annotate first line by default 🆙

Author: eliblock

README.md

@@ -78,6 +78,12 @@ less-advanced-security --app_id=12345 --install_id=87654321 --key_path=tmp/appli
 Defaults to `True` (disable with `--filter_annotations=false`).
 
 When set to `True`, annotations are added only when they apply to a line modified in the pull request (or a line immediately around it based on the git patch). When set to `False`, all annotations are added regardless of file or line.
+
+### `--annotate_beginning`
+Defaults to `True` (disable with `--annotate_beginning=false`).
+
+When set to `True`, annotations are submitted for the start line of a finding only (rather than the full range of lines in the finding). With this set to `False`, GitHub's default of displaying annotations on the end line of a finding is used.
+
 ## Development
 
 ### Environment

github/annotation.go

@@ -64,3 +64,11 @@ func CreateAnnotation(path string, startLine int, endLine int, level string, tit
 		endLine:   endLine,
 	}, nil
 }
+
+func removeEndLines(annotations []*Annotation) {
+	for _, annotation := range annotations {
+		annotation.endLine = annotation.startLine
+		annotation.githubAnnotation.EndLine = annotation.githubAnnotation.StartLine
+		annotation.githubAnnotation.EndColumn = nil
+	}
+}

github/annotation_test.go

@@ -99,3 +99,72 @@ func TestCreateAnnotation(t *testing.T) {
 	})
 
 }
+
+func TestRemoveEndLines(t *testing.T) {
+	six := 6
+	seven := 7
+	twelve := 12
+
+	one_line_annotation := Annotation{
+		startLine:        6,
+		endLine:          6,
+		githubAnnotation: &github.CheckRunAnnotation{StartLine: &six, EndLine: &six},
+	}
+	multi_line_annotation := Annotation{
+		startLine:        7,
+		endLine:          12,
+		githubAnnotation: &github.CheckRunAnnotation{StartLine: &seven, EndLine: &twelve},
+	}
+	flattened_multi_line_annotation := Annotation{
+		startLine:        7,
+		endLine:          7,
+		githubAnnotation: &github.CheckRunAnnotation{StartLine: &seven, EndLine: &seven},
+	}
+
+	tests := []struct {
+		name                             string
+		annotations, expectedAnnotations []*Annotation
+	}{
+		{
+			"one one-liner",
+			[]*Annotation{&one_line_annotation},
+			[]*Annotation{&one_line_annotation},
+		},
+		{
+			"one multi-liner",
+			[]*Annotation{&multi_line_annotation},
+			[]*Annotation{&flattened_multi_line_annotation},
+		},
+		{
+			"multiple",
+			[]*Annotation{&one_line_annotation, &multi_line_annotation},
+			[]*Annotation{&one_line_annotation, &flattened_multi_line_annotation},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			removeEndLines(tt.annotations)
+
+			for _, expectedAnnotation := range tt.expectedAnnotations {
+				found := false
+				for _, gotAnnotation := range tt.annotations {
+					if gotAnnotation.startLine == expectedAnnotation.startLine &&
+						gotAnnotation.endLine == expectedAnnotation.endLine &&
+						*gotAnnotation.githubAnnotation.StartLine == *expectedAnnotation.githubAnnotation.StartLine &&
+						*gotAnnotation.githubAnnotation.EndLine == *expectedAnnotation.githubAnnotation.EndLine &&
+						gotAnnotation.githubAnnotation.EndColumn == nil {
+						found = true
+						break
+					}
+				}
+				if !found {
+					t.Errorf("Expected annotation %s but did not find it.", expectedAnnotation)
+				}
+			}
+
+			if len(tt.expectedAnnotations) != len(tt.annotations) {
+				t.Errorf("expected %d annotations but got %d", len(tt.expectedAnnotations), len(tt.annotations))
+			}
+		})
+	}
+}

github/pull_request_annotator.go

@@ -42,11 +42,15 @@ func computeConclusion(annotations []*Annotation) string {
 	return conclusion
 }
 
-func (annotator *PullRequestAnnotator) PostAnnotations(annotations []*Annotation, checkName string, filterAnnotations bool) error {
+func (annotator *PullRequestAnnotator) PostAnnotations(annotations []*Annotation, checkName string, filterAnnotations bool, annotateStartLineOnly bool) error {
 	if filterAnnotations {
 		annotations = annotator.pr.filterAnnotations(annotations)
 	}
 
+	if annotateStartLineOnly {
+		removeEndLines(annotations)
+	}
+
 	const MAX_ANNOTATIONS_PER_PAGE = 50
 	// When creating a check run you can add only 50 annotations - later annotations must be added via an update to the
 	// run. Split our annotations accordingly, and pull the github annotation off them.

main.go

@@ -48,6 +48,7 @@ func main() {
 	sarifPath := flag.String("sarif_path", "", "absolute path to your sarif file")
 
 	filterAnnotations := flag.Bool("filter_annotations", true, "filter annotations by lines found in the git patches, default true")
+	annotateStartLineOnly := flag.Bool("annotate_beginning", true, "force annotations to start line of a finding (if set to false, GitHub default of end is used), default true")
 
 	flag.Parse()
 
@@ -89,7 +90,7 @@ func main() {
 		annotations = append(annotations, annotation)
 	}
 
-	if err := annotator.PostAnnotations(annotations, tool.Name, *filterAnnotations); err != nil {
+	if err := annotator.PostAnnotations(annotations, tool.Name, *filterAnnotations, *annotateStartLineOnly); err != nil {
 		log.Fatal(errors.Wrap(err, "failed to post annotations"))
 	}
 }