danger-sarif 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (25) hide show
  1. checksums.yaml +7 -0
  2. data/.github/FUNDING.yml +2 -0
  3. data/.github/workflows/deploy_rubygems.yml +24 -0
  4. data/.github/workflows/test.yml +13 -0
  5. data/.gitignore +177 -0
  6. data/.ruby-version +1 -0
  7. data/Gemfile +2 -0
  8. data/Gemfile.lock +96 -0
  9. data/LICENSE +13 -0
  10. data/README.md +34 -0
  11. data/Rakefile +18 -0
  12. data/danger-sarif.gemspec +28 -0
  13. data/lib/danger_plugin.rb +3 -0
  14. data/lib/danger_sarif.rb +3 -0
  15. data/lib/sarif/gem_version.rb +5 -0
  16. data/lib/sarif/plugin.rb +68 -0
  17. data/spec/fixtures/android-lint.sarif +129 -0
  18. data/spec/fixtures/detekt.sarif +61 -0
  19. data/spec/fixtures/ktlint.sarif +50 -0
  20. data/spec/fixtures/pull_request_event.json +6 -0
  21. data/spec/fixtures/qodana-community-android-short.sarif +109 -0
  22. data/spec/fixtures/qodana-community-android.sarif +224 -0
  23. data/spec/sarif_spec.rb +81 -0
  24. data/spec/spec_helper.rb +54 -0
  25. metadata +158 -0
data/spec/fixtures/detekt.sarif ADDED
@@ -0,0 +1,61 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "originalUriBaseIds": {
7
+ "%SRCROOT%": {
8
+ "uri": "file:///Users/user_name/./"
9
+ }
10
+ },
11
+ "results": [
12
+ {
13
+ "level": "warning",
14
+ "locations": [
15
+ {
16
+ "physicalLocation": {
17
+ "artifactLocation": {
18
+ "uri": "app/src/main/kotlin/MyClass.kt",
19
+ "uriBaseId": "%SRCROOT%"
20
+ },
21
+ "region": {
22
+ "endColumn": 8,
23
+ "endLine": 10,
24
+ "startColumn": 20,
25
+ "startLine": 10
26
+ }
27
+ }
28
+ }
29
+ ],
30
+ "message": {
31
+ "text": "This expression contains a magic number. Consider defining it to a well named constant."
32
+ },
33
+ "ruleId": "detekt.style.MagicNumber"
34
+ }
35
+ ],
36
+ "tool": {
37
+ "driver": {
38
+ "downloadUri": "https://github.com/detekt/detekt/releases/download/v1.22.0/detekt",
39
+ "fullName": "detekt",
40
+ "guid": "022ca8c2-f6a2-4c95-b107-bb72c43263f3",
41
+ "informationUri": "https://detekt.dev",
42
+ "language": "en",
43
+ "name": "detekt",
44
+ "organization": "detekt",
45
+ "rules": [
46
+ {
47
+ "helpUri": "https://detekt.dev/style.html#magicnumber",
48
+ "id": "detekt.style.MagicNumber",
49
+ "name": "MagicNumber",
50
+ "shortDescription": {
51
+ "text": "Report magic numbers. Magic number is a numeric literal that is not defined as a constant and hence it's unclear what the purpose of this number is. It's better to declare such numbers as constants and give them a proper name. By default, -1, 0, 1, and 2 are not considered to be magic numbers."
52
+ }
53
+ }
54
+ ],
55
+ "semanticVersion": "1.22.0",
56
+ "version": "1.22.0"
57
+ }
58
+ }
59
+ }
60
+ ]
61
+ }
data/spec/fixtures/ktlint.sarif ADDED
@@ -0,0 +1,50 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "originalUriBaseIds": {
7
+ "%SRCROOT%": {
8
+ "uri": "file:///Users/user_name/"
9
+ }
10
+ },
11
+ "results": [
12
+ {
13
+ "level": "error",
14
+ "locations": [
15
+ {
16
+ "physicalLocation": {
17
+ "artifactLocation": {
18
+ "uri": "project/app/src/main/kotlin/File.kt",
19
+ "uriBaseId": "%SRCROOT%"
20
+ },
21
+ "region": {
22
+ "startColumn": 20,
23
+ "startLine": 10
24
+ }
25
+ }
26
+ }
27
+ ],
28
+ "message": {
29
+ "text": "Error Message from ktlint"
30
+ },
31
+ "ruleId": "ktlint-check-rule-id"
32
+ }
33
+ ],
34
+ "tool": {
35
+ "driver": {
36
+ "downloadUri": "https://github.com/pinterest/ktlint/releases/tag/0.47.1",
37
+ "fullName": "ktlint",
38
+ "informationUri": "https://github.com/pinterest/ktlint/",
39
+ "language": "en",
40
+ "name": "ktlint",
41
+ "organization": "pinterest",
42
+ "rules": [
43
+ ],
44
+ "semanticVersion": "0.47.1",
45
+ "version": "0.47.1"
46
+ }
47
+ }
48
+ }
49
+ ]
50
+ }
data/spec/fixtures/pull_request_event.json ADDED
@@ -0,0 +1,6 @@
1
+ {
2
+ "number": 1,
3
+ "repository": {
4
+ "clone_url": "https://github.com/danger/danger.git"
5
+ }
6
+ }
data/spec/fixtures/qodana-community-android-short.sarif ADDED
@@ -0,0 +1,109 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/schemastore/schemastore/master/src/schemas/json/sarif-2.1.0-rtm.5.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "name": "QDANDC",
9
+ "fullName": "Qodana Community for Android",
10
+ "version": "232.9641.89",
11
+ "rules": [],
12
+ "taxa": [],
13
+ "language": "en-US",
14
+ "contents": [
15
+ "localizedData",
16
+ "nonLocalizedData"
17
+ ],
18
+ "isComprehensive": false
19
+ },
20
+ "extensions": []
21
+ },
22
+ "invocations": [
23
+ {
24
+ "exitCode": 0,
25
+ "toolExecutionNotifications": [
26
+ {
27
+ "message": {
28
+ "text": "Reporting from [\"Sanity\"] 'sanity' inspections was suspended due to high problems count."
29
+ },
30
+ "level": "error"
31
+ }
32
+ ],
33
+ "executionSuccessful": true
34
+ }
35
+ ],
36
+ "language": "en-US",
37
+ "results": [],
38
+ "automationDetails": {
39
+ "id": "MyApplication/qodana/2023-08-27",
40
+ "guid": "56e8951f-0de0-4b46-b3b4-0d1a7e33a49a",
41
+ "properties": {
42
+ "jobUrl": ""
43
+ }
44
+ },
45
+ "newlineSequences": [
46
+ "\r\n",
47
+ "\n"
48
+ ],
49
+ "properties": {
50
+ "qodana.sanity.results": [
51
+ {
52
+ "ruleId": "QodanaSanity",
53
+ "kind": "fail",
54
+ "level": "error",
55
+ "message": {
56
+ "text": "Unresolved reference: os",
57
+ "markdown": "Unresolved reference: os"
58
+ },
59
+ "locations": [
60
+ {
61
+ "physicalLocation": {
62
+ "artifactLocation": {
63
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
64
+ "uriBaseId": "SRCROOT"
65
+ },
66
+ "region": {
67
+ "startLine": 3.0,
68
+ "startColumn": 16.0,
69
+ "charOffset": 50.0,
70
+ "charLength": 2.0,
71
+ "snippet": {
72
+ "text": "os"
73
+ },
74
+ "sourceLanguage": "kotlin"
75
+ },
76
+ "contextRegion": {
77
+ "startLine": 1.0,
78
+ "startColumn": 1.0,
79
+ "charOffset": 0.0,
80
+ "charLength": 146.0,
81
+ "snippet": {
82
+ "text": "package com.example.myapplication\n\nimport android.os.Bundle\nimport androidx.activity.ComponentActivity\nimport androidx.activity.compose.setContent"
83
+ },
84
+ "sourceLanguage": "kotlin"
85
+ }
86
+ },
87
+ "logicalLocations": [
88
+ {
89
+ "fullyQualifiedName": "MyApplication.app.main",
90
+ "kind": "module"
91
+ }
92
+ ]
93
+ }
94
+ ],
95
+ "partialFingerprints": {
96
+ "equalIndicator/v1": "4c0b407f01032b20116d0a01c377a8abb3d536838213a94b6b56ec41cc59ebfd"
97
+ },
98
+ "properties": {
99
+ "ideaSeverity": "ERROR",
100
+ "qodanaSeverity": "Critical"
101
+ }
102
+ }
103
+ ],
104
+ "configProfile": "recommended",
105
+ "deviceId": "200820300000000-0000-0000-0000-000000000000"
106
+ }
107
+ }
108
+ ]
109
+ }
data/spec/fixtures/qodana-community-android.sarif ADDED
@@ -0,0 +1,224 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/schemastore/schemastore/master/src/schemas/json/sarif-2.1.0-rtm.5.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "name": "QDANDC",
9
+ "fullName": "Qodana Community for Android",
10
+ "version": "232.9641.89",
11
+ "rules": [],
12
+ "taxa": [
13
+ {
14
+ "id": "Language injection",
15
+ "name": "Language injection"
16
+ },
17
+ {
18
+ "id": "JVM languages",
19
+ "name": "JVM languages"
20
+ },
21
+ {
22
+ "id": "Kotlin",
23
+ "name": "Kotlin"
24
+ }
25
+ ],
26
+ "language": "en-US",
27
+ "contents": [
28
+ "localizedData",
29
+ "nonLocalizedData"
30
+ ],
31
+ "isComprehensive": false
32
+ },
33
+ "extensions": [
34
+ {
35
+ "name": "org.intellij.qodana",
36
+ "version": "232.9641",
37
+ "rules": [
38
+ {
39
+ "id": "QodanaSanity",
40
+ "shortDescription": {
41
+ "text": "Sanity"
42
+ },
43
+ "fullDescription": {
44
+ "text": "Reports issues essential to this file like syntax errors, unresolved methods and variables, etc...",
45
+ "markdown": "Reports issues essential to this file like syntax errors, unresolved methods and variables, etc..."
46
+ },
47
+ "defaultConfiguration": {
48
+ "enabled": false,
49
+ "level": "error",
50
+ "parameters": {
51
+ "suppressToolId": "QodanaSanity",
52
+ "ideaSeverity": "ERROR",
53
+ "qodanaSeverity": "Critical"
54
+ }
55
+ },
56
+ "relationships": [
57
+ {
58
+ "target": {
59
+ "id": "Qodana",
60
+ "index": 130,
61
+ "toolComponent": {
62
+ "name": "QDANDC"
63
+ }
64
+ },
65
+ "kinds": [
66
+ "superset"
67
+ ]
68
+ }
69
+ ]
70
+ }
71
+ ],
72
+ "language": "en-US",
73
+ "contents": [
74
+ "localizedData",
75
+ "nonLocalizedData"
76
+ ],
77
+ "isComprehensive": false
78
+ }
79
+ ]
80
+ },
81
+ "invocations": [
82
+ {
83
+ "exitCode": 0,
84
+ "toolExecutionNotifications": [
85
+ {
86
+ "message": {
87
+ "text": "Reporting from [\"Sanity\"] 'sanity' inspections was suspended due to high problems count."
88
+ },
89
+ "level": "error"
90
+ }
91
+ ],
92
+ "executionSuccessful": true
93
+ }
94
+ ],
95
+ "language": "en-US",
96
+ "results": [
97
+ {
98
+ "ruleId": "UnusedSymbol",
99
+ "kind": "fail",
100
+ "level": "warning",
101
+ "message": {
102
+ "text": "Function \"GreetingPreview\" is never used",
103
+ "markdown": "Function \"GreetingPreview\" is never used"
104
+ },
105
+ "locations": [
106
+ {
107
+ "physicalLocation": {
108
+ "artifactLocation": {
109
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
110
+ "uriBaseId": "SRCROOT"
111
+ },
112
+ "region": {
113
+ "startLine": 42,
114
+ "startColumn": 5,
115
+ "charOffset": 1258,
116
+ "charLength": 15,
117
+ "snippet": {
118
+ "text": "GreetingPreview"
119
+ },
120
+ "sourceLanguage": "kotlin"
121
+ },
122
+ "contextRegion": {
123
+ "startLine": 40,
124
+ "startColumn": 1,
125
+ "charOffset": 1210,
126
+ "charLength": 120,
127
+ "snippet": {
128
+ "text": "@Preview(showBackground = true)\n@Composable\nfun GreetingPreview() {\n MyApplicationTheme {\n Greeting(\"Android\")"
129
+ },
130
+ "sourceLanguage": "kotlin"
131
+ }
132
+ },
133
+ "logicalLocations": [
134
+ {
135
+ "fullyQualifiedName": "My_Application.app.main",
136
+ "kind": "module"
137
+ }
138
+ ]
139
+ }
140
+ ],
141
+ "partialFingerprints": {
142
+ "equalIndicator/v1": "0377b1cd2e526ed175953f909a3fdb1ea390c702f0c0d2b7b28d9cbcce2d8bc7"
143
+ },
144
+ "properties": {
145
+ "ideaSeverity": "WARNING",
146
+ "qodanaSeverity": "High",
147
+ "tags": [
148
+ "kotlin"
149
+ ]
150
+ }
151
+ }
152
+ ],
153
+ "automationDetails": {
154
+ "id": "My Application/qodana/2023-08-27",
155
+ "guid": "56e8951f-0de0-4b46-b3b4-0d1a7e33a49a",
156
+ "properties": {
157
+ "jobUrl": ""
158
+ }
159
+ },
160
+ "newlineSequences": [
161
+ "\r\n",
162
+ "\n"
163
+ ],
164
+ "properties": {
165
+ "qodana.sanity.results": [
166
+ {
167
+ "ruleId": "QodanaSanity",
168
+ "kind": "fail",
169
+ "level": "error",
170
+ "message": {
171
+ "text": "Unresolved reference: os",
172
+ "markdown": "Unresolved reference: os"
173
+ },
174
+ "locations": [
175
+ {
176
+ "physicalLocation": {
177
+ "artifactLocation": {
178
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
179
+ "uriBaseId": "SRCROOT"
180
+ },
181
+ "region": {
182
+ "startLine": 3,
183
+ "startColumn": 16,
184
+ "charOffset": 50,
185
+ "charLength": 2,
186
+ "snippet": {
187
+ "text": "os"
188
+ },
189
+ "sourceLanguage": "kotlin"
190
+ },
191
+ "contextRegion": {
192
+ "startLine": 1,
193
+ "startColumn": 1,
194
+ "charOffset": 0,
195
+ "charLength": 146,
196
+ "snippet": {
197
+ "text": "package com.example.myapplication\n\nimport android.os.Bundle\nimport androidx.activity.ComponentActivity\nimport androidx.activity.compose.setContent"
198
+ },
199
+ "sourceLanguage": "kotlin"
200
+ }
201
+ },
202
+ "logicalLocations": [
203
+ {
204
+ "fullyQualifiedName": "My_Application.app.main",
205
+ "kind": "module"
206
+ }
207
+ ]
208
+ }
209
+ ],
210
+ "partialFingerprints": {
211
+ "equalIndicator/v1": "4c0b407f01032b20116d0a01c377a8abb3d536838213a94b6b56ec41cc59ebfd"
212
+ },
213
+ "properties": {
214
+ "ideaSeverity": "ERROR",
215
+ "qodanaSeverity": "Critical"
216
+ }
217
+ }
218
+ ],
219
+ "configProfile": "recommended",
220
+ "deviceId": "200820300000000-0000-0000-0000-000000000000"
221
+ }
222
+ }
223
+ ]
224
+ }
data/spec/sarif_spec.rb ADDED
@@ -0,0 +1,81 @@
1
+ # frozen_string_literal: true
2
+
3
+ require File.expand_path("spec_helper", __dir__)
4
+
5
+ module Danger
6
+ describe Danger::DangerSarif do
7
+ it "should be a plugin" do
8
+ expect(Danger::DangerSarif.new(nil)).to be_a Danger::Plugin
9
+ end
10
+
11
+ describe "with Dangerfile" do
12
+ before do
13
+ @dangerfile = testing_dangerfile
