sarif-ruby 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 79bce3486dd120e26e0263dcb1bb6b2a9d927c5e75390563eaa78c08cab73065
+  data.tar.gz: a8265311c18e62d73ed428b75f7a019355a2122566569e67f8095aa3b3322df0
+SHA512:
+  metadata.gz: acaaf4c0aee7cbbb54efa9eb7a77d8d2ecf5a033fde1fa7a7606dc1b6559b38d4bf745f38349a5c7e9c0f36ebcbf84bc9dfd84a0ef681f155775be426b8a11f2
+  data.tar.gz: 12337301a09f56547993e8468d632b6b1d9816e58e9cf0378b5bf5eb2045477dc2e7e24672ff2fa681561d5980b096b6ca141d5136827cbd26ce3e45707774f8

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2026-01-07
+
+- Initial release

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,10 @@
+# Code of Conduct
+
+"sarif" follows [The Ruby Community Conduct Guideline](https://www.ruby-lang.org/en/conduct) in all "collaborative space", which is defined as community communications channels (such as mailing lists, submitted patches, commit comments, etc.):
+
+* Participants will be tolerant of opposing views.
+* Participants must ensure that their language and actions are free of personal attacks and disparaging personal remarks.
+* When interpreting the words and actions of others, participants should always assume good intentions.
+* Behaviour which can be reasonably considered harassment will not be tolerated.
+
+If you have any concerns about behaviour within this project, please contact us at ["andrewnez@gmail.com"](mailto:"andrewnez@gmail.com").

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Andrew Nesbitt
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,191 @@
+# sarif-ruby
+
+A Ruby SDK for SARIF (Static Analysis Results Interchange Format) 2.1.0.
+
+SARIF is an OASIS standard format for representing static analysis tool output. This gem provides Ruby classes for creating, reading, and manipulating SARIF files.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem "sarif-ruby"
+```
+
+Or install directly:
+
+```
+gem install sarif-ruby
+```
+
+## Usage
+
+### Creating SARIF output
+
+```ruby
+require "sarif"
+
+log = Sarif::Log.new(
+  version: "2.1.0",
+  runs: [
+    Sarif::Run.new(
+      tool: Sarif::Tool.new(
+        driver: Sarif::ToolComponent.new(
+          name: "my-linter",
+          version: "1.0.0",
+          information_uri: "https://example.com/my-linter"
+        )
+      ),
+      results: [
+        Sarif::Result.new(
+          rule_id: "no-unused-vars",
+          level: "warning",
+          message: Sarif::Message.new(text: "Variable 'x' is unused"),
+          locations: [
+            Sarif::Location.new(
+              physical_location: Sarif::PhysicalLocation.new(
+                artifact_location: Sarif::ArtifactLocation.new(uri: "src/main.rb"),
+                region: Sarif::Region.new(start_line: 10, start_column: 5)
+              )
+            )
+          ]
+        )
+      ]
+    )
+  ]
+)
+
+# Write to file
+Sarif.dump(log, "results.sarif")
+
+# Write pretty-printed JSON
+Sarif.dump(log, "results.sarif", pretty: true)
+
+# Get JSON string
+json = log.to_json(pretty: true)
+```
+
+### Reading SARIF files
+
+```ruby
+# Load from file
+log = Sarif.load("results.sarif")
+
+# Parse JSON string
+log = Sarif.parse(json_string)
+
+# Access data
+log.runs.each do |run|
+  puts "Tool: #{run.tool.driver.name}"
+
+  run.results&.each do |result|
+    puts "  #{result.rule_id}: #{result.message.text}"
+
+    result.locations&.each do |location|
+      loc = location.physical_location
+      puts "    #{loc.artifact_location.uri}:#{loc.region&.start_line}"
+    end
+  end
+end
+```
+
+### Defining rules
+
+```ruby
+Sarif::Run.new(
+  tool: Sarif::Tool.new(
+    driver: Sarif::ToolComponent.new(
+      name: "my-linter",
+      version: "1.0.0",
+      rules: [
+        Sarif::ReportingDescriptor.new(
+          id: "no-unused-vars",
+          name: "NoUnusedVariables",
+          short_description: Sarif::MultiformatMessageString.new(
+            text: "Disallow unused variables"
+          ),
+          full_description: Sarif::MultiformatMessageString.new(
+            text: "Variables that are declared but never used are likely mistakes."
+          ),
+          default_configuration: Sarif::ReportingConfiguration.new(
+            level: "warning"
+          ),
+          help_uri: "https://example.com/rules/no-unused-vars"
+        )
+      ]
+    )
+  ),
+  results: [
+    Sarif::Result.new(
+      rule_id: "no-unused-vars",
+      rule_index: 0,
+      message: Sarif::Message.new(text: "Variable 'x' is unused")
+    )
+  ]
+)
+```
+
+### Result levels
+
+SARIF defines four severity levels:
+
+- `"error"` - A serious problem
+- `"warning"` - A potential problem (default)
+- `"note"` - Informational finding
+- `"none"` - No severity
+
+```ruby
+Sarif::Result.new(
+  rule_id: "security-issue",
+  level: "error",
+  message: Sarif::Message.new(text: "SQL injection vulnerability")
+)
+```
+
+## Available classes
+
+The gem provides classes for all SARIF 2.1.0 types:
+
+| Class | Description |
+|-------|-------------|
+| `Sarif::Log` | Root object containing runs |
+| `Sarif::Run` | Single tool execution |
+| `Sarif::Tool` | Tool metadata |
+| `Sarif::ToolComponent` | Tool driver or extension |
+| `Sarif::Result` | Individual finding |
+| `Sarif::Message` | Human-readable message |
+| `Sarif::Location` | Where a result was detected |
+| `Sarif::PhysicalLocation` | File and region |
+| `Sarif::ArtifactLocation` | File path or URI |
+| `Sarif::Region` | Line/column range |
+| `Sarif::ReportingDescriptor` | Rule definition |
+| `Sarif::ReportingConfiguration` | Rule configuration |
+| `Sarif::Fix` | Proposed fix |
+| `Sarif::Invocation` | Tool execution details |
+| ... | And 40+ more |
+
+## Regenerating classes
+
+Classes are generated from the official SARIF JSON schema. To regenerate:
+
+```
+bundle exec rake sarif:generate
+```
+
+## Links
+
+- [SARIF Specification](https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)
+- [SARIF JSON Schema](https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json)
+- [SARIF Tutorials](https://github.com/microsoft/sarif-tutorials)
+- [OASIS SARIF TC](https://www.oasis-open.org/committees/sarif/)
+
+### Other SARIF SDKs
+
+- [sarif-python-om](https://github.com/microsoft/sarif-python-om) - Python
+- [java-sarif](https://github.com/Contrast-Security-OSS/java-sarif) - Java
+- [sarif-sdk](https://github.com/microsoft/sarif-sdk) - .NET
+- [sarif-js-sdk](https://github.com/microsoft/sarif-js-sdk) - JavaScript
+
+## License
+
+MIT License. See [LICENSE](LICENSE) for details.

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "minitest/test_task"
+
+Dir.glob("tasks/**/*.rake").each { |r| load r }
+
+Minitest::TestTask.create
+
+task default: :test

data/lib/sarif/address.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Sarif
+  # A physical or virtual address, or a range of addresses, in an 'addressable region' (memory or a binary file).
+  class Address
+    attr_accessor :absolute_address, :relative_address, :length, :kind, :name, :fully_qualified_name, :offset_from_parent, :index, :parent_index, :properties
+
+    def initialize(absolute_address: -1, relative_address: nil, length: nil, kind: nil, name: nil, fully_qualified_name: nil, offset_from_parent: nil, index: -1, parent_index: -1, properties: nil)
+      @absolute_address = absolute_address
+      @relative_address = relative_address
+      @length = length
+      @kind = kind
+      @name = name
+      @fully_qualified_name = fully_qualified_name
+      @offset_from_parent = offset_from_parent
+      @index = index
+      @parent_index = parent_index
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["absoluteAddress"] = @absolute_address if @absolute_address && @absolute_address != -1
+      h["relativeAddress"] = @relative_address unless @relative_address.nil?
+      h["length"] = @length unless @length.nil?
+      h["kind"] = @kind unless @kind.nil?
+      h["name"] = @name unless @name.nil?
+      h["fullyQualifiedName"] = @fully_qualified_name unless @fully_qualified_name.nil?
+      h["offsetFromParent"] = @offset_from_parent unless @offset_from_parent.nil?
+      h["index"] = @index if @index && @index != -1
+      h["parentIndex"] = @parent_index if @parent_index && @parent_index != -1
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        absolute_address: h["absoluteAddress"] || -1,
+        relative_address: h["relativeAddress"],
+        length: h["length"],
+        kind: h["kind"],
+        name: h["name"],
+        fully_qualified_name: h["fullyQualifiedName"],
+        offset_from_parent: h["offsetFromParent"],
+        index: h["index"] || -1,
+        parent_index: h["parentIndex"] || -1,
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(Address)
+      @absolute_address == other.absolute_address && @relative_address == other.relative_address && @length == other.length && @kind == other.kind && @name == other.name && @fully_qualified_name == other.fully_qualified_name && @offset_from_parent == other.offset_from_parent && @index == other.index && @parent_index == other.parent_index && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@absolute_address, @relative_address, @length, @kind, @name, @fully_qualified_name, @offset_from_parent, @index, @parent_index, @properties].hash
+    end
+  end
+end

