Add note field in response of the IaC Validation API (#32)

<!--
Thank you for proposing a pull request! Please note that SOME TESTS WILL
LIKELY FAIL due to how GitHub exposes secrets in Pull Requests from
forks.
Someone from the team will review your Pull Request and respond.

Please describe your change and any implementation details below.
-->
A new field has been added to the response of IaC Validation API. This
change attempts to include the additional field in the response
generated by this plugin.

Author: pankhurisaxena28

.idea/.gitignore

@@ -87,6 +87,7 @@ export type OperationMetadata = {
 
 export type IACValidationReport = {
   violations?: Violation[];
+  note?: string;
 };
 
 export type Response = {
@@ -250,15 +251,19 @@ export class IACAccessor {
     }
   }
 
-  private processIACValidationResponse(operation: Operation): Violation[] {
+  private processIACValidationResponse(operation: Operation): IACValidationReport {
     const violations: Violation[] = [];
     operation.response?.iacValidationReport?.violations?.forEach((violation) => {
       if (!violation.severity) {
         violation.severity = Severity.SeverityUnspecified;
       }
       violations.push(violation);
     });
-    return violations;
+    const report: IACValidationReport = {
+      violations: violations,
+      note: operation.response?.iacValidationReport?.note,
+    };
+    return report;
   }
 
   /**
@@ -299,7 +304,7 @@ export class IACAccessor {
    *
    * @param iac IAC file to scan.
    */
-  async scan(iac: string): Promise<Violation[]> {
+  async scan(iac: string): Promise<IACValidationReport> {
     logDebug(`IaC scanning invoked at: ${this.scanStartTime}`);
     const request: IACRequest = {
       parent: this.organizationId,

.idea/analyze-code-security-scc.iml

@@ -29,7 +29,7 @@ import { errorMessage, parseBoolean, parseDuration } from '@google-github-action
 
 import { IACType } from './input_configuration';
 import { isFailureCriteriaSatisfied, validateAndParseFailureCriteria } from './utils';
-import { IACAccessor, Violation } from './accessor';
+import { IACAccessor, Violation, IACValidationReport } from './accessor';
 import { VALIDATE_ENDPOINT_DOMAIN } from './commons/http_config';
 import { SarifReportGenerator } from './reports/iac_scan_report_processor';
 import { IACScanReportProcessor } from './reports/iac_scan_report_processor';
@@ -93,20 +93,23 @@ async function run(): Promise<void> {
       scanStartTime,
       version,
     );
-    logInfo(`Fetching violations for IaC file`);
-    const violations: Violation[] = await accessor.scan(planFile);
+    logInfo(`Fetching violations report for IaC file`);
+    const report: IACValidationReport = await accessor.scan(planFile);
     logDebug(`Violations fetched from IaC scan APIs`);
 
     const sarifReportGenerator: SarifReportGenerator = new SarifReportGenerator(version);
     logInfo('Processing report generation for violations fetched');
     await IACScanReportProcessor.processReport(
-      violations,
+      report,
       sarifReportGenerator,
       SARIF_REPORT_FILE_NAME,
     );
     logDebug(`IaC scan report processing completed`);
 
-    const failureCriteriaSatisfied = isFailureCriteriaSatisfied(failureCriteria, violations);
+    const failureCriteriaSatisfied = isFailureCriteriaSatisfied(
+      failureCriteria,
+      <Violation[]>report.violations,
+    );
     if (failureCriteriaSatisfied && !ignoreViolations) {
       setOutput(IAC_SCAN_RESULT_OUTPUT_KEY, IAC_SCAN_RESULT.FAILED);
       setFailed(ACTION_FAIL_ERROR(`${FAILURE_CRITERIA_CONFIG_KEY} was satisfied`));

.idea/misc.xml

@@ -18,7 +18,7 @@ import * as fs from 'fs/promises';
 
 import { debug as logDebug, setOutput } from '@actions/core';
 
-import { Violation } from '../accessor';
+import { Violation, IACValidationReport } from '../accessor';
 import { Rule, Result, SARIFTemplate } from './sarif_template';
 import {
   SARIF_SCHEMA,
@@ -34,24 +34,24 @@ export abstract class IACScanReportProcessor {
    * Processes violations fetched from IaC scan API.
    *
    * If violations are found, this method generates the report and writes the report to the github workspace.
-   * @param violations violations found in IaC file.
+   * @param report IaC Validation report.
    * @param reportGenerator implementation of {@link ReportGenerator}
    * @param reportName name of the generated report.
    */
   static async processReport(
-    violations: Violation[],
+    report: IACValidationReport,
     reportGenerator: ReportGenerator,
     reportName: string,
   ) {
-    if (violations.length == 0) {
+    if (report.violations?.length == 0) {
       // no violations, returning as no action to take.
       return;
     }
 
-    const report = reportGenerator.generate(violations);
+    const generatedReport = reportGenerator.generate(report);
     logDebug(`IaC scan report generated`);
 
-    await fs.writeFile(reportName, report);
+    await fs.writeFile(reportName, generatedReport);
     setOutput(IAC_SCAN_RESULT_SARIF_PATH_OUTPUT_KEY, IAC_SCAN_RESULT_SARIF_PATH_OUTPUT_VALUE);
     logDebug(`IAC scan report written to github action workspace`);
   }
@@ -66,7 +66,7 @@ export interface ReportGenerator {
    *
    * @param violations non empty list of violation fetched from scan API response.
    */
-  generate(violations: Violation[]): string;
+  generate(report: IACValidationReport): string;
 }
 
 /**
@@ -84,11 +84,12 @@ export class SarifReportGenerator implements ReportGenerator {
    * fields undefined in scan API response are omitted from report.
    * @param violations non empty list of violation fetched from scan API response.
    */
-  generate(violations: Violation[]): string {
-    const policyToViolationMap = this.getUniqueViolation(violations);
+  generate(report: IACValidationReport): string {
+    const policyToViolationMap = this.getUniqueViolation(<Violation[]>report.violations);
     const rules: Rule[] = this.constructRules(policyToViolationMap);
-    const results: Result[] = this.constructResults(violations);
-    const sarifReport: SARIFTemplate = this.constructSARIFReport(rules, results);
+    const results: Result[] = this.constructResults(<Violation[]>report.violations);
+    const note: string = <string>report.note;
+    const sarifReport: SARIFTemplate = this.constructSARIFReport(rules, results, note);
     return JSON.stringify(sarifReport, null, 2);
   }
 
@@ -160,12 +161,13 @@ export class SarifReportGenerator implements ReportGenerator {
     return results;
   }
 
-  private constructSARIFReport(rules: Rule[], results: Result[]) {
+  private constructSARIFReport(rules: Rule[], results: Result[], note: string) {
     const sarifReport: SARIFTemplate = {
       version: SARIF_VERSION,
       $schema: SARIF_SCHEMA,
       runs: [
         {
+          note: note,
           tool: {
             driver: {
               name: IAC_TOOL_NAME,

.idea/modules.xml

@@ -64,6 +64,7 @@ export type SARIFTemplate = {
   version: string;
   $schema: string;
   runs: {
+    note: string;
     tool: {
       driver: {
         name: string;