feat: update semgrep version and add tests

- Updated semgrep version in codacy.yaml from 1.33.2 to 1.78.0.
- Added semgrep to the list of supported tools in tool-utils_test.go.
- Implemented RunSemgrep function in semgrepRunner.go to execute Semgrep analysis.
- Created tests for Semgrep functionality in semgrepRunner_test.go.
- Added sample JavaScript file and expected SARIF output for testing.

Author: andrzej-janczak

.codacy/codacy.yaml

@@ -6,4 +6,4 @@ tools:
     - [email protected]
     - [email protected]
     - [email protected]
-    - semgrep@1.33.2
+    - semgrep@1.78.0

plugins/tool-utils_test.go

@@ -166,6 +166,7 @@ func TestGetSupportedTools(t *testing.T) {
 				"pmd",
 				"pylint",
 				"trivy",
+				"semgrep",
 			},
 			expectedError: false,
 		},

tools/semgrepRunner.go

@@ -10,11 +10,8 @@ import (
 
 // RunSemgrep executes Semgrep analysis on the specified directory
 func RunSemgrep(workDirectory string, toolInfo *plugins.ToolInfo, files []string, outputFile string, outputFormat string) error {
-	// Get Python binary from venv
-	pythonPath := filepath.Join(toolInfo.InstallDir, "venv", "bin", "python3")
-
 	// Construct base command with -m semgrep to run semgrep module
-	cmdArgs := []string{"-m", "semgrep", "scan"}
+	cmdArgs := []string{"scan"}
 
 	// Add output format if specified
 	if outputFormat == "sarif" {
@@ -31,8 +28,13 @@ func RunSemgrep(workDirectory string, toolInfo *plugins.ToolInfo, files []string
 		cmdArgs = append(cmdArgs, ".")
 	}
 
+	cmdArgs = append(cmdArgs, "--disable-version-check")
+
+	// Get Semgrep binary from the specified installation path
+	semgrepPath := filepath.Join(toolInfo.InstallDir, "venv", "bin", "semgrep")
+
 	// Create Semgrep command
-	cmd := exec.Command(pythonPath, cmdArgs...)
+	cmd := exec.Command(semgrepPath, cmdArgs...)
 	cmd.Dir = workDirectory
 
 	// If output file is specified, create it and redirect output

tools/semgrepRunner_test.go

@@ -0,0 +1,46 @@
+package tools
+
+import (
+	"codacy/cli-v2/plugins"
+	"log"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRunSemgrepWithSpecificFiles(t *testing.T) {
+	homeDirectory, err := os.UserHomeDir()
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+	currentDirectory, err := os.Getwd()
+	if err != nil {
+		log.Fatal(err.Error())
+	}
+
+	// Set up test directories and files
+	testDirectory := filepath.Join(currentDirectory, "testdata", "repositories", "semgrep")
+	tempResultFile := filepath.Join(os.TempDir(), "semgrep-specific.sarif")
+	defer os.Remove(tempResultFile)
+
+	// Create tool info for semgrep
+	toolInfo := &plugins.ToolInfo{
+		InstallDir: filepath.Join(homeDirectory, ".cache/codacy/tools/[email protected]"),
+	}
+
+	// Specify files to analyze
+	filesToAnalyze := []string{"sample.js"}
+
+	// Run Semgrep analysis on specific files
+	err = RunSemgrep(testDirectory, toolInfo, filesToAnalyze, tempResultFile, "sarif")
+	if err != nil {
+		t.Fatalf("Failed to run semgrep on specific files: %v", err)
+	}
+
+	// Verify file exists and has content
+	fileInfo, err := os.Stat(tempResultFile)
+	assert.NoError(t, err, "Failed to stat output file")
+	assert.Greater(t, fileInfo.Size(), int64(0), "Output file should not be empty")
+}

tools/testdata/repositories/semgrep/expected.sarif

@@ -0,0 +1,24 @@
+{
+  "version": "2.1.0",
+  "$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.5",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Semgrep",
+          "version": "1.41.0",
+          "informationUri": "https://semgrep.dev",
+          "rules": []
+        }
+      },
+      "artifacts": [
+        {
+          "location": {
+            "uri": "testdata/repositories/semgrep/sample.js"
+          }
+        }
+      ],
+      "results": []
+    }
+  ]
+} 

tools/testdata/repositories/semgrep/sample.js

@@ -0,0 +1,7 @@
+// Sample JavaScript file for Semgrep testing
+
+function helloWorld() {
+    console.log("Hello, world!");
+}
+
+helloWorld();