code-scanning-standard 0.0.1.alpha

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 7c4920d5be91ba59e4b5c173d219207fa772deef4a4ce9bb561aeaed582bda7e
4
+ data.tar.gz: 85c878c2bb7eb04877dc4c0bbdfc9752292617f1913791ac2bbbeea3ec7000d8
5
+ SHA512:
6
+ metadata.gz: 457b75c1ba8c3b33af0ad3592ae7163dbb44f8dec1accb7c0417cc2d50e53079205ed9de2ce3d490685666af0bb422742480e5bd6a4db5b2a5a45d24491fcc2b
7
+ data.tar.gz: 5edc0dbeeb05d35bee66ec820b9f4feeb6ffa3f176bcb65f8fc259c7c585e907fb33b35d8e0b3065d9126c0385923196fee2e6c3177fba5cdfc482429537f630
@@ -0,0 +1,23 @@
1
+ name: Ruby
2
+
3
+ on:
4
+ push:
5
+ branches: [ master ]
6
+ pull_request:
7
+ branches: [ master ]
8
+
9
+ jobs:
10
+ test:
11
+
12
+ runs-on: ubuntu-latest
13
+
14
+ steps:
15
+ - uses: actions/checkout@v2
16
+ - name: Set up Ruby
17
+ uses: ruby/setup-ruby@v1
18
+ with:
19
+ ruby-version: 2.6
20
+ - name: Install dependencies
21
+ run: bundle install
22
+ - name: Run tests
23
+ run: bundle exec rake
@@ -0,0 +1,34 @@
1
+ name: "RuboCop"
2
+
3
+ on: [push]
4
+
5
+ jobs:
6
+ rubocop_job:
7
+ runs-on: ubuntu-latest
8
+ name: Code Scanning job run
9
+ strategy:
10
+ fail-fast: false
11
+
12
+ steps:
13
+ - name: Checkout repository
14
+ uses: actions/checkout@v2
15
+
16
+ - name: Set up Ruby
17
+ uses: ruby/setup-ruby@v1
18
+ with:
19
+ ruby-version: 2.6
20
+
21
+ - name: Install dependencies
22
+ run: bundle install
23
+
24
+ - name: RuboCop run
25
+ run: |
26
+ bash -c "
27
+ bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
28
+ [[ $? -ne 2 ]]
29
+ "
30
+
31
+ - name: Upload Sarif output
32
+ uses: github/codeql-action/upload-sarif@v1
33
+ with:
34
+ sarif_file: rubocop.sarif
@@ -0,0 +1,56 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ # Ignore Byebug command history file.
17
+ .byebug_history
18
+
19
+ ## Specific to RubyMotion:
20
+ .dat*
21
+ .repl_history
22
+ build/
23
+ *.bridgesupport
24
+ build-iPhoneOS/
25
+ build-iPhoneSimulator/
26
+
27
+ ## Specific to RubyMotion (use of CocoaPods):
28
+ #
29
+ # We recommend against adding the Pods directory to your .gitignore. However
30
+ # you should judge for yourself, the pros and cons are mentioned at:
31
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
32
+ #
33
+ # vendor/Pods/
34
+
35
+ ## Documentation cache and generated files:
36
+ /.yardoc/
37
+ /_yardoc/
38
+ /doc/
39
+ /rdoc/
40
+
41
+ ## Environment normalization:
42
+ /.bundle/
43
+ /vendor/bundle
44
+ /lib/bundler/man/
45
+
46
+ # for a library or gem, you might want to ignore these files since the code is
47
+ # intended to run in multiple environments; otherwise, check them in:
48
+ # Gemfile.lock
49
+ # .ruby-version
50
+ # .ruby-gemset
51
+
52
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
53
+ .rvmrc
54
+
55
+ # Used by RuboCop. Remote config files pulled in from inherit_from directive.
56
+ # .rubocop-https?--*
@@ -0,0 +1,127 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our
6
+ community a harassment-free experience for everyone, regardless of age, body
7
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
8
+ identity and expression, level of experience, education, socio-economic status,
9
+ nationality, personal appearance, race, religion, or sexual identity
10
+ and orientation.
