danger-sarif 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8760f99338fc4d1ae9953f9cf38632fb55bbc1a414cd7d9bd7a645592211233e
+  data.tar.gz: f8fb9752cf57614a66c51de7628e70a74f332b953734b347463d807f539f91b3
+SHA512:
+  metadata.gz: bbed21ac1459ff7344787101caa6093f3f9daaec7186a8baf09e6a217e944c49ecb3747281650e34f15fb0e1313a8795d1b1061cd14150fb35cff5647a6901d0
+  data.tar.gz: faa5abb83218dbb3797e3cf72de594c20ca5fce35e326b5812d21cf16cc17d769a32a185cb8a8a94092466bcb8e110163ef7a3fb6802aa29a74bdec26b1f4b86

data/.github/FUNDING.yml

@@ -0,0 +1,2 @@
+github: irgaly
+custom: ["https://github.com/irgaly/irgaly"]

data/.github/workflows/deploy_rubygems.yml

@@ -0,0 +1,24 @@
+# v*.*.* tag -> deploy to RubyGems.org
+name: Deploy to RubyGems.org
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+*
+
+jobs:
+  deploy-rubygems:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - name: Run Test
+        run: |
+          bundle exec rake spec
+      - name: Deploy to RubyGems.org
+        env:
+          GEM_HOST_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
+        run: |
+          bundle exec rake release

data/.github/workflows/test.yml

@@ -0,0 +1,13 @@
+name: test
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - run: |
+          bundle exec rake spec

data/.gitignore

@@ -0,0 +1,177 @@
+
+.idea
+
+# Created by https://www.toptal.com/developers/gitignore/api/intellij,ruby
+# Edit at https://www.toptal.com/developers/gitignore?templates=intellij,ruby
+
+### Intellij ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+### Intellij Patch ###
+# Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721
+
+# *.iml
+# modules.xml
+# .idea/misc.xml
+# *.ipr
+
+# Sonarlint plugin
+# https://plugins.jetbrains.com/plugin/7973-sonarlint
+.idea/**/sonarlint/
+
+# SonarQube Plugin
+# https://plugins.jetbrains.com/plugin/7238-sonarqube-community-plugin
+.idea/**/sonarIssues.xml
+
+# Markdown Navigator plugin
+# https://plugins.jetbrains.com/plugin/7896-markdown-navigator-enhanced
+.idea/**/markdown-navigator.xml
+.idea/**/markdown-navigator-enh.xml
+.idea/**/markdown-navigator/
+
+# Cache file creation bug
+# See https://youtrack.jetbrains.com/issue/JBR-2257
+.idea/$CACHE_FILE$
+
+# CodeStream plugin
+# https://plugins.jetbrains.com/plugin/12206-codestream
+.idea/codestream.xml
+
+# Azure Toolkit for IntelliJ plugin
+# https://plugins.jetbrains.com/plugin/8053-azure-toolkit-for-intellij
+.idea/**/azureSettings.xml
+
+### Ruby ###
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*
+
+# End of https://www.toptal.com/developers/gitignore/api/intellij,ruby

data/.ruby-version

@@ -0,0 +1 @@
+3.2.0

data/Gemfile

@@ -0,0 +1,2 @@
+source "https://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,96 @@
+PATH
+  remote: .
+  specs:
+    danger-sarif (0.1.0)
+      danger-plugin-api (>= 1.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.5)
+      public_suffix (>= 2.0.2, < 6.0)
+    claide (1.1.0)
+    claide-plugins (0.9.2)
+      cork
+      nap
+      open4 (~> 1.3)
+    colored2 (3.1.2)
+    cork (0.3.0)
+      colored2 (~> 3.1)
+    danger (9.3.1)
+      claide (~> 1.0)
+      claide-plugins (>= 0.9.2)
+      colored2 (~> 3.1)
+      cork (~> 0.1)
+      faraday (>= 0.9.0, < 3.0)
+      faraday-http-cache (~> 2.0)
+      git (~> 1.13)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.0)
+      no_proxy_fix
+      octokit (~> 6.0)
+      terminal-table (>= 1, < 4)
+    danger-plugin-api (1.0.0)
+      danger (> 2.0)
+    diff-lcs (1.5.0)
+    faraday (2.7.10)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-http-cache (2.5.0)
+      faraday (>= 0.8)
+    faraday-net_http (3.0.2)
+    faraday-retry (2.2.0)
+      faraday (~> 2.0)
+    git (1.18.0)
+      addressable (~> 2.8)
+      rchardet (~> 1.8)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    nap (1.1.0)
+    no_proxy_fix (0.1.2)
+    octokit (6.1.1)
+      faraday (>= 1, < 3)
+      sawyer (~> 0.9)
+    open4 (1.3.4)
+    public_suffix (5.0.3)
+    rake (13.0.6)
+    rchardet (1.8.0)
+    rexml (3.2.6)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.2)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.6)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.1)
+    ruby2_keywords (0.0.5)
+    sawyer (0.9.2)
+      addressable (>= 2.3.5)
+      faraday (>= 0.17.3, < 3)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.4.2)
+    yard (0.9.34)
+
+PLATFORMS
+  arm64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  bundler (>= 2.0)
+  danger-sarif!
+  faraday-retry (>= 2.2.0)
+  rake (>= 10.0)
+  rspec (>= 3.4)
+  yard (>= 0.9.34)
+
+BUNDLED WITH
+   2.4.17

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2023 irgaly
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,34 @@
+# danger-sarif
+
+[Danger](https://github.com/danger/danger) plugin for reporting SARIF file.
+
+## Installation
+
+```shell
+$ gem install danger-sarif
+```
+
+## Usage
+
+report from SARIF file
+
+```ruby
+# Dangerfile
+sarif.report 'app/build/reports/lint-results-debug.sarif'
+```
+
+report from multiple SARIF files
+
+```ruby
+# Dangerfile
+Dir['**/build/reports/lint-results-*.sarif'].each do |file|
+  sarif.report file
+end
+```
+
+## Development
+
+1. Clone this repo
+2. Run `bundle install` to setup dependencies.
+3. Make your changes.
+4. Run `bundle exec rake spec` to run the tests.

data/Rakefile

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:specs)
+
+task default: :specs
+
+task :spec do
+  Rake::Task["specs"].invoke
+  Rake::Task["spec_docs"].invoke
+end
+
+desc "Ensure that the plugin passes `danger plugins lint`"
+task :spec_docs do
+  sh "bundle exec danger plugins lint"
+end

data/danger-sarif.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "sarif/gem_version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "danger-sarif"
+  spec.version       = Sarif::VERSION
+  spec.authors       = ["irgaly"]
+  spec.email         = ["irgaly@gmail.com"]
+  spec.description   = "Danger plugin for reporting SARIF file."
+  spec.summary       = "Danger plugin for reporting SARIF file."
+  spec.homepage      = "https://github.com/irgaly/danger-sarif"
+  spec.license       = "Apache-2.0"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "danger-plugin-api", ">= 1.0"
+  spec.add_development_dependency "bundler", ">= 2.0"
+  spec.add_development_dependency "rake", ">= 10.0"
+  spec.add_development_dependency "rspec", ">= 3.4"
+  spec.add_development_dependency "faraday-retry", ">= 2.2.0"
+  spec.add_development_dependency "yard", ">= 0.9.34"
+end

data/lib/danger_plugin.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "sarif/plugin"

data/lib/danger_sarif.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require "sarif/gem_version"

data/lib/sarif/gem_version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Sarif
+  VERSION = "0.1.0"
+end

data/lib/sarif/plugin.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require "uri"
+require "pathname"
+
+module Danger
+  # Danger plugin for reporting SARIF file.
+  #
+  # @example report from SARIF file
+  #
+  #          sarif.report 'app/build/reports/lint-results-debug.sarif'
+  #
+  # @example report from multiple SARIF files
+  #
+  #          Dir['**/build/reports/lint-results-*.sarif'].each do |file|
+  #            sarif.report file
+  #          end
+  #
+  # @see  irgaly/danger-sarif
+  # @tags lint, sarif
+  #
+  class DangerSarif < Plugin
+    Warning = Struct.new(:message, :file, :line)
+
+    # Report errors from SARIF file
+    #
+    # @return [void]
+    def report(file, base_dir: nil)
+      parse(file, base_dir: base_dir).each do |warning|
+        warn(warning.message, file: warning.file, line: warning.line)
+      end
+    end
+
+    # Parse SARIF file, then return Warnings
+    #
+    # @return [DangerSarif::Warning]
+    def parse(file, base_dir: nil)
+      raise "SARIF file was not found: #{file}" unless File.exist? file
+      base_dir_path = Pathname.new(base_dir || Dir.pwd)
+      json = JSON.parse(File.read(file))
+      json["runs"].flat_map do |run|
+        base_uris = run["originalUriBaseIds"] || {}
+        run["results"].flat_map do |result|
+          message = result["message"]["markdown"] || result["message"]["text"]
+          result["locations"].map do |location|
+            physicalLocation = location["physicalLocation"]
+            artifactLocation = physicalLocation["artifactLocation"]
+            base_uri = base_uris[artifactLocation["uriBaseId"]]
+            uri = artifactLocation["uri"]
+            target_uri = if base_uri&.key?("uri") then
+              File.join(base_uri["uri"], uri)
+            else
+              uri
+            end
+            file = begin
+              target_path = Pathname.new(URI.parse(target_uri).path)
+              target_path.relative_path_from(base_dir_path).to_s
+              rescue ArgumentError
+                target_path.to_s
+            end
+            line = physicalLocation["region"]["startLine"].to_i
+            Warning.new(message: message, file: file, line: line)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/fixtures/android-lint.sarif

@@ -0,0 +1,129 @@
+{
+    "$schema" : "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+    "version" : "2.1.0",
+    "runs" : [
+        {
+            "tool": {
+                "driver": {
+                    "name": "Android Lint",
+                    "fullName": "Android Lint (in gradle)",
+                    "version": "8.0.0",
+                    "semanticVersion": "8.0.0",
+                    "organization": "Google",
+                    "informationUri": "https://developer.android.com/studio/write/lint",
+                    "fullDescription": {
+                        "text": "Static analysis originally for Android source code but now performing general analysis"
+                    },
+                    "language": "en-US",
+                    "rules": [
+                        {
+                            "id": "DuplicateIncludedIds",
+                            "shortDescription": {
+                                "text": "Duplicate ids across layouts combined with include tags"
+                            },
+                            "fullDescription": {
+                                "text": "It's okay for two independent layouts to use the same ids. However, if layouts are combined with include tags, then the id's need to be unique within any chain of included layouts, or Activity#findViewById() can return an unexpected view.",
+                                "markdown": "It's okay for two independent layouts to use the same ids. However, if layouts are combined with include tags, then the id's need to be unique within any chain of included layouts, or `Activity#findViewById()` can return an unexpected view."
+                            },
+                            "defaultConfiguration": {
+                                "level": "warning",
+                                "rank": 50
+                            },
+                            "properties": {
+                                "tags": [
+                                    "Correctness"
+                                ]
+                            }
+                        }
+                    ]
+                }
+            },
+            "originalUriBaseIds": {
+                "%SRCROOT%": {
+                    "uri": "file:///Users/user_name/"
+                },
+                "USER_HOME": {
+                    "uri": "file:///Users/user_name/"
+                }
+            },
+            "results": [
+                {
+                    "ruleId": "DuplicateIncludedIds",
+                    "ruleIndex": 0,
+                    "message": {
+                        "text": "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]",
+                        "markdown": "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
+                    },
+                    "locations": [
+                        {
+                            "message": {
+                                "text": "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
+                            },
+                            "physicalLocation": {
+                                "artifactLocation": {
+                                    "uriBaseId": "%SRCROOT%",
+                                    "uri": "app/src/main/res/layout/my_layout.xml"
+                                },
+                                "region": {
+                                    "startLine": 10,
+                                    "startColumn": 20,
+                                    "endLine": 12,
+                                    "endColumn": 30,
+                                    "charOffset": 100,
+                                    "charLength": 200,
+                                    "snippet": {
+                                        "text": "<include\n                        android:id=\"@+id/view_id\"\n                        layout=\"@layout/my_layout2\"\n                        android:layout_width=\"wrap_content\"\n                        android:layout_height=\"wrap_content\" />"
+                                    }
+                                },
+                                "contextRegion": {
+                                    "startLine": 8,
+                                    "endLine": 16,
+                                    "snippet": {
+                                        "text": "                    android:paddingEnd=\"10dp\">\n\n                    <include\n                        android:id=\"@+id/view_id\"\n                        layout=\"@layout/my_layout2\"\n                        android:layout_width=\"wrap_content\"\n                        android:layout_height=\"wrap_content\" />\n"
+                                    }
+                                }
+                            }
+                        }
+                    ],
+                    "relatedLocations": [
+                        {
+                            "id": 1,
+                            "message": {
+                                "text": "Defined here"
+                            },
+                            "physicalLocation": {
+                                "artifactLocation": {
+                                    "uriBaseId": "%SRCROOT%",
+                                    "uri": "app/src/main/res/layout/my_layout2.xml"
+                                },
+                                "region": {
+                                    "startLine": 10,
+                                    "startColumn": 13,
+                                    "endLine": 12,
+                                    "endColumn": 41,
+                                    "charOffset": 1000,
+                                    "charLength": 30,
+                                    "snippet": {
+                                        "text": "android:id=\"@+id/view_id\""
+                                    }
+                                },
+                                "contextRegion": {
+                                    "startLine": 8,
+                                    "endLine": 14,
+                                    "snippet": {
+                                        "text": "\n        <View\n            android:id=\"@+id/view_id\"\n            android:layout_width=\"match_parent\""
+                                    }
+                                }
+                            }
+                        }
+                    ],
+                    "fixes": [
+                    ],
+                    "partialFingerprints": {
+                        "sourceContext/v1": "cd78196d6afed500"
+                    }
+                }
+            ]
+        }
+    ]
+}