token validation fixes

formats/conversion.go

@@ -144,13 +144,19 @@ func ConvertToOperationalRiskViolationScanTableRow(rows []OperationalRiskViolati
 
 func ConvertToSecretsTableRow(rows []SourceCodeRow) (tableRows []secretsTableRow) {
 	for i := range rows {
+		var status string
+		var info string
+		if rows[i].Applicability != nil {
+			status = rows[i].Applicability.Status
+			info = rows[i].Applicability.ScannerDescription
+		}
 		tableRows = append(tableRows, secretsTableRow{
 			severity:        rows[i].Severity,
 			file:            rows[i].File,
 			lineColumn:      strconv.Itoa(rows[i].StartLine) + ":" + strconv.Itoa(rows[i].StartColumn),
 			secret:          rows[i].Snippet,
-			tokenValidation: jasutils.TokenValidationStatus(rows[i].Applicability.Status).ToString(),
-			tokenInfo:       jasutils.TokenValidationStatus(rows[i].Applicability.ScannerDescription).String(),
+			tokenValidation: jasutils.TokenValidationStatus(status).ToString(),
+			tokenInfo:       info,
 		})
 
 	}

formats/sarifutils/sarifutils.go

@@ -99,14 +99,6 @@ func GetResultProperty(key string, result *sarif.Result) string {
 	return ""
 }
 
-func GetResultPropertyTokenValidation(result *sarif.Result) string {
-	return GetResultProperty("tokenValidation", result)
-}
-
-func GetResultPropertyMetadata(result *sarif.Result) string {
-	return GetResultProperty("metadata", result)
-}
-
 func GetLocationRelatedCodeFlowsFromResult(location *sarif.Location, result *sarif.Result) (codeFlows []*sarif.CodeFlow) {
 	for _, codeFlow := range result.CodeFlows {
 		for _, stackTrace := range codeFlow.ThreadFlows {

utils/resultstable.go

@@ -353,8 +353,8 @@ func prepareSecrets(secrets []*sarif.Run, isTable bool) []formats.SourceCodeRow
 			}
 			for _, location := range secretResult.Locations {
 				var applicability *formats.Applicability
-				status := sarifutils.GetResultPropertyTokenValidation(secretResult)
-				statusDescription := sarifutils.GetResultPropertyMetadata(secretResult)
+				status := GetResultPropertyTokenValidation(secretResult)
+				statusDescription := GetResultPropertyMetadata(secretResult)
 				if status != "" || statusDescription != "" {
 					applicability = &formats.Applicability{Status: status,
 						ScannerDescription: statusDescription}
@@ -392,12 +392,16 @@ func prepareSecrets(secrets []*sarif.Run, isTable bool) []formats.SourceCodeRow
 	return secretsRows
 }
 
-func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool) error {
+func PrintSecretsTable(secrets []*sarif.Run, entitledForSecretsScan bool, tokenValidationEnabled bool) error {
 	if entitledForSecretsScan {
 		secretsRows := prepareSecrets(secrets, true)
 		log.Output()
-		return coreutils.PrintTable(formats.ConvertToSecretsTableRow(secretsRows), "Secret Detection",
+		err := coreutils.PrintTable(formats.ConvertToSecretsTableRow(secretsRows), "Secret Detection",
 			"✨ No secrets were found ✨", false)
+		if err == nil && entitledForSecretsScan && tokenValidationEnabled {
+			log.Output("This table contains multiple secret types, such as tokens, generic password, ssh keys and more, token validation is only supported on tokens.")
+		}
+		return err
 	}
 	return nil
 }
@@ -1047,6 +1051,14 @@ func GetRuleUndeterminedReason(rule *sarif.ReportingDescriptor) string {
 	return sarifutils.GetRuleProperty("undetermined_reason", rule)
 }
 
+func GetResultPropertyTokenValidation(result *sarif.Result) string {
+	return sarifutils.GetResultProperty("tokenValidation", result)
+}
+
+func GetResultPropertyMetadata(result *sarif.Result) string {
+	return sarifutils.GetResultProperty("metadata", result)
+}
+
 func getApplicabilityStatusFromRule(rule *sarif.ReportingDescriptor) jasutils.ApplicabilityStatus {
 	if rule.Properties["applicability"] != nil {
 		status, ok := rule.Properties["applicability"].(string)

utils/resultwriter.go

@@ -175,12 +175,9 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) {
 		}
 	}
 	if shouldPrintTable(rw.subScansPreformed, SecretsScan, rw.results.ResultType) {
-		if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil {
+		if err = PrintSecretsTable(rw.results.ExtendedScanResults.SecretsScanResults, rw.results.ExtendedScanResults.EntitledForJas, rw.results.ExtendedScanResults.SecretValidation); err != nil {
 			return
 		}
-		if rw.results.ExtendedScanResults.SecretValidation && rw.results.ExtendedScanResults.EntitledForJas {
-			log.Output("This table contains multiple secret types, such as tokens, generic password, ssh keys and more, token validation is only supported on tokens.")
-		}
 	}
 	if shouldPrintTable(rw.subScansPreformed, IacScan, rw.results.ResultType) {
 		if err = PrintIacTable(rw.results.ExtendedScanResults.IacScanResults, rw.results.ExtendedScanResults.EntitledForJas); err != nil {
@@ -791,10 +788,10 @@ func getBinaryLocationMarkdownString(commandType CommandType, subScanType SubSca
 	if snippet := sarifutils.GetLocationSnippet(location); snippet != "" {
 		content += fmt.Sprintf("\nEvidence: %s", snippet)
 	}
-	if tokenValidation := sarifutils.GetResultPropertyTokenValidation(result); tokenValidation != "" {
+	if tokenValidation := GetResultPropertyTokenValidation(result); tokenValidation != "" {
 		content += fmt.Sprintf("\nToken Validation %s", tokenValidation)
 	}
-	if metadata := sarifutils.GetResultPropertyMetadata(result); metadata != "" {
+	if metadata := GetResultPropertyMetadata(result); metadata != "" {
 		content += fmt.Sprintf("\nMetadata %s", metadata)
 	}
 	return