From 60d159d579e138e84644bd9c4d37a14d613b3c50 Mon Sep 17 00:00:00 2001
From: Gabe Stocco <98900+gfs@users.noreply.github.com>
Date: Wed, 27 Mar 2024 15:36:45 -0700
Subject: [PATCH] Populate Metadata in Each Individual Sarif

Fixes an issue when using `--explodedoutput` and `--exportsarif` together.
---
 Cli/AttackSurfaceAnalyzerClient.cs | 9 ++++++---
 Lib/Objects/CommandOptions.cs      | 2 +-
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Cli/AttackSurfaceAnalyzerClient.cs b/Cli/AttackSurfaceAnalyzerClient.cs
index dbf1f835..68a5076d 100644
--- a/Cli/AttackSurfaceAnalyzerClient.cs
+++ b/Cli/AttackSurfaceAnalyzerClient.cs
@@ -714,7 +714,6 @@ private static ASA_ERROR RunExportCollectCommand(ExportCollectCommandOptions opt
 
         internal static ASA_ERROR ExportCompareResults(ConcurrentDictionary<(RESULT_TYPE, CHANGE_TYPE), ConcurrentBag<CompareResult>> resultsIn, ExportOptions opts, string baseFileName, string analysesHash, IEnumerable<AsaRule> rules)
         {
-            var results = resultsIn.Select(x => new KeyValuePair<string, object>($"{x.Key.Item1}_{x.Key.Item2}", x.Value)).ToDictionary(x => x.Key, x => x.Value);
             if (opts.DisableImplicitFindings) 
             {
                 var resultKeys = resultsIn.Keys;
@@ -724,6 +723,7 @@ internal static ASA_ERROR ExportCompareResults(ConcurrentDictionary<(RESULT_TYPE
                     resultsIn[key] = newBag;
                 }
             }
+            var results = resultsIn.Select(x => new KeyValuePair<string, object>($"{x.Key.Item1}_{x.Key.Item2}", x.Value)).ToDictionary(x => x.Key, x => x.Value);
             JsonSerializer serializer = JsonSerializer.Create(new JsonSerializerSettings()
             {
                 Formatting = Formatting.Indented,
@@ -747,10 +747,13 @@ internal static ASA_ERROR ExportCompareResults(ConcurrentDictionary<(RESULT_TYPE
                 Directory.CreateDirectory(path);
                 foreach (var key in results.Keys)
                 {
-                    string filePath = Path.Combine(path, AsaHelpers.MakeValidFileName(key));
+                    string filePath = Path.Combine(path, $"{AsaHelpers.MakeValidFileName(key)}.sarif");
                     if (opts.OutputSarif)
                     {
-                        WriteSarifLog(new Dictionary<string, object>() { { key, results[key] } }, rules, filePath, opts.DisableImplicitFindings);
+                        if (key != "metadata")
+                        {
+                            WriteSarifLog(new Dictionary<string, object>() { { "metadata", metadata }, { "results", new Dictionary<string, object>() { { key, results[key] } } } }, rules, filePath, opts.DisableImplicitFindings);
+                        }
                     }
                     else
                     {
diff --git a/Lib/Objects/CommandOptions.cs b/Lib/Objects/CommandOptions.cs
index b9df8eb5..99c05b70 100644
--- a/Lib/Objects/CommandOptions.cs
+++ b/Lib/Objects/CommandOptions.cs
@@ -243,7 +243,7 @@ public class ExportOptions : CommandOptions
         [Option(HelpText = "Set to Disable Analysis.")]
         public bool DisableAnalysis { get; set; }
 
-        [Option(HelpText = "Exploded output")]
+        [Option(HelpText = "Output Each Result Type in a Separate File")]
         public bool ExplodedOutput { get; set; }
 
         [Option(HelpText = "Directory to output to")]