adds exportSarif method

RubenHalman · RubenHalman · commit 336195cff207 · 2025-11-03T22:25:38.000+01:00
diff --git a/README.md b/README.md
@@ -4,18 +4,23 @@
   </a>
 </p>
 
-<p align="center"><i>A plug-and-play engine for Flow metadata in Node.js & browsers—with 20+ rules to catch unsafe contexts, loop queries, hardcoded IDs, and more.</i></p>
+<p align="center"><i>UMD-compatible Flow metadata engine for Node.js & browsers—20+ rules to catch common issues.</i></p>
 
-- [Default Rules](#default-rules)
-- [Configuration](#configuration)
+---
+
+## Table of contens
+
+- **[Default Rules](#default-rules)**
+- **[Configuration](#configuration)**
   - [Defining Severity Levels](#defining-severity-levels)
   - [Configuring Expressions](#configuring-expressions)
   - [Specifying Exceptions](#specifying-exceptions)
   - [Include Beta Rules](#include-beta-rules)
-- [Usage](#Usage)
-  - [Installation](#installation)
-  - [Core Functions](#core-functions)
-- [Development](#development)
+- **[Usage](#Usage)**
+  - [Examples](#examples)
+  - [Functions](#core-functions)
+- **[Installation](#installation)**
+- **[Development](#development)**
 
 ---
 
@@ -24,7 +29,7 @@
 <p>📌 <strong>Tip:</strong> To link directly to a specific rule, use the full GitHub anchor link format. Example:</p>
 <p><em><a href="https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context">https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context</a></em></i></p>
 
-### Action Calls In Loop
+### Action Calls In Loop(Beta)
 
 _[ActionCallsInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/rules/ActionCallsInLoop.ts)_ - To prevent exceeding Apex governor limits, it is advisable to consolidate and bulkify your apex calls, utilizing a single action call containing a collection variable at the end of the loop.
 
@@ -226,31 +231,62 @@ New rules are introduced in Beta mode before being added to the default ruleset.
 
 ## Usage
 
-### Installation
+The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module.
 
-The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module. To install:
+### Examples
 
