sap-jenkins-library/pkg/blackduck/reporting_test.go

//go:build unit
// +build unit

package blackduck

import (
	"fmt"
	"path/filepath"
	"testing"

	"github.com/SAP/jenkins-library/pkg/format"
	"github.com/SAP/jenkins-library/pkg/mock"
	"github.com/SAP/jenkins-library/pkg/piperutils"
	"github.com/SAP/jenkins-library/pkg/reporting"
	"github.com/stretchr/testify/assert"
)

func TestCreateSarifResultFile(t *testing.T) {
	vulnerabilities := []string{"CVE-1", "CVE-2", "CVE-3", "CVE-4"}
	affectedComponent := Component{Name: "test1", Version: "1.2.3", ComponentOriginName: "Maven", PrimaryLanguage: "Java"}
	otherAffectedComponent := Component{Name: "test2", Version: "1.2.8", ComponentOriginName: "Maven", PrimaryLanguage: "Java"}
	alerts := []Vulnerability{
		{
			Name:      "test1",
			Version:   "1.2.3",
			Component: &affectedComponent,
			VulnerabilityWithRemediation: VulnerabilityWithRemediation{
				CweID:             "CWE-45456543",
				VulnerabilityName: "CVE-1",
				Severity:          "CRITICAL",
				Description:       "Some vulnerability that can be exploited by peeling the glue off.",
				BaseScore:         9.8, OverallScore: 10,
				RemediationStatus:  "IGNORED",
				RemediationComment: "CWE-45456543 Auto-remediated: CWE-45456543 is related to CVE-1, but the CWE team has determined that this component version is not affected.",
				RemidiatedBy:       "technical_user",
			},
		},
		{
			Name:      "test1",
			Version:   "1.2.3",
			Component: &affectedComponent,
			VulnerabilityWithRemediation: VulnerabilityWithRemediation{
				CweID:              "CWE-45456542",
				VulnerabilityName:  "CVE-2",
				Severity:           "CRITICAL",
				Description:        "Some other vulnerability that can be exploited by filling the glass.",
				BaseScore:          9,
				OverallScore:       9,
				RemediationStatus:  "NEW",
				RemediationComment: "",
			},
		},
		{
			Name:      "test1",
			Version:   "1.2.3",
			Component: &affectedComponent,
			VulnerabilityWithRemediation: VulnerabilityWithRemediation{
				CweID:             "CWE-45456541",
				VulnerabilityName: "CVE-3",
				Severity:          "HIGH",
				Description:       "Some vulnerability that can be exploited by turning it upside down.",
				BaseScore:         6.5,
				OverallScore:      7,
				RemediationStatus: "IGNORED",
			},
		},
		{
			Name:      "test2",
			Version:   "1.2.8",
			Component: &otherAffectedComponent,
			VulnerabilityWithRemediation: VulnerabilityWithRemediation{
				CweID:             "CWE-45789754",
				VulnerabilityName: "CVE-4",
				Severity:          "HIGH",
				Description:       "Some vulnerability that can be exploited by turning it upside down.",
				BaseScore:         6.5,
				OverallScore:      7,
			},
		},
		{
			Name:      "test2",
			Version:   "1.2.8",
			Component: &otherAffectedComponent,
			VulnerabilityWithRemediation: VulnerabilityWithRemediation{
				CweID:             "CWE-45456541",
				VulnerabilityName: "CVE-3",
				Severity:          "HIGH",
				Description:       "Some vulnerability that can be exploited by turning it upside down.",
				BaseScore:         6.5,
				OverallScore:      7,
			},
		},
	}
	vulns := Vulnerabilities{
		Items: alerts,
	}
	projectName := "theProjectName"
	projectVersion := "theProjectVersion"
	projectLink := "theProjectLink"

	sarif := CreateSarifResultFile(&vulns, projectName, projectVersion, projectLink)

	assert.Equal(t, "https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json", sarif.Schema)
	assert.Equal(t, "2.1.0", sarif.Version)
	assert.Equal(t, 1, len(sarif.Runs))
	assert.Equal(t, "Black Duck", sarif.Runs[0].Tool.Driver.Name)
	assert.Equal(t, "unknown", sarif.Runs[0].Tool.Driver.Version)
	assert.Equal(t, 4, len(sarif.Runs[0].Tool.Driver.Rules))
	assert.Equal(t, 5, len(sarif.Runs[0].Results))
	assert.Equal(t, "CRITICAL", sarif.Runs[0].Results[0].Properties.ToolSeverity)

