fix: use correct path separator in SARIF output when on Windows (google#1294)

Currently we always output a Unix path separator even when on Windows -
this changes us to use the path separator based on the OS.

Resolves google#604

Co-authored-by: Rex P <[email protected]>

Author: G-Rath

internal/output/sarif.go

@@ -25,6 +25,7 @@ type HelpTemplateData struct {
 	AliasedVulns          []VulnDescription
 	HasFixedVersion       bool
 	FixedVersionTable     string
+	PathSeparator         string
 }
 
 type FixedPkgTableData struct {
@@ -81,7 +82,7 @@ See the format and more options in our documentation here: https://google.github
 Add or append these values to the following config files to ignore this vulnerability:
 
 {{range .AffectedPackagePaths -}}
-""{{.}}/osv-scanner.toml""
+""{{.}}{{$.PathSeparator}}osv-scanner.toml""
 
 """"""
 [[IgnoredVulns]]
@@ -213,6 +214,7 @@ func createSARIFHelpText(gv *groupedSARIFFinding) string {
 		HasFixedVersion:       hasFixedVersion,
 		FixedVersionTable:     createSARIFFixedPkgTable(fixedPkgTableData).RenderMarkdown(),
 		AffectedPackagePaths:  affectedPackagePaths,
+		PathSeparator:         string(filepath.Separator),
 	})
 
 	if err != nil {

internal/output/sarif_internal_test.go

@@ -17,13 +17,13 @@ func Test_createSARIFHelpText(t *testing.T) {
 		{
 			args: testutility.LoadJSONFixture[groupedSARIFFinding](t, "fixtures/vuln-grouped.json"),
 			want: testutility.NewSnapshot().WithWindowsReplacements(map[string]string{
-				"\\path\\to\\sub-rust-project/osv-scanner.toml": "/path/to/sub-rust-project/osv-scanner.toml",
+				"\\path\\to\\sub-rust-project\\osv-scanner.toml": "/path/to/sub-rust-project/osv-scanner.toml",
 			}),
 		},
 		{
 			args: testutility.LoadJSONFixture[groupedSARIFFinding](t, "fixtures/commit-grouped.json"),
 			want: testutility.NewSnapshot().WithWindowsReplacements(map[string]string{
-				"<rootdir>\\Documents\\Project\\engine/osv-scanner.toml": "<rootdir>/Documents/Project/engine/osv-scanner.toml",
+				"<rootdir>\\Documents\\Project\\engine\\osv-scanner.toml": "<rootdir>/Documents/Project/engine/osv-scanner.toml",
 			}),
 		},
 	}

internal/output/sarif_test.go

@@ -64,8 +64,8 @@ func TestPrintSARIFReport(t *testing.T) {
 				map[string]string{
 					"lockfile:D:\\\\path\\\\to\\\\sub-rust-project\\\\Cargo.lock": "lockfile:/path/to/sub-rust-project/Cargo.lock",
 					"lockfile:D:\\\\path\\\\to\\\\go.mod":                         "lockfile:/path/to/go.mod",
-					"D:\\\\path\\\\to\\\\sub-rust-project/osv-scanner.toml":       "/path/to/sub-rust-project/osv-scanner.toml",
-					"D:\\\\path\\\\to/osv-scanner.toml":                           "/path/to/osv-scanner.toml",
+					"D:\\\\path\\\\to\\\\sub-rust-project\\\\osv-scanner.toml":    "/path/to/sub-rust-project/osv-scanner.toml",
+					"D:\\\\path\\\\to\\\\osv-scanner.toml":                        "/path/to/osv-scanner.toml",
 					"file:///D:/path/to":                                          "file:///path/to",
 				},
 			),
@@ -100,9 +100,9 @@ func TestPrintSARIFReport_WithVulnerabilities(t *testing.T) {
 
 		testutility.NewSnapshot().WithWindowsReplacements(
 			map[string]string{
-				"path\\\\to\\\\my\\\\first/osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\third/osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\first\\\\osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\second\\\\osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\third\\\\osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
 			}).MatchText(t, outputWriter.String())
 	})
 }
@@ -122,9 +122,9 @@ func TestPrintSARIFReport_WithLicenseViolations(t *testing.T) {
 
 		testutility.NewSnapshot().WithWindowsReplacements(
 			map[string]string{
-				"path\\\\to\\\\my\\\\first/osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\third/osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\first\\\\osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\second\\\\osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\third\\\\osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
 			}).MatchText(t, outputWriter.String())
 	})
 }
@@ -144,9 +144,9 @@ func TestPrintSARIFReport_WithMixedIssues(t *testing.T) {
 
 		testutility.NewSnapshot().WithWindowsReplacements(
 			map[string]string{
-				"path\\\\to\\\\my\\\\first/osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\second/osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
-				"path\\\\to\\\\my\\\\third/osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\first\\\\osv-scanner.toml":  "path/to/my/first/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\second\\\\osv-scanner.toml": "path/to/my/second/osv-scanner.toml",
+				"path\\\\to\\\\my\\\\third\\\\osv-scanner.toml":  "path/to/my/third/osv-scanner.toml",
 			}).MatchText(t, outputWriter.String())
 	})
 }