fix: semgrep sarif to not put all rules in output (#120)

- Updated logging in dartanalyzerRunner.go and enigmaRunner.go to use log.Println instead of fmt.Println for better log management.
- Enhanced semgrepRunner.go to include SARIF output processing, filtering rule definitions, and writing filtered results to specified output files.

Author: andrzej-janczak

tools/dartanalyzerRunner.go

@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -41,9 +42,9 @@ func RunDartAnalyzer(workDirectory string, installationDirectory string, binary
 	}
 
 	if !configExists {
-		fmt.Println("No config file found, using tool defaults")
+		log.Println("No config file found, using tool defaults")
 	} else {
-		fmt.Println("Config file found, using it")
+		log.Println("Config file found, using it")
 	}
 
 	// For SARIF output, we need to capture the output and transform it

tools/enigmaRunner.go

@@ -2,6 +2,7 @@ package tools
 
 import (
 	"fmt"
+	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -32,10 +33,10 @@ func RunEnigma(workDirectory string, installationDirectory string, binary string
 	}
 
 	if configExists != "" {
-		println("Config file found, using it")
+		log.Println("Config file found, using it")
 		args = append(args, "--configuration-file", configExists)
 	} else {
-		println("No config file found, using tool defaults")
+		log.Println("No config file found, using tool defaults")
 
 	}
 

utils/sarif.go

@@ -204,8 +204,14 @@ func MergeSarifOutputs(inputFiles []string, outputFile string) error {
 			return fmt.Errorf("failed to read SARIF file %s: %w", file, err)
 		}
 
+		// Filter out rule definitions from each input file
+		filteredData, err := FilterRuleDefinitions(data)
+		if err != nil {
+			return fmt.Errorf("failed to filter rules from SARIF file %s: %w", file, err)
+		}
+
 		var sarif SimpleSarifReport
-		if err := json.Unmarshal(data, &sarif); err != nil {
+		if err := json.Unmarshal(filteredData, &sarif); err != nil {
 			return fmt.Errorf("failed to parse SARIF file %s: %w", file, err)
 		}
 
@@ -227,3 +233,19 @@ func MergeSarifOutputs(inputFiles []string, outputFile string) error {
 
 	return nil
 }
+
+// FilterRuleDefinitions removes rule definitions from SARIF output
+func FilterRuleDefinitions(sarifData []byte) ([]byte, error) {
+	var report SarifReport
+	if err := json.Unmarshal(sarifData, &report); err != nil {
+		return nil, fmt.Errorf("failed to parse SARIF data: %w", err)
+	}
+
+	// Remove rules from each run
+	for i := range report.Runs {
+		report.Runs[i].Tool.Driver.Rules = nil
+	}
+
+	// Marshal back to JSON with indentation
+	return json.MarshalIndent(report, "", "  ")
+}