	// Test correctness of audit information
	assert.Equal(t, true, sarif.Runs[0].Results[0].Properties.Audited)
	assert.Equal(t, "IGNORED", sarif.Runs[0].Results[0].Properties.ToolState)
	assert.Equal(t, alerts[0].BaseScore, sarif.Runs[0].Results[0].Properties.UnifiedCriticality)
	assert.Equal(t, "critical", sarif.Runs[0].Results[0].Properties.UnifiedSeverity)
	assert.Equal(t, "new", sarif.Runs[0].Results[1].Properties.UnifiedAuditState)
	assert.Equal(t, "notRelevant", sarif.Runs[0].Results[0].Properties.UnifiedAuditState)
	assert.Equal(t, "technical_user", sarif.Runs[0].Results[0].Properties.UnifiedAuditUser)
	assert.Equal(t, format.AUDIT_REQUIREMENT_GROUP_1_DESC, sarif.Runs[0].Results[0].Properties.AuditRequirement)
	assert.Equal(t, format.AUDIT_REQUIREMENT_GROUP_1_INDEX, sarif.Runs[0].Results[0].Properties.AuditRequirementIndex)
	assert.Equal(t,
		"CWE-45456543 Auto-remediated: CWE-45456543 is related to CVE-1, but the CWE team has determined that this component version is not affected.",
		sarif.Runs[0].Results[0].Properties.ToolAuditMessage,
	)
	assert.Equal(t, 4, sarif.Runs[0].Results[0].Properties.ToolSeverityIndex)
	assert.Equal(t, 3, sarif.Runs[0].Results[2].Properties.ToolSeverityIndex)

	assert.Equal(t, false, sarif.Runs[0].Results[1].Properties.Audited)
	assert.Equal(t, "NEW", sarif.Runs[0].Results[1].Properties.ToolState)
	assert.Equal(t, "", sarif.Runs[0].Results[1].Properties.ToolAuditMessage)

	collectedRules := []string{}
	for _, rule := range sarif.Runs[0].Tool.Driver.Rules {
		piperutils.ContainsString(vulnerabilities, rule.ID)
		collectedRules = append(collectedRules, rule.ID)
	}

	collectedResults := []string{}
	for _, result := range sarif.Runs[0].Results {
		piperutils.ContainsString(vulnerabilities, result.RuleID)
		collectedResults = append(collectedResults, result.RuleID)
	}

	assert.Equal(t, 4, len(collectedRules))
	assert.Equal(t, 5, len(collectedResults))
	assert.Equal(t, vulnerabilities, collectedRules)
}

func TestWriteCustomVulnerabilityReports(t *testing.T) {

	t.Run("success", func(t *testing.T) {
		scanReport := reporting.ScanReport{}
		utilsMock := &mock.FilesMock{}

		reportPaths, err := WriteVulnerabilityReports(scanReport, utilsMock)

		assert.NoError(t, err)
		assert.Equal(t, 1, len(reportPaths))

		exists, err := utilsMock.FileExists(reportPaths[0].Target)
		assert.NoError(t, err)
		assert.True(t, exists)

		exists, err = utilsMock.FileExists(filepath.Join(reporting.StepReportDirectory, "detectExecuteScan_oss_20220102-150405.json"))
		assert.NoError(t, err)
		assert.True(t, exists)
	})

	t.Run("failed to write json report", func(t *testing.T) {
		scanReport := reporting.ScanReport{}
		utilsMock := &mock.FilesMock{}
		utilsMock.FileWriteErrors = map[string]error{
			filepath.Join(reporting.StepReportDirectory, "detectExecuteScan_oss_20220102-150405.json"): fmt.Errorf("write error"),
		}

