Add logical locations to SARIF reports (#1456)

Author: mmvpm

utbot-framework-test/src/test/kotlin/org/utbot/sarif/SarifReportTest.kt

@@ -44,6 +44,9 @@ class SarifReportTest {
         )
         Mockito.`when`(mockUtExecutionAIOBE.stateBefore.parameters).thenReturn(listOf())
 
+        defaultMockCoverage(mockUtExecutionNPE)
+        defaultMockCoverage(mockUtExecutionAIOBE)
+
         val testSets = listOf(
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecutionNPE)),
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecutionAIOBE))
@@ -68,12 +71,13 @@ class SarifReportTest {
         )
         Mockito.`when`(mockUtExecution.stateBefore.parameters).thenReturn(listOf())
         Mockito.`when`(mockUtExecution.coverage?.coveredInstructions?.lastOrNull()?.lineNumber).thenReturn(1337)
+        Mockito.`when`(mockUtExecution.coverage?.coveredInstructions?.lastOrNull()?.className).thenReturn("Main")
         Mockito.`when`(mockUtExecution.testMethodName).thenReturn("testMain_ThrowArithmeticException")
 
         val report = sarifReportMain.createReport()
 
         val result = report.runs.first().results.first()
-        val location = result.locations.first().physicalLocation
+        val location = result.locations.filterIsInstance<SarifPhysicalLocationWrapper>().first().physicalLocation
         val relatedLocation = result.relatedLocations.first().physicalLocation
 
         assert(location.artifactLocation.uri.contains("Main.java"))
@@ -98,6 +102,8 @@ class SarifReportTest {
             )
         )
 
+        defaultMockCoverage(mockUtExecution)
+
         val report = sarifReportMain.createReport()
 
         val result = report.runs.first().results.first()
@@ -121,6 +127,8 @@ class SarifReportTest {
         )
         Mockito.`when`(mockUtExecution.stateBefore.parameters).thenReturn(listOf())
 
+        defaultMockCoverage(mockUtExecution)
+
         val report = sarifReportMain.createReport()
 
         val result = report.runs.first().results.first().codeFlows.first().threadFlows.first().locations.map {
@@ -140,6 +148,8 @@ class SarifReportTest {
         Mockito.`when`(uncheckedException.stackTrace).thenReturn(arrayOf())
         Mockito.`when`(mockUtExecution.result).thenReturn(UtSandboxFailure(uncheckedException))
 
+        defaultMockCoverage(mockUtExecution)
+
         val report = sarifReportMain.createReport()
         val result = report.runs.first().results.first()
         assert(result.message.text.contains("AccessControlException"))
@@ -159,6 +169,8 @@ class SarifReportTest {
         Mockito.`when`(mockUtExecution.stateBefore.parameters).thenReturn(listOf())
         Mockito.`when`(mockUtExecution.testMethodName).thenReturn("testMain_ThrowArithmeticException")
 
+        defaultMockCoverage(mockUtExecution)
+
         val report = sarifReportMain.createReport()
 
         val codeFlowPhysicalLocations = report.runs[0].results[0].codeFlows[0].threadFlows[0].locations.map {
@@ -183,6 +195,8 @@ class SarifReportTest {
         Mockito.`when`(mockUtExecution.stateBefore.parameters).thenReturn(listOf())
         Mockito.`when`(mockUtExecution.testMethodName).thenReturn("testMain_ThrowArithmeticException")
 
+        defaultMockCoverage(mockUtExecution)
+
         val report = sarifReportPrivateMain.createReport()
 
         val codeFlowPhysicalLocations = report.runs[0].results[0].codeFlows[0].threadFlows[0].locations.map {
@@ -200,6 +214,8 @@ class SarifReportTest {
         val mockUtExecution = Mockito.mock(UtExecution::class.java, Mockito.RETURNS_DEEP_STUBS)
         Mockito.`when`(mockUtExecution.result).thenReturn(UtImplicitlyThrownException(NullPointerException(), false))
 
+        defaultMockCoverage(mockUtExecution)
+
         val testSets = listOf(
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution)),
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution)) // duplicate
@@ -225,6 +241,9 @@ class SarifReportTest {
         Mockito.`when`(mockUtExecution1.result).thenReturn(UtImplicitlyThrownException(NullPointerException(), false))
         Mockito.`when`(mockUtExecution2.result).thenReturn(UtImplicitlyThrownException(ArithmeticException(), false))
 
+        defaultMockCoverage(mockUtExecution1)
+        defaultMockCoverage(mockUtExecution2)
+
         val testSets = listOf(
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution1)),
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution2)) // not a duplicate
@@ -252,7 +271,9 @@ class SarifReportTest {
 
         // different locations
         Mockito.`when`(mockUtExecution1.coverage?.coveredInstructions?.lastOrNull()?.lineNumber).thenReturn(11)
+        Mockito.`when`(mockUtExecution1.coverage?.coveredInstructions?.lastOrNull()?.className).thenReturn("Main")
         Mockito.`when`(mockUtExecution2.coverage?.coveredInstructions?.lastOrNull()?.lineNumber).thenReturn(22)
+        Mockito.`when`(mockUtExecution2.coverage?.coveredInstructions?.lastOrNull()?.className).thenReturn("Main")
 
         val testSets = listOf(
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution1)),
@@ -288,6 +309,9 @@ class SarifReportTest {
         Mockito.`when`(mockNPE1.stackTrace).thenReturn(arrayOf(stackTraceElement1))
         Mockito.`when`(mockNPE2.stackTrace).thenReturn(arrayOf(stackTraceElement1, stackTraceElement2))
 