data/lib/sarif/artifact.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module Sarif
+  # A single artifact. In some cases, this artifact might be nested within another artifact.
+  class Artifact
+    attr_accessor :description, :location, :parent_index, :offset, :length, :roles, :mime_type, :contents, :encoding, :source_language, :hashes, :last_modified_time_utc, :properties
+
+    def initialize(description: nil, location: nil, parent_index: -1, offset: nil, length: -1, roles: [], mime_type: nil, contents: nil, encoding: nil, source_language: nil, hashes: nil, last_modified_time_utc: nil, properties: nil)
+      @description = description
+      @location = location
+      @parent_index = parent_index
+      @offset = offset
+      @length = length
+      @roles = roles
+      @mime_type = mime_type
+      @contents = contents
+      @encoding = encoding
+      @source_language = source_language
+      @hashes = hashes
+      @last_modified_time_utc = last_modified_time_utc
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["description"] = @description&.to_h unless @description.nil?
+      h["location"] = @location&.to_h unless @location.nil?
+      h["parentIndex"] = @parent_index if @parent_index && @parent_index != -1
+      h["offset"] = @offset unless @offset.nil?
+      h["length"] = @length if @length && @length != -1
+      h["roles"] = @roles&.map(&:to_s) if @roles&.any?
+      h["mimeType"] = @mime_type unless @mime_type.nil?
+      h["contents"] = @contents&.to_h unless @contents.nil?
+      h["encoding"] = @encoding unless @encoding.nil?
+      h["sourceLanguage"] = @source_language unless @source_language.nil?
+      h["hashes"] = @hashes unless @hashes.nil?
+      h["lastModifiedTimeUtc"] = @last_modified_time_utc unless @last_modified_time_utc.nil?
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        description: Message.from_hash(h["description"]),
+        location: ArtifactLocation.from_hash(h["location"]),
+        parent_index: h["parentIndex"] || -1,
+        offset: h["offset"],
+        length: h["length"] || -1,
+        roles: h["roles"] || [],
+        mime_type: h["mimeType"],
+        contents: ArtifactContent.from_hash(h["contents"]),
+        encoding: h["encoding"],
+        source_language: h["sourceLanguage"],
+        hashes: h["hashes"],
+        last_modified_time_utc: h["lastModifiedTimeUtc"],
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(Artifact)
+      @description == other.description && @location == other.location && @parent_index == other.parent_index && @offset == other.offset && @length == other.length && @roles == other.roles && @mime_type == other.mime_type && @contents == other.contents && @encoding == other.encoding && @source_language == other.source_language && @hashes == other.hashes && @last_modified_time_utc == other.last_modified_time_utc && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@description, @location, @parent_index, @offset, @length, @roles, @mime_type, @contents, @encoding, @source_language, @hashes, @last_modified_time_utc, @properties].hash
+    end
+  end
+end

data/lib/sarif/artifact_change.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Sarif
+  # A change to a single artifact.
+  class ArtifactChange
+    attr_accessor :artifact_location, :replacements, :properties
+
+    def initialize(artifact_location:, replacements:, properties: nil)
+      @artifact_location = artifact_location
+      @replacements = replacements
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["artifactLocation"] = @artifact_location&.to_h
+      h["replacements"] = @replacements&.map(&:to_h)
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        artifact_location: ArtifactLocation.from_hash(h["artifactLocation"]),
+        replacements: h["replacements"]&.map { |v| Replacement.from_hash(v) },
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(ArtifactChange)
+      @artifact_location == other.artifact_location && @replacements == other.replacements && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@artifact_location, @replacements, @properties].hash
+    end
+  end
+end

data/lib/sarif/artifact_content.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Sarif
+  # Represents the contents of an artifact.
+  class ArtifactContent
+    attr_accessor :text, :binary, :rendered, :properties
+
+    def initialize(text: nil, binary: nil, rendered: nil, properties: nil)
+      @text = text
+      @binary = binary
+      @rendered = rendered
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["text"] = @text unless @text.nil?
+      h["binary"] = @binary unless @binary.nil?
+      h["rendered"] = @rendered&.to_h unless @rendered.nil?
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        text: h["text"],
+        binary: h["binary"],
+        rendered: MultiformatMessageString.from_hash(h["rendered"]),
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(ArtifactContent)
+      @text == other.text && @binary == other.binary && @rendered == other.rendered && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@text, @binary, @rendered, @properties].hash
+    end
+  end
+end

