danger-sarif 0.1.0 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/Gemfile.lock +1 -1
  4. data/README.md +15 -1
  5. data/lib/sarif/gem_version.rb +1 -1
  6. data/lib/sarif/plugin.rb +43 -5
  7. data/spec/fixtures/rubocop-code-scanning.sarif +67 -0
  8. data/spec/sarif_spec.rb +47 -31
  9. metadata +5 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8760f99338fc4d1ae9953f9cf38632fb55bbc1a414cd7d9bd7a645592211233e
4
- data.tar.gz: f8fb9752cf57614a66c51de7628e70a74f332b953734b347463d807f539f91b3
3
+ metadata.gz: 1e1bd9e132727e6bae54a7cf3d212ae64e4e1443a56815e810c76aa4c8cb7cdc
4
+ data.tar.gz: 2f87be53d4b549e78a5c3fca243ffeae4deb66a87bc8f5ea23e475f8910cd50a
5
5
  SHA512:
6
- metadata.gz: bbed21ac1459ff7344787101caa6093f3f9daaec7186a8baf09e6a217e944c49ecb3747281650e34f15fb0e1313a8795d1b1061cd14150fb35cff5647a6901d0
7
- data.tar.gz: faa5abb83218dbb3797e3cf72de594c20ca5fce35e326b5812d21cf16cc17d769a32a185cb8a8a94092466bcb8e110163ef7a3fb6802aa29a74bdec26b1f4b86
6
+ metadata.gz: 70e8cf9d7f916b43f67758d4188e941b68e9b8146d30adb07cc3dd11e21a7e5b598024488d9a79db1508eb23bdd85c7eb01b094a5172c9011f3777954ee63624
7
+ data.tar.gz: cca36bb447b7d83af81b1cc788a82668273da3c37e406b29cc9376586c5d9af3aa00816ccd0ed42d470fed85fdea4a4f870ea7b0a8204843efe85d528d471d76
data/CHANGELOG.md ADDED
@@ -0,0 +1,10 @@
1
+ # v0.9.0 - 2023/11/08 JST
2
+
3
+ #### Feature
4
+
5
+ * add sarif.fail_on_error [#3](https://github.com/irgaly/danger-sarif/pull/3)
6
+ * fail CI if SARIF file has `level: "error"` result.
7
+
8
+ # v0.1.0 - 2023/08/27 JST
9
+
10
+ * initial release
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- danger-sarif (0.1.0)
4
+ danger-sarif (0.9.0)
5
5
  danger-plugin-api (>= 1.0)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -1,6 +1,8 @@
1
1
  # danger-sarif
2
2
 
3
- [Danger](https://github.com/danger/danger) plugin for reporting SARIF file.
3
+ [![Gem Version](https://badge.fury.io/rb/danger-sarif.svg)](https://badge.fury.io/rb/danger-sarif)
4
+
5
+ [Danger](https://github.com/danger/danger) plugin for reporting [SARIF](https://sarifweb.azurewebsites.net/) file.
4
6
 
5
7
  ## Installation
6
8
 
@@ -26,6 +28,18 @@ Dir['**/build/reports/lint-results-*.sarif'].each do |file|
26
28
  end
27
29
  ```
28
30
 
31
+ ## Options
32
+
33
+ | option | description |
34
+ |-----------------------|--------------------------------------------------------------------|
35
+ | `sarif.fail_on_error` | Set the behavior that treating error as fail or not. default: true |
36
+
37
+ ```ruby
38
+ # Dangerfile
39
+ sarif.fail_on_error false
40
+ sarif.report '...'
