Allow merging sarifs with mismatching schema and/or version (#223)

* Allow merging sarifs with mismatching schema and/or version

* allow specifying which schema to use in the config

* fix copy and paste docs

* Update src/jvmTest/kotlin/io/github/detekt/sarif4k/SarifMergingTest.kt

---------

Co-authored-by: Brais Gabín <braisgabin@gmail.com>

Author: matejdro

api/sarif4k.api

@@ -1002,6 +1002,15 @@ public final class io/github/detekt/sarif4k/LogicalLocation$Companion {
 
 public final class io/github/detekt/sarif4k/Merging {
 	public static final fun merge (Lio/github/detekt/sarif4k/SarifSchema210;Lio/github/detekt/sarif4k/SarifSchema210;)Lio/github/detekt/sarif4k/SarifSchema210;
+	public static final fun merge (Lio/github/detekt/sarif4k/SarifSchema210;Lio/github/detekt/sarif4k/SarifSchema210;Lio/github/detekt/sarif4k/MergingConfig;)Lio/github/detekt/sarif4k/SarifSchema210;
+}
+
+public final class io/github/detekt/sarif4k/MergingConfig {
+	public fun <init> ()V
+	public fun <init> (Lkotlin/jvm/functions/Function2;Lkotlin/jvm/functions/Function2;)V
+	public synthetic fun <init> (Lkotlin/jvm/functions/Function2;Lkotlin/jvm/functions/Function2;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public final fun getSelectSchema ()Lkotlin/jvm/functions/Function2;
+	public final fun getSelectVersion ()Lkotlin/jvm/functions/Function2;
 }
 
 public final class io/github/detekt/sarif4k/Message {

api/sarif4k.klib.api

@@ -1297,6 +1297,15 @@ final class io.github.detekt.sarif4k/LogicalLocation { // io.github.detekt.sarif
     }
 }
 
+final class io.github.detekt.sarif4k/MergingConfig { // io.github.detekt.sarif4k/MergingConfig|null[0]
+    constructor <init>(kotlin/Function2<kotlin/String?, kotlin/String?, kotlin/String?> = ..., kotlin/Function2<io.github.detekt.sarif4k/Version, io.github.detekt.sarif4k/Version, io.github.detekt.sarif4k/Version> = ...) // io.github.detekt.sarif4k/MergingConfig.<init>|<init>(kotlin.Function2<kotlin.String?,kotlin.String?,kotlin.String?>;kotlin.Function2<io.github.detekt.sarif4k.Version,io.github.detekt.sarif4k.Version,io.github.detekt.sarif4k.Version>){}[0]
+
+    final val selectSchema // io.github.detekt.sarif4k/MergingConfig.selectSchema|{}selectSchema[0]
+        final fun <get-selectSchema>(): kotlin/Function2<kotlin/String?, kotlin/String?, kotlin/String?> // io.github.detekt.sarif4k/MergingConfig.selectSchema.<get-selectSchema>|<get-selectSchema>(){}[0]
+    final val selectVersion // io.github.detekt.sarif4k/MergingConfig.selectVersion|{}selectVersion[0]
+        final fun <get-selectVersion>(): kotlin/Function2<io.github.detekt.sarif4k/Version, io.github.detekt.sarif4k/Version, io.github.detekt.sarif4k/Version> // io.github.detekt.sarif4k/MergingConfig.selectVersion.<get-selectVersion>|<get-selectVersion>(){}[0]
+}
+
 final class io.github.detekt.sarif4k/Message { // io.github.detekt.sarif4k/Message|null[0]
     constructor <init>(kotlin.collections/List<kotlin/String>? = ..., kotlin/String? = ..., kotlin/String? = ..., io.github.detekt.sarif4k/PropertyBag? = ..., kotlin/String? = ...) // io.github.detekt.sarif4k/Message.<init>|<init>(kotlin.collections.List<kotlin.String>?;kotlin.String?;kotlin.String?;io.github.detekt.sarif4k.PropertyBag?;kotlin.String?){}[0]
 
