Added constraint formal-name and description to SARIF output

usnistgov · Jun 21, 2024 · dd6890e · dd6890e
1 parent aedb2c0
commit dd6890e
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 8 deletions.
diff --git a/core/metaschema b/core/metaschema
diff --git a/core/src/main/java/gov/nist/secauto/metaschema/core/model/AbstractLoader.java b/core/src/main/java/gov/nist/secauto/metaschema/core/model/AbstractLoader.java
@@ -154,7 +154,7 @@ protected T loadInternal(@NonNull URI resource, @NonNull Deque<URI> visitedResou
 
     T retval = cache.get(resource);
     if (retval == null) {
-      LOGGER.info("Loading module '{}'", resource);
+      LOGGER.info("Loading '{}'", resource);
 
       try {
         visitedResources.push(resource);

diff --git a/...chema/src/main/java/gov/nist/secauto/metaschema/modules/sarif/SarifValidationHandler.java b/...chema/src/main/java/gov/nist/secauto/metaschema/modules/sarif/SarifValidationHandler.java
@@ -26,6 +26,7 @@
 
 package gov.nist.secauto.metaschema.modules.sarif;
 
+import gov.nist.secauto.metaschema.core.datatype.markup.MarkupLine;
 import gov.nist.secauto.metaschema.core.model.IResourceLocation;
 import gov.nist.secauto.metaschema.core.model.constraint.ConstraintValidationFinding;
 import gov.nist.secauto.metaschema.core.model.constraint.IConstraint;
@@ -46,6 +47,7 @@
 import org.schemastore.json.sarif.x210.Location;
 import org.schemastore.json.sarif.x210.LogicalLocation;
 import org.schemastore.json.sarif.x210.Message;
+import org.schemastore.json.sarif.x210.MultiformatMessageString;
 import org.schemastore.json.sarif.x210.PhysicalLocation;
 import org.schemastore.json.sarif.x210.Region;
 import org.schemastore.json.sarif.x210.ReportingDescriptor;
@@ -252,10 +254,24 @@ public void write(@NonNull Path outputFile) throws IOException {
   private ReportingDescriptor rule(RuleRecord rule) {
     ReportingDescriptor retval = new ReportingDescriptor();
     retval.setId(rule.getId());
-    String name = rule.getConstraint().getId();
+    IConstraint constraint = rule.getConstraint();
+    String name = constraint.getId();
     if (name != null) {
       retval.setName(name);
     }
+
+    String formalName = constraint.getFormalName();
+    if (formalName != null) {
+      MultiformatMessageString text = new MultiformatMessageString();
+      text.setText(formalName);
+      retval.setShortDescription(text);
+    }
+    MarkupLine description = constraint.getDescription();
+    if (description != null) {
+      MultiformatMessageString text = new MultiformatMessageString();
+      text.setMarkdown(description.toMarkdown());
+      retval.setFullDescription(text);
+    }
     return retval;
   }
 

diff --git a/...rc/main/java/gov/nist/secauto/metaschema/cli/commands/AbstractValidateContentCommand.java b/...rc/main/java/gov/nist/secauto/metaschema/cli/commands/AbstractValidateContentCommand.java
@@ -277,8 +277,6 @@ public ExitStatus execute() {
           SarifValidationHandler sarifHandler = new SarifValidationHandler(source, version);
           sarifHandler.addFindings(validationResult.getFindings());
           sarifHandler.write(sarifFile);
-
-          LOGGER.error("The file '{}' is invalid.", source);
         } catch (IOException ex) {
           return ExitCode.PROCESSING_ERROR.exit().withThrowable(ex);
         }
@@ -288,12 +286,15 @@ public ExitStatus execute() {
         LoggingValidationHandler.instance().handleValidationResults(validationResult);
       }
 
-      if (validationResult.isPassing() && !cmdLine.hasOption(CLIProcessor.QUIET_OPTION) && LOGGER.isInfoEnabled()) {
-        LOGGER.info("The file '{}' is valid.", source);
+      if (validationResult.isPassing()) {
+        if (LOGGER.isInfoEnabled()) {
+          LOGGER.info("The file '{}' is valid.", source);
+        }
+      } else if (LOGGER.isErrorEnabled()) {
+        LOGGER.error("The file '{}' is invalid.", source);
       }
 
       return (validationResult.isPassing() ? ExitCode.OK : ExitCode.FAIL).exit();
     }
-
   }
 }