14
+ @sarif = @dangerfile.sarif
15
+ end
16
+
17
+ describe "parse fixtures" do
18
+ describe "with android-lint.sarif" do
19
+ subject(:warnings) {
20
+ @sarif.parse("spec/fixtures/android-lint.sarif", base_dir: "/Users/user_name")
21
+ }
22
+ it "have a warning" do
23
+ expect(warnings.size).to eq 1
24
+ end
25
+ it "exact warning" do
26
+ expect(warnings[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
27
+ expect(warnings[0].file).to eq "app/src/main/res/layout/my_layout.xml"
28
+ expect(warnings[0].line).to eq 10
29
+ end
30
+ end
31
+ describe "with detekt.sarif" do
32
+ subject(:warnings) {
33
+ @sarif.parse("spec/fixtures/detekt.sarif", base_dir: "/Users/user_name")
34
+ }
35
+ it "have a warning" do
36
+ expect(warnings.size).to eq 1
37
+ end
38
+ it "exact warning" do
39
+ expect(warnings[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
40
+ expect(warnings[0].file).to eq "app/src/main/kotlin/MyClass.kt"
41
+ expect(warnings[0].line).to eq 10
42
+ end
43
+ end
44
+ describe "with ktlint.sarif" do
45
+ subject(:warnings) {
46
+ @sarif.parse("spec/fixtures/ktlint.sarif", base_dir: "/Users/user_name")
47
+ }
48
+ it "have a warning" do
49
+ expect(warnings.size).to eq 1
50
+ end
51
+ it "exact warning" do
52
+ expect(warnings[0].message).to eq "Error Message from ktlint"
53
+ expect(warnings[0].file).to eq "project/app/src/main/kotlin/File.kt"
54
+ expect(warnings[0].line).to eq 10
55
+ end
56
+ end
57
+ describe "with qodana-community-android.sarif" do
58
+ subject(:warnings) {
59
+ @sarif.parse("spec/fixtures/qodana-community-android.sarif")
60
+ }
61
+ it "have a warning" do
62
+ expect(warnings.size).to eq 1
63
+ end
64
+ it "exact warning" do
65
+ expect(warnings[0].message).to eq "Function \"GreetingPreview\" is never used"
66
+ expect(warnings[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
67
+ expect(warnings[0].line).to eq 42
68
+ end
69
+ end
70
+ describe "with qodana-community-android-short.sarif" do
71
+ subject(:warnings) {
72
+ @sarif.parse("spec/fixtures/qodana-community-android-short.sarif")
73
+ }
74
+ it "empty warning" do
75
+ expect(warnings.size).to eq 0
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
81
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "pathname"
4
+ ROOT = Pathname.new(File.expand_path("..", __dir__))
5
+ $:.unshift("#{ROOT}lib".to_s)
6
+ $:.unshift("#{ROOT}spec".to_s)
7
+
8
+ require "bundler/setup"
9
+ require "rspec"
10
+ require "danger"
11
+
12
+ # Use coloured output, it's the best.
13
+ RSpec.configure do |config|
14
+ config.filter_gems_from_backtrace "bundler"
15
+ config.color = true
16
+ config.tty = true
17
+ end
18
+
19
+ require "danger_plugin"
20
+
21
+ # These functions are a subset of https://github.com/danger/danger/blob/master/spec/spec_helper.rb
22
+ # If you are expanding these files, see if it's already been done ^.
23
+
24
+ # A silent version of the user interface,
25
+ # it comes with an extra function `.string` which will
26
+ # strip all ANSI colours from the string.
27
+
28
+ def testing_ui
29
+ @output = StringIO.new
30
+ def @output.winsize
31
+ [20, 9999]
32
+ end
33
+
34
+ cork = Cork::Board.new(out: @output)
35
+ def cork.string
36
+ out.string.gsub(/\e\[([;\d]+)?m/, "")
37
+ end
38
+ cork
39
+ end
40
+
41
+ def testing_env
42
+ {
43
+ "GITHUB_ACTION" => "name_of_action",
44
+ "GITHUB_EVENT_NAME" => "pull_request",
45
+ "GITHUB_REPOSITORY" => "danger/danger",
46
+ "GITHUB_EVENT_PATH" => File.expand_path("fixtures/pull_request_event.json", __dir__),
47
+ "GITHUB_TOKEN" => "github_token"
48
+ }
49
+ end
50
+
51
+ def testing_dangerfile
52
+ env = Danger::EnvironmentManager.new(testing_env)
53
+ Danger::Dangerfile.new(env, testing_ui)
54
+ end