		_, err := WriteVulnerabilityReports(scanReport, utilsMock)
		assert.Contains(t, fmt.Sprint(err), "failed to write json report")
	})
}

func TestWriteSarifFile(t *testing.T) {

	t.Run("success", func(t *testing.T) {
		sarif := format.SARIF{}
		var utilsMock piperutils.FileUtils
		utilsMock = &mock.FilesMock{}

		reportPaths, err := WriteSarifFile(&sarif, utilsMock)

		assert.NoError(t, err)
		assert.Equal(t, 1, len(reportPaths))

		exists, err := utilsMock.FileExists(reportPaths[0].Target)
		assert.NoError(t, err)
		assert.True(t, exists)

		exists, err = utilsMock.FileExists(filepath.Join(ReportsDirectory, "piper_detect_vulnerability.sarif"))
		assert.NoError(t, err)
		assert.True(t, exists)
	})

	t.Run("failed to write HTML report", func(t *testing.T) {
		sarif := format.SARIF{}
		utilsMock := &mock.FilesMock{}
		utilsMock.FileWriteErrors = map[string]error{
			filepath.Join(ReportsDirectory, "piper_detect_vulnerability.sarif"): fmt.Errorf("write error"),
		}

		_, err := WriteSarifFile(&sarif, utilsMock)
		assert.Contains(t, fmt.Sprint(err), "failed to write SARIF file")
	})
}
feat(golangBuild): use 'unit' build tag to include tests during test execution (#4345) * Added unit tag as argument. Added description to runTests command. Changed code generator to have unit build tag in generated unit test files. * Added unit build tag to all unit test files. * added to new unit test unit build tag * Update verify-go.yml * small fix --------- Co-authored-by: Muhammadali Nazarov <Muhammadali.Nazarov@acronis.com> Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com> 2023-05-03 18:02:11 +02:00			`//go:build unit`
			`// +build unit`

feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`package blackduck`

			`import (`
			`"fmt"`
			`"path/filepath"`
			`"testing"`

			`"github.com/SAP/jenkins-library/pkg/format"`
			`"github.com/SAP/jenkins-library/pkg/mock"`
			`"github.com/SAP/jenkins-library/pkg/piperutils"`
			`"github.com/SAP/jenkins-library/pkg/reporting"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestCreateSarifResultFile(t *testing.T) {`
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048) * Fixed struct methods to meet interface requirements * Fix test and ruleID * Small adjustments * Readability of code * Added testcases * Code rework * Fix fmt * Mod * Fix taxonomy * Fix ruleIndex * Fix taxonomies * Fix format * Remove name * Fix Fortify and Checkmarx SARIF * Fix fmt, address comments * Addressing comments * Fix fmt 2022-10-10 10:06:20 +02:00			`vulnerabilities := []string{"CVE-1", "CVE-2", "CVE-3", "CVE-4"}`
			`affectedComponent := Component{Name: "test1", Version: "1.2.3", ComponentOriginName: "Maven", PrimaryLanguage: "Java"}`
			`otherAffectedComponent := Component{Name: "test2", Version: "1.2.8", ComponentOriginName: "Maven", PrimaryLanguage: "Java"}`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`alerts := []Vulnerability{`
Added audit information in Sarif file in detectExecuteStep (#4198) * Added audit information in sarif file in blackduck step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-02-07 18:02:28 +02:00			`{`
			`Name: "test1",`
			`Version: "1.2.3",`
			`Component: &affectedComponent,`
			`VulnerabilityWithRemediation: VulnerabilityWithRemediation{`
			`CweID: "CWE-45456543",`
			`VulnerabilityName: "CVE-1",`
			`Severity: "CRITICAL",`
			`Description: "Some vulnerability that can be exploited by peeling the glue off.",`
			`BaseScore: 9.8, OverallScore: 10,`
			`RemediationStatus: "IGNORED",`
			`RemediationComment: "CWE-45456543 Auto-remediated: CWE-45456543 is related to CVE-1, but the CWE team has determined that this component version is not affected.",`
Add new unified fields to Mend and Blackduck SARIF (#4611) * Add new unified fields to Mend and Blackduck SARIF * fmt project --------- Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com> 2023-10-17 11:48:52 +02:00			`RemidiatedBy: "technical_user",`
Added audit information in Sarif file in detectExecuteStep (#4198) * Added audit information in sarif file in blackduck step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-02-07 18:02:28 +02:00			`},`
			`},`
			`{`
			`Name: "test1",`
			`Version: "1.2.3",`
			`Component: &affectedComponent,`
			`VulnerabilityWithRemediation: VulnerabilityWithRemediation{`
			`CweID: "CWE-45456542",`
			`VulnerabilityName: "CVE-2",`
			`Severity: "CRITICAL",`
			`Description: "Some other vulnerability that can be exploited by filling the glass.",`
			`BaseScore: 9,`
			`OverallScore: 9,`
			`RemediationStatus: "NEW",`
			`RemediationComment: "",`
			`},`
			`},`
			`{`
			`Name: "test1",`
			`Version: "1.2.3",`
			`Component: &affectedComponent,`
			`VulnerabilityWithRemediation: VulnerabilityWithRemediation{`
			`CweID: "CWE-45456541",`
			`VulnerabilityName: "CVE-3",`
			`Severity: "HIGH",`
			`Description: "Some vulnerability that can be exploited by turning it upside down.",`
			`BaseScore: 6.5,`
			`OverallScore: 7,`
Add new unified fields to Mend and Blackduck SARIF (#4611) * Add new unified fields to Mend and Blackduck SARIF * fmt project --------- Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com> 2023-10-17 11:48:52 +02:00			`RemediationStatus: "IGNORED",`
Added audit information in Sarif file in detectExecuteStep (#4198) * Added audit information in sarif file in blackduck step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-02-07 18:02:28 +02:00			`},`
			`},`
			`{`
			`Name: "test2",`
			`Version: "1.2.8",`
			`Component: &otherAffectedComponent,`
			`VulnerabilityWithRemediation: VulnerabilityWithRemediation{`
			`CweID: "CWE-45789754",`
			`VulnerabilityName: "CVE-4",`
			`Severity: "HIGH",`
			`Description: "Some vulnerability that can be exploited by turning it upside down.",`
			`BaseScore: 6.5,`
			`OverallScore: 7,`
			`},`
			`},`
			`{`
			`Name: "test2",`
			`Version: "1.2.8",`
			`Component: &otherAffectedComponent,`
			`VulnerabilityWithRemediation: VulnerabilityWithRemediation{`
			`CweID: "CWE-45456541",`
			`VulnerabilityName: "CVE-3",`
			`Severity: "HIGH",`
			`Description: "Some vulnerability that can be exploited by turning it upside down.",`
			`BaseScore: 6.5,`
			`OverallScore: 7,`
			`},`
			`},`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`}`
			`vulns := Vulnerabilities{`
			`Items: alerts,`
			`}`
fix(detectExecuteScan): Fix issues with the sarif file (#4100) * fix(detectExecuteScan): Fix issues with the sarif file Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2022-12-01 10:47:53 +02:00			`projectName := "theProjectName"`
			`projectVersion := "theProjectVersion"`
			`projectLink := "theProjectLink"`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00
fix(detectExecuteScan): Fix issues with the sarif file (#4100) * fix(detectExecuteScan): Fix issues with the sarif file Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2022-12-01 10:47:53 +02:00			`sarif := CreateSarifResultFile(&vulns, projectName, projectVersion, projectLink)`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00
SARIF format and GHIssue format improvements (#3646) * Improve reporting * Fix location * Align casing * Fix severity mapping * Fix format * Improve title * Title format * Fix severity * Align title * Fix schema reference * Fix schema reference * Fix fmt * Fix fmt2 * Fix tests * fix(sarif): proper handling of omitempty in SnippetSarif * fix(fortifyExecuteScan): sarif format version * Addressing comments * Fix SARIF * fix(sarif): omitempty handling * fix(fortifyExecuteScan): pointer indirection * Added TODOs for audit data Co-authored-by: Xavier Goffin <x.goffin@sap.com> Co-authored-by: xgoffin <86716549+xgoffin@users.noreply.github.com> Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com> 2022-03-22 15:47:19 +02:00			`assert.Equal(t, "https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json", sarif.Schema)`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`assert.Equal(t, "2.1.0", sarif.Version)`
			`assert.Equal(t, 1, len(sarif.Runs))`
fix(detectExecuteScan): Fix issues with the sarif file (#4100) * fix(detectExecuteScan): Fix issues with the sarif file Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2022-12-01 10:47:53 +02:00			`assert.Equal(t, "Black Duck", sarif.Runs[0].Tool.Driver.Name)`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`assert.Equal(t, "unknown", sarif.Runs[0].Tool.Driver.Version)`
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048) * Fixed struct methods to meet interface requirements * Fix test and ruleID * Small adjustments * Readability of code * Added testcases * Code rework * Fix fmt * Mod * Fix taxonomy * Fix ruleIndex * Fix taxonomies * Fix format * Remove name * Fix Fortify and Checkmarx SARIF * Fix fmt, address comments * Addressing comments * Fix fmt 2022-10-10 10:06:20 +02:00			`assert.Equal(t, 4, len(sarif.Runs[0].Tool.Driver.Rules))`
			`assert.Equal(t, 5, len(sarif.Runs[0].Results))`
Added audit information in Sarif file in detectExecuteStep (#4198) * Added audit information in sarif file in blackduck step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-02-07 18:02:28 +02:00			`assert.Equal(t, "CRITICAL", sarif.Runs[0].Results[0].Properties.ToolSeverity)`

