fix: added helper method to compare sarif output

test/e2e/scan/golden/docker_scan/dockerfiles/dockerfile_platform_flag_violations/dockerfile_platform_flag_sarif.txt

@@ -6,7 +6,7 @@
       "tool": {
         "driver": {
           "name": "terrascan",
-          "version": "1.8.1",
+          "version": "1.9.0",
           "informationUri": "https://github.com/accurics/terrascan",
           "rules": [
             {

test/e2e/scan/golden/k8s_scans/k8s/kubernetes_ingress_violations/kubernetes_ingress_sarif.txt

@@ -0,0 +1,55 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "terrascan",
+          "version": "1.9.0",
+          "informationUri": "https://github.com/accurics/terrascan",
+          "rules": [
+            {
+              "id": "AC_K8S_0001",
+              "name": "noHttps",
+              "shortDescription": {
+                "text": "TLS disabled can affect the confidentiality of the data in transit"
+              },
+              "properties": {
+                "category": "Network Security",
+                "severity": "HIGH"
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "AC_K8S_0001",
+          "level": "error",
+          "message": {
+            "text": "TLS disabled can affect the confidentiality of the data in transit"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "file:///Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/k8s/kubernetes_ingress_violation/config.yaml"
+                },
+                "region": {
+                  "startLine": 1
+                }
+              },
+              "logicalLocations": [
+                {
+                  "name": "ingress-demo-disallowed",
+                  "kind": "kubernetes_ingress"
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_sarif.txt

@@ -0,0 +1,55 @@
+{
+  "version": "2.1.0",
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "terrascan",
+          "version": "1.9.0",
+          "informationUri": "https://github.com/accurics/terrascan",
+          "rules": [
+            {
+              "id": "AC_AWS_0001",
+              "name": "amiNotEncrypted",
+              "shortDescription": {
+                "text": "Enable AWS AMI Encryption"
+              },
+              "properties": {
+                "category": "Encryption \u0026 KeyManagement",
+                "severity": "MEDIUM"
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "AC_AWS_0001",
+          "level": "warning",
+          "message": {
+            "text": "Enable AWS AMI Encryption"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "file:///Users/suvarna/go/src/github.com/rchanger/terrascan/test/e2e/test_data/iac/aws/aws_ami_violation/main.tf"
+                },
+                "region": {
+                  "startLine": 5
+                }
+              },
+              "logicalLocations": [
+                {
+                  "name": "awsAmiEncrypted",
+                  "kind": "aws_ami"
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

test/e2e/scan/scan_docker_file_test.go

@@ -19,7 +19,6 @@ package scan_test
 import (
 	"path/filepath"
 
-	"github.com/accurics/terrascan/pkg/version"
 	scanUtils "github.com/accurics/terrascan/test/e2e/scan"
 	"github.com/accurics/terrascan/test/helper"
 	. "github.com/onsi/ginkgo"
@@ -75,13 +74,10 @@ var _ = Describe("Scan is run for dockerfile directories and files", func() {
 				})
 			})
 
-			//TODO: verify this with sarif owner
 			When("when output type is sarif", func() {
 				It("should display violations in sarif format", func() {
 					scanArgs := []string{"-i", "docker", "-p", policyDir, "-d", iacDir, "-o", "sarif"}
-					path, _ := helper.GetAbsoluteFilePathForSarif(iacDir, "Dockerfile")
-					golden := scanUtils.GetSarifGoldenString(scanUtils.SarifTemplateDockerPlatformFlagViolation, version.GetNumeric(), path)
-					scanUtils.RunScanAndAssertJSONOutputString(terrascanBinaryPath, golden, helper.ExitCodeThree, true, outWriter, errWriter, scanArgs...)
+					scanUtils.RunScanAndAssertGoldenSarifOutputRegex(terrascanBinaryPath, filepath.Join(dockerGoldenRelPath, "dockerfile_platform_flag_sarif.txt"), helper.ExitCodeThree, outWriter, errWriter, scanArgs...)
 				})
 			})
 
@@ -151,9 +147,7 @@ var _ = Describe("Scan is run for dockerfile directories and files", func() {
 			When("when output type is sarif", func() {
 				It("should display violations in sarif format", func() {
 					scanArgs := []string{"-i", "docker", "-p", policyDir, "-f", iacFile, "-o", "sarif"}
-					path, _ := helper.GetAbsoluteFilePathForSarif(iacFile, "Dockerfile")
-					golden := scanUtils.GetSarifGoldenString(scanUtils.SarifTemplateDockerPlatformFlagViolation, version.GetNumeric(), path)
-					scanUtils.RunScanAndAssertJSONOutputString(terrascanBinaryPath, golden, helper.ExitCodeThree, true, outWriter, errWriter, scanArgs...)
+					scanUtils.RunScanAndAssertGoldenSarifOutputRegex(terrascanBinaryPath, filepath.Join(dockerGoldenRelPath, "dockerfile_platform_flag_sarif.txt"), helper.ExitCodeThree, outWriter, errWriter, scanArgs...)
 				})
 			})
 