11
+
12
+ We pledge to act and interact in ways that contribute to an open, welcoming,
13
+ diverse, inclusive, and healthy community.
14
+
15
+ ## Our Standards
16
+
17
+ Examples of behavior that contributes to a positive environment for our
18
+ community include:
19
+
20
+ - Demonstrating empathy and kindness toward other people
21
+ - Being respectful of differing opinions, viewpoints, and experiences
22
+ - Giving and gracefully accepting constructive feedback
23
+ - Accepting responsibility and apologizing to those affected by our mistakes,
24
+ and learning from the experience
25
+ - Focusing on what is best not just for us as individuals, but for the
26
+ overall community
27
+
28
+ Examples of unacceptable behavior include:
29
+
30
+ - The use of sexualized language or imagery, and sexual attention or
31
+ advances of any kind
32
+ - Trolling, insulting or derogatory comments, and personal or political attacks
33
+ - Public or private harassment
34
+ - Publishing others' private information, such as a physical or email
35
+ address, without their explicit permission
36
+ - Other conduct which could reasonably be considered inappropriate in a
37
+ professional setting
38
+
39
+ ## Enforcement Responsibilities
40
+
41
+ Community leaders are responsible for clarifying and enforcing our standards of
42
+ acceptable behavior and will take appropriate and fair corrective action in
43
+ response to any behavior that they deem inappropriate, threatening, offensive,
44
+ or harmful.
45
+
46
+ Community leaders have the right and responsibility to remove, edit, or reject
47
+ comments, commits, code, wiki edits, issues, and other contributions that are
48
+ not aligned to this Code of Conduct, and will communicate reasons for moderation
49
+ decisions when appropriate.
50
+
51
+ ## Scope
52
+
53
+ This Code of Conduct applies within all community spaces, and also applies when
54
+ an individual is officially representing the community in public spaces.
55
+ Examples of representing our community include using an official e-mail address,
56
+ posting via an official social media account, or acting as an appointed
57
+ representative at an online or offline event.
58
+
59
+ ## Enforcement
60
+
61
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
62
+ reported to the community leaders responsible for enforcement at andrewmcodes\@protonmail\.com.
63
+ All complaints will be reviewed and investigated promptly and fairly.
64
+
65
+ All community leaders are obligated to respect the privacy and security of the
66
+ reporter of any incident.
67
+
68
+ ## Enforcement Guidelines
69
+
70
+ Community leaders will follow these Community Impact Guidelines in determining
71
+ the consequences for any action they deem in violation of this Code of Conduct:
72
+
73
+ ### 1. Correction
74
+
75
+ **Community Impact**: Use of inappropriate language or other behavior deemed
76
+ unprofessional or unwelcome in the community.
77
+
78
+ **Consequence**: A private, written warning from community leaders, providing
79
+ clarity around the nature of the violation and an explanation of why the
80
+ behavior was inappropriate. A public apology may be requested.
81
+
82
+ ### 2. Warning
83
+
84
+ **Community Impact**: A violation through a single incident or series
85
+ of actions.
86
+
87
+ **Consequence**: A warning with consequences for continued behavior. No
88
+ interaction with the people involved, including unsolicited interaction with
89
+ those enforcing the Code of Conduct, for a specified period of time. This
90
+ includes avoiding interactions in community spaces as well as external channels
91
+ like social media. Violating these terms may lead to a temporary or
92
+ permanent ban.
93
+
94
+ ### 3. Temporary Ban
95
+
96
+ **Community Impact**: A serious violation of community standards, including
97
+ sustained inappropriate behavior.
98
+
99
+ **Consequence**: A temporary ban from any sort of interaction or public
100
+ communication with the community for a specified period of time. No public or
101
+ private interaction with the people involved, including unsolicited interaction
102
+ with those enforcing the Code of Conduct, is allowed during this period.
103
+ Violating these terms may lead to a permanent ban.
104
+
105
+ ### 4. Permanent Ban
106
+
107
+ **Community Impact**: Demonstrating a pattern of violation of community
108
+ standards, including sustained inappropriate behavior, harassment of an
109
+ individual, or aggression toward or disparagement of classes of individuals.
110
+
111
+ **Consequence**: A permanent ban from any sort of public interaction within
112
+ the community.
113
+
114
+ ## Attribution
115
+
116
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
117
+ version 2.0, available at
118
+ https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
119
+
120
+ Community Impact Guidelines were inspired by [Mozilla's code of conduct
121
+ enforcement ladder](https://github.com/mozilla/diversity).
122
+
123
+ [homepage]: https://www.contributor-covenant.org
124
+
125
+ For answers to common questions about this code of conduct, see the FAQ at
126
+ https://www.contributor-covenant.org/faq. Translations are available at
127
+ https://www.contributor-covenant.org/translations.
@@ -0,0 +1,6 @@
1
+ FROM ruby:2.7.1
2
+
3
+ ARG GITHUB_WORKSPACE
4
+
5
+ COPY entrypoint.sh /entrypoint.sh
6
+ ENTRYPOINT ["/entrypoint.sh"]
data/Gemfile ADDED
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ source "https://rubygems.org"
4
+
5
+ # Specify your gem's dependencies in code-scanning-standard.gemspec
6
+ gemspec
7
+
8
+ gem "minitest", "~> 5.0"
9
+ gem "rake", "~> 13.0"
@@ -0,0 +1,47 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ code-scanning-standard (0.0.1.alpha)
5
+ standard (>= 0.5, < 1)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ ast (2.4.1)
11
+ minitest (5.14.2)
12
+ parallel (1.19.2)
13
+ parser (2.7.1.4)
14
+ ast (~> 2.4.1)
15
+ rainbow (3.0.0)
16
+ rake (13.0.1)
17
+ regexp_parser (1.7.1)
18
+ rexml (3.2.4)
19
+ rubocop (0.90.0)
20
+ parallel (~> 1.10)
21
+ parser (>= 2.7.1.1)
22
+ rainbow (>= 2.2.2, < 4.0)
23
+ regexp_parser (>= 1.7)
24
+ rexml
25
+ rubocop-ast (>= 0.3.0, < 1.0)
26
+ ruby-progressbar (~> 1.7)
27
+ unicode-display_width (>= 1.4.0, < 2.0)
28
+ rubocop-ast (0.3.0)
29
+ parser (>= 2.7.1.4)
30
+ rubocop-performance (1.8.0)
31
+ rubocop (>= 0.87.0)
32
+ ruby-progressbar (1.10.1)
33
+ standard (0.6.0)
34
+ rubocop (~> 0.90)
35
+ rubocop-performance (~> 1.8.0)
36
+ unicode-display_width (1.7.0)
37
+
38
+ PLATFORMS
39
+ ruby
40
+
41
+ DEPENDENCIES
42
+ code-scanning-standard!
43
+ minitest (~> 5.0)
44
+ rake (~> 13.0)
45
+
46
+ BUNDLED WITH
47
+ 2.1.4
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ # MIT LICENSE
2
+
3
+ Copyright (c) 2020 Andrew Mason <andrewmcodes@protonmail.com>
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,99 @@
1
+ # WIP: CodeScanning::Standard
2
+
3
+ 'code-scanning-standard' is a gem to integrate Standard, also known as StandardRB, and GitHub's code scanning feature.
4
+
5
+ The repository is composed by two components:
6
+
7
+ 1. The gem which can be installed in any Ruby application
8
+ 2. A default GitHub action to jumpstart usage
9
+
10
+ The RubyGem adds a `SARIF` exporter to the Standard runner. GitHub's code scanning feature accepts a `SARIF` file with the 'results' (alerts) generated by the tool.
11
+
12
+ The action, is what will run Standard with the exporter.
13
+
14
+ > Note: you can only run the gem within your application, and have our own action that calls Standard.
15
+
16
+ See more in the Installation and Usage sections.
17
+
18
+ ## Action Installation
19
+
20
+ The easiest way to install the integration, is this action template below. It will install the gem in your app and run it from you within GitHub's action environment.