@@ -2823,3 +2832,4 @@ final object io.github.detekt.sarif4k/SarifSerializer { // io.github.detekt.sari
 }
 
 final fun (io.github.detekt.sarif4k/SarifSchema210).io.github.detekt.sarif4k/merge(io.github.detekt.sarif4k/SarifSchema210): io.github.detekt.sarif4k/SarifSchema210 // io.github.detekt.sarif4k/merge|merge@io.github.detekt.sarif4k.SarifSchema210(io.github.detekt.sarif4k.SarifSchema210){}[0]
+final fun (io.github.detekt.sarif4k/SarifSchema210).io.github.detekt.sarif4k/merge(io.github.detekt.sarif4k/SarifSchema210, io.github.detekt.sarif4k/MergingConfig): io.github.detekt.sarif4k/SarifSchema210 // io.github.detekt.sarif4k/merge|merge@io.github.detekt.sarif4k.SarifSchema210(io.github.detekt.sarif4k.SarifSchema210;io.github.detekt.sarif4k.MergingConfig){}[0]

src/commonMain/kotlin/io/github/detekt/sarif4k/Merging.kt

@@ -4,9 +4,7 @@ package io.github.detekt.sarif4k
 
 import kotlin.jvm.JvmName
 
-public fun SarifSchema210.merge(other: SarifSchema210): SarifSchema210 {
-    require(schema == other.schema) { "Cannot merge sarifs with different schemas: '$schema' or '${other.schema}'" }
-    require(version == other.version) { "Cannot merge sarifs with different versions: '$version' or '${other.version}'" }
+public fun SarifSchema210.merge(other: SarifSchema210, config: MergingConfig): SarifSchema210 {
 
     val mergedExternalProperties = (inlineExternalProperties.orEmpty() + other.inlineExternalProperties.orEmpty())
         .takeIf { it.isNotEmpty() }
@@ -21,14 +19,18 @@ public fun SarifSchema210.merge(other: SarifSchema210): SarifSchema210 {
     val mergedRuns = runs.merge(other.runs)
 
     return SarifSchema210(
-        schema,
-        version,
+        config.selectSchema(schema, other.schema),
+        config.selectVersion(version, other.version),
         mergedExternalProperties,
         mergedProperties,
         mergedRuns
     )
 }
 
+public fun SarifSchema210.merge(other: SarifSchema210): SarifSchema210 {
+    return merge(other, MergingConfig())
+}
+
 private fun PropertyBag.merge(other: PropertyBag): PropertyBag {
     val aTags = this["tags"] as? Collection<*>
     val bTags = other["tags"] as? Collection<*>
@@ -83,6 +85,7 @@ private fun mergeOriginalURIBaseIDs(runs: List<Run>): Pair<Map<String, ArtifactL
                     mergedMap[key] = artifactLocation
                     key
                 }
+
                 artifactLocation -> key
                 else -> {
                     val newKey = generateSequence("${key}_${keyCounter}") { "${key}_${++keyCounter}" }
@@ -117,3 +120,28 @@ private fun Result.updateArtifactLocationBaseIds(keyMappings: Map<String, String
 
     return copy(locations = updatedLocations)
 }
+
+public class MergingConfig(
+    /**
+     * Select the schema of the merged sarif. Function receives schemas of both sarifs as an input and must return
+     * a valid schema that gets outputted into the merged sarif.
+     */
+    public val selectSchema: (String?, String?) -> String? = { first, second ->
+        if (first != second) {
+            throw IllegalArgumentException("Cannot merge sarifs with different schemas: '$first' or '${second}'")
+        } else {
+            first
+        }
+    },
+    /**
+     * Select the version of the merged sarif. Function receives versions of both sarifs as an input and must return
+     * a valid version that gets outputted into the merged sarif.
+     */
+    public val selectVersion: (Version, Version) -> Version = { first, second ->
+        if (first != second) {
+            throw IllegalArgumentException("Cannot merge sarifs with different versions: '$first' or '${second}'")
+        } else {
+            first
+        }
+    },
+)

src/jvmTest/kotlin/io/github/detekt/sarif4k/SarifMergingTest.kt

@@ -3,6 +3,7 @@ package io.github.detekt.sarif4k
 import io.github.detekt.sarif4k.util.resourceAsTextContent
 import org.junit.jupiter.api.Test
 import kotlin.test.assertEquals
+import org.junit.jupiter.api.assertThrows
 
 class SarifMergingTest {
     @Test
@@ -32,12 +33,58 @@ class SarifMergingTest {
         )
     }
 
