Package org.egothor.methodatlas.emit

Class SarifEmitter

java.lang.Object
org.egothor.methodatlas.emit.SarifEmitter
All Implemented Interfaces:
TestMethodSink
public final class SarifEmitter extends Object implements TestMethodSink
Buffers test method records and serializes them as a single SARIF 2.1.0 JSON document when flush(PrintWriter) is called.

SARIF (Static Analysis Results Interchange Format) is an OASIS standard for representing the results of static analysis tools. MethodAtlas uses it to emit a machine-readable inventory of discovered test methods, with security-relevant methods distinguished from ordinary test methods via the SARIF result level (note vs none).

Each test method becomes one SARIF result. Security-relevant methods receive level note and a rule derived from the first non-umbrella AI tag (e.g. security/auth). All other methods receive level none and rule test-method.

AI enrichment fields (display name, tags, reason, confidence) are stored in the SARIF result properties bag when an AiMethodSuggestion is available. The interaction score and, when confidence reporting is enabled, the confidence percentage are also embedded directly in the result message text so they remain visible in tooling (such as GitHub Code Scanning) that does not render the properties bag.

This class implements TestMethodSink so it can be passed directly to the orchestration layer in MethodAtlasApp.

See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    SarifEmitter(boolean aiEnabled, boolean confidenceEnabled, String filePrefix)
    Creates a new SARIF emitter with scores embedded in result message text (the default behaviour).
    SarifEmitter(boolean aiEnabled, boolean confidenceEnabled, String filePrefix, boolean scoresInMessage)
    Creates a new SARIF emitter.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    flush(PrintWriter out)
    Serializes all buffered records as a SARIF 2.1.0 JSON document and writes it to the supplied writer.
    void
    record(String fqcn, String method, int beginLine, int loc, String contentHash, List<String> tags, String displayName, AiMethodSuggestion suggestion)
    Buffers a single test method record.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SarifEmitter

      public SarifEmitter(boolean aiEnabled, boolean confidenceEnabled, String filePrefix)
      Creates a new SARIF emitter with scores embedded in result message text (the default behaviour).
      Parameters:
      aiEnabled - whether AI enrichment columns should be included
      confidenceEnabled - whether the aiConfidence property should be included; only meaningful when aiEnabled is true
      filePrefix - forward-slash path prefix prepended to every artifact URI to produce a repo-relative path (e.g. "src/test/java/"); use empty string when the scan root is already the repository root

    • SarifEmitter

      public SarifEmitter(boolean aiEnabled, boolean confidenceEnabled, String filePrefix, boolean scoresInMessage)
      Creates a new SARIF emitter.
      Parameters:
      aiEnabled - whether AI enrichment columns should be included
      confidenceEnabled - whether the aiConfidence property should be included; only meaningful when aiEnabled is true
      filePrefix - forward-slash path prefix prepended to every artifact URI to produce a repo-relative path (e.g. "src/test/java/"); use empty string when the scan root is already the repository root
      scoresInMessage - when true (the default), the interaction score and confidence percentage are embedded in the result message text so they are visible in tooling (such as GitHub Code Scanning) that does not render the properties bag; set to false when the consuming system already displays properties and the extra text is unwanted

  • Method Details

    • record

      public void record(String fqcn, String method, int beginLine, int loc, String contentHash, List<String> tags, String displayName, AiMethodSuggestion suggestion)
      Buffers a single test method record.
      Specified by:
      record in interface TestMethodSink
      Parameters:
      fqcn - fully qualified name of the class that declares the method
      method - simple method name
      beginLine - one-based line number of the first line of the method declaration; 0 when the parser cannot determine the location
      loc - inclusive line count of the method declaration
      contentHash - lowercase-hex SHA-256 fingerprint of the enclosing class source, or null when -content-hash is not enabled
      tags - source-level test-framework tag values declared on the method; never null
      displayName - text from an existing display-name annotation on the method; null when no such annotation is present; "" when the annotation is present but has an empty value — which is a malformed annotation and may be treated as a quality finding by implementations
      suggestion - AI-generated security classification for the method, or null when AI enrichment is disabled or unavailable for this class

    • flush

      public void flush(PrintWriter out)
      Serializes all buffered records as a SARIF 2.1.0 JSON document and writes it to the supplied writer.
      Parameters:
      out - destination writer
      Throws:
      IllegalStateException - if JSON serialization fails