feat(reachability): human readable output

Author: paulrosca-snyk

internal/commands/ostest/__snapshots__/sbom_reachability_flow_test.snap

@@ -1,8 +1,8 @@
 
-[Test_RunSbomReachabilityFlow_Success - 1]
+[Test_RunSbomReachabilityFlow_JSON - 1]
 {
  "dependencyCount": 0,
- "displayTargetFile": "",
+ "displayTargetFile": "./testdata/bom.json",
  "filesystemPolicy": false,
  "filtered": {
   "ignore": [],
@@ -57,7 +57,28 @@
 }
 ---
 
-[Test_RunSbomReachabilityFlow_Success - 2]
+[Test_RunSbomReachabilityFlow_JSON - 2]
+{
+ "artifacts": 0,
+ "results": [
+  {
+   "ignored": 0,
+   "open": 1,
+   "severity": "high",
+   "total": 1
+  }
+ ],
+ "severity_order_asc": [
+  "low",
+  "medium",
+  "high",
+  "critical"
+ ],
+ "type": "open-source"
+}
+---
+
+[Test_RunSbomReachabilityFlow_HumanReadable - 1]
 {
  "artifacts": 0,
  "results": [

internal/commands/ostest/sbom_reachability_flow.go

@@ -1,9 +1,7 @@
 package ostest
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 	"fmt"
 	"os"
 
@@ -13,6 +11,7 @@ import (
 
 	"github.com/snyk/cli-extension-os-flows/internal/bundlestore"
 	"github.com/snyk/cli-extension-os-flows/internal/errors"
+	"github.com/snyk/cli-extension-os-flows/internal/legacy/definitions"
 )
 
 // RunSbomReachabilityFlow runs the SBOM reachability flow.
@@ -69,27 +68,18 @@ func RunSbomReachabilityFlow(
 		return nil, fmt.Errorf("failed to create sbom test reachability subject: %w", err)
 	}
 
-	findings, summary, err := RunTest(ctx, ictx, testClient, subject, "", "", int(0), "", orgID, orgSlugOrID, errFactory, logger, nil)
+	findings, summary, err := RunTest(ctx, ictx, testClient, subject, "", "", int(0), sbomPath, orgID, orgSlugOrID, errFactory, logger, nil)
 	if err != nil {
 		return nil, err
 	}
 
-	var finalOutput []workflow.Data
-	var buffer bytes.Buffer
-	encoder := json.NewEncoder(&buffer)
-	encoder.SetEscapeHTML(false)
-	encoder.SetIndent("", "  ")
-	err = encoder.Encode(findings)
-	if err != nil {
-		return nil, errFactory.NewLegacyJSONTransformerError(fmt.Errorf("marshaling to json: %w", err))
+	var allLegacyFindings []definitions.LegacyVulnerabilityResponse
+	if findings != nil {
+		allLegacyFindings = append(allLegacyFindings, *findings)
 	}
-	// encoder.Encode adds a newline, which we trim to match Marshal's behavior.
-	findingsBytes := bytes.TrimRight(buffer.Bytes(), "\n")
-
-	finalOutput = append(finalOutput, NewWorkflowData(ApplicationJSONContentType, findingsBytes))
-	finalOutput = append(finalOutput, summary...)
 
-	return finalOutput, nil
+	//nolint:contextcheck // The handleOutput call chain is not context-aware
+	return handleOutput(ictx, allLegacyFindings, summary, errFactory)
 }
 
 // validateDirectory checks if the given path exists and contains files.

internal/commands/ostest/sbom_reachability_flow_test.go

@@ -16,7 +16,10 @@ import (
 	"github.com/snyk/go-application-framework/pkg/apiclients/testapi"
 	"github.com/snyk/go-application-framework/pkg/configuration"
 	gafmocks "github.com/snyk/go-application-framework/pkg/mocks"
+	"github.com/snyk/go-application-framework/pkg/runtimeinfo"
+	"github.com/snyk/go-application-framework/pkg/workflow"
 
+	"github.com/snyk/cli-extension-os-flows/internal/bundlestore"
 	"github.com/snyk/cli-extension-os-flows/internal/commands/ostest"
 	"github.com/snyk/cli-extension-os-flows/internal/errors"
 	"github.com/snyk/cli-extension-os-flows/internal/mocks"
@@ -28,12 +31,65 @@ import (
 // pathRgxp is used for replacing the "path" in the output for snapshot consistency.
 var pathRgxp = regexp.MustCompile(`\s*,?"path"\s*:\s*"[^"]*",?`)
 
