules files finding]
-  {:level (:level finding)
+(defn- linter-help-uri [linter]
+  (format "https://github.com/clj-kondo/clj-kondo/blob/master/doc/linters.md#%s" (name linter)))
+
+(defn- sarif-level [level]
+  (case level
+    :error "error"
+    :warning "warning"
+    :off "none"))
+
+(defn- finding->sarif [finding]
+  {:level (-> finding :level sarif-level)
    :message {:text (:message finding)}
    :locations [{:physicalLocation
-                {:artifactLocation
-                 {:uri (:filename finding)
-                  :index (.indexOf ^java.util.List files (:filename finding))
-                  :region {:startLine (:row finding)
-                           :startColumn (:col finding)}}}}]
-   :ruleId (:type finding)
-   :ruleIndex (:index (get rules (:type finding)))})
+                {:artifactLocation {:uri (:filename finding)}
+                 :region {:startLine (:row finding)
+                          :startColumn (:col finding)
+                          :endLine (:end-row finding)
+                          :endColumn (:end-col finding)}}}]
+   :ruleId (:type finding)})
 
 (defn generate-sarif [{:keys [findings]}]
   (let [linters (:linters config/default-config)
         rules (zipmap (keys linters)
-                      (mapv (fn [[k _] i]
-                              {:id k :index i})
+                      (mapv (fn [[linter {:keys [level]}] i]
+                              {:id linter
+                               :helpUri (linter-help-uri linter)
+                               :defaultConfiguration
+                               {:enabled (if (= :off level) false true)
+                                :level (sarif-level level)}
+                               :index i})
                             linters
-                            (range)))
-        files (vec (distinct (map :filename findings)))]
+                            (range)))]
     {:version "2.1.0"
-     "$schema" "http://json.schemastore.org/sarif-2.1.0-rtm.4"
+     :$schema "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json"
      :runs [{:tool {:driver {:name "Clj-kondo"
+                             :version version/version
                              :informationUri "https://github.com/clj-kondo/clj-kondo"
                              :rules (mapv #(dissoc % :index) (vals rules))}}
-             :artifacts (mapv (fn [file]
-                                {:location {:uri file}})
-                              files)
-             :results (mapv #(finding->sarif rules files %) findings)}]}))
+             :results (mapv #(finding->sarif %) findings)}]}))