-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SARIF support #40
Changes from all commits
60e3ac2
283382b
8627248
8d15b84
b2e0dce
40cfdd4
d916b98
db93036
6e42257
f9555df
40c367a
99c91a3
8af4705
427333f
369fadd
36e1fbd
747505a
d145c7f
0123103
ef1b694
16d625d
7fcf324
1b2da02
01f8bd8
17ad7a8
119f16f
57c7af8
7232414
74b39e6
9d91452
eca7fe0
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
require 'pathname' | ||
require 'uri' | ||
require 'puppet-lint/optparser' | ||
|
||
# Internal: The logic of the puppet-lint bin script, contained in a class for | ||
|
@@ -46,6 +48,21 @@ def run | |
|
||
begin | ||
path = @args[0] | ||
full_path = File.expand_path(path, ENV['PWD']) | ||
full_base_path = if File.directory?(full_path) | ||
full_path | ||
else | ||
File.dirname(full_path) | ||
end | ||
|
||
full_base_path_uri = if full_base_path.start_with?('/') | ||
'file://' + full_base_path | ||
else | ||
'file:///' + full_base_path | ||
end | ||
|
||
full_base_path_uri += '/' unless full_base_path_uri.end_with?('/') | ||
|
||
path = path.gsub(File::ALT_SEPARATOR, File::SEPARATOR) if File::ALT_SEPARATOR | ||
path = if File.directory?(path) | ||
Dir.glob("#{path}/**/*.pp") | ||
|
@@ -57,15 +74,14 @@ def run | |
|
||
return_val = 0 | ||
ignore_paths = PuppetLint.configuration.ignore_paths | ||
all_problems = [] | ||
|
||
puts '[' if PuppetLint.configuration.json | ||
path.each do |f| | ||
next if ignore_paths.any? { |p| File.fnmatch(p, f) } | ||
l = PuppetLint.new | ||
l.file = f | ||
l.run | ||
l.print_problems | ||
puts ',' if f != path.last && PuppetLint.configuration.json | ||
all_problems << l.print_problems | ||
|
||
if l.errors? || (l.warnings? && PuppetLint.configuration.fail_on_warnings) | ||
return_val = 1 | ||
|
@@ -76,7 +92,17 @@ def run | |
fd.write(l.manifest) | ||
end | ||
end | ||
puts ']' if PuppetLint.configuration.json | ||
|
||
if PuppetLint.configuration.sarif | ||
report_sarif(all_problems, full_base_path, full_base_path_uri) | ||
elsif PuppetLint.configuration.json | ||
all_problems.each do |problems| | ||
problems.each do |problem| | ||
problem.delete_if { |key, _| [:description, :help_uri].include?(key) } | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure the description must be excluded. The help URI also doesn't hurt IMHO. Perhaps a maintainer can weigh in on that. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Perhaps a maintainer can weigh in on that. ---- yes the only reason for this code block is I am trying to maintain the same JSON output as before, maintainer can advise if also want these 2 new properties in JSON and let me know to change accordingly. |
||
end | ||
end | ||
puts JSON.pretty_generate(all_problems) | ||
end | ||
|
||
return return_val | ||
rescue PuppetLint::NoCodeError | ||
|
@@ -85,4 +111,42 @@ def run | |
return 1 | ||
end | ||
end | ||
|
||
# Internal: Print the reported problems in SARIF format to stdout. | ||
# | ||
# problems - An Array of problem Hashes as returned by | ||
# PuppetLint::Checks#run. | ||
# | ||
# Returns nothing. | ||
def report_sarif(problems, base_path, base_path_uri) | ||
sarif_file = File.read(File.join(__dir__, 'report', 'sarif_template.json')) | ||
sarif = JSON.parse(sarif_file) | ||
sarif['runs'][0]['originalUriBaseIds']['ROOTPATH']['uri'] = base_path_uri | ||
rules = sarif['runs'][0]['tool']['driver']['rules'] = [] | ||
results = sarif['runs'][0]['results'] = [] | ||
problems.each do |messages| | ||
messages.each do |message| | ||
relative_path = Pathname.new(message[:fullpath]).relative_path_from(Pathname.new(base_path)) | ||
rules = sarif['runs'][0]['tool']['driver']['rules'] | ||
rule_exists = rules.any? { |r| r['id'] == message[:check] } | ||
unless rule_exists | ||
new_rule = { 'id' => message[:check] } | ||
new_rule['fullDescription'] = { 'text' => message[:description] } unless message[:description].nil? | ||
new_rule['fullDescription'] = { 'text' => 'Check for any syntax error and record an error of each instance found.' } if new_rule['fullDescription'].nil? && message[:check] == :syntax | ||
new_rule['defaultConfiguration'] = { 'level' => message[:KIND].downcase } if %w[error warning].include?(message[:KIND].downcase) | ||
new_rule['helpUri'] = message[:help_uri] unless message[:help_uri].nil? | ||
rules << new_rule | ||
end | ||
rule_index = rules.index { |r| r['id'] == message[:check] } | ||
result = { | ||
'ruleId' => message[:check], | ||
'ruleIndex' => rule_index, | ||
'message' => { 'text' => message[:message] }, | ||
'locations' => [{ 'physicalLocation' => { 'artifactLocation' => { 'uri' => relative_path, 'uriBaseId' => 'ROOTPATH' }, 'region' => { 'startLine' => message[:line], 'startColumn' => message[:column] } } }], | ||
} | ||
results << result | ||
end | ||
end | ||
puts JSON.pretty_generate(sarif) | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could affect usage via Rake. I don't know if people do this, but there are effectively 2 entry points: the bin file which you already found and Rake:
https://github.com/puppetlabs/puppet-lint/blob/020143b705b023946739eb44e7c7d99fcd087527/lib/puppet-lint/tasks/puppet-lint.rb#L88-L107=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for all the inputs! I will set the PR as draft for now and look into them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have followed this instruction:
https://github.com/puppetlabs/puppet-lint/blob/master/README.md#testing-with-puppet-lint-as-a-rake-task
then running
rake lint
seems not having issue and output result normally.I think running in rake currently only have normal
output does not support json option in the configuration, so the line highlighted will not be run in rake lint command, so should be good.