41
+ ```
42
+
29
43
  ## Development
30
44
 
31
45
  1. Clone this repo
data/lib/sarif/gem_version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Sarif
4
- VERSION = "0.1.0"
4
+ VERSION = "0.9.0"
5
5
  end
data/lib/sarif/plugin.rb CHANGED
@@ -21,27 +21,61 @@ module Danger
21
21
  #
22
22
  class DangerSarif < Plugin
23
23
  Warning = Struct.new(:message, :file, :line)
24
+ Error = Struct.new(:message, :file, :line)
25
+
26
+ def initialize(dangerfile)
27
+ super(dangerfile)
28
+ @fail_on_error = true
29
+ end
30
+
31
+ # Set the behavior that treating error as fail or not
32
+ #
33
+ # @param [bool] true: treat error as fail, false: treat error as warning
34
+ # @return [void]
35
+ def fail_on_error(value)
36
+ @fail_on_error = value
37
+ end
24
38
 
25
39
  # Report errors from SARIF file
26
40
  #
27
41
  # @return [void]
28
42
  def report(file, base_dir: nil)
29
- parse(file, base_dir: base_dir).each do |warning|
30
- warn(warning.message, file: warning.file, line: warning.line)
43
+ parse(file, base_dir: base_dir).each do |result|
44
+ if @fail_on_error && result.instance_of?(Error) then
45
+ warn(result.message, file: result.file, line: result.line)
46
+ else
47
+ fail(result.message, file: result.file, line: result.line)
48
+ end
31
49
  end
32
50
  end
33
51
 
34
- # Parse SARIF file, then return Warnings
52
+ # Parse SARIF file, then return Array of DangerSarif::Warning or DangerSarif::Error
35
53
  #
36
- # @return [DangerSarif::Warning]
54
+ # @return [Array] Array of DangerSarif::Warning or DangerSarif::Error
37
55
  def parse(file, base_dir: nil)
38
56
  raise "SARIF file was not found: #{file}" unless File.exist? file
39
57
  base_dir_path = Pathname.new(base_dir || Dir.pwd)
40
58
  json = JSON.parse(File.read(file))
41
59
  json["runs"].flat_map do |run|
42
60
  base_uris = run["originalUriBaseIds"] || {}
61
+ tool = run["tool"]
62
+ rules = {}
63
+ tool["driver"]["rules"]&.each do |rule|
64
+ rules[rule["id"]] = rule
65
+ end
66
+ tool["extensions"]&.each do |extension|
67
+ extension["rules"]&.each do |rule|
68
+ rules[rule["id"]] = rule
69
+ end
70
+ end
43
71
  run["results"].flat_map do |result|
44
72
  message = result["message"]["markdown"] || result["message"]["text"]
73
+ rule_id = result["ruleId"]
74
+ rule = rules[rule_id]
75
+ level = result["level"]
76
+ if !level then
77
+ level = (rule["defaultConfiguration"] || {})["level"]
78
+ end
45
79
  result["locations"].map do |location|
46
80
  physicalLocation = location["physicalLocation"]
47
81
  artifactLocation = physicalLocation["artifactLocation"]
@@ -59,7 +93,11 @@ module Danger
59
93
  target_path.to_s
60
94
  end
61
95
  line = physicalLocation["region"]["startLine"].to_i
62
- Warning.new(message: message, file: file, line: line)
96
+ if level == "error" then
97
+ Error.new(message: message, file: file, line: line)
98
+ else
99
+ Warning.new(message: message, file: file, line: line)
100
+ end
63
101
  end
64
102
  end
65
103
  end
data/spec/fixtures/rubocop-code-scanning.sarif ADDED
@@ -0,0 +1,67 @@
1
+ {
2
+ "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
3
+ "version": "2.1.0",
4
+ "runs": [
5
+ {
6
+ "tool": {
7
+ "driver": {
8
+ "name": "RuboCop",
9
+ "version": "1.56.1",
10
+ "informationUri": "https://rubocop.org",
11
+ "rules": [
12
+ {
13
+ "id": "Style/FrozenStringLiteralComment",
14
+ "name": "StyleFrozenStringLiteralComment",
15
+ "defaultConfiguration": {
16
+ "level": "note"
17
+ },
18
+ "properties": {
19
+ "precision": "very-high",
20
+ "description": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default.",
21
+ "tags": [
22
+ "style"
23
+ ],
24
+ "queryURI": "https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment"
25
+ },
26
+ "shortDescription": {
27
+ "text": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default."
28
+ },
29
+ "fullDescription": {
30
+ "text": "Add the frozen_string_literal comment to the top of files to help transition to frozen string literals by default."
31
+ },
32
+ "helpUri": "https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment",
33
+ "help": {
34
+ "text": "More info: https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment",
35
+ "markdown": "[More info](https://docs.rubocop.org/rubocop/cops_style.html#stylefrozenstringliteralcomment)"
36
+ }
37
+ }
38
+ ]
39
+ }
40
+ },
41
+ "results": [
42
+ {
43
+ "ruleId": "Style/FrozenStringLiteralComment",
44
+ "ruleIndex": 0,
45
+ "message": {
46
+ "text": "Style/FrozenStringLiteralComment: Missing frozen string literal comment."
47
+ },
48
+ "locations": [
49
+ {
50
+ "physicalLocation": {
51
+ "artifactLocation": {
52
+ "uri": "Dangerfile",
53
+ "uriBaseId": "%SRCROOT%"
54
+ },
55
+ "region": {
56
+ "startLine": 1,
57
+ "startColumn": 1,
58
+ "endColumn": 1
59
+ }
60
+ }
61
+ }
62
+ ]
63
+ }
64
+ ]
65
+ }
66
+ ]
67
+ }
data/spec/sarif_spec.rb CHANGED
@@ -16,63 +16,79 @@ module Danger
16
16
 
17
17
  describe "parse fixtures" do
18
18
  describe "with android-lint.sarif" do
19
- subject(:warnings) {
19
+ subject(:results) {
20
20
  @sarif.parse("spec/fixtures/android-lint.sarif", base_dir: "/Users/user_name")
21
21
  }
22
- it "have a warning" do
23
- expect(warnings.size).to eq 1
22
+ it "have a result" do
23
+ expect(results.size).to eq 1
24
24
  end
25
- it "exact warning" do
26
- expect(warnings[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
27
- expect(warnings[0].file).to eq "app/src/main/res/layout/my_layout.xml"
28
- expect(warnings[0].line).to eq 10
25
+ it "exact result" do
26
+ expect(results[0].message).to eq "Duplicate id @+id/view_id, defined or included multiple times in layout/my_layout.xml: [layout/my_layout.xml defines @+id/view_id, layout/my_layout.xml => layout/my_layout2.xml defines @+id/view_id]"
27
+ expect(results[0].file).to eq "app/src/main/res/layout/my_layout.xml"
28
+ expect(results[0].line).to eq 10
29
29
  end
30
30
  end
31
31
  describe "with detekt.sarif" do
32
- subject(:warnings) {
32
+ subject(:results) {
33
33
  @sarif.parse("spec/fixtures/detekt.sarif", base_dir: "/Users/user_name")
34
34
  }
35
- it "have a warning" do
36
- expect(warnings.size).to eq 1
35
+ it "have a result" do
36
+ expect(results.size).to eq 1
37
37
  end
38
- it "exact warning" do
39
- expect(warnings[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
40
- expect(warnings[0].file).to eq "app/src/main/kotlin/MyClass.kt"
41
- expect(warnings[0].line).to eq 10
38
+ it "exact result" do
39
+ expect(results[0].message).to eq "This expression contains a magic number. Consider defining it to a well named constant."
40
+ expect(results[0].file).to eq "app/src/main/kotlin/MyClass.kt"
41
+ expect(results[0].line).to eq 10
42
42
  end
43
43
  end
44
44
  describe "with ktlint.sarif" do
45
- subject(:warnings) {
45
+ subject(:results) {
46
46
  @sarif.parse("spec/fixtures/ktlint.sarif", base_dir: "/Users/user_name")
47
47
  }
48
- it "have a warning" do
49
- expect(warnings.size).to eq 1
48
+ it "have a result" do
49
+ expect(results.size).to eq 1
50
50
  end
51
- it "exact warning" do
52
- expect(warnings[0].message).to eq "Error Message from ktlint"
53
- expect(warnings[0].file).to eq "project/app/src/main/kotlin/File.kt"
54
- expect(warnings[0].line).to eq 10
51
+ it "result is a Error" do
52
+ expect(results[0].instance_of?(DangerSarif::Error)).to be true
53
+ end
54
+ it "exact result" do
55
+ expect(results[0].message).to eq "Error Message from ktlint"
56
+ expect(results[0].file).to eq "project/app/src/main/kotlin/File.kt"
57
+ expect(results[0].line).to eq 10
55
58
  end
56
59
  end
57
60
  describe "with qodana-community-android.sarif" do
58
- subject(:warnings) {
61
+ subject(:results) {
59
62
  @sarif.parse("spec/fixtures/qodana-community-android.sarif")
60
63
  }
61
- it "have a warning" do
62
- expect(warnings.size).to eq 1
64
+ it "have a result" do
65
+ expect(results.size).to eq 1
63
66
  end
64
- it "exact warning" do
65
- expect(warnings[0].message).to eq "Function \"GreetingPreview\" is never used"
66
- expect(warnings[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
67
- expect(warnings[0].line).to eq 42
67
+ it "exact result" do
68
+ expect(results[0].message).to eq "Function \"GreetingPreview\" is never used"
69
+ expect(results[0].file).to eq "app/src/main/kotlin/com/example/myapplication/MainActivity.kt"
70
+ expect(results[0].line).to eq 42
68
71
  end
69
72
  end
70
73
  describe "with qodana-community-android-short.sarif" do
71
- subject(:warnings) {
74
+ subject(:results) {
72
75
  @sarif.parse("spec/fixtures/qodana-community-android-short.sarif")
73
76
  }
74
- it "empty warning" do
75
- expect(warnings.size).to eq 0
77
+ it "empty result" do
78
+ expect(results.size).to eq 0
79
+ end
80
+ end
81
+ describe "with qodana-community-android.sarif" do
82
+ subject(:results) {
83
+ @sarif.parse("spec/fixtures/rubocop-code-scanning.sarif")
84
+ }
85
+ it "have a result" do
86
+ expect(results.size).to eq 1
87
+ end
88
+ it "exact result" do
89
+ expect(results[0].message).to eq "Style/FrozenStringLiteralComment: Missing frozen string literal comment."
90
+ expect(results[0].file).to eq "Dangerfile"
91
+ expect(results[0].line).to eq 1
76
92
  end
77
93
  end
78
94
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: danger-sarif
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - irgaly
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-27 00:00:00.000000000 Z
11
+ date: 2023-11-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: danger-plugin-api
@@ -106,6 +106,7 @@ files:
106
106
  - ".github/workflows/test.yml"
107
107
  - ".gitignore"
108
108
  - ".ruby-version"
109
+ - CHANGELOG.md
109
110
  - Gemfile
110
111
  - Gemfile.lock
111
112
  - LICENSE
@@ -122,6 +123,7 @@ files:
122
123
  - spec/fixtures/pull_request_event.json
123
124
  - spec/fixtures/qodana-community-android-short.sarif
124
125
  - spec/fixtures/qodana-community-android.sarif
126
+ - spec/fixtures/rubocop-code-scanning.sarif
125
127
  - spec/sarif_spec.rb
126
128
  - spec/spec_helper.rb
127
129
  homepage: https://github.com/irgaly/danger-sarif
@@ -154,5 +156,6 @@ test_files:
154
156
  - spec/fixtures/pull_request_event.json
155
157
  - spec/fixtures/qodana-community-android-short.sarif
156
158
  - spec/fixtures/qodana-community-android.sarif
159
+ - spec/fixtures/rubocop-code-scanning.sarif
157
160
  - spec/sarif_spec.rb
158
161
  - spec/spec_helper.rb