-    private fun testMerge(expectedOutputFile: String, vararg inputFiles: String) {
+    @Test
+    fun `fail merging by default when the schema does not match`() {
+        assertThrows<IllegalArgumentException> {
+            testMerge(
+                "output.sarif.json",
+                "input_1.sarif.json",
+                "input_2_different_schema.sarif.json"
+            )
+        }
+    }
+
+    @Test
+    fun `fail merging by default when the version does not match`() {
+        assertThrows<IllegalArgumentException> {
+            testMerge(
+                "output.sarif.json",
+                "input_1.sarif.json",
+                "input_2_different_version.sarif.json"
+            )
+        }
+    }
+
+    @Test
+    fun `allow mismatched schema when specified in the config`() {
+        testMerge(
+            "output.sarif.json",
+            "input_1.sarif.json",
+            "input_2_different_schema.sarif.json",
+            config = MergingConfig(selectSchema = { a, _ -> a })
+        )
+    }
+
+    @Test
+    fun `select schema of the second sarif file via config`() {
+        testMerge(
+            "output_different_schema.sarif.json",
+            "input_1.sarif.json",
+            "input_2_different_schema.sarif.json",
+            config = MergingConfig(selectSchema = { _, b -> b })
+        )
+    }
+
+    private fun testMerge(
+        expectedOutputFile: String,
+        vararg inputFiles: String,
+        config: MergingConfig = MergingConfig()
+    ) {
         val inputs = inputFiles.map {
             SarifSerializer.fromJson(resourceAsTextContent(it))
         }
 
-        val actual = inputs.reduce(SarifSchema210::merge)
+        val actual = inputs.reduce { schema, other -> schema.merge(other, config) }
         val expected = SarifSerializer.fromJson(resourceAsTextContent(expectedOutputFile))
         assertEquals(expected, actual)
     }

src/jvmTest/resources/input_2_different_schema.sarif.json

@@ -0,0 +1,108 @@
+{
+  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema2-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "originalUriBaseIds": {
+        "%SRCROOT%": {
+          "uri": "file:///Users/tester/detekt/"
+        }
+      },
+      "results": [
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellD.TestSmellD"
+        },
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellE.TestSmellE"
+        },
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellF.TestSmellF"
+        }
+      ],
+      "tool": {
+        "driver": {
+          "downloadUri": "https://github.com/detekt/detekt/releases/download/v1.0.0/detekt",
+          "fullName": "detekt",
+          "guid": "022ca8c2-f6a2-4c95-b107-bb72c43263f3",
+          "informationUri": "https://detekt.dev",
+          "language": "en",
+          "name": "detekt",
+          "organization": "detekt",
+          "rules": [
+            {
+              "helpUri": "https://detekt.dev/potential-bugs.html#deprecation",
+              "id": "detekt.potential-bugs.Deprecation",
+              "name": "Deprecation",
+              "shortDescription": {
+                "text": "NoDeprecated"
+              }
+            }
+          ],
+          "semanticVersion": "1.0.0",
+          "version": "1.0.0"
+        }
+      }
+    }
+  ],
+  "properties": {
+    "tags": [
+      "tag",
+      "tag2"
+    ],
+    "bar": 5
+  }
+}

src/jvmTest/resources/input_2_different_version.sarif.json

@@ -0,0 +1,108 @@
+{
+  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json",
+  "version": "2.1.1",
+  "runs": [
+    {
+      "originalUriBaseIds": {
+        "%SRCROOT%": {
+          "uri": "file:///Users/tester/detekt/"
+        }
+      },
+      "results": [
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellD.TestSmellD"
+        },
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellE.TestSmellE"
+        },
+        {
+          "level": "warning",
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "TestFile.kt",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startColumn": 1,
+                  "startLine": 1
+                }
+              }
+            }
+          ],
+          "message": {
+            "text": "TestMessage"
+          },
+          "ruleId": "detekt.TestSmellF.TestSmellF"
+        }
+      ],
+      "tool": {
+        "driver": {
+          "downloadUri": "https://github.com/detekt/detekt/releases/download/v1.0.0/detekt",
+          "fullName": "detekt",
+          "guid": "022ca8c2-f6a2-4c95-b107-bb72c43263f3",
+          "informationUri": "https://detekt.dev",
+          "language": "en",
+          "name": "detekt",
+          "organization": "detekt",
+          "rules": [
+            {
+              "helpUri": "https://detekt.dev/potential-bugs.html#deprecation",
+              "id": "detekt.potential-bugs.Deprecation",
+              "name": "Deprecation",
+              "shortDescription": {
+                "text": "NoDeprecated"
+              }
+            }
+          ],
+          "semanticVersion": "1.0.0",
+          "version": "1.0.0"
+        }
+      }
+    }
+  ],
+  "properties": {
+    "tags": [
+      "tag",
+      "tag2"
+    ],
+    "bar": 5
+  }
+}