21
+
22
+ To install the action, create a file: `.github/workflows/standard-analysis.yml`.
23
+
24
+ It should look like:
25
+
26
+ ```yaml
27
+ # .github/workflows/standard-analysis.yml
28
+ name: "Standard"
29
+
30
+ on: [push]
31
+
32
+ jobs:
33
+ standard:
34
+ runs-on: ubuntu-latest
35
+ strategy:
36
+ fail-fast: false
37
+
38
+ steps:
39
+ - name: Checkout repository
40
+ uses: actions/checkout@v2
41
+ - name: Set up Ruby 2.7.1
42
+ uses: ruby/setup-ruby@v1
43
+ with:
44
+ ruby-version: 2.7.1
45
+ # This step is not necessary if you add the gem to your Gemfile
46
+ - name: Install Code Scanning integration
47
+ run: bundle add code-scanning-standard --skip-install
48
+ - name: Install dependencies
49
+ run: bundle install
50
+ - name: Standard run
51
+ run: |
52
+ bash -c "
53
+ bundle exec standard --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
54
+ [[ $? -ne 2 ]]
55
+ "
56
+
57
+ - name: Upload Sarif output
58
+ uses: github/codeql-action/upload-sarif@v1
59
+ with:
60
+ sarif_file: standard.sarif
61
+ ```
62
+
63
+ ## Gem installation & usage in a custom action
64
+
65
+ Note: this is not necessary if you use the action above.
66
+
67
+ To install the gem add this line to your application's Gemfile:
68
+
69
+ ```ruby
70
+ gem 'code-scanning-standard'
71
+ ```
72
+
73
+ Then, in your custom GitHub's action, you need to run Standard and make sure you give it the `SarifFormatter`:
74
+
75
+ ```bash
76
+ bundle exec standardrb --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
77
+ ```
78
+
79
+ As a last step, make sure you upload the `standard.sarif` file to the code-scan integration. That will create the Code Scanning alerts.
80
+ Thus, add this step to your custom Standard workflow:
81
+
82
+ ```yaml
83
+ - name: Upload Sarif output
84
+ uses: github/codeql-action/upload-sarif@v1
85
+ with:
86
+ sarif_file: standard.sarif
87
+ ```
88
+
89
+ ## Contributing
90
+
91
+ Bug reports and pull requests are welcome on GitHub at https://github.com/andrewmcodes/code-scanning-standard. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/andrewmcodes/code-scanning-standard/blob/main/CODE_OF_CONDUCT.md).
92
+
93
+ ## License
94
+
95
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
96
+
97
+ ## Code of Conduct
98
+
99
+ Everyone interacting in the Code::Scanning::Rubocop project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/andrewmcodes/code-scanning-standard/blob/main/CODE_OF_CONDUCT.md).
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bundler/gem_tasks"
4
+ require "rake/testtask"
5
+
6
+ Rake::TestTask.new(:test) do |t|
7
+ t.libs << "test"
8
+ t.libs << "lib"
9
+ t.test_files = FileList["test/**/*_test.rb"]
10
+ end
11
+
12
+ task :generate_rules do
13
+ require_relative "lib/code_scanning/rules_generator"
14
+
15
+ begin
16
+ output_file = "#{Time.now.strftime('%Y%m%d')}.sarif"
17
+ puts "Cloning rubocop repository to read manuals"
18
+ puts
19
+
20
+ sh "git clone git@github.com:testdouble/standard.git _tmp"
21
+
22
+ gen = QHelpGenerator.new
23
+ Dir["_tmp/manual/cops_*.md"].each do |f|
24
+ gen.parse_file(f)
25
+ end
26
+ puts
27
+ puts "Writing rules help sarif to '#{output_file}' file"
28
+ puts
29
+ File.write(output_file, gen.sarif_json)
30
+ ensure
31
+ sh "rm -rf _tmp"
32
+ end
33
+ end
34
+
35
+ task default: :test
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require "bundler/setup"
5
+ require "code_scanning"
6
+
7
+ # You can add fixtures and/or initialization code here to make experimenting
8
+ # with your gem easier. You can also use a different console, if you like.
