Semgrep and codeql finding ids (#939)

* Move finding ID to SARIF base class

* Include codeflows when filtering applicable findings

Author: drdavella

src/codemodder/codeql.py

@@ -3,7 +3,6 @@
 
 from typing_extensions import Self
 
-from codemodder.codetf import Finding, Rule
 from codemodder.result import LineInfo, ResultSet, SarifLocation, SarifResult
 from codemodder.sarifs import AbstractSarifToolDetector
 
@@ -40,29 +39,10 @@ class CodeQLResult(SarifResult):
     location_type = CodeQLLocation
 
     @classmethod
-    def from_sarif(
-        cls, sarif_result, sarif_run, truncate_rule_id: bool = False
-    ) -> Self:
-        return cls(
-            rule_id=(
-                rule_id := cls.extract_rule_id(
-                    sarif_result, sarif_run, truncate_rule_id
-                )
-            ),
-            locations=cls.extract_locations(sarif_result),
-            codeflows=cls.extract_code_flows(sarif_result),
-            related_locations=cls.extract_related_locations(sarif_result),
-            finding_id=rule_id,
-            finding=Finding(
-                id=rule_id,
-                rule=Rule(
-                    id=sarif_result.get("correlationGuid", rule_id),
-                    name=rule_id,
-                    # TODO: map to URL
-                    # url=,
-                ),
-            ),
-        )
+    def rule_url_from_id(cls, result: dict, run: dict, rule_id: str) -> str:
+        del result, run, rule_id
+        # TODO: Implement this method to return the specific rule URL
+        return "https://codeql.github.com/codeql-query-help/"
 
 
 class CodeQLResultSet(ResultSet):

src/codemodder/file_context.py

@@ -58,6 +58,11 @@ def get_findings_for_location(self, line_number: int):
                 location.start.line <= line_number <= location.end.line
                 for location in result.locations
             )
+            or any(
+                location.start.line <= line_number <= location.end.line
+                for codeflow in result.codeflows
+                for location in codeflow
+            )
             and result.finding is not None
         ]
 

src/codemodder/result.py

@@ -11,7 +11,7 @@
 from libcst._position import CodeRange
 from typing_extensions import Self
 
-from codemodder.codetf import Finding
+from codemodder.codetf import Finding, Rule
 
 from .utils.abc_dataclass import ABCDataclass
 
@@ -86,6 +86,26 @@ class SarifResult(SASTResult, ABCDataclass):
     def from_sarif(
         cls, sarif_result, sarif_run, truncate_rule_id: bool = False
     ) -> Self:
+        rule_id = cls.extract_rule_id(sarif_result, sarif_run, truncate_rule_id)
+        finding_id = cls.extract_finding_id(sarif_result) or rule_id
+        return cls(
+            rule_id=rule_id,
+            locations=cls.extract_locations(sarif_result),
+            codeflows=cls.extract_code_flows(sarif_result),
+            related_locations=cls.extract_related_locations(sarif_result),
+            finding_id=finding_id,
+            finding=Finding(
+                id=finding_id,
+                rule=Rule(
+                    id=rule_id,
+                    name=rule_id,
+                    url=cls.rule_url_from_id(sarif_result, sarif_run, rule_id),
+                ),
+            ),
+        )
+
+    @classmethod
+    def rule_url_from_id(cls, result: dict, run: dict, rule_id: str) -> str:
         raise NotImplementedError
 
     @classmethod
@@ -139,6 +159,10 @@ def extract_rule_id(cls, result, sarif_run, truncate_rule_id: bool = False) -> s
 
         raise ValueError("Could not extract rule id from sarif result.")
 
+    @classmethod
+    def extract_finding_id(cls, result) -> str | None:
+        return result.get("guid") or result.get("correlationGuid")
+
 
 def same_line(pos: CodeRange, location: Location) -> bool:
     return pos.start.line == location.start.line and pos.end.line == location.end.line