-
-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add option to skip def_ws prefix in sarif reports #2383
feat: add option to skip def_ws prefix in sarif reports #2383
Conversation
That seems great :) I think SARIF_REPORTER_NORMALIZE_LINTERS_OUTPUT should be true by default :) |
a9cc332
to
897c62e
Compare
Thanks, fixed so it is default true now. Btw,How can I make the checks failing tests succed, if i interprets the checks logs correct they would need permission conf (a PAT token) for the repo etc. Learning for this and future fixes.:) |
This pull request has been automatically marked as stale because it has not had recent activity. If you think this pull request should stay open, please remove the |
I believe the errors are the linter violations, not the bit about the PAT, which you can ignore. |
897c62e
to
e5eb3de
Compare
Uh, oh, I see now, preparing a fix for these. |
This PR is a suggestion for solving the use case of needing to remove the DEFAULT_WORKSPACE from the out put in the generated SARIF output. (oxsecurity#2006). It moves the SARIF logic to an earlier phase, to be handled before the aggregate SARIF generation. It replaces the prefix if the flag SARIF_REPORTER_NORMALIZE_LINTERS_OUTPUT: true is set (default: true). Implementation is done by line parsing and replacing, as a node traversal solution quickly grew due to the many places in the sarif out put the uri can be found (metris, relatedLocations, and so on), and the code is much simpler this way to maintain. Improvements and suggestions: Could dumps and resulting json string be used in a reliable way to line parse an json file? I didn't find a good way. Should the option be renamed to SARIF_REPORTER_DISABLE_DEFAULT_WORKSPACE_IN_OUTPUT or alike. As the pre existing normalization still happens? (We don't change that pre existing behaviour in this PR, only the DEFAULT_WORKSPACE prefix part). Signed-off-by: Josef Andersson <[email protected]>
e5eb3de
to
94130ea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed green, well done , thanks :):
Fixes #2006
This PR is a suggestion for solving the use case
of needing to remove the DEFAULT_WORKSPACE from
the out put in the generated SARIF output.
(#2006).
It moves the SARIF logic to an earlier phase, to be handled before the aggregate SARIF generation.
It replaces the prefix if the flag
SARIF_REPORTER_NORMALIZE_LINTERS_OUTPUT: true is set (default: true)
(see clear_default_workspace_prefix(...
Implementation is done by line parsing and replacing, as a node traversal solution quickly would grew due to
the many places in the sarif out put the uri can be found (metris, relatedLocations, and so on), and the code is much simpler this way to maintain.
Improvements and suggestions:
a reliable way to stream line parse an json file? I didn't find a good way.
SARIF_REPORTER_DISABLE_DEFAULT_WORKSPACE_IN_OUTPUT or alike. As the pre existing normalization still happens? (We don't change that pre existing behaviour in this PR, only the DEFAULT_WORKSPACE prefix part).
Proposed Changes
Readiness Checklist
Author/Contributor
Reviewing Maintainer
breaking
if this is a large fundamental changeautomation
,bug
,documentation
,enhancement
,infrastructure
, orperformance