-```bash
-npm install @flow-scanner/lightning-flow-scanner-core
+```js
+// Basic
+import { parse, scan } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan);
+
+// Apply fixes automatically
+import { parse, scan, fix } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan).then(fix);
+
+// Get SARIF output
+import { parse, scan, exportSarif } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml")
+  .then(scan)
+  .then(exportSarif)
+  .then((sarif) => save("results.sarif", sarif));
 ```
 
-### Core Functions
+### Functions
 
 #### [`getRules(ruleNames?: string[]): IRuleDefinition[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/GetRuleDefinitions.ts)
 
 _Retrieves rule definitions used in the scanner._
 
 #### [`parse(selectedUris: any): Promise<ParsedFlow[]>`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ParseFlows.ts)
 
-_Parses metadata from selected Flow files._
+_Loads Flow XML files into in-memory models._
 
 #### [`scan(parsedFlows: ParsedFlow[], ruleOptions?: IRulesConfig): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ScanFlows.ts)
 
-_Runs rules against parsed flows and returns scan results._
+_Runs all enabled rules and returns detailed violations._
 
 #### [`fix(results: ScanResult[]): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/FixFlows.ts)
 
-_Attempts to apply automatic fixes where available._
+_Automatically applies available fixes(removing variables and unconnected elements)._
+
+#### [`exportSarif(results: ScanResult[]): string`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ExportSarif.ts)
+
+_Generates SARIF output with paths and exact line numbers._
+
+---
+
+## Installation
+
+`lightning-flow-scanner-core` is published to **npm** only.
+
+[![npm version](https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=npm)](https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core)
+
+**To install with npm:**
+
+```bash
+npm install @flow-scanner/lightning-flow-scanner-core
+```
 
 ---
 
diff --git a/src/index.ts b/src/index.ts
@@ -2,10 +2,10 @@ import type { IRuleDefinition } from "./main/interfaces/IRuleDefinition";
 import type { IRulesConfig } from "./main/interfaces/IRulesConfig";
 
 import { Compiler } from "./main/libs/Compiler";
+import { exportSarif } from "./main/libs/ExportSarif";
 import { fix } from "./main/libs/FixFlows";
 import { getBetaRules, getRules } from "./main/libs/GetRuleDefinitions";
 import { parse } from "./main/libs/ParseFlows";
-import { exportSarif } from "./main/libs/SARIFExporter";
 import { scan } from "./main/libs/ScanFlows";
 import { AdvancedRule } from "./main/models/AdvancedRule";
 import { Flow } from "./main/models/Flow";
diff --git a/src/main/libs/ExportSarif.ts b/src/main/libs/ExportSarif.ts
@@ -1,12 +1,8 @@
+// src/main/libs/exportSarif.ts
 import { Flow } from "../models/Flow";
 import { ResultDetails } from "../models/ResultDetails";
 import { ScanResult } from "../models/ScanResult";
 
-/**
- * Export scan results to SARIF v2.1.0
- * Uses real fsPath → GitHub clickable
- * Falls back to virtual URI in browser
- */
 export function exportSarif(results: ScanResult[]): string {
   const runs = results.map((result) => {
     const flow = result.flow;
@@ -21,7 +17,7 @@ export function exportSarif(results: ScanResult[]): string {
           locations: [{
             physicalLocation: {
               artifactLocation: { index: 0, uri },
-              region: mapRegion(d),
+              region: mapRegion(d, result.flow.toXMLString() || "")
             },
           }],
           message: { text: r.errorMessage || `${r.ruleName} in ${d.name}` },
@@ -42,7 +38,6 @@ export function exportSarif(results: ScanResult[]): string {
             .map(r => ({
               defaultConfiguration: { level: mapSeverity(r.severity) },
               fullDescription: { text: r.ruleDefinition.description || "" },
-              helpUri: r.ruleDefinition.helpUrl,
               id: r.ruleName,
               shortDescription: { text: r.ruleDefinition.description || r.ruleName },
             })),
@@ -59,27 +54,33 @@ export function exportSarif(results: ScanResult[]): string {
   }, null, 2);
 }
 
-// ─── Private Helpers ───
 function getUri(flow: Flow): string {
   return flow.fsPath
     ? flow.fsPath.replace(/\\/g, "/")
     : `flows/${flow.name}.flow-meta.xml`;
 }
 
-function mapRegion(detail: ResultDetails): any {
-  if (detail.metaType === "node" && (detail.details as any).locationY != null) {
-    return {
-      startColumn: (detail.details as any).locationX || 1,
-      startLine: Math.max(1, (detail.details as any).locationY),
-    };
+function mapRegion(detail: ResultDetails, rawXml: string = ""): any {
+  if (!rawXml) return { startLine: 1, startColumn: 1 };
+
+  const lines = rawXml.split("\n");
+  const name = detail.name;
+
+  for (let i = 0; i < lines.length; i++) {
+    if (lines[i].includes(`<name>${name}</name>`)) {
+      return {
+        startLine: i + 1,
+        startColumn: lines[i].indexOf(name) + 1
+      };
+    }
   }
-  return { startColumn: 1, startLine: 1 };
+  return { startLine: 1, startColumn: 1 };
 }
-
 function mapSeverity(sev: string): "error" | "note" | "warning" {
   switch (sev?.toLowerCase()) {
     case "info":
-    case "note": return "note"; case "warning": return "warning";
+    case "note": return "note";
+    case "warning": return "warning";
     default: return "error";
   }
 }
diff --git a/tests/ExportSarif.test.ts b/tests/ExportSarif.test.ts
@@ -0,0 +1,70 @@
+// __tests__/exportSarif.test.ts
+import { describe, expect, it } from "@jest/globals";
+import * as path from "path";
+import * as core from "../src";
+
+describe("exportSarif()", () => {
+  const badFlowPath = path.join(__dirname, "../assets/example-flows/force-app/main/default/flows/DML_Statement_In_A_Loop.flow-meta.xml");
+  const goodFlowPath = path.join(__dirname, "../assets/example-flows/force-app/main/default/flows/Duplicate_DML_Operation_Fixed.flow-meta.xml");
+
+  const config = {
+    rules: {
+      DMLStatementInLoop: { severity: "error" },
+    },
+  };
+
+  it("generates valid SARIF with real file path and line numbers", async () => {
+    const flows = await core.parse([badFlowPath]);
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+    
+    const json = JSON.parse(sarif);
+
+    // SARIF structure
+    expect(json.version).toBe("2.1.0");
+    expect(json.runs).toHaveLength(1);
+    expect(json.runs[0].tool.driver.name).toBe("Lightning Flow Scanner");
+
+    // Artifacts: real path
+    const artifactUri = json.runs[0].artifacts[0].location.uri;
+    expect(artifactUri).toContain("force-app/main/default/flows/DML_Statement_In_A_Loop.flow-meta.xml");
+
+    // Results: one issue
+    const resultsArray = json.runs[0].results;
+    expect(resultsArray).toHaveLength(1);
+    expect(resultsArray[0].ruleId).toBe("DMLStatementInLoop");
+    expect(resultsArray[0].level).toBe("error");
+
+    // Location: has region
+    const region = resultsArray[0].locations[0].physicalLocation.region;
+    expect(region).toBeDefined();
+    expect(typeof region.startLine).toBe("number");
+    expect(typeof region.startColumn).toBe("number");
+    expect(region.startLine).toBeGreaterThanOrEqual(1);
+    expect(region.startColumn).toBeGreaterThanOrEqual(1);
+
+    // Message
+    expect(resultsArray[0].message.text).toContain("createNewCase");
+  });
+
+  it("generates empty results for fixed flow", async () => {
+    const flows = await core.parse([goodFlowPath]);
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+    
+    const json = JSON.parse(sarif);
+    expect(json.runs[0].results).toHaveLength(0);
+  });
+
+  it("falls back to virtual URI when no fsPath", async () => {
+    const flows = await core.parse([badFlowPath]);
+    // Simulate browser: remove fsPath
+    flows[0].flow.fsPath = undefined;
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+    const json = JSON.parse(sarif);
+    
+    const uri = json.runs[0].artifacts[0].location.uri;
+    expect(uri).toBe("flows/DML_Statement_In_A_Loop.flow-meta.xml");
+  });
+});
