danger-sarif 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. checksums.yaml +7 -0
  2. data/.github/FUNDING.yml +2 -0
  3. data/.github/workflows/deploy_rubygems.yml +24 -0
  4. data/.github/workflows/test.yml +13 -0
  5. data/.gitignore +177 -0
  6. data/.ruby-version +1 -0
  7. data/Gemfile +2 -0
  8. data/Gemfile.lock +96 -0
  9. data/LICENSE +13 -0
  10. data/README.md +34 -0
  11. data/Rakefile +18 -0
  12. data/danger-sarif.gemspec +28 -0
  13. data/lib/danger_plugin.rb +3 -0
  14. data/lib/danger_sarif.rb +3 -0
  15. data/lib/sarif/gem_version.rb +5 -0
  16. data/lib/sarif/plugin.rb +68 -0
  17. data/spec/fixtures/android-lint.sarif +129 -0
  18. data/spec/fixtures/detekt.sarif +61 -0
  19. data/spec/fixtures/ktlint.sarif +50 -0
  20. data/spec/fixtures/pull_request_event.json +6 -0
  21. data/spec/fixtures/qodana-community-android-short.sarif +109 -0
  22. data/spec/fixtures/qodana-community-android.sarif +224 -0
  23. data/spec/sarif_spec.rb +81 -0
  24. data/spec/spec_helper.rb +54 -0
  25. metadata +158 -0
data/spec/fixtures/detekt.sarif ADDED
@@ -0,0 +1,61 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "originalUriBaseIds": {
7
+ "%SRCROOT%": {
8
+ "uri": "file:///Users/user_name/./"
9
+ }
10
+ },
11
+ "results": [
12
+ {
13
+ "level": "warning",
14
+ "locations": [
15
+ {
16
+ "physicalLocation": {
17
+ "artifactLocation": {
18
+ "uri": "app/src/main/kotlin/MyClass.kt",
19
+ "uriBaseId": "%SRCROOT%"
20
+ },
21
+ "region": {
22
+ "endColumn": 8,
23
+ "endLine": 10,
24
+ "startColumn": 20,
25
+ "startLine": 10
26
+ }
27
+ }
28
+ }
29
+ ],
30
+ "message": {
31
+ "text": "This expression contains a magic number. Consider defining it to a well named constant."
32
+ },
33
+ "ruleId": "detekt.style.MagicNumber"
34
+ }
35
+ ],
36
+ "tool": {
37
+ "driver": {
38
+ "downloadUri": "https://github.com/detekt/detekt/releases/download/v1.22.0/detekt",
39
+ "fullName": "detekt",
40
+ "guid": "022ca8c2-f6a2-4c95-b107-bb72c43263f3",
41
+ "informationUri": "https://detekt.dev",
42
+ "language": "en",
43
+ "name": "detekt",
44
+ "organization": "detekt",
45
+ "rules": [
46
+ {
47
+ "helpUri": "https://detekt.dev/style.html#magicnumber",
48
+ "id": "detekt.style.MagicNumber",
49
+ "name": "MagicNumber",
50
+ "shortDescription": {
51
+ "text": "Report magic numbers. Magic number is a numeric literal that is not defined as a constant and hence it's unclear what the purpose of this number is. It's better to declare such numbers as constants and give them a proper name. By default, -1, 0, 1, and 2 are not considered to be magic numbers."
52
+ }
53
+ }
54
+ ],
55
+ "semanticVersion": "1.22.0",
56
+ "version": "1.22.0"
57
+ }
58
+ }
59
+ }
60
+ ]
61
+ }
data/spec/fixtures/ktlint.sarif ADDED
@@ -0,0 +1,50 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "originalUriBaseIds": {
7
+ "%SRCROOT%": {
8
+ "uri": "file:///Users/user_name/"
9
+ }
10
+ },
11
+ "results": [
12
+ {
13
+ "level": "error",
14
+ "locations": [
15
+ {
16
+ "physicalLocation": {
17
+ "artifactLocation": {
18
+ "uri": "project/app/src/main/kotlin/File.kt",
19
+ "uriBaseId": "%SRCROOT%"
20
+ },
21
+ "region": {
22
+ "startColumn": 20,
23
+ "startLine": 10
24
+ }
25
+ }
26
+ }
27
+ ],
28
+ "message": {
29
+ "text": "Error Message from ktlint"
30
+ },
31
+ "ruleId": "ktlint-check-rule-id"
32
+ }
33
+ ],
34
+ "tool": {
35
+ "driver": {
36
+ "downloadUri": "https://github.com/pinterest/ktlint/releases/tag/0.47.1",
37
+ "fullName": "ktlint",
38
+ "informationUri": "https://github.com/pinterest/ktlint/",
39
+ "language": "en",
40
+ "name": "ktlint",
41
+ "organization": "pinterest",
42
+ "rules": [
43
+ ],
44
+ "semanticVersion": "0.47.1",
45
+ "version": "0.47.1"
46
+ }
47
+ }
48
+ }
49
+ ]
50
+ }
data/spec/fixtures/pull_request_event.json ADDED
@@ -0,0 +1,6 @@
1
+ {
2
+ "number": 1,
3
+ "repository": {
4
+ "clone_url": "https://github.com/danger/danger.git"
5
+ }
6
+ }
data/spec/fixtures/qodana-community-android-short.sarif ADDED
@@ -0,0 +1,109 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/schemastore/schemastore/master/src/schemas/json/sarif-2.1.0-rtm.5.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "name": "QDANDC",
9
+ "fullName": "Qodana Community for Android",
10
+ "version": "232.9641.89",
11
+ "rules": [],
12
+ "taxa": [],
13
+ "language": "en-US",
14
+ "contents": [
15
+ "localizedData",
16
+ "nonLocalizedData"
17
+ ],
18
+ "isComprehensive": false
19
+ },
20
+ "extensions": []
21
+ },
22
+ "invocations": [
23
+ {
24
+ "exitCode": 0,
25
+ "toolExecutionNotifications": [
26
+ {
27
+ "message": {
28
+ "text": "Reporting from [\"Sanity\"] 'sanity' inspections was suspended due to high problems count."
29
+ },
30
+ "level": "error"
31
+ }
32
+ ],
33
+ "executionSuccessful": true
34
+ }
35
+ ],
36
+ "language": "en-US",
37
+ "results": [],
38
+ "automationDetails": {
39
+ "id": "MyApplication/qodana/2023-08-27",
40
+ "guid": "56e8951f-0de0-4b46-b3b4-0d1a7e33a49a",
41
+ "properties": {
42
+ "jobUrl": ""
43
+ }
44
+ },
45
+ "newlineSequences": [
46
+ "\r\n",
47
+ "\n"
48
+ ],
49
+ "properties": {
50
+ "qodana.sanity.results": [
51
+ {
52
+ "ruleId": "QodanaSanity",
53
+ "kind": "fail",
54
+ "level": "error",
55
+ "message": {
56
+ "text": "Unresolved reference: os",
57
+ "markdown": "Unresolved reference: os"
58
+ },
59
+ "locations": [
60
+ {
61
+ "physicalLocation": {
62
+ "artifactLocation": {
63
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
64
+ "uriBaseId": "SRCROOT"
65
+ },
66
+ "region": {
67
+ "startLine": 3.0,
68
+ "startColumn": 16.0,
69
+ "charOffset": 50.0,
70
+ "charLength": 2.0,
71
+ "snippet": {
72
+ "text": "os"
73
+ },
74
+ "sourceLanguage": "kotlin"
75
+ },
76
+ "contextRegion": {
77
+ "startLine": 1.0,
78
+ "startColumn": 1.0,
79
+ "charOffset": 0.0,
80
+ "charLength": 146.0,
81
+ "snippet": {
82
+ "text": "package com.example.myapplication\n\nimport android.os.Bundle\nimport androidx.activity.ComponentActivity\nimport androidx.activity.compose.setContent"
