Skip to content

Commit

Permalink
Merge branch 'main' into users/LingZhou-gh/sarif-sdk_ProblematicFilePath
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelcfanning authored Oct 25, 2024
2 parents 9febeee + 1af5bc3 commit 7684a23
Show file tree
Hide file tree
Showing 415 changed files with 2,091 additions and 3,904 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# This file controls who is tagged for review for any given pull request.

# For anything not explicitly taken by someone else:
* @michaelcfanning @suvamM @shaopeng-gh @scottoneil-ms @rwoll @yongyan-gh @LingZhou-gh @EasyRhinoMSFT @cfaucon
* @michaelcfanning @suvamM @shaopeng-gh @scottoneil-ms @rwoll @yongyan-gh @LingZhou-gh @EasyRhinoMSFT @cfaucon @nguerrera
24 changes: 24 additions & 0 deletions .github/workflows/build-and-test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Build and Test

on:
pull_request:
branches: [ "main" ]

jobs:
build:
name: Run
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
# GitHelper unit test requires full clone, not the shallow default of GitHub Actions
fetch-depth: 0
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: '3.1.x'
- name: Show dotnet info
run: dotnet --info
- name: Build and Test
# NoFormat because there is a separate format check action
run: ./BuildAndTest.cmd -NoFormat
14 changes: 14 additions & 0 deletions .github/workflows/build-multitool-for-npm.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Build Multitool for npm

on:
pull_request:
branches: [ "main" ]

jobs:
build:
name: Run
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- name: Build Multitool for npm
run: ./scripts/BuildMultitoolForNpm.ps1
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
# sarif-sdk
[![Build Status](https://dev.azure.com/mseng/1ES/_apis/build/status/microsoft.sarif-sdk?branchName=master)](https://dev.azure.com/mseng/1ES/_build/latest?definitionId=9978&branchName=main)
[![Nuget](https://img.shields.io/nuget/v/Sarif.Sdk)](https://nuget.org/packages/Sarif.Sdk)

The SARIF SDK contains .NET code and supporting files for working with the Static Analysis Results Interchange Format (SARIF). For more information about SARIF, see the [SARIF Home Page](http://sarifweb.azurewebsites.net). You can read the [SARIF specification](https://rawgit.com/sarif-standard/sarif-spec/master/Static%20Analysis%20Results%20Interchange%20Format%20(SARIF).html), or file [issues](https://github.com/sarif-standard/sarif-spec/issues) in the [SARIF GitHub repo](https://github.com/sarif-standard/sarif-spec).

Expand Down
17 changes: 15 additions & 2 deletions ReleaseHistory.md
Original file line number Diff line number Diff line change
@@ -1,19 +1,32 @@
# SARIF Package Release History (SDK, Driver, Converters, and Multitool)
## **v4.5.3 UNRELEASED
## UNRELEASED
* BRK: Remove defunct and unsupported `kusto` command in `Sarif.Multitool`.
* DEP: Remove dependency on `Microsoft.Azure.Kusto.Data`.
* DEP: Update `Azure.Identity` reference from 1.10.2 to 1.12.1 in `WorkItems` and `Sarif.Multitool.Library` to resolve [CVE-2024-29992](https://github.com/advisories/GHSA-wvxc-855f-jvrv) and other CVEs.
* DEP: Update `Azure.Core` from 1.35.0 to 1.41.0 to satisfy minimum requirement of `Azure.Identity` 1.12.1 that also has no vulnerabilities.
* BUG: When the path of the `EnumeratedArtifact` contains invalid characters, skip it as scan target to avoid `System.IO.IOException: The filename, directory name, or volume label syntax is incorrect`.
* BUG: When the path of the `EnumeratedArtifact` contains URL percent-encoding characters, it should proceed with analyzing without throwing `System.IO.FileNotFoundException`.
* BUG: Resolve process hangs when a file path is provided with a wildcard, but without a `-r` (recurse) flag during the multi-threaded analysis file enumeration phase.
* BUG: Fix error `ERR997.NoValidAnalysisTargets` when scanning symbolic link files.
* BUG: Fix `ERR999.UnhandledEngineException: System.IO.FileNotFoundException: Could not find file` when a file name or directory path contains URL-encoded characters.