-func Test_RunSbomReachabilityFlow_Success(t *testing.T) {
-	logger := zerolog.Nop()
-	ef := errors.NewErrorFactory(&logger)
+var nopLogger = zerolog.Nop()
+
+func Test_RunSbomReachabilityFlow_JSON(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
+	ctx := context.Background()
+	ef := errors.NewErrorFactory(&nopLogger)
+	mockIctx, mockTestClient, mockBsClient, orgID, orgSlug, sbomPath, sourceCodePath := setupTest(ctx, t, ctrl, true)
+
+	// This should now succeed with proper finding data
+	result, err := ostest.RunSbomReachabilityFlow(ctx, mockIctx, mockTestClient, ef, &nopLogger, sbomPath, sourceCodePath, mockBsClient, orgID, orgSlug)
+
+	require.NoError(t, err)
+	require.NotNil(t, result)
+	require.Len(t, result, 2)                                                                // Should return legacy data + summary data
+	require.Contains(t, result[0].GetContentType(), "application/json")                      // legacy data
+	require.Contains(t, result[1].GetContentType(), "application/json; schema=test-summary") // summary data
+
+	legacyJSON, ok := result[0].GetPayload().([]byte)
+	require.True(t, ok)
+	legacySummary, ok := result[1].GetPayload().([]byte)
+	require.True(t, ok)
+	snaps.MatchJSON(t, pathRgxp.ReplaceAll(legacyJSON, nil))
+	snaps.MatchJSON(t, pathRgxp.ReplaceAll(legacySummary, nil))
+}
+
+func Test_RunSbomReachabilityFlow_HumanReadable(t *testing.T) {
 	ctrl := gomock.NewController(t)
 	defer ctrl.Finish()
+
 	ctx := context.Background()
+	ef := errors.NewErrorFactory(&nopLogger)
+	mockIctx, mockTestClient, mockBsClient, orgID, orgSlug, sbomPath, sourceCodePath := setupTest(ctx, t, ctrl, false)
+
+	// This should now succeed with proper finding data
+	result, err := ostest.RunSbomReachabilityFlow(ctx, mockIctx, mockTestClient, ef, &nopLogger, sbomPath, sourceCodePath, mockBsClient, orgID, orgSlug)
+
+	require.NoError(t, err)
+	require.NotNil(t, result)
+	require.Len(t, result, 1)
+	require.Contains(t, result[0].GetContentType(), "application/json; schema=test-summary")
+
+	legacySummary, ok := result[0].GetPayload().([]byte)
+	require.True(t, ok)
+	snaps.MatchJSON(t, pathRgxp.ReplaceAll(legacySummary, nil))
+}
+
+//nolint:gocritic // Not important for tests.
+func setupTest(ctx context.Context, t *testing.T, ctrl *gomock.Controller, jsonOutput bool) (
+	workflow.InvocationContext,
+	testapi.TestClient,
+	bundlestore.Client,
+	string,
+	string,
+	string,
+	string,
+) {
+	t.Helper()
 	sbomPath := "./testdata/bom.json"
 	sourceCodePath := "./testdata/test_dir"
 	orgID := "test-org-id"
@@ -159,24 +215,12 @@ func Test_RunSbomReachabilityFlow_Success(t *testing.T) {
 
 	// Mock Invocation Context
 	mockConfig := configuration.New()
-	mockConfig.Set(outputworkflow.OutputConfigKeyJSON, true)
+	mockConfig.Set(outputworkflow.OutputConfigKeyJSON, jsonOutput)
 	mockConfig.Set(configuration.ORGANIZATION_SLUG, orgSlug)
 	mockIctx := gafmocks.NewMockInvocationContext(ctrl)
 	mockIctx.EXPECT().GetConfiguration().Return(mockConfig).AnyTimes()
+	mockIctx.EXPECT().GetEnhancedLogger().Return(&nopLogger).AnyTimes()
+	mockIctx.EXPECT().GetRuntimeInfo().Return(runtimeinfo.New()).AnyTimes()
 
