danger-sarif 0.1.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8760f99338fc4d1ae9953f9cf38632fb55bbc1a414cd7d9bd7a645592211233e
-  data.tar.gz: f8fb9752cf57614a66c51de7628e70a74f332b953734b347463d807f539f91b3
+  metadata.gz: 1e1bd9e132727e6bae54a7cf3d212ae64e4e1443a56815e810c76aa4c8cb7cdc
+  data.tar.gz: 2f87be53d4b549e78a5c3fca243ffeae4deb66a87bc8f5ea23e475f8910cd50a
 SHA512:
-  metadata.gz: bbed21ac1459ff7344787101caa6093f3f9daaec7186a8baf09e6a217e944c49ecb3747281650e34f15fb0e1313a8795d1b1061cd14150fb35cff5647a6901d0
-  data.tar.gz: faa5abb83218dbb3797e3cf72de594c20ca5fce35e326b5812d21cf16cc17d769a32a185cb8a8a94092466bcb8e110163ef7a3fb6802aa29a74bdec26b1f4b86
+  metadata.gz: 70e8cf9d7f916b43f67758d4188e941b68e9b8146d30adb07cc3dd11e21a7e5b598024488d9a79db1508eb23bdd85c7eb01b094a5172c9011f3777954ee63624
+  data.tar.gz: cca36bb447b7d83af81b1cc788a82668273da3c37e406b29cc9376586c5d9af3aa00816ccd0ed42d470fed85fdea4a4f870ea7b0a8204843efe85d528d471d76

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+# v0.9.0 - 2023/11/08 JST
+
+#### Feature
+
+* add sarif.fail_on_error [#3](https://github.com/irgaly/danger-sarif/pull/3)
+    * fail CI if SARIF file has `level: "error"` result.
+
+# v0.1.0 - 2023/08/27 JST
+
+* initial release

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    danger-sarif (0.1.0)
+    danger-sarif (0.9.0)
       danger-plugin-api (>= 1.0)
 
 GEM

data/README.md

@@ -1,6 +1,8 @@
 # danger-sarif
 
-[Danger](https://github.com/danger/danger) plugin for reporting SARIF file.
+[![Gem Version](https://badge.fury.io/rb/danger-sarif.svg)](https://badge.fury.io/rb/danger-sarif)
+
+[Danger](https://github.com/danger/danger) plugin for reporting [SARIF](https://sarifweb.azurewebsites.net/) file.
 
 ## Installation
 
@@ -26,6 +28,18 @@ Dir['**/build/reports/lint-results-*.sarif'].each do |file|
 end
 ```
 
+## Options
+
+| option                | description                                                        |
+|-----------------------|--------------------------------------------------------------------|
+| `sarif.fail_on_error` | Set the behavior that treating error as fail or not. default: true |
+
+```ruby
+# Dangerfile
+sarif.fail_on_error false
+sarif.report '...'
+```
+
 ## Development
 
 1. Clone this repo

data/lib/sarif/gem_version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sarif
-  VERSION = "0.1.0"
+  VERSION = "0.9.0"
 end

data/lib/sarif/plugin.rb

@@ -21,27 +21,61 @@ module Danger
   #
   class DangerSarif < Plugin
     Warning = Struct.new(:message, :file, :line)
+    Error = Struct.new(:message, :file, :line)
+
+    def initialize(dangerfile)
+      super(dangerfile)
+      @fail_on_error = true
+    end
+
+    # Set the behavior that treating error as fail or not
+    #
+    # @param [bool] true: treat error as fail, false: treat error as warning
+    # @return [void]
+    def fail_on_error(value)
+      @fail_on_error = value
+    end
 
     # Report errors from SARIF file
     #
     # @return [void]
     def report(file, base_dir: nil)
-      parse(file, base_dir: base_dir).each do |warning|
-        warn(warning.message, file: warning.file, line: warning.line)
+      parse(file, base_dir: base_dir).each do |result|
+        if @fail_on_error && result.instance_of?(Error) then
+          warn(result.message, file: result.file, line: result.line)
+        else
+          fail(result.message, file: result.file, line: result.line)
+        end
       end
     end
 
-    # Parse SARIF file, then return Warnings
+    # Parse SARIF file, then return Array of DangerSarif::Warning or DangerSarif::Error
     #
-    # @return [DangerSarif::Warning]
+    # @return [Array] Array of DangerSarif::Warning or DangerSarif::Error
     def parse(file, base_dir: nil)
       raise "SARIF file was not found: #{file}" unless File.exist? file
       base_dir_path = Pathname.new(base_dir || Dir.pwd)
       json = JSON.parse(File.read(file))
       json["runs"].flat_map do |run|
         base_uris = run["originalUriBaseIds"] || {}
+        tool = run["tool"]
+        rules = {}
+        tool["driver"]["rules"]&.each do |rule|
+          rules[rule["id"]] = rule
+        end
+        tool["extensions"]&.each do |extension|
+          extension["rules"]&.each do |rule|
+            rules[rule["id"]] = rule
+          end
+        end
         run["results"].flat_map do |result|
           message = result["message"]["markdown"] || result["message"]["text"]
+          rule_id = result["ruleId"]
+          rule = rules[rule_id]
+          level = result["level"]
+          if !level then
+            level = (rule["defaultConfiguration"] || {})["level"]
+          end
           result["locations"].map do |location|
             physicalLocation = location["physicalLocation"]
             artifactLocation = physicalLocation["artifactLocation"]
@@ -59,7 +93,11 @@ module Danger
                 target_path.to_s
             end
             line = physicalLocation["region"]["startLine"].to_i
-            Warning.new(message: message, file: file, line: line)
+            if level == "error" then
+              Error.new(message: message, file: file, line: line)
+            else
+              Warning.new(message: message, file: file, line: line)
+            end
           end
         end
       end

data/spec/fixtures/rubocop-code-scanning.sarif

@@ -0,0 +1,67 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "RuboCop",
+          "version": "1.56.1",
+          "informationUri": "https://rubocop.org",
+          "rules": [
+            {
+              "id": "Style/FrozenStringLiteralComment",
+              "name": "StyleFrozenStringLiteralComment",
+              "defaultConfiguration": {
+                "level": "note"
+              },
+              "properties": {
+                "precision": "very-high",
+                "description": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default.",
+                "tags": [
+                  "style"
+                ],
+                "queryURI": "https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment"
+              },
+              "shortDescription": {
+                "text": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default."
+              },
+              "fullDescription": {
+                "text": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default."
+              },
+              "helpUri": "https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment",
+              "help": {
+                "text": "More info: https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment",
+                "markdown": "[More info](https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment)"
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "Style/FrozenStringLiteralComment",
+          "ruleIndex": 0,
+          "message": {
+            "text": "Style/FrozenStringLiteralComment: Missing frozen string literal comment."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "Dangerfile",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startLine": 1,
+                  "startColumn": 1,
+                  "endColumn": 1
+                }
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

data/spec/sarif_spec.rb

@@ -16,63 +16,79 @@ module Danger
 
       describe "parse fixtures" do
         describe "with android-lint.sarif" do
-          subject(:warnings) {
+          subject(:results) {
             @sarif.parse("spec/fixtures/android-lint.sarif", base_dir: "/Users/user_name")
           }
-          it "have a warning" do
-            expect(warnings.size).to eq 1
+          it "have a result" do
+            expect(results.size).to eq 1
           end
-          it "exact warning" do
-            expect(warnings[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
-            expect(warnings[0].file).to eq "app/src/main/res/layout/my_layout.xml"
-            expect(warnings[0].line).to eq 10
+          it "exact result" do
+            expect(results[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
+            expect(results[0].file).to eq "app/src/main/res/layout/my_layout.xml"
+            expect(results[0].line).to eq 10
           end
         end
         describe "with detekt.sarif" do
-          subject(:warnings) {
+          subject(:results) {
             @sarif.parse("spec/fixtures/detekt.sarif",  base_dir: "/Users/user_name")
           }
-          it "have a warning" do
-            expect(warnings.size).to eq 1
+          it "have a result" do
+            expect(results.size).to eq 1
           end
-          it "exact warning" do
-            expect(warnings[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
-            expect(warnings[0].file).to eq "app/src/main/kotlin/MyClass.kt"
-            expect(warnings[0].line).to eq 10
+          it "exact result" do
+            expect(results[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
+            expect(results[0].file).to eq "app/src/main/kotlin/MyClass.kt"
+            expect(results[0].line).to eq 10
           end
         end
         describe "with ktlint.sarif" do
-          subject(:warnings) {
+          subject(:results) {
             @sarif.parse("spec/fixtures/ktlint.sarif", base_dir: "/Users/user_name")
           }
-          it "have a warning" do
-            expect(warnings.size).to eq 1
+          it "have a result" do
+            expect(results.size).to eq 1
           end
-          it "exact warning" do
-            expect(warnings[0].message).to eq "Error Message from ktlint"
-            expect(warnings[0].file).to eq "project/app/src/main/kotlin/File.kt"
-            expect(warnings[0].line).to eq 10
+          it "result is a Error" do
+            expect(results[0].instance_of?(DangerSarif::Error)).to be true
+          end
+          it "exact result" do
+            expect(results[0].message).to eq "Error Message from ktlint"
+            expect(results[0].file).to eq "project/app/src/main/kotlin/File.kt"
+            expect(results[0].line).to eq 10
           end
         end
         describe "with qodana-community-android.sarif" do
-          subject(:warnings) {
+          subject(:results) {
             @sarif.parse("spec/fixtures/qodana-community-android.sarif")
           }
-          it "have a warning" do
-            expect(warnings.size).to eq 1
+          it "have a result" do
+            expect(results.size).to eq 1
           end
-          it "exact warning" do
-            expect(warnings[0].message).to eq "Function \"GreetingPreview\" is never used"
-            expect(warnings[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
-            expect(warnings[0].line).to eq 42
+          it "exact result" do
+            expect(results[0].message).to eq "Function \"GreetingPreview\" is never used"
+            expect(results[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
+            expect(results[0].line).to eq 42
           end
         end
         describe "with qodana-community-android-short.sarif" do
-          subject(:warnings) {
+          subject(:results) {
             @sarif.parse("spec/fixtures/qodana-community-android-short.sarif")
           }
-          it "empty warning" do
-            expect(warnings.size).to eq 0
+          it "empty result" do
+            expect(results.size).to eq 0
+          end
+        end
+        describe "with qodana-community-android.sarif" do
+          subject(:results) {
+            @sarif.parse("spec/fixtures/rubocop-code-scanning.sarif")
+          }
+          it "have a result" do
+            expect(results.size).to eq 1
+          end
+          it "exact result" do
+            expect(results[0].message).to eq "Style/FrozenStringLiteralComment: Missing frozen string literal comment."
+            expect(results[0].file).to eq "Dangerfile"
+            expect(results[0].line).to eq 1
           end
         end
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: danger-sarif
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.9.0
 platform: ruby
 authors:
 - irgaly
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-08-27 00:00:00.000000000 Z
+date: 2023-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: danger-plugin-api
@@ -106,6 +106,7 @@ files:
 - ".github/workflows/test.yml"
 - ".gitignore"
 - ".ruby-version"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -122,6 +123,7 @@ files:
 - spec/fixtures/pull_request_event.json
 - spec/fixtures/qodana-community-android-short.sarif
 - spec/fixtures/qodana-community-android.sarif
+- spec/fixtures/rubocop-code-scanning.sarif
 - spec/sarif_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/irgaly/danger-sarif
@@ -154,5 +156,6 @@ test_files:
 - spec/fixtures/pull_request_event.json
 - spec/fixtures/qodana-community-android-short.sarif
 - spec/fixtures/qodana-community-android.sarif
+- spec/fixtures/rubocop-code-scanning.sarif
 - spec/sarif_spec.rb
 - spec/spec_helper.rb