Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SARIF parser #3

Merged
merged 24 commits into from
Oct 10, 2023
Merged

Add SARIF parser #3

merged 24 commits into from
Oct 10, 2023

Conversation

tushar-deepsource
Copy link
Contributor

@tushar-deepsource tushar-deepsource commented Oct 5, 2023

  • Adds independent sarif-parser packaage, with tests and a CLI.
  • Adds a CLI in run_community_analyzer.py which passes the correct issue_map.json, and a test for artifacts.
  • Adds tox config and CI with reporting test coverage to DeepSource.

tushar-deepsource and others added 10 commits October 5, 2023 15:29
This commit fixes the style issues introduced in fe6def4 according to the output
from isort and Black.

Details: #3
This commit fixes the style issues introduced in fe6def4 according to the output
from Black and isort.

Details: #3
Signed-off-by: Tushar Sadhwani <[email protected]>
},
},
{
"issue_code": "container-resources",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this made up, or are we missing this in the mapping?

Copy link
Contributor Author

@tushar-deepsource tushar-deepsource Oct 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that is made up. sarif-parser tests don't deal with real world mappings. Tests regarding that will be in the top level tests folder.

tests/community_analyzer_test.py Outdated Show resolved Hide resolved
@srijan-deepsource
Copy link
Contributor

Also, set up test coverage reporting?

@tushar-deepsource
Copy link
Contributor Author

Also, set up test coverage reporting?

Don't have the perms to set secrets on this repo.

There's a TODO comment here.

Can you give an actual kube linter artifact? I'll write a test against that.

did our Python Analyzer stop catching these?

I think it only catches it if it's #TODO: ...

@srijan-deepsource
Copy link
Contributor

srijan-deepsource commented Oct 9, 2023

Don't have the perms to set secrets on this repo.

Added DEEPSOURCE_DSN as a secret. Go ahead and make changes in the workflow to report it.

I think it only catches it if it's #TODO: ...

Can you verify and create issue? It should catch blanket TODOs as well.

@tushar-deepsource
Copy link
Contributor Author

It does get raised on # TODO as well. Not sure why it didn't happen in this case.

def foo():
    pass # TODO
$ python -m marvin_py -sl /tmp/code/**/*.py            
{"path": "/tmp/code/a.py", "line": 1, "column": 0, "message-id": "PYL-C0104", "message": "Disallowed name \"foo\"", "context": null}
{"path": "/tmp/code/a.py", "line": 2, "column": 10, "message-id": "PYL-W0511", "message": "TODO", "context": null}

@srijan-deepsource srijan-deepsource merged commit fd1bd5b into master Oct 10, 2023
@tushar-deepsource tushar-deepsource deleted the sarif branch October 10, 2023 09:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants