Validates that the sarif_compare_alerts tool correctly compares code locations
between two SARIF alerts from different rules to detect sink-level overlap.
test-input.sarif: A multi-rule SARIF file wherejs/sql-injectionresult 0 andjs/missing-rate-limitingresult 0 both referencesrc/routes/users.jsbut at different line ranges — so they should NOT have sink overlap.
The tool returns a comparison result with:
overlaps: false (the two alerts are at different lines in the same file)overlapMode: "sink"- Alert details for both A and B (ruleId, location, message)
- Empty
sharedLocationsarray