9
+
10
+ # (If you use this, don't forget to add pry to your Gemfile!)
11
+ # require "pry"
12
+ # Pry.start
13
+
14
+ require "irb"
15
+ IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,33 @@
1
+ require_relative "lib/code_scanning/standard/version"
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = "code-scanning-standard"
5
+ spec.version = CodeScanning::Standard::VERSION
6
+ spec.authors = ["Andrew Mason"]
7
+ spec.email = %w[andrewmcodes@protonmail.com]
8
+ spec.summary = "Extra formater to make StandardRB compatible with GitHub's code-scanning feature."
9
+ spec.description = "This gem adds a SARIF formatter to Standard, so we can export alerts as code scans inside of GitHub."
10
+ spec.homepage = "https://github.com/andrewmcodes/code-scanning-standard"
11
+ spec.license = "MIT"
12
+ spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
13
+
14
+ spec.metadata = {
15
+ # "allowed_push_host" => "TODO: Set to 'http://mygemserver.com'"
16
+ "bug_tracker_uri" => "#{spec.homepage}/issues",
17
+ "changelog_uri" => "#{spec.homepage}/blob/main/CHANGELOG.md",
18
+ "documentation_uri" => spec.homepage,
19
+ "homepage_uri" => spec.homepage,
20
+ "source_code_uri" => spec.homepage
21
+ }
22
+
23
+ spec.files =
24
+ Dir.chdir(File.expand_path("..", __FILE__)) do
25
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
26
+ end
27
+
28
+ spec.bindir = "exe"
29
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
30
+ spec.require_paths = %w[lib]
31
+
32
+ spec.add_dependency "standard", ">= 0.5", "< 1"
33
+ end
@@ -0,0 +1,19 @@
1
+ #!/bin/sh
2
+
3
+ set -x
4
+
5
+ cd $GITHUB_WORKSPACE
6
+
7
+ # Install correct bundler version
8
+ gem install bundler -v "$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1)"
9
+
10
+ bundle add code-scanning-standard --version 0.2.0 --skip-install
11
+
12
+ bundle install
13
+ bundle exec standard --require code_scanning --format CodeScanning::SarifFormatter -o standard.sarif
14
+
15
+ if [ ! -f standard.sarif ]; then
16
+ exit 1
17
+ else
18
+ exit 0
19
+ fi
@@ -0,0 +1,9 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "standard"
4
+ require "rubocop"
5
+
6
+ module CodeScanning
7
+ end
8
+
9
+ require_relative "code_scanning/standard/sarif_formatter"
@@ -0,0 +1,36 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../code_scanning"
4
+
5
+ class QHelpGenerator
6
+ def initialize
7
+ @formatter = CodeScanning::SarifFormatter.new(nil)
8
+ end
9
+
10
+ def parse_file(path_to_file)
11
+ file = File.open(path_to_file)
12
+ current_rule = nil
13
+ file.each_with_index do |line, index|
14
+ # title: skip
15
+ next if index.zero?
16
+
17
+ if line[0..2] == "## "
18
+ current_cop = line[3..-2]
19
+ current_rule, _index = @formatter.get_rule(current_cop, nil)
20
+ next
21
+ end
22
+
23
+ next if current_rule.nil?
24
+ if line == "\n" && current_rule.help_empty?
25
+ # Don't start the help text with new lines
26
+ next
27
+ end
28
+
29
+ current_rule.append_help(line)
30
+ end
31
+ end
32
+
33
+ def sarif_json
34
+ @formatter.sarif_json
35
+ end
36
+ end
@@ -0,0 +1,99 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "pathname"
4
+
5
+ module CodeScanning
6
+ class Rule
7
+ def initialize(cop_name, severity = nil)
8
+ @cop_name = cop_name
9
+ @severity = severity.to_s
10
+ @cop = RuboCop::Cop::Cop.registry.find_by_cop_name(cop_name)
11
+ @help = StringIO.new
12
+ end
13
+
14
+ def id
15
+ @cop_name
16
+ end
17
+
18
+ def append_help(line)
19
+ @help.print(line)
20
+ end
21
+
22
+ def help_empty?
