From 304e22a024f327500aef765864d6fefd57df1db0 Mon Sep 17 00:00:00 2001
From: Zxilly <31370133+Zxilly@users.noreply.github.com>
Date: Thu, 20 Jun 2024 06:25:53 +0800
Subject: [PATCH] fix: sanitize level property for SARIF (#4831)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
---
 pkg/printers/sarif.go      | 7 ++++++-
 pkg/printers/sarif_test.go | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/pkg/printers/sarif.go b/pkg/printers/sarif.go
index 9ccf33ce..8b1dd2ee 100644
--- a/pkg/printers/sarif.go
+++ b/pkg/printers/sarif.go
@@ -76,7 +76,12 @@ func (p Sarif) Print(issues []result.Issue) error {
 		issue := issues[i]
 
 		severity := issue.Severity
-		if severity == "" {
+
+		switch severity {
+		// https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790898
+		case "none", "note", "warning", "error":
+			// Valid levels.
+		default:
 			severity = "error"
 		}
 
diff --git a/pkg/printers/sarif_test.go b/pkg/printers/sarif_test.go
index 62cb0d5a..87c833de 100644
--- a/pkg/printers/sarif_test.go
+++ b/pkg/printers/sarif_test.go
@@ -42,7 +42,7 @@ func TestSarif_Print(t *testing.T) {
 		},
 		{
 			FromLinter: "linter-a",
-			Severity:   "error",
+			Severity:   "low",
 			Text:       "some issue 2",
 			Pos: token.Position{
 				Filename: "path/to/filec.go",