All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.codemodder.SarifFindingKeyUtil Maven / Gradle / Ivy

package io.codemodder;

import com.contrastsecurity.sarif.Fingerprints;
import com.contrastsecurity.sarif.Result;
import java.nio.file.Path;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;

/** Utility class for building keys for SARIF findings. */
public final class SarifFindingKeyUtil {

  private SarifFindingKeyUtil() {}

  /**
   * Builds a finding ID for a SARIF finding based on the provided result, file path, and line
   * number.
   */
  public static String buildFindingId(final Result result, final Path path, final int line) {
    // prefer the guid, then the correlation guid
    if (!StringUtils.isBlank(result.getGuid())) {
      return result.getGuid().trim();
    } else if (!StringUtils.isBlank(result.getCorrelationGuid())) {
      return result.getCorrelationGuid().trim();
    }

    // use a fingerprint, as at least that is some guarantee of uniqueness
    final Fingerprints fingerprints = result.getFingerprints();
    final Map fingerPrintProperties =
        fingerprints != null ? fingerprints.getAdditionalProperties() : new HashMap<>();
    if (!fingerPrintProperties.isEmpty()) {
      Collection values = fingerPrintProperties.values();
      return values.iterator().next();
    }

    // ultimate fallback, some composite ID that will not represent anything
    return String.format("%s-%s-%d", result.getRuleId(), path.getFileName(), line);
  }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy