fixed SARIF regression

Author: flowstate

socketsecurity/config.py

@@ -217,6 +217,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     config_group.add_argument(
         "--default_branch",
         dest="default_branch",
+        action="store_true",
         help=argparse.SUPPRESS
     )
     config_group.add_argument(
@@ -228,6 +229,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     config_group.add_argument(
         "--pending_head",
         dest="pending_head",
+        action="store_true",
         help=argparse.SUPPRESS
     )
 
@@ -242,6 +244,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     output_group.add_argument(
         "--generate_license",
         dest="generate_license",
+        action="store_true",
         help=argparse.SUPPRESS
     )
     output_group.add_argument(
@@ -253,6 +256,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     output_group.add_argument(
         "--enable_debug",
         dest="enable_debug",
+        action="store_true",
         help=argparse.SUPPRESS
     )
     output_group.add_argument(
@@ -276,6 +280,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     output_group.add_argument(
         "--disable_overview",
         dest="disable_overview",
+        action="store_true",
         help=argparse.SUPPRESS
     )
 
@@ -295,6 +300,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     security_group.add_argument(
         "--disable_security_issue",
         dest="disable_security_issue",
+        action="store_true",
         help=argparse.SUPPRESS
     )
 
@@ -309,6 +315,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     advanced_group.add_argument(
         "--ignore_commit_files",
         dest="ignore_commit_files",
+        action="store_true",
         help=argparse.SUPPRESS
     )
     advanced_group.add_argument(
@@ -320,6 +327,7 @@ def create_argument_parser() -> argparse.ArgumentParser:
     advanced_group.add_argument(
         "--disable_blocking",
         dest="disable_blocking",
+        action="store_true",
         help=argparse.SUPPRESS
     )
     advanced_group.add_argument(

socketsecurity/core/__init__.py

@@ -427,15 +427,15 @@ def create_new_diff(
             
             no_change: If True, return empty diff
         """
-        print(f"starting create_new_diff with no_change: {no_change}")
+        log.debug(f"starting create_new_diff with no_change: {no_change}")
         if no_change:
             return Diff(id="no_diff_id")
 
         # Find manifest files
         files = self.find_files(path)
         files_for_sending = self.load_files_for_sending(files, path)
 
-        print(f"files: {files} found at path {path}")
+        log.debug(f"files: {files} found at path {path}")
         if not files:
             return Diff(id="no_diff_id")
 

socketsecurity/core/messages.py

@@ -192,6 +192,13 @@ def create_security_comment_sarif(diff) -> dict:
         Create SARIF-compliant output from the diff report, including dynamic URL generation
         based on manifest type and improved <br/> formatting for GitHub SARIF display.
         """
+        scan_failed = False
+        if len(diff.new_alerts) == 0:
+            for alert in diff.new_alerts:
+                alert: Issue
+                if alert.error:
+                    scan_failed = True
+                    break
         sarif_data = {
             "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
             "version": "2.1.0",

socketsecurity/output.py

@@ -28,13 +28,16 @@ def handle_output(self, diff_report: Diff) -> None:
         self.save_sbom_file(diff_report, self.config.sbom_file)
 
     def return_exit_code(self, diff_report: Diff) -> int:
-        if not self.report_pass(diff_report) and not self.config.disable_blocking:
+        if self.config.disable_blocking:
+            return 0
+        
+        if not self.report_pass(diff_report):
             return 1
-        elif len(diff_report.new_alerts) > 0 and not self.config.disable_blocking:
+        
+        if len(diff_report.new_alerts) > 0:
             # 5 means warning alerts but no blocking alerts
             return 5
-        else:
-            return 0
+        return 0    
 
     def output_console_comments(self, diff_report: Diff, sbom_file_name: Optional[str] = None) -> None:
         """Outputs formatted console comments"""
@@ -49,6 +52,7 @@ def output_console_comments(self, diff_report: Diff, sbom_file_name: Optional[st
     def output_console_json(self, diff_report: Diff, sbom_file_name: Optional[str] = None) -> None:
         """Outputs JSON formatted results"""
         console_security_comment = Messages.create_security_comment_json(diff_report)
+        self.save_sbom_file(diff_report, sbom_file_name)
         self.logger.info(json.dumps(console_security_comment))
 
     def output_console_sarif(self, diff_report: Diff, sbom_file_name: Optional[str] = None) -> None:
@@ -58,9 +62,9 @@ def output_console_sarif(self, diff_report: Diff, sbom_file_name: Optional[str]
         if diff_report.id != "NO_DIFF_RAN":
             # Generate the SARIF structure using Messages
             console_security_comment = Messages.create_security_comment_sarif(diff_report)
-            
+            self.save_sbom_file(diff_report, sbom_file_name)
             # Print the SARIF output to the console in JSON format
-            self.logger.info(json.dumps(console_security_comment, indent=2))
+            print(json.dumps(console_security_comment, indent=2))
 
     def report_pass(self, diff_report: Diff) -> bool:
         """Determines if the report passes security checks"""

socketsecurity/socketcli.py

@@ -135,7 +135,7 @@ def main_code():
         should_skip_scan = False  # Force scan if ignoring commit files
     elif files_to_check:  # If we have any files to check
         should_skip_scan = not core.has_manifest_files(list(files_to_check))
-        print(f"in elif, should_skip_scan: {should_skip_scan}")
+        log.debug(f"in elif, should_skip_scan: {should_skip_scan}")
 
     if should_skip_scan:
         log.debug("No manifest files found in changes, skipping scan")