-	// This should now succeed with proper finding data
-	result, err := ostest.RunSbomReachabilityFlow(ctx, mockIctx, mockTestClient, ef, &logger, sbomPath, sourceCodePath, mockBsClient, orgID, orgSlug)
-
-	require.NoError(t, err)
-	require.NotNil(t, result)
-	require.Len(t, result, 2)                                                                // Should return legacy data + summary data
-	require.Contains(t, result[0].GetContentType(), "application/json")                      // legacy data
-	require.Contains(t, result[1].GetContentType(), "application/json; schema=test-summary") // summary data
-
-	legacyJSON, ok := result[0].GetPayload().([]byte)
-	require.True(t, ok)
-	legacySummary, ok := result[1].GetPayload().([]byte)
-	require.True(t, ok)
-	snaps.MatchJSON(t, pathRgxp.ReplaceAll(legacyJSON, nil))
-	snaps.MatchJSON(t, pathRgxp.ReplaceAll(legacySummary, nil))
+	return mockIctx, mockTestClient, mockBsClient, orgID, orgSlug, sbomPath, sourceCodePath
 }

internal/presenters/funcs.go

@@ -14,6 +14,8 @@ import (
 	"github.com/snyk/go-application-framework/pkg/runtimeinfo"
 )
 
+const notApplicable = "N/A"
+
 // add returns the sum of two integers.
 func add(a, b int) int {
 	return a + b
@@ -150,6 +152,36 @@ func getIntroducedBy(finding testapi.FindingData) string {
 	return ""
 }
 
+// getReachability returns the reachability status for a finding.
+func getReachability(finding testapi.FindingData) string {
+	if finding.Attributes == nil || len(finding.Attributes.Evidence) == 0 {
+		return notApplicable
+	}
+	for _, evidence := range finding.Attributes.Evidence {
+		evDisc, err := evidence.Discriminator()
+		if err != nil {
+			continue
+		}
+
+		if evDisc == string(testapi.Reachability) {
+			reachEvidence, err := evidence.AsReachabilityEvidence()
+			if err != nil {
+				continue
+			}
+
+			switch reachEvidence.Reachability {
+			case testapi.ReachabilityTypeFunction:
+				return "Reachable"
+			case testapi.ReachabilityTypeNoInfo:
+				return "No reachable path found"
+			case testapi.ReachabilityTypeNotApplicable, testapi.ReachabilityTypeNone:
+				return notApplicable
+			}
+		}
+	}
+	return notApplicable
+}
+
 // getFromConfig returns a function that retrieves configuration values.
 func getFromConfig(config configuration.Configuration) func(key string) string {
 	return func(key string) string {
@@ -300,7 +332,7 @@ func getDefaultTemplateFuncMap(config configuration.Configuration, ri runtimeinf
 		if finding.Id != nil {
 			return finding.Id.String()
 		}
-		return "N/A"
+		return notApplicable
 	}
 
 	defaultMap := template.FuncMap{}
@@ -311,6 +343,7 @@ func getDefaultTemplateFuncMap(config configuration.Configuration, ri runtimeinf
 	defaultMap["getVulnInfoURL"] = getVulnInfoURL
 	defaultMap["getIntroducedThrough"] = getIntroducedThrough
 	defaultMap["getIntroducedBy"] = getIntroducedBy
+	defaultMap["getReachability"] = getReachability
 	defaultMap["filterFinding"] = filterFinding
 	defaultMap["hasField"] = hasField
 	defaultMap["notHasField"] = func(path string) func(obj any) bool {

internal/presenters/templates/unified_finding.tmpl

@@ -17,11 +17,11 @@
    Risk Score: N/A
 				{{- end }}
 			{{- end }}
-			{{- $isReachable := getFieldValueFrom . "Attributes.IsReachable" -}}
-			{{- if eq $isReachable "true" }}
-   Reachable: YES
+			{{- $reachability := getReachability . -}}
+			{{- if ne $reachability "N/A" }}
+   Reachability: {{ $reachability }}
 			{{- end }}
- 
+
 {{end}}
 
 {{- define "details" -}}
@@ -74,14 +74,14 @@
   Organization:      {{ getValueFromConfig "internal_org_slug" }}
   Test type:         {{ if eq .Summary.Type "sast" }}Static code analysis{{else}}{{ .Summary.Type }}{{ end}}
   Project path:      {{ .Summary.Path }}
-  
+
   {{- $total := 0 }}{{- $open := 0 }}{{- $ignored := 0 }}
   {{- range $res := .Summary.Results }}
       {{- $total = add $total $res.Total }}
       {{- $open = add $open $res.Open }}
       {{- $ignored = add $ignored $res.Ignored }}
   {{- end }}
-  
+
   Total issues:   {{ $total }}
   {{- if gt $total 0}}
   Ignored issues: {{ print $ignored | bold }} [