test/e2e/scan/scan_k8s_files_test.go

@@ -17,7 +17,6 @@
 package scan_test
 
 import (
-	"github.com/accurics/terrascan/pkg/version"
 	"path/filepath"
 
 	scanUtils "github.com/accurics/terrascan/test/e2e/scan"
@@ -78,9 +77,7 @@ var _ = Describe("Scan is run for k8s directories and files", func() {
 			When("when output type is sarif", func() {
 				It("should display violations in sarif format", func() {
 					scanArgs := []string{"-i", "k8s", "-p", policyDir, "-d", iacDir, "-o", "sarif"}
-					path, _ := helper.GetAbsoluteFilePathForSarif(iacDir, "config.yaml")
-					golden := scanUtils.GetSarifGoldenString(scanUtils.SarifTemplateK8sTLSViolation, version.GetNumeric(), path)
-					scanUtils.RunScanAndAssertJSONOutputString(terrascanBinaryPath, golden, helper.ExitCodeThree, true, outWriter, errWriter, scanArgs...)
+					scanUtils.RunScanAndAssertGoldenSarifOutputRegex(terrascanBinaryPath, filepath.Join(k8sGoldenRelPath, "kubernetes_ingress_sarif.txt"), helper.ExitCodeThree, outWriter, errWriter, scanArgs...)
 				})
 			})
 
@@ -150,9 +147,7 @@ var _ = Describe("Scan is run for k8s directories and files", func() {
 			When("when output type is sarif", func() {
 				It("should display violations in sarif format", func() {
 					scanArgs := []string{"-i", "k8s", "-p", policyDir, "-f", iacFile, "-o", "sarif"}
-					path, _ := helper.GetAbsoluteFilePathForSarif(iacFile, "config.yaml")
-					golden := scanUtils.GetSarifGoldenString(scanUtils.SarifTemplateK8sTLSViolation, version.GetNumeric(), path)
-					scanUtils.RunScanAndAssertJSONOutputString(terrascanBinaryPath, golden, helper.ExitCodeThree, true, outWriter, errWriter, scanArgs...)
+					scanUtils.RunScanAndAssertGoldenSarifOutputRegex(terrascanBinaryPath, filepath.Join(k8sGoldenRelPath, "kubernetes_ingress_sarif.txt"), helper.ExitCodeThree, outWriter, errWriter, scanArgs...)
 				})
 			})
 

test/e2e/scan/scan_rules_filtering_test.go

@@ -263,18 +263,11 @@ var _ = Describe("Scan command with rule filtering options", func() {
 		})
 
 		Context("resource skipping in docker files", func() {
-			oldIacDir := iacDir
-			JustBeforeEach(func() {
-				iacDir, err = filepath.Abs(filepath.Join(resourceSkipIacRelPath, "docker"))
-			})
-			JustAfterEach(func() {
-				iacDir = oldIacDir
-			})
-
+			iacScanDir := filepath.Join(resourceSkipIacRelPath, "docker")
 			// the iac file has only one resource with one violation, which is skipped.
 			// hence, the exit code is 0
 			It("should display skipped violations and exit with status code 0", func() {
-				scanArgs := []string{"-p", policyDir, "-d", iacDir, "-i", "docker", "-o", "json"}
+				scanArgs := []string{"-p", policyDir, "-d", iacScanDir, "-i", "docker", "-o", "json"}
 				scanUtils.RunScanAndAssertJSONOutput(terrascanBinaryPath, filepath.Join(resourceSkipGoldenRelPath, "dockerfile_resource_skipping.txt"), helper.ExitCodeZero, false, true, outWriter, errWriter, scanArgs...)
 			})
 		})

test/e2e/scan/scan_tf_files_test.go

@@ -19,8 +19,6 @@ package scan_test
 import (
 	"path/filepath"
 
-	"github.com/accurics/terrascan/pkg/version"
-
 	scanUtils "github.com/accurics/terrascan/test/e2e/scan"
 	"github.com/accurics/terrascan/test/helper"
 	. "github.com/onsi/ginkgo"
@@ -122,9 +120,7 @@ var _ = Describe("Scan is run for terraform files", func() {
 			When("output type is sarif", func() {
 				It("should display violations in sarif format", func() {
 					scanArgs := []string{"-p", policyDir, "-i", "terraform", "-d", iacDir, "-o", "sarif"}
-					path, _ := helper.GetAbsoluteFilePathForSarif(iacDir, "main.tf")
-					golden := scanUtils.GetSarifGoldenString(scanUtils.SarifTemplateAWSAMIViolation, version.GetNumeric(), path)
-					scanUtils.RunScanAndAssertJSONOutputString(terrascanBinaryPath, golden, helper.ExitCodeThree, true, outWriter, errWriter, scanArgs...)
+					scanUtils.RunScanAndAssertGoldenSarifOutputRegex(terrascanBinaryPath, filepath.Join(tfAwsAmiGoldenRelPath, "aws_ami_violation_sarif.txt"), helper.ExitCodeThree, outWriter, errWriter, scanArgs...)
 				})
 			})