			`// Test correctness of audit information`
			`assert.Equal(t, true, sarif.Runs[0].Results[0].Properties.Audited)`
			`assert.Equal(t, "IGNORED", sarif.Runs[0].Results[0].Properties.ToolState)`
Add new unified fields to Mend and Blackduck SARIF (#4611) * Add new unified fields to Mend and Blackduck SARIF * fmt project --------- Co-authored-by: Dmitrii Pavlukhin <dmitrii.pavlukhin@sap.com> 2023-10-17 11:48:52 +02:00			`assert.Equal(t, alerts[0].BaseScore, sarif.Runs[0].Results[0].Properties.UnifiedCriticality)`
			`assert.Equal(t, "critical", sarif.Runs[0].Results[0].Properties.UnifiedSeverity)`
			`assert.Equal(t, "new", sarif.Runs[0].Results[1].Properties.UnifiedAuditState)`
			`assert.Equal(t, "notRelevant", sarif.Runs[0].Results[0].Properties.UnifiedAuditState)`
			`assert.Equal(t, "technical_user", sarif.Runs[0].Results[0].Properties.UnifiedAuditUser)`
			`assert.Equal(t, format.AUDIT_REQUIREMENT_GROUP_1_DESC, sarif.Runs[0].Results[0].Properties.AuditRequirement)`
			`assert.Equal(t, format.AUDIT_REQUIREMENT_GROUP_1_INDEX, sarif.Runs[0].Results[0].Properties.AuditRequirementIndex)`
Added audit information in Sarif file in detectExecuteStep (#4198) * Added audit information in sarif file in blackduck step --------- Co-authored-by: sumeet patil <sumeet.patil@sap.com> 2023-02-07 18:02:28 +02:00			`assert.Equal(t,`
			`"CWE-45456543 Auto-remediated: CWE-45456543 is related to CVE-1, but the CWE team has determined that this component version is not affected.",`
			`sarif.Runs[0].Results[0].Properties.ToolAuditMessage,`
			`)`
			`assert.Equal(t, 4, sarif.Runs[0].Results[0].Properties.ToolSeverityIndex)`
			`assert.Equal(t, 3, sarif.Runs[0].Results[2].Properties.ToolSeverityIndex)`

