Merge pull request #1416 from snyk/fix/sarif-outputfile-fixes

Fix/sarif outputfile fixes

src/cli/commands/test/index.ts

@@ -223,7 +223,11 @@ async function test(...args: MethodArgs): Promise<TestCommandResult> {
   if (options.json || options.sarif) {
     // if all results are ok (.ok == true) then return the json
     if (errorMappedResults.every((res) => res.ok)) {
-      return TestCommandResult.createJsonTestCommandResult(stringifiedData);
+      return TestCommandResult.createJsonTestCommandResult(
+        stringifiedData,
+        stringifiedJsonData,
+        stringifiedSarifData,
+      );
     }
 
     const err = new Error(stringifiedData) as any;
@@ -233,7 +237,11 @@ async function test(...args: MethodArgs): Promise<TestCommandResult> {
         const fail = shouldFail(vulnerableResults, options.failOn);
         if (!fail) {
           // return here to prevent failure
-          return TestCommandResult.createJsonTestCommandResult(stringifiedData);
+          return TestCommandResult.createJsonTestCommandResult(
+            stringifiedData,
+            stringifiedJsonData,
+            stringifiedSarifData,
+          );
         }
       }
       err.code = 'VULNS';

src/cli/commands/types.ts

@@ -40,9 +40,11 @@ export abstract class TestCommandResult extends CommandResult {
   }
 
   public static createJsonTestCommandResult(
-    jsonResult: string,
+    stdout: string,
+    jsonResult?: string,
+    sarifResult?: string,
   ): JsonTestCommandResult {
-    return new JsonTestCommandResult(jsonResult);
+    return new JsonTestCommandResult(stdout, jsonResult, sarifResult);
   }
 }
 
@@ -72,11 +74,23 @@ class HumanReadableTestCommandResult extends TestCommandResult {
 }
 
 class JsonTestCommandResult extends TestCommandResult {
-  constructor(jsonResult: string) {
-    super(jsonResult);
+  constructor(stdout: string, jsonResult?: string, sarifResult?: string) {
+    super(stdout);
+    if (jsonResult) {
+      this.jsonResult = jsonResult;
+    }
+    if (sarifResult) {
+      this.sarifResult = sarifResult;
+    } else {
+      this.jsonResult = stdout;
+    }
   }
 
   public getJsonResult(): string {
-    return this.result;
+    return this.jsonResult;
+  }
+
+  public getSarifResult(): string {
+    return this.sarifResult;
   }
 }

src/cli/index.ts

@@ -125,7 +125,7 @@ async function handleError(args, error) {
   }
 
   saveResultsToFile(args.options, 'json', error.jsonStringifiedResults);
-  saveResultsToFile(args.options, 'sarif', error.jsonStringifiedResults);
+  saveResultsToFile(args.options, 'sarif', error.sarifStringifiedResults);
 
   const analyticsError = vulnsFound
     ? {
@@ -416,7 +416,8 @@ function saveResultsToFile(
   outputType: string,
   jsonResults: string,
 ) {
-  const outputFile = options[`${outputType}-file-output`];
+  const flag = `${outputType}-file-output`;
+  const outputFile = options[flag];
   if (outputFile && jsonResults) {
     const outputFileStr = outputFile as string;
     const fullOutputFilePath = getFullPath(outputFileStr);

test/acceptance/cli-args.test.ts

@@ -489,11 +489,11 @@ test('test --sarif-file-output no value produces error message', (t) => {
   optionsToTest.forEach(validate);
 });
 
-test('`test --json-file-output can be used at the same time as --sarif-file-output`', (t) => {
+test('`container test --json-file-output can be used at the same time as --sarif-file-output`', (t) => {
   t.plan(3);
 
   exec(
-    `node ${main} test --json-file-output=snyk-direct-json-test-output.json --sarif-file-output=snyk-direct-sarif-test-output.json`,
+    `node ${main} container test alpine --file=test/acceptance/fixtures/docker/Dockerfile --sarif-file-output=snyk-direct-sarif-test-output.json --json-file-output=snyk-direct-json-test-output.json`,
     (err, stdout) => {
       if (err) {
         throw err;
@@ -517,3 +517,70 @@ test('`test --json-file-output can be used at the same time as --sarif-file-outp
     },
   );
 });
+
+test('`test --sarif-file-output can be used at the same time as --sarif`', (t) => {
+  t.plan(2);
+
+  exec(
+    `node ${main} container test alpine --sarif --file=test/acceptance/fixtures/docker/Dockerfile --sarif-file-output=snyk-direct-sarif-test-output.json`,
+    (err, stdout) => {
+      if (err) {
+        throw err;
+      }
+      const sarifOutput = JSON.parse(
+        readFileSync('snyk-direct-sarif-test-output.json', 'utf-8'),
+      );
+
+      unlinkSync('./snyk-direct-sarif-test-output.json');
+
+      t.match(stdout, 'rules', 'stdout is sarif');
+
+      t.match(sarifOutput.version, '2.1.0', 'SARIF output file OK');
+      t.end();
+    },
+  );
+});
+
+test('`test --sarif-file-output without vulns`', (t) => {
+  t.plan(1);
+
+  exec(
+    `node ${main} container test alpine --file=test/acceptance/fixtures/docker/Dockerfile --sarif-file-output=snyk-direct-sarif-test-output.json`,
+    (err) => {
+      if (err) {
+        throw err;
+      }
+      const sarifOutput = JSON.parse(
+        readFileSync('snyk-direct-sarif-test-output.json', 'utf-8'),
+      );
+
+      unlinkSync('./snyk-direct-sarif-test-output.json');
+
+      t.match(sarifOutput.version, '2.1.0', 'SARIF output file OK');
+      t.end();
+    },
+  );
+});
+
+test('`test --sarif-file-output can be used at the same time as --json with vulns`', (t) => {
+  t.plan(2);
+
+  exec(
+    `node ${main} container test ubuntu --json --file=test/acceptance/fixtures/docker/Dockerfile --sarif-file-output=snyk-direct-sarif-test-output.json`,
+    (err, stdout) => {
+      if (err) {
+        throw err;
+      }
+      const sarifOutput = JSON.parse(
+        readFileSync('snyk-direct-sarif-test-output.json', 'utf-8'),
+      );
+
+      unlinkSync('./snyk-direct-sarif-test-output.json');
+
+      const jsonObj = JSON.parse(stdout);
+      t.notEqual(jsonObj.vulnerabilities.length, 0, 'has vulns');
+      t.match(sarifOutput.version, '2.1.0', 'SARIF output file OK');
+      t.end();
+    },
+  );
+});

test/acceptance/fixtures/docker/Dockerfile

@@ -0,0 +1 @@
+FROM scratch