## **v4.5.4 [Sdk](https://www.nuget.org/packages/Sarif.Sdk/v4.5.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/v4.5.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/v4.5.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/v4.5.4) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/v4.5.4)
* BUG: Fix incorrect base class in rule ADO2012.

## **v4.5.3 [Sdk](https://www.nuget.org/packages/Sarif.Sdk/v4.5.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/v4.5.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/v4.5.3) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/v4.5.3) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/v4.5.3)
* BUG: Restructure shared MessageResourceNames collections to ensure return of correct error messages.

## **v4.5.2 [Sdk](https://www.nuget.org/packages/Sarif.Sdk/v4.5.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/v4.5.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/v4.5.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/v4.5.2) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/v4.5.2)
* BUG: Update Skimmer stack in Multitool.Library to support shared MessageResourceNames collections between base rules and their derivatives.
* BUG: Fix message strings to always assume {1} is reserved for the rule's service name.
* BUG: Clean up unused resource strings in Multitool.Library.Rules.RuleResources.resx.

# SARIF Package Release History (SDK, Driver, Converters, and Multitool)
## **v4.5.1 [Sdk](https://www.nuget.org/packages/Sarif.Sdk/v4.5.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/v4.5.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/v4.5.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/v4.5.1) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/v4.5.1)
* DEP: Add explicit package references to `Sarif` and `Sarif.Driver` to resolve version conflict build error.
`System.Diagnostics.Debug` 4.3.0,
`System.IO.FileSystem.Primitives` 4.3.0,
`System.Text.Encoding.Extensions` 4.3.0.
* NEW: Expose `MultithreadedAnalyzeCommandBase.BuildDisabledSkimmersSet`, a utility function which extracts a disabled skimmer set from a `TContext`.

## **v4.5.0 [Sdk](https://www.nuget.org/packages/Sarif.Sdk/v4.5.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/v4.5.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/v4.5.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/v4.5.0) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/v4.5.0)
* DEP: Downgrade `System.Text.Encoding.CodePages` from 8.0.0 to 4.3.0 in `Sarif`.
Expand Down
2 changes: 1 addition & 1 deletion ado-build.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
pr:
trigger:
- "main"

jobs:
Expand Down
4 changes: 0 additions & 4 deletions policies/github.config.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,6 @@
<!-- Upgraded from Warning, because GitHub requires this. -->
<Property Key='RuleEnabled' Value='Error' />
</Properties>
<Properties Key='SARIF2012.ProvideHelpUris.Options'>
<!-- Upgraded from Note, because GitHub displays them if available. -->
<Property Key='RuleEnabled' Value='Warning' />
</Properties>
<Properties Key='SARIF2016.FileUrisShouldBeRelative.Options'>
<!-- Not necessary because SARIF2007.ExpressPathsRelativeToRepoRoot is stricter. -->
<Property Key='RuleEnabled' Value='Disabled' />
Expand Down
19 changes: 11 additions & 8 deletions scripts/BuildAndTest.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ function Invoke-DotNetBuild($solutionFileRelativePath) {
Write-Information "Building $solutionFileRelativePath..."

$solutionFilePath = Join-Path $SourceRoot $solutionFileRelativePath
& dotnet build $solutionFilePath --configuration $Configuration --verbosity $BuildVerbosity --no-incremental -bl -p:WarningsAsErrors="MSB3277"
& dotnet build $solutionFilePath --configuration $Configuration --verbosity $BuildVerbosity --no-incremental -bl -p:WarningsAsErrors="MSB3277" /p:EnforceCodeStyleInBuild=true

if ($LASTEXITCODE -ne 0) {
Exit-WithFailureMessage $ScriptName "Build of $solutionFilePath failed."
Expand Down Expand Up @@ -199,13 +199,16 @@ if (-not $NoRestore) {
}
}

if (-not $NoObjectModel) {
# Generate the SARIF object model classes from the SARIF JSON schema.
dotnet msbuild /verbosity:minimal /target:BuildAndInjectObjectModel $SourceRoot\Sarif\Sarif.csproj /fileloggerparameters:Verbosity=detailed`;LogFile=CodeGen.log
if ($LASTEXITCODE -ne 0) {
Exit-WithFailureMessage $ScriptName "SARIF object model generation failed."
}
}
# The SARIF object model is stable. We disable autogenerating it to allow
# for strict control enforcing style guidelines from command-line builds.
#if (-not $NoObjectModel) {
# # Generate the SARIF object model classes from the SARIF JSON schema.
# dotnet msbuild /verbosity:minimal /target:BuildAndInjectObjectModel $SourceRoot\Sarif\Sarif.csproj /fileloggerparameters:Verbosity=detailed`;LogFile=CodeGen.log
# if ($LASTEXITCODE -ne 0) {
# Exit-WithFailureMessage $ScriptName "SARIF object model generation failed."
# }
#}


if (-not $?) {
Exit-WithFailureMessage $ScriptName "BeforeBuild failed."
Expand Down
4 changes: 3 additions & 1 deletion src/.editorconfig
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,7 @@ csharp_style_prefer_local_over_anonymous_function = true:suggestion
dotnet_diagnostic.SA1602.severity = suggestion
dotnet_diagnostic.SA1307.severity = silent
csharp_style_implicit_object_creation_when_type_is_apparent = true:suggestion
csharp_style_prefer_primary_constructors = true:suggestion

[*Tests.cs]

Expand All @@ -323,4 +324,5 @@ dotnet_style_prefer_inferred_anonymous_type_member_names = true:suggestion
dotnet_style_prefer_compound_assignment = true:suggestion
dotnet_style_prefer_simplified_interpolation = true:suggestion
dotnet_style_namespace_match_folder = true:suggestion
dotnet_code_quality_unused_parameters = all:error
dotnet_code_quality_unused_parameters = all:error
dotnet_style_prefer_collection_expression = when_types_loosely_match:suggestion
6 changes: 3 additions & 3 deletions src/Sarif.Converters/AndroidStudioConverter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm

LogicalLocations.Clear();

XmlReaderSettings settings = new XmlReaderSettings
var settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
IgnoreComments = true,
Expand All @@ -61,7 +61,7 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm
};

IList<Result> results;
using (XmlReader xmlReader = XmlReader.Create(input, settings))
using (var xmlReader = XmlReader.Create(input, settings))
{
results = ProcessAndroidStudioLog(xmlReader);
}
Expand Down Expand Up @@ -244,7 +244,7 @@ private static void SetSarifResultPropertiesForProblem(Result result, AndroidStu

private static string GenerateFullMessage(string description, ImmutableArray<string> hints)
{
StringBuilder sb = new StringBuilder();
var sb = new StringBuilder();
sb.Append(description);
foreach (string hint in hints)
{
Expand Down
2 changes: 1 addition & 1 deletion src/Sarif.Converters/AndroidStudioProblem.cs
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ public static AndroidStudioProblem Parse(XmlReader reader, AndroidStudioStrings
throw reader.CreateException(ConverterResources.AndroidStudioNotProblemElement);
}

Builder b = new Builder();
var b = new Builder();
if (!reader.IsEmptyElement)
{
int problemDepth = reader.Depth;
Expand Down
6 changes: 3 additions & 3 deletions src/Sarif.Converters/ClangAnalyzerConverter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm

try
{
XmlReaderSettings settings = new XmlReaderSettings
var settings = new XmlReaderSettings
{
IgnoreWhitespace = true,
DtdProcessing = DtdProcessing.Ignore,
Expand All @@ -46,7 +46,7 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm

var results = new List<Result>();

using (XmlReader xmlReader = XmlReader.Create(input, settings))
using (var xmlReader = XmlReader.Create(input, settings))
{
xmlReader.MoveToContent();
xmlReader.ReadStartElement(ClangSchemaStrings.PlistName);
Expand Down Expand Up @@ -179,7 +179,7 @@ private Result CreateResult(IDictionary<string, object> issueData)

private static IList<object> ReadArray(XmlReader xmlReader)
{
List<object> list = new List<object>();
var list = new List<object>();
bool readerMoved = false; // ReadElementContentAsString moves the reader so prevent double moves.

xmlReader.Read(); // Read past the "array" element start.
Expand Down
18 changes: 9 additions & 9 deletions src/Sarif.Converters/ClangTidyConverter.cs
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ public override void Convert(Stream input, IResultLogWriter output, OptionallyEm
using var textReader = new StreamReader(input);
ClangTidyReport report = deserializer.Deserialize<ClangTidyReport>(textReader);

List<ClangTidyConsoleDiagnostic> logs = new List<ClangTidyConsoleDiagnostic>();
var logs = new List<ClangTidyConsoleDiagnostic>();
if (report != null)
{
string reportPath = (input as FileStream)?.Name;
Expand Down Expand Up @@ -78,7 +78,7 @@ private void AddLineNumberAndColumnNumber(ClangTidyReport report, List<ClangTidy

private List<ClangTidyConsoleDiagnostic> LoadLogFile(string logFilePath)
{
List<ClangTidyConsoleDiagnostic> returnValue = new List<ClangTidyConsoleDiagnostic>();
var returnValue = new List<ClangTidyConsoleDiagnostic>();

var logLines = File.ReadAllLines(logFilePath).ToList();
foreach (string line in logLines)
Expand All @@ -91,7 +91,7 @@ private List<ClangTidyConsoleDiagnostic> LoadLogFile(string logFilePath)
int columnNumber;
if (int.TryParse(match.Groups[2].Value, out lineNumber) && int.TryParse(match.Groups[3].Value, out columnNumber))
{
ClangTidyConsoleDiagnostic consoleDiagnostic = new ClangTidyConsoleDiagnostic()
var consoleDiagnostic = new ClangTidyConsoleDiagnostic()
{
LineNumber = lineNumber,
ColumnNumber = columnNumber
Expand All @@ -108,7 +108,7 @@ internal static Result CreateResult(ClangTidyDiagnostic entry)
{
entry = entry ?? throw new ArgumentNullException(nameof(entry));

Result result = new Result()
var result = new Result()
{
RuleId = entry.DiagnosticName,
Message = new Message { Text = entry.DiagnosticMessage.Message },
Expand All @@ -118,14 +118,14 @@ internal static Result CreateResult(ClangTidyDiagnostic entry)
// no level infomation in Clang-Tidy report
result.Level = FailureLevel.Warning;

Region region = new Region()
var region = new Region()
{
CharOffset = entry.DiagnosticMessage.FileOffset,
StartLine = entry.DiagnosticMessage.LineNumber,
StartColumn = entry.DiagnosticMessage.ColumnNumber,
};

Uri analysisTargetUri = new Uri(entry.DiagnosticMessage.FilePath, UriKind.RelativeOrAbsolute);
var analysisTargetUri = new Uri(entry.DiagnosticMessage.FilePath, UriKind.RelativeOrAbsolute);

var physicalLocation = new PhysicalLocation
{
Expand All @@ -136,7 +136,7 @@ internal static Result CreateResult(ClangTidyDiagnostic entry)
Region = region
};

Location location = new Location()
var location = new Location()
{
PhysicalLocation = physicalLocation
};
Expand All @@ -152,7 +152,7 @@ internal static Result CreateResult(ClangTidyDiagnostic entry)

foreach (ClangTidyReplacement fix in entry.DiagnosticMessage.Replacements)
{
Replacement replacement = new Replacement();
var replacement = new Replacement();

replacement.DeletedRegion = new Region
{
Expand Down Expand Up @@ -180,7 +180,7 @@ internal static Result CreateResult(ClangTidyDiagnostic entry)
Replacements = replacements
};

Fix sarifFix = new Fix(description: null, artifactChanges: new List<ArtifactChange>() { sarifFileChange }, properties: null);
var sarifFix = new Fix(description: null, artifactChanges: new List<ArtifactChange>() { sarifFileChange }, properties: null);
result.Fixes = new List<Fix> { sarifFix };
}

Expand Down
Loading

0 comments on commit 7684a23

Please sign in to comment.