Add SARIF support to all PHP linters #3515
Assignees
Labels
enhancement
New feature or request
Comments
|
I've a good news for all audience ! Rather than just create a SARIF support for PHP_CodeSnifffer, I've today continue my work to produce support to :
A little teaser : I'll soon (next days) release a version 1.2.0 of As soon as the new version of More explains will come on https://github.com/llaville/sarif-php-sdk when branch |
|
@llaville I'm sad to not work on PHP to benefit from your great updates, but happy that the MegaLinter community will be able to enjoy them 🥳 |
llaville
changed the title
|
After analysis of Psalm source code, I confirm that latest version (currently 5.23.1), does not support additional report that the ones defined in Core. See https://github.com/vimeo/psalm/blob/5.23.1/src/Psalm/Internal/Analyzer/ProjectAnalyzer.php#L328-L366 So my package |
|
I plan to release version 1.2.0 of |
|
Yesterday, I've released https://github.com/llaville/sarif-php-sdk/releases/tag/1.2.0 And probably tomorrow, I should be able to build a patch for MegaLinter v7 |
Patch, part 1/3Seems good ... at least for PHPLint (9.2.0)
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:rw -v $(pwd):/tmp/lint:rw -e ENABLE=PHP -e SARIF_REPORTER=true -e LOG_LEVEL=debug -e PARALLEL=false -e PHP_PHPLINT_ARGUMENTS="-v" <DOCKER_IMAGE_ID>NB:
I don't copy/paste SARIF log file but all is OK !!! |
llaville
added a commit
that referenced
this issue
May 3, 2024
|
Have initialized new branch Next, will come later ... |
Patch, part 2/3Now, it's turn to do it for PHP_CodeSniffer. I run in trouble with many issues; I'll give you then my experience feedback here ! PHPLint 9.2 depends on As previous installation of these linters are done with PHIVE (PHAR distribution), we cannot use this strategy. So the only one solution is to install with Composer. On Alpine 3.19, Composer (2.7.4) depends on PHP 8.2 components See * https://pkgs.alpinelinux.org/package/v3.19/community/x86_64/composer While upcoming Composer (2.7.5) depends on PHP 8.3 components See * https://pkgs.alpinelinux.org/package/edge/community/x86_64/composer
And results are pretty good : |
llaville
added a commit
that referenced
this issue
May 4, 2024
Patch, part 3/3And to finish, it's turn to do it for PHPStan. I used the same strategy as for PHPCS And results are pretty good : |
llaville
added a commit
that referenced
this issue
May 4, 2024
llaville
added a commit
that referenced
this issue
May 4, 2024
llaville
added a commit
that referenced
this issue
May 4, 2024
llaville
added a commit
that referenced
this issue
May 4, 2024
|
Spell Linter is a bit rough when new word is not in is dictionary :
|
|
@llaville you can get an updated cspell.json in MegaLinter artifacts, just overwrite the one in the repo and check for updated lines to confirm added exceptions are not spelling mistakes ^^ |
llaville
added a commit
that referenced
this issue
May 5, 2024
llaville
added a commit
that referenced
this issue
May 5, 2024
llaville
added a commit
that referenced
this issue
May 5, 2024
|
Add new commit 505247d to fix cspell issue |
|
I don't think what you know about this feature request status, but perharps we need more time to test if we found regression before to suggest a new PR ? Agree ? |
|
@llaville CI test cases are here to confirm that there are no regressions about linters , and anyway we don't release a new version every week so we'll have the time to make additional tests with the future beta version :) |
llaville
added a commit
that referenced
this issue
May 10, 2024
llaville
added a commit
that referenced
this issue
May 10, 2024
llaville
added a commit
that referenced
this issue
May 10, 2024
llaville
added a commit
that referenced
this issue
May 10, 2024
4 tasks
nvuillam
added a commit
that referenced
this issue
May 13, 2024
* patch part 1/3 for PHP_PHPLINT and SARIF support (see feature request #3515) * patch part 2/3 for PHP_PHPCS and SARIF support (see feature request #3515) * patch part 3/3 for PHP_PHPSTAN and SARIF support (see feature request #3515) * fix cspell linter dict about unknown word 'codesniffer' * update changelog related to feature #3515 * update after running bash build.py * [MegaLinter] Apply linters fixes --------- Co-authored-by: Nicolas Vuillamy <nicolas.vuillamy@gmail.com> Co-authored-by: llaville <llaville@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the solution you'd like
Add SARIF output on
PHP_PHPCSlinter.@nvuillam Ask for it in December 2021 on official PHP_CodeSniffer project (see squizlabs/PHP_CodeSniffer#3496)
Describe alternatives you've considered
Continue without SARIF support for
PHP_PHPCSlinterAdditional context
MegaLinter automation contains test files and reports : see https://github.com/oxsecurity/megalinter/tree/main/.automation/test/
E.g : With https://github.com/oxsecurity/megalinter/tree/main/.automation/test/php source files
