feat: Add location to SARIF output (#1207)

Signed-off-by: James Alseth <james@jalseth.me>

Author: jalseth

output/sarif.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/open-policy-agent/conftest/internal/version"
@@ -74,19 +75,10 @@ func addRuleIndex(run *sarif.Run, ruleID string, result Result, indices map[stri
 // addRule adds a new rule to the SARIF run with the given ID and result metadata.
 func addRule(run *sarif.Run, ruleID string, result Result) {
 	desc := getRuleDescription(ruleID)
-	rule := run.AddRule(ruleID).
+	run.AddRule(ruleID).
 		WithDescription(desc).
-		WithShortDescription(&sarif.MultiformatMessageString{
-			Text: &desc,
-		})
-
-	if result.Metadata != nil {
-		props := sarif.NewPropertyBag()
-		for k, v := range result.Metadata {
-			props.Add(k, v)
-		}
-		rule.WithProperties(props.Properties)
-	}
+		WithProperties(result.Metadata).
+		WithShortDescription(sarif.NewMultiformatMessageString(desc))
 }
 
 // addResult adds a result to the SARIF run
@@ -97,18 +89,20 @@ func addResult(run *sarif.Run, result Result, namespace, ruleType, level, fileNa
 		idx = addRuleIndex(run, ruleID, result, indices)
 	}
 
+	location := sarif.NewPhysicalLocation()
+	if loc := result.Location; loc != nil {
+		line, _ := strconv.Atoi(loc.Line.String())
+		location.ArtifactLocation = sarif.NewSimpleArtifactLocation(filepath.ToSlash(loc.File))
+		location.Region = sarif.NewRegion().WithStartLine(line).WithEndLine(line)
+	} else {
+		location.ArtifactLocation = sarif.NewSimpleArtifactLocation(filepath.ToSlash(fileName))
+	}
+
 	run.CreateResultForRule(ruleID).
 		WithRuleIndex(idx).
 		WithLevel(level).
 		WithMessage(sarif.NewTextMessage(result.Message)).
-		AddLocation(
-			sarif.NewLocationWithPhysicalLocation(
-				sarif.NewPhysicalLocation().
-					WithArtifactLocation(
-						sarif.NewSimpleArtifactLocation(filepath.ToSlash(fileName)),
-					),
-			),
-		)
+		AddLocation(sarif.NewLocationWithPhysicalLocation(location))
 }
 
 // Output outputs the results in SARIF format.

output/sarif_test.go

@@ -124,6 +124,10 @@ func TestSARIF_Output(t *testing.T) {
 					Warnings: []Result{
 						{
 							Message: "test warning",
+							Location: &Location{
+								File: "test.yaml",
+								Line: json.Number("123"),
+							},
 							Metadata: map[string]any{
 								"foo": "bar",
 							},
@@ -175,6 +179,10 @@ func TestSARIF_Output(t *testing.T) {
 											"artifactLocation": map[string]any{
 												"uri": "test.yaml",
 											},
+											"region": map[string]any{
+												"startLine": float64(123),
+												"endLine":   float64(123),
+											},
 										},
 									},
 								},