Correctly set scheme for URIs in the SARIF report output

[3flex]

Fixes #4165

@TWiStErRob it would be great if you could test this - I've reviewed the output locally but haven't submitted anything to GitHub.

[TWiStErRob]

Sorry, it took me a while to start on this :) Here are my findings.

Test setup

https://github.com/TWiStErRob/detekt-4165

• A project with DGP applied
• 2 files in 2 modules producing MagicNumber
• CI that runs on all 3 OSs
• detekt built from sources, so we can use this branch!

Reports

Main branch CI: https://github.com/TWiStErRob/detekt-4165/actions/runs/5728342547
This PR's CI: https://github.com/TWiStErRob/detekt-4165/actions/runs/5728353537?pr=1
Main findings: https://github.com/TWiStErRob/detekt-4165/security/code-scanning?query=is%3Aopen+branch%3Amain+
Branch findings: https://github.com/TWiStErRob/detekt-4165/security/code-scanning?query=is%3Aopen+branch%3Afix

Results

• On the base branch (detekt 1.23.1) Windows analysis straight up fails, because the URI scheme was missing, this confirms 3flex's observation.

• On the fix branch all CI passes (uploads SARIFs correctly), so adding the file:/// prefix helped Windows.

• On the base branch the findings are not navigable (as per issue this PR fixes)

  Link and screenshot

  https://github.com/TWiStErRob/detekt-4165/security/code-scanning/10
  

• On the fix branch the Windows findings are navigable

  Link and screenshot

  https://github.com/TWiStErRob/detekt-4165/security/code-scanning/16
  

• On the fix branch the Unix findings are not navigable (as per Brais' observation)

  Link and screenshot

  https://github.com/TWiStErRob/detekt-4165/security/code-scanning/18
  

Next steps

• @3flex if you fix the "toURI()" function to be correct on all platforms I think we're good.
• I can easily re-execute the CI on the other repo to confirm.

I didn't see the test results

[TWiStErRob]

GitHub is now very happy with these changes!

https://github.com/TWiStErRob/detekt-4165/security/code-scanning?query=pr%3A1+tool%3Adetekt+is%3Aopen

Screenshots

Notice:

• There were 6 reports in the past, linux, mac, windows. 4/6 were not navigable.
• After your recent force-push, the original 6 issues were closed, and now there are only 2 detected 3 times by separate CI jobs.
• This means that the paths (including base dirs) cancel each other out, and it doesn't matter which platform you run detekt on, GitHub will see them just the same! 🎉

[codecov]

Codecov Report

All modified lines are covered by tests ✅

Comparison is base (f3308a1) 85.18% compared to head (71713e3) 85.18%.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #6331   +/-   ##
=========================================
  Coverage     85.18%   85.18%           
  Complexity     4037     4037           
=========================================
  Files           564      564           
  Lines         13273    13274    +1     
  Branches       2387     2387           
=========================================
+ Hits          11306    11307    +1     
  Misses          773      773           
  Partials       1194     1194           

Files	Coverage Δ
...in/kotlin/io/github/detekt/report/sarif/Results.kt	93.75% <100.00%> (ø)
...io/github/detekt/report/sarif/SarifOutputReport.kt	87.50% <100.00%> (+0.40%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[3flex]

@TWiStErRob if you could have a final look before merging that would be appreciated, thanks!

[TWiStErRob]

Trying to run the integration tests, but need to update the repro with Gradle 8.4 and detekt mainline (see #6523 (comment)).

[TWiStErRob]

Seems ok https://github.com/TWiStErRob/detekt-4165-2/security/code-scanning/2

The same issue is detected by all 3 platforms and preview is working:

[hfhbd]

Any chance to get a release containing this fix before detekt 2.0?

[cortinico]

Any chance to get a release containing this fix before detekt 2.0?

I'll include this in the upcoming 1.23.x release