Current version of PHP_CodeSniffer (3.9.2) gave following results on these previous source files :
--report=summary
--report=source
Following recommendation of @jrfnl (squizlabs/PHP_CodeSniffer#3496 (comment)), I've started to write a POC today, that is able to produce following SARIF output on same previous source files
--report-file=phpcs.sarif
With, e.g, such kind of config file
.phpcs.xml.dist{ "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "version": "2.1.0", "runs": [ { "tool": { "driver": { "name": "PHP_CodeSniffer", "semanticVersion": "3.9.2.0", "informationUri": "https://github.com/squizlabs/PHP_CodeSniffer", "rules": [ { "id": "PSR12.Operators.OperatorSpacing.NoSpaceBefore", "properties": { "frequency": 4 } }, { "id": "PSR12.Operators.OperatorSpacing.NoSpaceAfter", "properties": { "frequency": 3 } }, { "id": "PSR1.Files.SideEffects.FoundWithSymbols", "properties": { "frequency": 1 } }, { "id": "Squiz.Functions.MultiLineFunctionDeclaration.BraceOnSameLine", "properties": { "frequency": 1 } }, { "id": "PSR2.Methods.FunctionCallSignature.SpaceBeforeOpenBracket", "properties": { "frequency": 1 } }, { "id": "Squiz.ControlStructures.ControlSignature.NewlineAfterOpenBrace", "properties": { "frequency": 1 } }, { "id": "Squiz.WhiteSpace.ScopeClosingBrace.ContentBefore", "properties": { "frequency": 1 } } ] } }, "invocations": [ { "executionSuccessful": true, "workingDirectory": { "uri": "file:///shared/backups/bartlett/phpcs-sarif-report/" }, "properties": { "totals.files": 2, "totals.errors": 11, "totals.warnings": 1, "totals.fixable": 11 } } ], "results": [ { "message": { "text": "Expected at least 1 space before \"-\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceBefore", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 9 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space after \"-\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceAfter", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 9 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space before \"=\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceBefore", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 17 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space after \"=\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceAfter", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 17 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space before \"-\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceBefore", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 26 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space before \"-\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceBefore", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 58 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Expected at least 1 space after \"-\"; 0 found" }, "ruleId": "PSR12.Operators.OperatorSpacing.NoSpaceAfter", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_1.php" }, "region": { "startLine": 3, "startColumn": 58 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "A file should declare new symbols (classes, functions, constants, etc.) and cause no other side effects, or it should execute logic with side effects, but should not do both. The first symbol is defined on line 6 and the first side effect is on line 10." }, "ruleId": "PSR1.Files.SideEffects.FoundWithSymbols", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_2.php" }, "region": { "startLine": 1, "startColumn": 1 } } } ], "properties": { "severity": "warning", "fixable": false } }, { "message": { "text": "Opening brace should be on a new line" }, "ruleId": "Squiz.Functions.MultiLineFunctionDeclaration.BraceOnSameLine", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_2.php" }, "region": { "startLine": 6, "startColumn": 29 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Space before opening parenthesis of function call prohibited" }, "ruleId": "PSR2.Methods.FunctionCallSignature.SpaceBeforeOpenBracket", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_2.php" }, "region": { "startLine": 14, "startColumn": 1 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Newline required after opening brace" }, "ruleId": "Squiz.ControlStructures.ControlSignature.NewlineAfterOpenBrace", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_2.php" }, "region": { "startLine": 15, "startColumn": 23 } } } ], "properties": { "severity": "error", "fixable": true } }, { "message": { "text": "Closing brace must be on a line by itself" }, "ruleId": "Squiz.WhiteSpace.ScopeClosingBrace.ContentBefore", "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "file:///shared/backups/github/megalinter/.automation/test/php/php_bad_2.php" }, "region": { "startLine": 15, "startColumn": 24 } } } ], "properties": { "severity": "error", "fixable": true } } ] } ] }Repository with source code of this new CodeSniffer Report will be soon available.
The text was updated successfully, but these errors were encountered: