Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate report file from analysis. #5666

Open
Vyom-Yadav opened this issue Feb 18, 2023 · 3 comments
Open

Generate report file from analysis. #5666

Vyom-Yadav opened this issue Feb 18, 2023 · 3 comments
Labels
good first issue A beginner-friendly place to start contributing to the Checker Framework

Comments

@Vyom-Yadav
Copy link

Currently, Checker Framework outputs all the warnings and errors to the console.

When using a build system like maven or gradle, the order of output can vary (see known bug with maven).

Checker Framework should generate a parsable report file which can be easily extended to create universal suppression systems, etc.

Currently, at Checkstyle, we use a custom suppression model built with groovy, which parses the output and checks the .xml suppression file.
@Vyom-Yadav Vyom-Yadav mentioned this issue Feb 18, 2023
Closed
@romani romani mentioned this issue Feb 18, 2023
Open
@Vyom-Yadav Vyom-Yadav mentioned this issue Jul 3, 2023
Open
@msridhar
Copy link
Contributor

msridhar commented Jul 4, 2023

If / when someone has cycles to work on this, this Error Prone issue / discussion might be relevant:

google/error-prone#3766

In particular @tbroyer prototyped a relatively non-intrusive way to serialize Error Prone warnings:

google/error-prone#3766 (comment)

A similar approach may work here.

@mernst
Copy link
Member

mernst commented Jul 6, 2023

I was thinking of just defining a new subclass of Messager, which could be done within the Checker Framework.

@mernst mernst self-assigned this Jul 7, 2023
@mernst mernst added the good first issue A beginner-friendly place to start contributing to the Checker Framework label Mar 19, 2024
@mernst
Copy link
Member

mernst commented Jun 26, 2024

A few notes for anyone who wants to take up this project:

  • The SARIF output format is the best choice.
  • There are Java bindings in Maven Central; see https://github.com/Contrast-Security-OSS/java-sarif
  • It would be better for SARIF to be supported by the build tool or by javac, but an implementation in the Checker Framework would fill the gap until that time comes.

@mernst mernst removed their assignment Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue A beginner-friendly place to start contributing to the Checker Framework
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mernst @msridhar @Vyom-Yadav