Issue #102: add support for sarif reports

Author: rdiachenko

.gitignore

@@ -48,4 +48,7 @@ replay_pid*
 .ci-temp
 
 # OpenRewrite-generated impl files
-*.iml
+*.iml
+
+.cache
+

config/import-control.xml

@@ -12,4 +12,5 @@
     <allow pkg="org.checkstyle"/>
     <allow pkg="java.util"/>
     <allow pkg="com.puppycrawl.tools.checkstyle"/>
+    <allow pkg="de.jcup.sarif_2_1_0"/>
 </import-control>

config/suppressions.xml

@@ -9,8 +9,6 @@
     <suppress checks="MissingJavadocType" files=".*"/>
     <suppress checks="JavadocVariable" files=".*"/>
     <suppress checks="MissingJavadocMethod" files=".*"/>
-    <suppress checks="DesignForExtension" files="[\\/]src[\\/]test[\\/]java[\\/]org[\\/]checkstyle[\\/]autofix[\\/]recipe[\\/]AbstractRecipeTest\.java"/>
-    <suppress checks="DesignForExtension" files="[\\/]src[\\/]test[\\/]java[\\/]org[\\/]checkstyle[\\/]autofix[\\/]recipe[\\/]AbstractRecipeTestSupport\.java"/>
-    <suppress checks="DesignForExtension" files="[\\/]src[\\/]main[\\/]java[\\/]org[\\/]checkstyle[\\/]autofix[\\/]CheckstyleAutoFix\.java"/>
+    <suppress checks="DesignForExtension" files=".*"/>
     <suppress checks="ClassDataAbstractionCoupling" files="[\\/]src[\\/]test[\\/]java[\\/]org[\\/]checkstyle[\\/]autofix[\\/]recipe[\\/]AbstractRecipeTestSupport\.java"/>
 </suppressions>

pom.xml

@@ -86,6 +86,12 @@
             <version>7.3.0.202506031305-r</version>
         </dependency>
 
+        <dependency>
+            <groupId>de.jcup.sarif.java</groupId>
+            <artifactId>sarif-2.1.0</artifactId>
+            <version>1.1.0</version>
+        </dependency>
+
         <!-- Test dependencies -->
         <dependency>
             <groupId>com.google.truth</groupId>
@@ -111,6 +117,12 @@
             <version>${junit.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.assertj</groupId>
             <artifactId>assertj-core</artifactId>
@@ -139,6 +151,9 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>3.2.2</version>
                 <configuration>
+                    <statelessTestsetReporter implementation="org.apache.maven.plugin.surefire.extensions.junit5.JUnit5Xml30StatelessReporter">
+                        <usePhrasedTestCaseMethodName>true</usePhrasedTestCaseMethodName>
+                    </statelessTestsetReporter>
                     <systemPropertyVariables>
                         <org.slf4j.simpleLogger.log.org.openrewrite>debug</org.slf4j.simpleLogger.log.org.openrewrite>
                     </systemPropertyVariables>

src/main/java/org/checkstyle/autofix/CheckstyleAutoFix.java

@@ -22,9 +22,11 @@
 import java.util.Map;
 
 import org.checkstyle.autofix.parser.CheckConfiguration;
-import org.checkstyle.autofix.parser.CheckstyleReportParser;
 import org.checkstyle.autofix.parser.CheckstyleViolation;
 import org.checkstyle.autofix.parser.ConfigurationLoader;
+import org.checkstyle.autofix.parser.ReportParser;
+import org.checkstyle.autofix.parser.SarifReportParser;
+import org.checkstyle.autofix.parser.XmlReportParser;
 import org.openrewrite.Option;
 import org.openrewrite.Recipe;
 
@@ -34,7 +36,8 @@
 public class CheckstyleAutoFix extends Recipe {
 
     @Option(displayName = "Violation report path",
-            description = "Path to the checkstyle violation report XML file.",
+            description = "Path to the checkstyle violation report file."
+                    + " Supported formats: XML, SARIF.",
             example = "target/checkstyle/checkstyle-report.xml")
     private String violationReportPath;
 
@@ -82,14 +85,29 @@ public String getPropertiesPath() {
 
     @Override
     public List<Recipe> getRecipeList() {
-        final List<CheckstyleViolation> violations = CheckstyleReportParser
+        final ReportParser reportParser = createReportParser(getViolationReportPath());
+        final List<CheckstyleViolation> violations = reportParser
                 .parse(Path.of(getViolationReportPath()));
         final Map<CheckstyleCheck,
                 CheckConfiguration> configuration = loadCheckstyleConfiguration();
 
         return CheckstyleRecipeRegistry.getRecipes(violations, configuration);
     }
 
+    private ReportParser createReportParser(String path) {
+        final ReportParser result;
+        if (path.endsWith(".xml")) {
+            result = new XmlReportParser();
+        }
+        else if (path.endsWith(".sarif") || path.endsWith(".sarif.json")) {
+            result = new SarifReportParser();
+        }
+        else {
+            throw new IllegalArgumentException("Unsupported report format: " + path);
+        }
+        return result;
+    }
+
     private Map<CheckstyleCheck, CheckConfiguration> loadCheckstyleConfiguration() {
         return ConfigurationLoader.loadConfiguration(getConfigurationPath(), getPropertiesPath());
     }

src/main/java/org/checkstyle/autofix/parser/CheckstyleViolation.java

@@ -17,6 +17,8 @@
 
 package org.checkstyle.autofix.parser;
 
+import java.nio.file.Path;
+
 import org.checkstyle.autofix.CheckstyleCheck;
 
 public final class CheckstyleViolation {
@@ -31,16 +33,16 @@ public final class CheckstyleViolation {
 
     private final String message;
 
-    private final String fileName;
+    private final Path filePath;
 
     public CheckstyleViolation(int line, int column, String severity,
-                               CheckstyleCheck source, String message, String fileName) {
+                               CheckstyleCheck source, String message, Path filePath) {
         this.line = line;
         this.column = column;
         this.severity = severity;
         this.source = source;
         this.message = message;
-        this.fileName = fileName;
+        this.filePath = filePath;
     }
 
     public Integer getLine() {
@@ -59,8 +61,8 @@ public String getMessage() {
         return message;
     }
 
-    public String getFileName() {
-        return fileName;
+    public Path getFilePath() {
+        return filePath;
     }
 
     public String getSeverity() {

src/main/java/org/checkstyle/autofix/parser/ReportParser.java

@@ -0,0 +1,26 @@
+///////////////////////////////////////////////////////////////////////////////////////////////
+// checkstyle-openrewrite-recipes: Automatically fix Checkstyle violations with OpenRewrite.
+// Copyright (C) 2025 The Checkstyle OpenRewrite Recipes Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+///////////////////////////////////////////////////////////////////////////////////////////////
+
+package org.checkstyle.autofix.parser;
+
+import java.nio.file.Path;
+import java.util.List;
+
+public interface ReportParser {
+
+    List<CheckstyleViolation> parse(Path reportPath);
+}

src/main/java/org/checkstyle/autofix/parser/SarifReportParser.java

@@ -0,0 +1,147 @@
+///////////////////////////////////////////////////////////////////////////////////////////////
+// checkstyle-openrewrite-recipes: Automatically fix Checkstyle violations with OpenRewrite.
+// Copyright (C) 2025 The Checkstyle OpenRewrite Recipes Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+///////////////////////////////////////////////////////////////////////////////////////////////
+
+package org.checkstyle.autofix.parser;
+
+import java.io.IOException;
+import java.net.URI;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+import org.checkstyle.autofix.CheckstyleCheck;
+
+import de.jcup.sarif_2_1_0.SarifSchema210ImportExportSupport;
+import de.jcup.sarif_2_1_0.model.PhysicalLocation;
+import de.jcup.sarif_2_1_0.model.Region;
+import de.jcup.sarif_2_1_0.model.Result;
+import de.jcup.sarif_2_1_0.model.Run;
+import de.jcup.sarif_2_1_0.model.SarifSchema210;
+
+public class SarifReportParser implements ReportParser {
+
+    private static final String NA = "n/a";
+    private static final String FILE_PREFIX = "file:";
+
+    private final SarifSchema210ImportExportSupport parser;
+
+    public SarifReportParser() {
+        this.parser = new SarifSchema210ImportExportSupport();
+    }
+
+    @Override
+    public List<CheckstyleViolation> parse(Path reportPath) {
+        final SarifSchema210 report;
+        try {
+            report = parser.fromFile(reportPath);
+        }
+        catch (IOException exception) {
+            throw new IllegalArgumentException("Failed to parse report: " + reportPath, exception);
+        }
+        final List<CheckstyleViolation> result = new ArrayList<>();
+        for (final Run run: report.getRuns()) {
+            if (run.getResults() != null) {
+                run.getResults().forEach(resultEntry -> {
+                    if (resultEntry.getLocations() != null
+                            && !resultEntry.getLocations().isEmpty()) {
+                        final PhysicalLocation location =
+                                resultEntry.getLocations().get(0).getPhysicalLocation();
+                        createViolation(resultEntry, location).ifPresent(result::add);
+                    }
+                });
+            }
+        }
+        return result;
+    }
+
+    private Optional<CheckstyleViolation> createViolation(Result result,
+                                                          PhysicalLocation location) {
+        final Region region = location.getRegion();
+        final int line = getLine(region);
+        final int column = getColumn(region);
+        final String severity = getSeverity(result);
+        final String message = getMessage(result);
+        final Path filePath = getFilePath(location);
+        return getSource(result).map(check -> {
+            return new CheckstyleViolation(
+                    line,
+                    column,
+                    severity,
+                    check,
+                    message,
+                    filePath
+            );
+        });
+    }
+
+    private String getSeverity(Result result) {
+        String severity = NA;
+        if (result.getLevel() != null) {
+            severity = result.getLevel().name();
+        }
+        return severity;
+    }
+
+    private String getMessage(Result result) {
+        String message = NA;
+        if (result.getMessage() != null && result.getMessage().getText() != null) {
+            message = result.getMessage().getText();
+        }
+        return message;
+    }
+
+    private Optional<CheckstyleCheck> getSource(Result result) {
+        String source = NA;
+        if (result.getRuleId() != null) {
+            source = result.getRuleId();
+        }
+        return CheckstyleCheck.fromSource(source);
+    }
+
+    private Path getFilePath(PhysicalLocation location) {
+        Path result = Path.of(NA);
+        if (location.getArtifactLocation() != null
+                && location.getArtifactLocation().getUri() != null) {
+            final String uri = location.getArtifactLocation().getUri();
+            if (uri.startsWith(FILE_PREFIX)) {
+                result = Paths.get(URI.create(uri));
+            }
+            else {
+                result = Path.of(uri);
+            }
+        }
+        return result;
+    }
+
+    private int getLine(Region region) {
+        int result = -1;
+        if (region != null && region.getStartLine() != null) {
+            result = region.getStartLine();
+        }
+        return result;
+    }
+
+    private int getColumn(Region region) {
+        int result = -1;
+        if (region != null && region.getStartColumn() != null) {
+            result = region.getStartColumn();
+        }
+        return result;
+    }
+}

