From d41881e2c3447d91b29b470279c28e0191df3f2b Mon Sep 17 00:00:00 2001
From: clavedeluna <danalitovsky+git@gmail.com>
Date: Mon, 2 Dec 2024 11:24:32 -0300
Subject: [PATCH 1/2] implement finding msg

---
 src/codemodder/codeql.py                | 19 ++++++++++++++-----
 src/codemodder/result.py                |  1 +
 src/codemodder/semgrep.py               |  1 +
 src/core_codemods/defectdojo/results.py |  1 +
 src/core_codemods/sonar/results.py      |  1 +
 5 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/codemodder/codeql.py b/src/codemodder/codeql.py
index 041ed3e3..a53323aa 100644
--- a/src/codemodder/codeql.py
+++ b/src/codemodder/codeql.py
@@ -43,12 +43,11 @@ class CodeQLResult(SarifResult):
     def from_sarif(
         cls, sarif_result, sarif_run, truncate_rule_id: bool = False
     ) -> Self:
+        rule_id = cls.extract_rule_id(sarif_result, sarif_run, truncate_rule_id)
+        text_for_rule = get_text_for_rule(rule_id, sarif_run)
+        finding_msg = f"""{sarif_result['message']['text']}\n{text_for_rule}"""
         return cls(
-            rule_id=(
-                rule_id := cls.extract_rule_id(
-                    sarif_result, sarif_run, truncate_rule_id
-                )
-            ),
+            rule_id=rule_id,
             locations=cls.extract_locations(sarif_result),
             codeflows=cls.extract_code_flows(sarif_result),
             related_locations=cls.extract_related_locations(sarif_result),
@@ -62,6 +61,7 @@ def from_sarif(
                     # url=,
                 ),
             ),
+            finding_msg=finding_msg,
         )
 
 
@@ -80,3 +80,12 @@ def from_sarif(cls, sarif_file: str | Path, truncate_rule_id: bool = False) -> S
                     )
                     result_set.add_result(codeql_result)
         return result_set
+
+
+# TODO: cache, make hashable
+def get_text_for_rule(rule_id: str, sarif_run: dict) -> str:
+    for ext in sarif_run["tool"]["extensions"]:
+        for rule in ext.get("rules", []):
+            if rule["id"] == rule_id:
+                return f"{rule["fullDescription"]["text"]}\n{rule["help"]["text"]}"
+    return ""
diff --git a/src/codemodder/result.py b/src/codemodder/result.py
index d0d74ea8..d8d86d8e 100644
--- a/src/codemodder/result.py
+++ b/src/codemodder/result.py
@@ -76,6 +76,7 @@ def __hash__(self):
 @dataclass(frozen=True, kw_only=True)
 class SASTResult(Result):
     finding_id: str
+    finding_msg: str | None
 
 
 @dataclass(frozen=True, kw_only=True)
diff --git a/src/codemodder/semgrep.py b/src/codemodder/semgrep.py
index 47a1ea32..891fcdb9 100644
--- a/src/codemodder/semgrep.py
+++ b/src/codemodder/semgrep.py
@@ -72,6 +72,7 @@ def from_sarif(
                     url=semgrep_url_from_id(rule_id),
                 ),
             ),
+            finding_msg="TODO",
         )
 
 
diff --git a/src/core_codemods/defectdojo/results.py b/src/core_codemods/defectdojo/results.py
index 7fbaa5d6..db09600b 100644
--- a/src/core_codemods/defectdojo/results.py
+++ b/src/core_codemods/defectdojo/results.py
@@ -37,6 +37,7 @@ def from_result(cls, result: dict) -> Self:
                     url=None,
                 ),
             ),
+            finding_msg="TODO",
         )
 
     @override
diff --git a/src/core_codemods/sonar/results.py b/src/core_codemods/sonar/results.py
index 316ce944..94da4649 100644
--- a/src/core_codemods/sonar/results.py
+++ b/src/core_codemods/sonar/results.py
@@ -76,6 +76,7 @@ def from_result(cls, result: dict) -> Self:
                     url=sonar_url_from_id(rule_id),
                 ),
             ),
+            finding_msg="TODO",
         )
 
     def match_location(self, pos, node):

From c16bb09446e37ec580b60dbecfff012031d767d1 Mon Sep 17 00:00:00 2001
From: clavedeluna <danalitovsky+git@gmail.com>
Date: Tue, 3 Dec 2024 09:15:50 -0300
Subject: [PATCH 2/2] fix syntax

---
 src/codemodder/codeql.py |  4 ++--
 tests/test_codeql.py     | 11 +++++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/codemodder/codeql.py b/src/codemodder/codeql.py
index a53323aa..a1893b80 100644
--- a/src/codemodder/codeql.py
+++ b/src/codemodder/codeql.py
@@ -45,7 +45,7 @@ def from_sarif(
     ) -> Self:
         rule_id = cls.extract_rule_id(sarif_result, sarif_run, truncate_rule_id)
         text_for_rule = get_text_for_rule(rule_id, sarif_run)
-        finding_msg = f"""{sarif_result['message']['text']}\n{text_for_rule}"""
+        finding_msg = f"{sarif_result['message']['text']}\n{text_for_rule}"
         return cls(
             rule_id=rule_id,
             locations=cls.extract_locations(sarif_result),
@@ -87,5 +87,5 @@ def get_text_for_rule(rule_id: str, sarif_run: dict) -> str:
     for ext in sarif_run["tool"]["extensions"]:
         for rule in ext.get("rules", []):
             if rule["id"] == rule_id:
-                return f"{rule["fullDescription"]["text"]}\n{rule["help"]["text"]}"
+                return f"{rule.get('fullDescription', {}).get('text', '')}\n{rule.get('help', {}).get('text', '')}"
     return ""
diff --git a/tests/test_codeql.py b/tests/test_codeql.py
index c8a2e2c3..f499e000 100644
--- a/tests/test_codeql.py
+++ b/tests/test_codeql.py
@@ -209,11 +209,18 @@ def test_from_sarif(self):
                 "driver": {"name": "CodeQL"},
                 "extensions": [
                     {
+                        "name": "codeql/python-queries",
                         "rules": [
-                            {"id": "python/sql-injection"},
+                            {
+                                "id": "python/sql-injection",
+                                "fullDescription": {
+                                    "text": "Some lengthy description."
+                                },
+                                "help": {"text": "Description\n"},
+                            },
                             {"id": "cs/web/missing-x-frame-options"},
                             {"id": "cs/web/xss"},
-                        ]
+                        ],
                     },
                 ],
             },