Fix empty URI in scorecard for SARIF report (AST-112622) (#1309)

cx-anjali-deore · web-flow · commit 9cd3a2cdcfe6 · 2025-09-17T13:24:22.000+05:30
Fix empty URI in  scorecard  for SARIF report
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -113,6 +113,7 @@ const (
 	ScaExcludeResultTypesParam              = "exclude-result-types"
 	noFileForScorecardResultString          = "Issue Found in your GitHub repository"
 	CliType                                 = "cli"
+	artifactLocationURIString               = "This alert has no associated file"
 )
 
 var (
@@ -2684,7 +2685,7 @@ func parseSarifResultsSscs(result *wrappers.ScanResult, scanResults []wrappers.S
 
 	trimOsSeparatorFromFileName(result)
 	if result.Type == commonParams.SCSScorecardType && result.ScanResultData.Filename == noFileForScorecardResultString {
-		scanLocation.PhysicalLocation.ArtifactLocation.URI = ""
+		scanLocation.PhysicalLocation.ArtifactLocation.URI = artifactLocationURIString
 		scanLocation.PhysicalLocation.ArtifactLocation.Description = &wrappers.SarifMessage{}
 		scanLocation.PhysicalLocation.ArtifactLocation.Description.Text = result.ScanResultData.Filename
 	} else {
diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go
@@ -18,6 +18,7 @@ import (
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/checkmarx/ast-cli/internal/wrappers/mock"
+	assertion "github.com/stretchr/testify/assert"
 	"golang.org/x/text/cases"
 	"golang.org/x/text/language"
 	"gotest.tools/assert"
@@ -894,6 +895,15 @@ func assertTypePresentSarif(t *testing.T, resultType string, expectedResultTypeC
 		fmt.Sprintf("Expected %s result count to be %d, but found %d results", resultType, expectedResultTypeCount, actualResultTypeCount))
 }
 
+func assertURINonEmpty(t *testing.T) {
+	reportBytes, err := os.ReadFile(fileName + "." + printer.FormatSarif)
+	assert.NilError(t, err, "Error reading SARIF file")
+	var scanResults *wrappers.SarifResultsCollection
+	err = json.Unmarshal(reportBytes, &scanResults)
+	assert.NilError(t, err, "Error unmarshalling SARIF results")
+	assertion.Contains(t, scanResults.Runs[0].Results[10].Locations[0].PhysicalLocation.ArtifactLocation.URI, "This alert has no associated file")
+}
+
 func assertRulePresentSarif(t *testing.T, ruleID string, scanResultsCollection *wrappers.SarifResultsCollection) {
 	for i := range scanResultsCollection.Runs[0].Tool.Driver.Rules {
 		rule := scanResultsCollection.Runs[0].Tool.Driver.Rules[i]
@@ -1383,7 +1393,7 @@ func TestRunGetResultsByScanIdSonarFormat_SCSFlagEnabled_SCSPresentInReport(t *t
 	mock.SetScsMockVarsToDefault()
 }
 
-func TestRunGetResultsByScanIdSarifFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+func TestRunGetResultsByScanIdSarifFormat_SCSFlagEnabled_SCSNonEmpty_URI_PresentInReport(t *testing.T) {
 	clearFlags()
 	mock.HasScs = true
 	mock.ScsScanPartial = false
@@ -1392,7 +1402,7 @@ func TestRunGetResultsByScanIdSarifFormat_SCSFlagEnabled_SCSPresentInReport(t *t
 	execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sarif")
 	assertTypePresentSarif(t, params.SCSScorecardType, 1)
 	assertTypePresentSarif(t, params.SCSSecretDetectionType, 2)
-
+	assertURINonEmpty(t)
 	removeFileBySuffix(t, printer.FormatSarif)
 	mock.SetScsMockVarsToDefault()
 }
diff --git a/internal/wrappers/mock/results-mock.go b/internal/wrappers/mock/results-mock.go
@@ -31,6 +31,9 @@ var containersResults = &wrappers.ScanResult{
 		CweID:     "CWE-1234",
 	},
 }
+var ScanResultData = wrappers.ScanResultData{
+	Filename: "Issue Found in your GitHub repository",
+}
 
 var scsResultsSecretDetection = []*wrappers.ScanResult{
 	{
@@ -46,6 +49,7 @@ var scsResultsSecretDetection = []*wrappers.ScanResult{
 		FirstScanID:          "3d922bcd-00fe-4774-b182-d51e739dff81",
 		Description:          "Generic API Key has detected secret for file application.properties.",
 		VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+		ScanResultData:       ScanResultData,
 	},
 	{
 		Type:                 params.SCSSecretDetectionType,
@@ -60,6 +64,7 @@ var scsResultsSecretDetection = []*wrappers.ScanResult{
 		FirstScanID:          "3d922bcd-00fe-4774-b182-d51e739dff81",
 		Description:          "Generic API Key has detected secret for file application.properties.",
 		VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+		ScanResultData:       ScanResultData,
 	},
 }
 var scsResultScorecard = []*wrappers.ScanResult{
@@ -76,6 +81,7 @@ var scsResultScorecard = []*wrappers.ScanResult{
 		FirstScanID:          "3d922bcd-00fe-4774-b182-d51e739dff81",
 		Description:          "score is 0: branch protection not enabled on development/release branches:\\nWarn: branch protection not enabled for branch 'main'",
 		VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+		ScanResultData:       ScanResultData,
 	},
 }
 
@@ -295,6 +301,17 @@ func (r ResultsMockWrapper) GetAllResultsByScanID(params map[string]string) (
 			{
 				Type:     "kics",
 				Severity: "low",
+				ScanResultData: wrappers.ScanResultData{
+					QueryName: "mock-query-name-5",
+					Nodes: []*wrappers.ScanResultNode{
+						{
+							FileName: "dummy-file-name-4",
+						},
+						{
+							FileName: "dummy-file-name-4",
+						},
+					},
+				},
 			},
 		},
 	}