src/main/java/org/checkstyle/autofix/parser/CheckstyleReportParser.java renamed to src/main/java/org/checkstyle/autofix/parser/XmlReportParser.java

@@ -36,7 +36,7 @@
 
 import org.checkstyle.autofix.CheckstyleCheck;
 
-public final class CheckstyleReportParser {
+public class XmlReportParser implements ReportParser {
 
     private static final String FILE_TAG = "file";
 
@@ -54,11 +54,8 @@ public final class CheckstyleReportParser {
 
     private static final String SOURCE_ATTR = "source";
 
-    private CheckstyleReportParser() {
-
-    }
-
-    public static List<CheckstyleViolation> parse(Path xmlPath) {
+    @Override
+    public List<CheckstyleViolation> parse(Path xmlPath) {
 
         final List<CheckstyleViolation> result = new ArrayList<>();
 
@@ -101,7 +98,7 @@ else if (ERROR_TAG.equals(startElementName)) {
         return result;
     }
 
-    private static String parseFileTag(StartElement startElement) {
+    private String parseFileTag(StartElement startElement) {
         String fileName = null;
         final Iterator<Attribute> attributes = startElement.getAttributes();
         while (attributes.hasNext()) {
@@ -114,7 +111,7 @@ private static String parseFileTag(StartElement startElement) {
         return fileName;
     }
 
-    private static Optional<CheckstyleViolation> parseErrorTag(StartElement startElement,
+    private Optional<CheckstyleViolation> parseErrorTag(StartElement startElement,
                                                                String filename) {
         int line = -1;
         int column = -1;
@@ -149,7 +146,7 @@ private static Optional<CheckstyleViolation> parseErrorTag(StartElement startEle
         }
         if (source.isPresent()) {
             violation = new CheckstyleViolation(line, column, severity,
-                    source.get(), message, filename);
+                    source.get(), message, Path.of(filename));
         }
         return Optional.ofNullable(violation);
 

src/main/java/org/checkstyle/autofix/recipe/FinalLocalVariable.java

@@ -130,7 +130,7 @@ private boolean isAtViolationLocation(J.VariableDeclarations.NamedVariable varia
                     .computeColumnPosition(currentCompilationUnit, variable, getCursor());
 
             return violations.removeIf(violation -> {
-                final Path absolutePath = Path.of(violation.getFileName()).toAbsolutePath();
+                final Path absolutePath = violation.getFilePath().toAbsolutePath();
                 return violation.getLine() == line
                         && violation.getColumn() == column
                         && absolutePath.endsWith(sourcePath)