fix(snyk): add test & update README

README.md

@@ -142,6 +142,7 @@ Other dedicated linters that are built-in are:
 | [Ruff][ruff]                       | `ruff`                 |
 | [Selene][31]                       | `selene`               |
 | [ShellCheck][10]                   | `shellcheck`           |
+| [snyk][snyk]                       | `snyk`                 |
 | [sqlfluff][sqlfluff]               | `sqlfluff`             |
 | [standardjs][standardjs]           | `standardjs`           |
 | [StandardRB][27]                   | `standardrb`           |
@@ -397,3 +398,4 @@ busted tests/
 [ec]: https://github.com/editorconfig-checker/editorconfig-checker
 [deno]: https://github.com/denoland/deno
 [standardjs]: https://standardjs.com/
+[snyk]: https://github.com/snyk/cli

lua/lint/linters/snyk_iac.lua

@@ -22,8 +22,10 @@ return {
       local err = {
         source = "snyk",
         message = string.format("%s - %s - %s", result.title, result.issue, result.impact),
-        lnum = result.lineNumber,
-        col = 1,
+        lnum = result.lineNumber - 1,
+        end_lnum = result.lineNumber - 1,
+        col = result.lineNumber,
+        end_col = result.lineNumber,
         code = result.id,
         severity = severity_map[result.severity],
       }

tests/snyk_spec.lua

@@ -0,0 +1,82 @@
+describe("linter.snyk", function()
+  it("Parses output sample", function()
+    local parser = require("lint.linters.snyk").parser
+    local bufnr = vim.uri_to_bufnr("file:///main.tf")
+    local output = [[
+{
+  "meta": {
+    "isPrivate": true,
+    "isLicensesEnabled": false,
+    "ignoreSettings": {
+      "adminOnly": true,
+      "reasonRequired": true,
+      "disregardFilesystemIgnores": false
+    },
+    "org": "",
+    "orgPublicId": "",
+    "policy": ""
+  },
+  "filesystemPolicy": false,
+  "vulnerabilities": [],
+  "dependencyCount": 0,
+  "licensesPolicy": null,
+  "ignoreSettings": null,
+  "targetFile": "main.tf",
+  "projectName": "example-tf",
+  "org": "",
+  "policy": "",
+  "isPrivate": true,
+  "targetFilePath": "/home/Projects/tmp/example-tf/main.tf",
+  "packageManager": "terraformconfig",
+  "path": "main.tf",
+  "projectType": "terraformconfig",
+  "ok": false,
+  "infrastructureAsCodeIssues": [
+    {
+      "id": "SNYK-CC-TF-119",
+      "title": "IAM Policy grants full administrative rights",
+      "severity": "medium",
+      "isIgnored": false,
+      "subType": "IAM",
+      "documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-TF-119",
+      "isGeneratedByCustomRule": false,
+      "issue": "The IAM Policy grants all permissions to all resources",
+      "impact": "Any identity with this policy will have full administrative rights in the account",
+      "resolve": "Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`",
+      "remediation": {
+        "cloudformation": "Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`",
+        "terraform": "Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`"
+      },
+      "lineNumber": 20,
+      "iacDescription": {
+        "issue": "The IAM Policy grants all permissions to all resources",
+        "impact": "Any identity with this policy will have full administrative rights in the account",
+        "resolve": "Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`"
+      },
+      "publicId": "SNYK-CC-TF-119",
+      "msg": "data.aws_iam_policy_document[foo]",
+      "references": [
+        "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html"
+      ],
+      "path": ["data", "aws_iam_policy_document[foo]"],
+      "compliance": []
+    }
+  ]
+}
+    ]]
+    local result = parser(output, bufnr)
+    local expected = {
+      {
+        source = "snyk",
+        message = "IAM Policy grants full administrative rights - The IAM Policy grants all permissions to all resources - Any identity with this policy will have full administrative rights in the account",
+        lnum = 19,
+        end_lnum = 19,
+        col = 20,
+        end_col = 20,
+        severity = vim.diagnostic.severity.WARN,
+        code = "SNYK-CC-TF-119",
+      },
+    }
+    assert.are.same(expected, result)
+  end)
+end)