			`assert.Equal(t, false, sarif.Runs[0].Results[1].Properties.Audited)`
			`assert.Equal(t, "NEW", sarif.Runs[0].Results[1].Properties.ToolState)`
			`assert.Equal(t, "", sarif.Runs[0].Results[1].Properties.ToolAuditMessage)`
Fix(detectExecuteScan): rework struct methods to meet interface requirements (#4048) * Fixed struct methods to meet interface requirements * Fix test and ruleID * Small adjustments * Readability of code * Added testcases * Code rework * Fix fmt * Mod * Fix taxonomy * Fix ruleIndex * Fix taxonomies * Fix format * Remove name * Fix Fortify and Checkmarx SARIF * Fix fmt, address comments * Addressing comments * Fix fmt 2022-10-10 10:06:20 +02:00
			`collectedRules := []string{}`
			`for _, rule := range sarif.Runs[0].Tool.Driver.Rules {`
			`piperutils.ContainsString(vulnerabilities, rule.ID)`
			`collectedRules = append(collectedRules, rule.ID)`
			`}`

			`collectedResults := []string{}`
			`for _, result := range sarif.Runs[0].Results {`
			`piperutils.ContainsString(vulnerabilities, result.RuleID)`
			`collectedResults = append(collectedResults, result.RuleID)`
			`}`

			`assert.Equal(t, 4, len(collectedRules))`
			`assert.Equal(t, 5, len(collectedResults))`
			`assert.Equal(t, vulnerabilities, collectedRules)`
feat(detectExecuteScan): SARIF export and GH issue creation (#3637) * Added SARIF and GH issue creation 2022-03-17 16:32:48 +02:00			`}`

			`func TestWriteCustomVulnerabilityReports(t *testing.T) {`

			`t.Run("success", func(t *testing.T) {`
			`scanReport := reporting.ScanReport{}`
			`utilsMock := &mock.FilesMock{}`

			`reportPaths, err := WriteVulnerabilityReports(scanReport, utilsMock)`

			`assert.NoError(t, err)`
			`assert.Equal(t, 1, len(reportPaths))`

			`exists, err := utilsMock.FileExists(reportPaths[0].Target)`
			`assert.NoError(t, err)`
			`assert.True(t, exists)`

			`exists, err = utilsMock.FileExists(filepath.Join(reporting.StepReportDirectory, "detectExecuteScan_oss_20220102-150405.json"))`
			`assert.NoError(t, err)`
			`assert.True(t, exists)`
			`})`

			`t.Run("failed to write json report", func(t *testing.T) {`
			`scanReport := reporting.ScanReport{}`
			`utilsMock := &mock.FilesMock{}`
			`utilsMock.FileWriteErrors = map[string]error{`
			`filepath.Join(reporting.StepReportDirectory, "detectExecuteScan_oss_20220102-150405.json"): fmt.Errorf("write error"),`
			`}`

			`_, err := WriteVulnerabilityReports(scanReport, utilsMock)`
			`assert.Contains(t, fmt.Sprint(err), "failed to write json report")`
			`})`
			`}`

			`func TestWriteSarifFile(t *testing.T) {`

			`t.Run("success", func(t *testing.T) {`
			`sarif := format.SARIF{}`
			`var utilsMock piperutils.FileUtils`
			`utilsMock = &mock.FilesMock{}`

			`reportPaths, err := WriteSarifFile(&sarif, utilsMock)`

			`assert.NoError(t, err)`
			`assert.Equal(t, 1, len(reportPaths))`

			`exists, err := utilsMock.FileExists(reportPaths[0].Target)`
			`assert.NoError(t, err)`
			`assert.True(t, exists)`

			`exists, err = utilsMock.FileExists(filepath.Join(ReportsDirectory, "piper_detect_vulnerability.sarif"))`
			`assert.NoError(t, err)`
			`assert.True(t, exists)`
			`})`

			`t.Run("failed to write HTML report", func(t *testing.T) {`
			`sarif := format.SARIF{}`
			`utilsMock := &mock.FilesMock{}`
			`utilsMock.FileWriteErrors = map[string]error{`
			`filepath.Join(ReportsDirectory, "piper_detect_vulnerability.sarif"): fmt.Errorf("write error"),`
			`}`

			`_, err := WriteSarifFile(&sarif, utilsMock)`
			`assert.Contains(t, fmt.Sprint(err), "failed to write SARIF file")`
			`})`
			`}`