Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SARIF parser #3

Merged
merged 24 commits into from
Oct 10, 2023
Merged

Add SARIF parser #3

merged 24 commits into from
Oct 10, 2023

Conversation

tushar-deepsource
Copy link
Contributor

@tushar-deepsource tushar-deepsource commented Oct 5, 2023
edited
Loading

  • Adds independent sarif-parser packaage, with tests and a CLI.
  • Adds a CLI in run_community_analyzer.py which passes the correct issue_map.json, and a test for artifacts.
  • Adds tox config and CI with reporting test coverage to DeepSource.

tushar-deepsource and others added 10 commits October 5, 2023 15:29
@tushar-deepsource
Add SARIF parser
fe6def4
@enterprise-deepsource-icu
style: format code with isort and Black
505b62b 
This commit fixes the style issues introduced in fe6def4 according to the output
from isort and Black.

Details: #3
@deepsource-autofix
style: format code with Black and isort
5212304 
This commit fixes the style issues introduced in fe6def4 according to the output
from Black and isort.

Details: #3
@tushar-deepsource
bugfix
5d9f071
@tushar-deepsource
add checkout action
3b81fbe
@tushar-deepsource
Add run_community_analyzer.py and tests
23b8e9b
@tushar-deepsource
Move tox and mypy scripts out
9e9e2d0
@tushar-deepsource
Update README and fix tox
362ed39
@tushar-deepsource
Update tests glob
e0e0f78 
Signed-off-by: Tushar Sadhwani <[email protected]>
@tushar-deepsource
Fix DeepSource issues
50c0b55
srijan-deepsource
srijan-deepsource reviewed Oct 9, 2023
View reviewed changes
sarif-parser/tests/cli_test.py
},
},
{
"issue_code": "container-resources",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this made up, or are we missing this in the mapping?

Copy link
Contributor Author

@tushar-deepsource tushar-deepsource Oct 9, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is made up. sarif-parser tests don't deal with real world mappings. Tests regarding that will be in the top level tests folder.

tests/community_analyzer_test.py Outdated Show resolved Hide resolved
@srijan-deepsource
Copy link
Contributor

Also, set up test coverage reporting?

@tushar-deepsource
Copy link
Contributor Author

Also, set up test coverage reporting?

Don't have the perms to set secrets on this repo.

There's a TODO comment here.

Can you give an actual kube linter artifact? I'll write a test against that.

did our Python Analyzer stop catching these?

I think it only catches it if it's #TODO: ...

@srijan-deepsource
Copy link
Contributor

srijan-deepsource commented Oct 9, 2023
edited
Loading

Don't have the perms to set secrets on this repo.

Added DEEPSOURCE_DSN as a secret. Go ahead and make changes in the workflow to report it.

I think it only catches it if it's #TODO: ...

Can you verify and create issue? It should catch blanket TODOs as well.

@tushar-deepsource
Copy link
Contributor Author

It does get raised on # TODO as well. Not sure why it didn't happen in this case.

def foo():
    pass # TODO
$ python -m marvin_py -sl /tmp/code/**/*.py            
{"path": "/tmp/code/a.py", "line": 1, "column": 0, "message-id": "PYL-C0104", "message": "Disallowed name \"foo\"", "context": null}
{"path": "/tmp/code/a.py", "line": 2, "column": 10, "message-id": "PYL-W0511", "message": "TODO", "context": null}

@srijan-deepsource srijan-deepsource merged commit fd1bd5b into master Oct 10, 2023
1 check passed
@tushar-deepsource tushar-deepsource deleted the sarif branch October 10, 2023 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srijan-deepsource srijan-deepsource srijan-deepsource approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tushar-deepsource @srijan-deepsource