+        defaultMockCoverage(mockUtExecution1)
+        defaultMockCoverage(mockUtExecution2)
+
         val testSets = listOf(
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution1)),
             UtMethodTestSet(mockExecutableId, listOf(mockUtExecution2)) // duplicate with a longer stack trace
@@ -316,6 +340,11 @@ class SarifReportTest {
         Mockito.`when`(mockExecutableId.classId.name).thenReturn("Main")
     }
 
+    private fun defaultMockCoverage(mockExecution: UtExecution) {
+        Mockito.`when`(mockExecution.coverage?.coveredInstructions?.lastOrNull()?.lineNumber).thenReturn(1)
+        Mockito.`when`(mockExecution.coverage?.coveredInstructions?.lastOrNull()?.className).thenReturn("Main")
+    }
+
     // constants
 
     private val sourceFindingEmpty = SourceFindingStrategyDefault(

utbot-framework/src/main/kotlin/org/utbot/sarif/DataClasses.kt

@@ -1,8 +1,11 @@
 package org.utbot.sarif
 
-import com.fasterxml.jackson.annotation.JsonInclude
-import com.fasterxml.jackson.annotation.JsonProperty
-import com.fasterxml.jackson.annotation.JsonValue
+import com.fasterxml.jackson.annotation.*
+import com.fasterxml.jackson.core.JsonParser
+import com.fasterxml.jackson.databind.DeserializationContext
+import com.fasterxml.jackson.databind.JsonDeserializer
+import com.fasterxml.jackson.databind.JsonNode
+import com.fasterxml.jackson.databind.module.SimpleModule
 import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
 import com.fasterxml.jackson.module.kotlin.readValue
 
@@ -17,6 +20,12 @@ data class Sarif(
     val runs: List<SarifRun>
 ) {
     companion object {
+
+        private val jsonMapper = jacksonObjectMapper()
+            .registerModule(SimpleModule()
+                .addDeserializer(SarifLocationWrapper::class.java, SarifLocationWrapperDeserializer())
+            )
+
         private const val defaultSchema =
             "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json"
         private const val defaultVersion =
@@ -29,11 +38,11 @@ data class Sarif(
             Sarif(defaultSchema, defaultVersion, listOf(run))
 
         fun fromJson(reportInJson: String): Sarif =
-            jacksonObjectMapper().readValue(reportInJson)
+            jsonMapper.readValue(reportInJson)
     }
 
     fun toJson(): String =
-        jacksonObjectMapper()
+        jsonMapper
             .setSerializationInclusion(JsonInclude.Include.NON_NULL)
             .writerWithDefaultPrettyPrinter()
             .writeValueAsString(this)
@@ -111,7 +120,7 @@ data class SarifResult(
     val ruleId: String,
     val level: Level,
     val message: Message,
-    val locations: List<SarifPhysicalLocationWrapper> = listOf(),
+    val locations: List<SarifLocationWrapper> = listOf(),
     val relatedLocations: List<SarifRelatedPhysicalLocationWrapper> = listOf(),
     val codeFlows: List<SarifCodeFlow> = listOf()
 ) {
@@ -145,14 +154,41 @@ data class Message(
     val markdown: String? = null
 )
 
-// physical location
+// location
 
 /**
  * [Documentation](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#location-object)
  */
+sealed class SarifLocationWrapper
+
 data class SarifPhysicalLocationWrapper(
-    val physicalLocation: SarifPhysicalLocation,
-)
+    val physicalLocation: SarifPhysicalLocation // this name used in the SarifLocationWrapperDeserializer
+) : SarifLocationWrapper()
+
+data class SarifLogicalLocationsWrapper(
+    val logicalLocations: List<SarifLogicalLocation> // this name used in the SarifLocationWrapperDeserializer
+) : SarifLocationWrapper()
+
+/**
+ * Custom JSON deserializer for sealed class [SarifLocationWrapper].
+ * Returns [SarifPhysicalLocationWrapper] or [SarifLogicalLocationsWrapper].
+ */
+class SarifLocationWrapperDeserializer : JsonDeserializer<SarifLocationWrapper>() {
+    override fun deserialize(jp: JsonParser, context: DeserializationContext?): SarifLocationWrapper {
+        val node: JsonNode = jp.codec.readTree(jp)
+        val isPhysicalLocation = node.get("physicalLocation") != null // field name
+        val isLogicalLocations = node.get("logicalLocations") != null // field name
+        return when {
+            isPhysicalLocation -> {
+                jacksonObjectMapper().readValue<SarifPhysicalLocationWrapper>(node.toString())
+            }
+            isLogicalLocations -> {
+                return jacksonObjectMapper().readValue<SarifLogicalLocationsWrapper>(node.toString())
+            }
+            else -> error("SarifLocationWrapperDeserializer: Cannot parse ${node.toPrettyString()}")
+        }
+    }
+}
 
 /**
  * [Documentation](https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#physicallocation-object)
@@ -189,6 +225,15 @@ data class SarifRegion(
     }
 }
 
+// logical locations
+
+/**
+ * [Documentation](https://github.com/microsoft/sarif-tutorials/blob/main/docs/2-Basics.md#physical-and-logical-locations)
+ */
+data class SarifLogicalLocation(
+    val fullyQualifiedName: String
+)
+
 // related locations
 
 /**