From a48625a4f506c34656714c0d2d836585c6cdaaa3 Mon Sep 17 00:00:00 2001
From: sg <spyros@ocurity.com>
Date: Wed, 18 Sep 2024 21:47:34 +0100
Subject: [PATCH] bugfix:364 fix sarif parser bug where if no endline was
 provided the output would end in '-'

---
 pkg/sarif/sarif.go                     |  2 ++
 pkg/sarif/sarif_test.go                |  8 ++++++++
 pkg/sarif/testdata/example_output.json | 27 ++++++++++++++++++++++++--
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/pkg/sarif/sarif.go b/pkg/sarif/sarif.go
index 4c112d5ef..8969a3e7c 100644
--- a/pkg/sarif/sarif.go
+++ b/pkg/sarif/sarif.go
@@ -199,6 +199,8 @@ func parseOut(run sarif.Run, rules map[string]*sarif.ReportingDescriptor, toolNa
 					}
 					if loc.PhysicalLocation.Region.EndLine != nil {
 						el = fmt.Sprintf("%d", *loc.PhysicalLocation.Region.EndLine)
+					} else {
+						el = sl
 					}
 					target = fmt.Sprintf("%s:%s-%s", uri, sl, el)
 				} else {
diff --git a/pkg/sarif/sarif_test.go b/pkg/sarif/sarif_test.go
index 04ed52506..3d1a0321d 100644
--- a/pkg/sarif/sarif_test.go
+++ b/pkg/sarif/sarif_test.go
@@ -27,6 +27,14 @@ func Test_ParseOut(t *testing.T) {
 	}
 
 	expectedIssues := []*v1.Issue{
+		{
+			Target:      "main.go:83-83",
+			Type:        "G404",
+			Title:       "[test for missing endLine, common in some tools]",
+			Severity:    v1.Severity_SEVERITY_HIGH,
+			Confidence:  v1.Confidence_CONFIDENCE_UNSPECIFIED,
+			Description: "Message: [test for missing endLine, common in some tools]",
+		},
 		{
 			Target:      "main.go:83-83",
 			Type:        "G404",
diff --git a/pkg/sarif/testdata/example_output.json b/pkg/sarif/testdata/example_output.json
index f90f802df..5aca2f4e5 100644
--- a/pkg/sarif/testdata/example_output.json
+++ b/pkg/sarif/testdata/example_output.json
@@ -1,6 +1,29 @@
 {
 	"runs": [{
-		"results": [{
+		"results": [
+			{
+				"level": "error",
+				"locations": [{
+					"physicalLocation": {
+						"artifactLocation": {
+							"uri": "main.go"
+						},
+						"region": {
+							"snippet": {
+								"text": "r := rand.New(rand.NewSource(time.Now().UnixNano()))"
+							},
+							"sourceLanguage": "go",
+							"startColumn": 7,
+							"startLine": 83
+						}
+					}
+				}],
+				"message": {
+					"text": "[test for missing endLine, common in some tools]"
+				},
+				"ruleId": "G404"
+			},
+			{
 				"level": "error",
 				"locations": [{
 					"physicalLocation": {
@@ -60,4 +83,4 @@
 	}],
 	"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
 	"version": "2.1.0"
-}
\ No newline at end of file
+}