data/lib/sarif/artifact_location.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Sarif
+  # Specifies the location of an artifact.
+  class ArtifactLocation
+    attr_accessor :uri, :uri_base_id, :index, :description, :properties
+
+    def initialize(uri: nil, uri_base_id: nil, index: -1, description: nil, properties: nil)
+      @uri = uri
+      @uri_base_id = uri_base_id
+      @index = index
+      @description = description
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["uri"] = @uri unless @uri.nil?
+      h["uriBaseId"] = @uri_base_id unless @uri_base_id.nil?
+      h["index"] = @index if @index && @index != -1
+      h["description"] = @description&.to_h unless @description.nil?
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        uri: h["uri"],
+        uri_base_id: h["uriBaseId"],
+        index: h["index"] || -1,
+        description: Message.from_hash(h["description"]),
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(ArtifactLocation)
+      @uri == other.uri && @uri_base_id == other.uri_base_id && @index == other.index && @description == other.description && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@uri, @uri_base_id, @index, @description, @properties].hash
+    end
+  end
+end

data/lib/sarif/attachment.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Sarif
+  # An artifact relevant to a result.
+  class Attachment
+    attr_accessor :description, :artifact_location, :regions, :rectangles, :properties
+
+    def initialize(description: nil, artifact_location:, regions: [], rectangles: [], properties: nil)
+      @description = description
+      @artifact_location = artifact_location
+      @regions = regions
+      @rectangles = rectangles
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["description"] = @description&.to_h unless @description.nil?
+      h["artifactLocation"] = @artifact_location&.to_h
+      h["regions"] = @regions&.map(&:to_h) if @regions&.any?
+      h["rectangles"] = @rectangles&.map(&:to_h) if @rectangles&.any?
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        description: Message.from_hash(h["description"]),
+        artifact_location: ArtifactLocation.from_hash(h["artifactLocation"]),
+        regions: h["regions"]&.map { |v| Region.from_hash(v) } || [],
+        rectangles: h["rectangles"]&.map { |v| Rectangle.from_hash(v) } || [],
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(Attachment)
+      @description == other.description && @artifact_location == other.artifact_location && @regions == other.regions && @rectangles == other.rectangles && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@description, @artifact_location, @regions, @rectangles, @properties].hash
+    end
+  end
+end

data/lib/sarif/code_flow.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Sarif
+  # A set of threadFlows which together describe a pattern of code execution relevant to detecting a result.
+  class CodeFlow
+    attr_accessor :message, :thread_flows, :properties
+
+    def initialize(message: nil, thread_flows:, properties: nil)
+      @message = message
+      @thread_flows = thread_flows
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["message"] = @message&.to_h unless @message.nil?
+      h["threadFlows"] = @thread_flows&.map(&:to_h)
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        message: Message.from_hash(h["message"]),
+        thread_flows: h["threadFlows"]&.map { |v| ThreadFlow.from_hash(v) },
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(CodeFlow)
+      @message == other.message && @thread_flows == other.thread_flows && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@message, @thread_flows, @properties].hash
+    end
+  end
+end

data/lib/sarif/configuration_override.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Sarif
+  # Information about how a specific rule or notification was reconfigured at runtime.
+  class ConfigurationOverride
+    attr_accessor :configuration, :descriptor, :properties
+
+    def initialize(configuration:, descriptor:, properties: nil)
+      @configuration = configuration
+      @descriptor = descriptor
+      @properties = properties
+    end
+
+    def to_h
+      h = {}
+      h["configuration"] = @configuration&.to_h
+      h["descriptor"] = @descriptor&.to_h
+      h["properties"] = @properties unless @properties.nil?
+      h
+    end
+
+    def to_json(pretty: false)
+      pretty ? JSON.pretty_generate(to_h) : JSON.generate(to_h)
+    end
+
+    def self.from_hash(h)
+      return nil if h.nil?
+      new(
+        configuration: ReportingConfiguration.from_hash(h["configuration"]),
+        descriptor: ReportingDescriptorReference.from_hash(h["descriptor"]),
+        properties: h["properties"]
+      )
+    end
+
+    def ==(other)
+      return false unless other.is_a?(ConfigurationOverride)
+      @configuration == other.configuration && @descriptor == other.descriptor && @properties == other.properties
+    end
+
+    alias eql? ==
+
+    def hash
+      [@configuration, @descriptor, @properties].hash
+    end
+  end
+end