23
+ @help.size.zero?
24
+ end
25
+
26
+ def ==(other)
27
+ badge.match?(other.badge)
28
+ end
29
+ alias_method :eql?, :==
30
+
31
+ def badge
32
+ @cop.badge
33
+ end
34
+
35
+ def sarif_severity
36
+ cop_severity = @cop.new.send(:find_severity, nil, @severity)
37
+ return cop_severity if %w[warning error].include?(cop_severity)
38
+ return "note" if %w[refactor convention].include?(cop_severity)
39
+ return "error" if cop_severity == "fatal"
40
+
41
+ "none"
42
+ end
43
+
44
+ # The URL for the docs are in this format:
45
+ # https://docs.rubocop.org/en/stable/cops_layout/#layoutblockendnewline
46
+ def query_uri
47
+ kind = badge.department.to_s.downcase
48
+ full_name = "#{kind}#{badge.cop_name.downcase}"
49
+ "https://docs.rubocop.org/en/stable/cops_#{kind}/##{full_name}"
50
+ end
51
+
52
+ def to_json(opts = {})
53
+ to_h.to_json(opts)
54
+ end
55
+
56
+ def cop_config
57
+ @config ||= RuboCop::ConfigStore.new.for(Pathname.new(Dir.pwd))
58
+ @cop_config ||= @config.for_cop(@cop.department.to_s)
59
+ .merge(@config.for_cop(@cop))
60
+ end
61
+
62
+ def to_h
63
+ properties = {
64
+ "precision" => "very-high"
65
+ }
66
+
67
+ h = {
68
+ "id" => @cop_name,
69
+ "name" => @cop_name,
70
+ "defaultConfiguration" => {
71
+ "level" => sarif_severity
72
+ },
73
+ "properties" => properties
74
+ }
75
+
76
+ desc = cop_config["Description"]
77
+ unless desc.nil?
78
+ h["shortDescription"] = {"text" => desc }
79
+ h["fullDescription"] = { "text" => desc }
80
+ properties["description"] = desc
81
+ end
82
+
83
+ unless help_empty?
84
+ help = @help.string
85
+ h["help"] = {
86
+ "text" => help,
87
+ "markdown" => help
88
+ }
89
+ properties["queryURI"] = query_uri if badge.qualified?
90
+ end
91
+
92
+ if badge.qualified?
93
+ kind = badge.department.to_s
94
+ properties["tags"] = [kind.downcase]
95
+ end
96
+ h
97
+ end
98
+ end
99
+ end
@@ -0,0 +1,80 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "json"
4
+ require_relative "rule"
5
+
6
+ module CodeScanning
7
+ class SarifFormatter < RuboCop::Formatter::BaseFormatter
8
+ def initialize(output, options = {})
9
+ super
10
+ @sarif = {
11
+ "$schema" => "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
12
+ "version" => "2.1.0"
13
+ }
14
+ @rules_map = {}
15
+ @rules = []
16
+ @results = []
17
+ @sarif["runs"] = [
18
+ {
19
+ "tool" => {
20
+ "driver" => {"name" => "Standard", "rules" => @rules }
21
+ },
22
+ "results" => @results
23
+ }
24
+ ]
25
+ end
26
+
27
+ def get_rule(cop_name, severity)
28
+ r = @rules_map[cop_name]
29
+ if r.nil?