83
+ },
84
+ "sourceLanguage": "kotlin"
85
+ }
86
+ },
87
+ "logicalLocations": [
88
+ {
89
+ "fullyQualifiedName": "MyApplication.app.main",
90
+ "kind": "module"
91
+ }
92
+ ]
93
+ }
94
+ ],
95
+ "partialFingerprints": {
96
+ "equalIndicator/v1": "4c0b407f01032b20116d0a01c377a8abb3d536838213a94b6b56ec41cc59ebfd"
97
+ },
98
+ "properties": {
99
+ "ideaSeverity": "ERROR",
100
+ "qodanaSeverity": "Critical"
101
+ }
102
+ }
103
+ ],
104
+ "configProfile": "recommended",
105
+ "deviceId": "200820300000000-0000-0000-0000-000000000000"
106
+ }
107
+ }
108
+ ]
109
+ }
data/spec/fixtures/qodana-community-android.sarif ADDED
@@ -0,0 +1,224 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/schemastore/schemastore/master/src/schemas/json/sarif-2.1.0-rtm.5.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "name": "QDANDC",
9
+ "fullName": "Qodana Community for Android",
10
+ "version": "232.9641.89",
11
+ "rules": [],
12
+ "taxa": [
13
+ {
14
+ "id": "Language injection",
15
+ "name": "Language injection"
16
+ },
17
+ {
18
+ "id": "JVM languages",
19
+ "name": "JVM languages"
20
+ },
21
+ {
22
+ "id": "Kotlin",
23
+ "name": "Kotlin"
24
+ }
25
+ ],
26
+ "language": "en-US",
27
+ "contents": [
28
+ "localizedData",
29
+ "nonLocalizedData"
30
+ ],
31
+ "isComprehensive": false
32
+ },
33
+ "extensions": [
34
+ {
35
+ "name": "org.intellij.qodana",
36
+ "version": "232.9641",
37
+ "rules": [
38
+ {
39
+ "id": "QodanaSanity",
40
+ "shortDescription": {
41
+ "text": "Sanity"
42
+ },
43
+ "fullDescription": {
44
+ "text": "Reports issues essential to this file like syntax errors, unresolved methods and variables, etc...",
45
+ "markdown": "Reports issues essential to this file like syntax errors, unresolved methods and variables, etc..."
46
+ },
47
+ "defaultConfiguration": {
48
+ "enabled": false,
49
+ "level": "error",
50
+ "parameters": {
51
+ "suppressToolId": "QodanaSanity",
52
+ "ideaSeverity": "ERROR",
53
+ "qodanaSeverity": "Critical"
54
+ }
55
+ },
56
+ "relationships": [
57
+ {
58
+ "target": {
59
+ "id": "Qodana",
60
+ "index": 130,
61
+ "toolComponent": {
62
+ "name": "QDANDC"
63
+ }
64
+ },
65
+ "kinds": [
66
+ "superset"
67
+ ]
68
+ }
69
+ ]
70
+ }
71
+ ],
72
+ "language": "en-US",
73
+ "contents": [
74
+ "localizedData",
75
+ "nonLocalizedData"
76
+ ],
77
+ "isComprehensive": false
78
+ }
79
+ ]
80
+ },
81
+ "invocations": [
82
+ {
83
+ "exitCode": 0,
84
+ "toolExecutionNotifications": [
85
+ {
86
+ "message": {
87
+ "text": "Reporting from [\"Sanity\"] 'sanity' inspections was suspended due to high problems count."
88
+ },
89
+ "level": "error"
90
+ }
91
+ ],
92
+ "executionSuccessful": true
93
+ }
94
+ ],
95
+ "language": "en-US",
96
+ "results": [
97
+ {
98
+ "ruleId": "UnusedSymbol",
99
+ "kind": "fail",
100
+ "level": "warning",
101
+ "message": {
102
+ "text": "Function \"GreetingPreview\" is never used",
103
+ "markdown": "Function \"GreetingPreview\" is never used"
104
+ },
105
+ "locations": [
106
+ {
107
+ "physicalLocation": {
108
+ "artifactLocation": {
109
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
110
+ "uriBaseId": "SRCROOT"
111
+ },
112
+ "region": {
113
+ "startLine": 42,
114
+ "startColumn": 5,
115
+ "charOffset": 1258,
116
+ "charLength": 15,
117
+ "snippet": {
118
+ "text": "GreetingPreview"
119
+ },
120
+ "sourceLanguage": "kotlin"
121
+ },
122
+ "contextRegion": {
123
+ "startLine": 40,
124
+ "startColumn": 1,
125
+ "charOffset": 1210,
126
+ "charLength": 120,
127
+ "snippet": {
128
+ "text": "@Preview(showBackground = true)\n@Composable\nfun GreetingPreview() {\n MyApplicationTheme {\n Greeting(\"Android\")"
129
+ },
130
+ "sourceLanguage": "kotlin"
131
+ }
132
+ },
133
+ "logicalLocations": [
134
+ {
135
+ "fullyQualifiedName": "My_Application.app.main",
136
+ "kind": "module"
137
+ }
138
+ ]
139
+ }
140
+ ],
141
+ "partialFingerprints": {
142
+ "equalIndicator/v1": "0377b1cd2e526ed175953f909a3fdb1ea390c702f0c0d2b7b28d9cbcce2d8bc7"
143
+ },
144
+ "properties": {
145
+ "ideaSeverity": "WARNING",
146
+ "qodanaSeverity": "High",
147
+ "tags": [
148
+ "kotlin"
149
+ ]
150
+ }
151
+ }
152
+ ],
153
+ "automationDetails": {
154
+ "id": "My Application/qodana/2023-08-27",
155
+ "guid": "56e8951f-0de0-4b46-b3b4-0d1a7e33a49a",
156
+ "properties": {
157
+ "jobUrl": ""
158
+ }
159
+ },
160
+ "newlineSequences": [
161
+ "\r\n",
162
+ "\n"
163
+ ],
164
+ "properties": {
165
+ "qodana.sanity.results": [
166
+ {
167
+ "ruleId": "QodanaSanity",
168
+ "kind": "fail",
169
+ "level": "error",
170
+ "message": {
171
+ "text": "Unresolved reference: os",
172
+ "markdown": "Unresolved reference: os"
173
+ },
174
+ "locations": [
175
+ {
176
+ "physicalLocation": {
177
+ "artifactLocation": {
178
+ "uri": "app/src/main/kotlin/com/example/myapplication/MainActivity.kt",
179
+ "uriBaseId": "SRCROOT"
180
+ },
181
+ "region": {
182
+ "startLine": 3,
183
+ "startColumn": 16,
184
+ "charOffset": 50,
185
+ "charLength": 2,
186
+ "snippet": {
187
+ "text": "os"
188
+ },
189
+ "sourceLanguage": "kotlin"
190
+ },
191
+ "contextRegion": {
192
+ "startLine": 1,
193
+ "startColumn": 1,
194
+ "charOffset": 0,
195
+ "charLength": 146,
196
+ "snippet": {
197
+ "text": "package com.example.myapplication\n\nimport android.os.Bundle\nimport androidx.activity.ComponentActivity\nimport androidx.activity.compose.setContent"
198
+ },
199
+ "sourceLanguage": "kotlin"
200
+ }
201
+ },
202
+ "logicalLocations": [
203
+ {
204
+ "fullyQualifiedName": "My_Application.app.main",
205
+ "kind": "module"
206
+ }
207
+ ]
208
+ }
209
+ ],
210
+ "partialFingerprints": {
211
+ "equalIndicator/v1": "4c0b407f01032b20116d0a01c377a8abb3d536838213a94b6b56ec41cc59ebfd"
212
+ },
213
+ "properties": {
214
+ "ideaSeverity": "ERROR",
215
+ "qodanaSeverity": "Critical"
216
+ }
217
+ }
218
+ ],
219
+ "configProfile": "recommended",
220
+ "deviceId": "200820300000000-0000-0000-0000-000000000000"
221
+ }
222
+ }
223
+ ]
224
+ }
data/spec/sarif_spec.rb ADDED
@@ -0,0 +1,81 @@
1
+ # frozen_string_literal: true
2
+
3
+ require File.expand_path("spec_helper", __dir__)
4
+
5
+ module Danger
6
+ describe Danger::DangerSarif do
7
+ it "should be a plugin" do
8
+ expect(Danger::DangerSarif.new(nil)).to be_a Danger::Plugin
9
+ end
10
+
11
+ describe "with Dangerfile" do
12
+ before do
13
+ @dangerfile = testing_dangerfile
14
+ @sarif = @dangerfile.sarif
15
+ end
16
+
17
+ describe "parse fixtures" do
18
+ describe "with android-lint.sarif" do
19
+ subject(:warnings) {
20
+ @sarif.parse("spec/fixtures/android-lint.sarif", base_dir: "/Users/user_name")
21
+ }
22
+ it "have a warning" do
23
+ expect(warnings.size).to eq 1
24
+ end
25
+ it "exact warning" do
26
+ expect(warnings[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
27
+ expect(warnings[0].file).to eq "app/src/main/res/layout/my_layout.xml"
28
+ expect(warnings[0].line).to eq 10
29
+ end
30
+ end
31
+ describe "with detekt.sarif" do
32
+ subject(:warnings) {
33
+ @sarif.parse("spec/fixtures/detekt.sarif", base_dir: "/Users/user_name")
34
+ }
35
+ it "have a warning" do
36
+ expect(warnings.size).to eq 1
37
+ end
38
+ it "exact warning" do
39
+ expect(warnings[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
40
+ expect(warnings[0].file).to eq "app/src/main/kotlin/MyClass.kt"
41
+ expect(warnings[0].line).to eq 10
42
+ end
43
+ end
44
+ describe "with ktlint.sarif" do
45
+ subject(:warnings) {
46
+ @sarif.parse("spec/fixtures/ktlint.sarif", base_dir: "/Users/user_name")
47
+ }
48
+ it "have a warning" do
49
+ expect(warnings.size).to eq 1
50
+ end
51
+ it "exact warning" do
52
+ expect(warnings[0].message).to eq "Error Message from ktlint"
53
+ expect(warnings[0].file).to eq "project/app/src/main/kotlin/File.kt"
54
+ expect(warnings[0].line).to eq 10
55
+ end
56
+ end
57
+ describe "with qodana-community-android.sarif" do
58
+ subject(:warnings) {
59
+ @sarif.parse("spec/fixtures/qodana-community-android.sarif")
60
+ }
61
+ it "have a warning" do
62
+ expect(warnings.size).to eq 1
63
+ end
64
+ it "exact warning" do
65
+ expect(warnings[0].message).to eq "Function \"GreetingPreview\" is never used"
66
+ expect(warnings[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
67
+ expect(warnings[0].line).to eq 42
68
+ end
69
+ end
70
+ describe "with qodana-community-android-short.sarif" do
71
+ subject(:warnings) {
72
+ @sarif.parse("spec/fixtures/qodana-community-android-short.sarif")
73
+ }
74
+ it "empty warning" do
75
+ expect(warnings.size).to eq 0
76
+ end
77
+ end
78
+ end
79
+ end
80
+ end
81
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "pathname"
4
+ ROOT = Pathname.new(File.expand_path("..", __dir__))
5
+ $:.unshift("#{ROOT}lib".to_s)
6
+ $:.unshift("#{ROOT}spec".to_s)
7
+
8
+ require "bundler/setup"
9
+ require "rspec"
10
+ require "danger"
11
+
12
+ # Use coloured output, it's the best.
13
+ RSpec.configure do |config|
14
+ config.filter_gems_from_backtrace "bundler"
15
+ config.color = true
16
+ config.tty = true
17
+ end
18
+
19
+ require "danger_plugin"
20
+
21
+ # These functions are a subset of https://github.com/danger/danger/blob/master/spec/spec_helper.rb
22
+ # If you are expanding these files, see if it's already been done ^.
23
+
24
+ # A silent version of the user interface,
25
+ # it comes with an extra function `.string` which will
26
+ # strip all ANSI colours from the string.
27
+
28
+ def testing_ui
29
+ @output = StringIO.new
30
+ def @output.winsize
31
+ [20, 9999]
32
+ end
33
+
34
+ cork = Cork::Board.new(out: @output)
35
+ def cork.string
36
+ out.string.gsub(/\e\[([;\d]+)?m/, "")
37
+ end
38
+ cork
39
+ end
40
+
41
+ def testing_env
42
+ {
43
+ "GITHUB_ACTION" => "name_of_action",
44
+ "GITHUB_EVENT_NAME" => "pull_request",
45
+ "GITHUB_REPOSITORY" => "danger/danger",
46
+ "GITHUB_EVENT_PATH" => File.expand_path("fixtures/pull_request_event.json", __dir__),
47
+ "GITHUB_TOKEN" => "github_token"
48
+ }
49
+ end
50
+
51
+ def testing_dangerfile
52
+ env = Danger::EnvironmentManager.new(testing_env)
53
+ Danger::Dangerfile.new(env, testing_ui)
54
+ end