add tests

checkov/common/bridgecrew/integration_features/features/vulnerabilities_integration.py

@@ -83,7 +83,7 @@ def merge_sca_and_sast_reports(self, merged_reports: list[Report]) -> None:
             # Extract Sast data from Sast report filtered by the language
             imports_entries = sast_imports_report.get('imports', {}).get(lang, {}).items()
             filtered_imports_entries = [(code_file_path, sast_data) for code_file_path, sast_data in imports_entries if
-                                self.is_deeper_or_equal_level(sca_file_path, code_file_path)]
+                                        self.is_deeper_or_equal_level(sca_file_path, code_file_path)]
 
             reachability_entries = sast_reacability_report.get('reachability', {}).get(lang, {}).items()
             filtered_reachability_entries = [(code_file_path, sast_data) for code_file_path, sast_data in
@@ -139,12 +139,12 @@ def create_file_by_package_map(self, filtered_entries: List[Tuple[Any, Any]]) ->
 
         return sast_files_by_packages_map
 
-    def create_reachable_data_by_package_map(self, filtered_reachability_entries: List[Tuple[Any, Any]]) -> Dict[str, List[str]]:
-        reachable_data_by_packages_map: Dict[str, List[str]] = defaultdict(list)
+    def create_reachable_data_by_package_map(self, filtered_reachability_entries: List[Tuple[Any, Any]]) -> Dict[str, Dict[str, List[str]]]:
+        reachable_data_by_packages_map: Dict[str, Dict[str, List[str]]] = defaultdict(dict)
         for code_file_path, file_data in filtered_reachability_entries:
             packages = file_data.packages
             for package_name, package_data in packages.items():
-                reachable_data_by_packages_map[package_name] = package_data.functions
+                reachable_data_by_packages_map[package_name][code_file_path] = package_data.functions
         return reachable_data_by_packages_map
 
 #######################################################################################################################

tests/common/integration_features/test_vulnerabilities_integration.py

@@ -200,13 +200,17 @@ def test_create_reachable_data_by_package_map(self):
         vul_integration = VulnerabilitiesIntegration(instance)
         reachable_data_by_package_map = vul_integration.create_reachable_data_by_package_map(filtered_reachability_entries)
         assert reachable_data_by_package_map == {
-            'axios': [
-                Function(name='trim', alias='hopa', line_number=4, code_block='hopa()')
-            ],
-            'lodash': [
-                Function(name='template', alias='', line_number=1, code_block='template()'),
-                Function(name='toNumber', alias='', line_number=4, code_block='hopa()')
-            ]
+            'axios': {
+                '/index.js': [
+                    Function(name='trim', alias='hopa', line_number=4, code_block='hopa()')
+                ]
+            },
+            'lodash': {
+                '/index.js': [
+                    Function(name='template', alias='', line_number=1, code_block='template()'),
+                    Function(name='toNumber', alias='', line_number=4, code_block='hopa()')
+                ]
+            }
         }
 
 

tests/sast/test_report.py

@@ -0,0 +1,54 @@
+from __future__ import annotations
+
+from checkov.sast.report import SastData, SastReport
+from checkov.sast.consts import SastLanguages
+from checkov.sast.prisma_models.report import Function, Repositories, File, Package
+
+
+def _create_sast_reports_for_test_get_sast_reachability_report_with_one_report() -> list[SastReport]:
+    # we don't care about the init's params, except for the sast-language
+    report1 = SastReport('', {}, SastLanguages.JAVASCRIPT)
+    report1.sast_reachability = {
+        'repo_1': Repositories(files={
+            '/index.js': File(packages={
+                'axios': Package(alias='ax', functions=[
+                    Function(name='trim', alias='hopa', line_number=4, code_block='hopa()')
+                ]),
+                'lodash': Package(alias='', functions=[
+                    Function(name='template', alias='', line_number=1, code_block='template()'),
+                    Function(name='toNumber', alias='', line_number=4, code_block='hopa()')
+                ])
+            }),
+            '/main.js': File(packages={
+                'axios': Package(alias='ax', functions=[
+                    Function(name='trim', alias='hi', line_number=4, code_block='hi()')
+                ])
+            })
+        })
+    }
+    return [report1]
+
+
+def test_get_sast_reachability_report_with_one_report():
+    scan_reports: list[SastReport] = _create_sast_reports_for_test_get_sast_reachability_report_with_one_report()
+    sast_reachability_report = SastData.get_sast_reachability_report(scan_reports)
+    assert sast_reachability_report == {
+        'reachability': {
+            SastLanguages.JAVASCRIPT: {
+                '/index.js': File(packages={
+                    'axios': Package(alias='ax', functions=[
+                        Function(name='trim', alias='hopa', line_number=4, code_block='hopa()')
+                    ]),
+                    'lodash': Package(alias='', functions=[
+                        Function(name='template', alias='', line_number=1, code_block='template()'),
+                        Function(name='toNumber', alias='', line_number=4, code_block='hopa()')
+                    ])
+                }),
+                '/main.js': File(packages={
+                    'axios': Package(alias='ax', functions=[
+                        Function(name='trim', alias='hi', line_number=4, code_block='hi()')
+                    ])
+                })
+            }
+        }
+    }