30
+ rule = Rule.new(cop_name, severity&.name)
31
+ r = @rules_map[cop_name] = [rule, @rules.size]
32
+ @rules << rule
33
+ end
34
+
35
+ r
36
+ end
37
+
38
+ def file_finished(file, offenses)
39
+ relative_path = RuboCop::PathUtil.relative_path(file)
40
+
41
+ offenses.each do |o|
42
+ rule, rule_index = get_rule(o.cop_name, o.severity)
43
+ @results << {
44
+ "ruleId" => rule.id,
45
+ "ruleIndex" => rule_index,
46
+ "message" => {
47
+ "text" => o.message
48
+ },
49
+ "locations" => [
50
+ {
51
+ "physicalLocation" => {
52
+ "artifactLocation" => {
53
+ "uri" => relative_path,
54
+ "uriBaseId" => "%SRCROOT%",
55
+ "index" => 0
56
+ },
57
+ "region" => {
58
+ "startLine" => o.line,
59
+ "startColumn" => o.real_column,
60
+ "endColumn" => o.last_column
61
+ }
62
+ }
63
+ }
64
+ ],
65
+ "partialFingerprints" => {
66
+ # This will be computed by the upload action for now
67
+ }
68
+ }
69
+ end
70
+ end
71
+
72
+ def finished(_inspected_files)
73
+ output.print(sarif_json)
74
+ end
75
+
76
+ def sarif_json
77
+ JSON.pretty_generate(@sarif)
78
+ end
79
+ end
80
+ end
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module CodeScanning
4
+ module Standard
5
+ VERSION = "0.0.1.alpha"
6
+ end
7
+ end
@@ -0,0 +1,5 @@
1
+ name: "Standard code-scanning"
2
+ description: "Standard and code-scanning integration"
3
+ runs:
4
+ using: "docker"
5
+ image: "../Dockerfile"
metadata ADDED
@@ -0,0 +1,90 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: code-scanning-standard
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1.alpha
5
+ platform: ruby
6
+ authors:
7
+ - Andrew Mason
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2020-09-09 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: standard
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0.5'
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '1'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '0.5'
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '1'
33
+ description: This gem adds a SARIF formatter to Standard, so we can export alerts
34
+ as code scans inside of GitHub.
35
+ email:
36
+ - andrewmcodes@protonmail.com
37
+ executables: []
38
+ extensions: []
39
+ extra_rdoc_files: []
40
+ files:
41
+ - ".github/workflows/ruby.yml"
42
+ - ".github/workflows/standard-analysis.yml"
43
+ - ".gitignore"
44
+ - CODE_OF_CONDUCT.md
45
+ - Dockerfile
46
+ - Gemfile
47
+ - Gemfile.lock
48
+ - LICENSE
49
+ - README.md
50
+ - Rakefile
51
+ - bin/console
52
+ - bin/setup
53
+ - code-scanning-standard.gemspec
54
+ - entrypoint.sh
55
+ - lib/code_scanning.rb
56
+ - lib/code_scanning/rules_generator.rb
57
+ - lib/code_scanning/standard/rule.rb
58
+ - lib/code_scanning/standard/sarif_formatter.rb
59
+ - lib/code_scanning/standard/version.rb
60
+ - standard-action/action.yml
61
+ homepage: https://github.com/andrewmcodes/code-scanning-standard
62
+ licenses:
63
+ - MIT
64
+ metadata:
65
+ bug_tracker_uri: https://github.com/andrewmcodes/code-scanning-standard/issues
66
+ changelog_uri: https://github.com/andrewmcodes/code-scanning-standard/blob/main/CHANGELOG.md
67
+ documentation_uri: https://github.com/andrewmcodes/code-scanning-standard
68
+ homepage_uri: https://github.com/andrewmcodes/code-scanning-standard
69
+ source_code_uri: https://github.com/andrewmcodes/code-scanning-standard
70
+ post_install_message:
71
+ rdoc_options: []
72
+ require_paths:
73
+ - lib
74
+ required_ruby_version: !ruby/object:Gem::Requirement
75
+ requirements:
76
+ - - ">="
77
+ - !ruby/object:Gem::Version
78
+ version: 2.3.0
79
+ required_rubygems_version: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - ">"
82
+ - !ruby/object:Gem::Version
83
+ version: 1.3.1
84
+ requirements: []
85
+ rubygems_version: 3.1.2
86
+ signing_key:
87
+ specification_version: 4
88
+ summary: Extra formater to make StandardRB compatible with GitHub's code-scanning
89
+ feature.
90
+ test_files: []