Implement sarif2.1 support

Author: ChristianSauer

CodeQualityToGitlab/CodeQualityToGitlab.csproj

@@ -25,13 +25,13 @@
 
     <ItemGroup>
       <PackageReference Include="Microsoft.Extensions.FileSystemGlobbing" Version="8.0.0" />
-      <PackageReference Include="PolySharp" Version="1.13.2">
+      <PackageReference Include="PolySharp" Version="1.14.1">
         <PrivateAssets>all</PrivateAssets>
         <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       </PackageReference>
-      <PackageReference Include="Sarif.Sdk" Version="4.3.7" />
+      <PackageReference Include="Sarif.Sdk" Version="4.4.0" />
       <PackageReference Include="Serilog" Version="3.1.1" />
-      <PackageReference Include="Serilog.Sinks.Console" Version="5.0.0" />
+      <PackageReference Include="Serilog.Sinks.Console" Version="5.0.1" />
       <PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
     </ItemGroup>
 

CodeQualityToGitlab/Program.cs

@@ -1,4 +1,5 @@
 using System.CommandLine;
+using CodeQualityToGitlab.SarifConverters;
 using Serilog;
 
 namespace CodeQualityToGitlab;

CodeQualityToGitlab/Roslynator.cs

@@ -31,7 +31,7 @@ public class Diagnostic
 public class Summary
 {
     [XmlElement(ElementName = "Diagnostic")]
-    public required List<Diagnostic> Diagnostic { get; set; } = new();
+    public required List<Diagnostic> Diagnostic { get; set; } = [];
 }
 
 [XmlRoot(ElementName = "Location")]
@@ -48,7 +48,7 @@ public class Location
 public class Diagnostics
 {
     [XmlElement(ElementName = "Diagnostic")]
-    public List<Diagnostic> Diagnostic { get; set; } = new();
+    public List<Diagnostic> Diagnostic { get; set; } = [];
 }
 
 [XmlRoot(ElementName = "Project")]
@@ -68,7 +68,7 @@ public class Project
 public class Projects
 {
     [XmlElement(ElementName = "Project")]
-    public List<Project> Project { get; set; } = new();
+    public List<Project> Project { get; set; } = [];
 }
 
 [XmlRoot(ElementName = "CodeAnalysis")]

CodeQualityToGitlab/RoslynatorConverter.cs

@@ -26,10 +26,11 @@ public static List<CodeQuality> ConvertToCodeQualityRaw(FileInfo source, string?
                 {
                     Description = $"{diagnostic.Id}: {diagnostic.Message}",
                     Severity = GetSeverity(diagnostic.Severity),
-                    Location = new LocationCq
+                    Location = new()
                     {
                         Path = GetPath(diagnostic, project, pathRoot),
-                        Lines = new Lines { Begin = lineNumber }
+                        Lines = new()
+                        { Begin = lineNumber }
                     },
                     Fingerprint = Common.GetHash($"{project.Name}{diagnostic.Id}{lineNumber}")
                 };

CodeQualityToGitlab/SarifConverter.cs

@@ -0,0 +1,103 @@
+using Microsoft.CodeAnalysis.Sarif.Readers;
+using Microsoft.CodeAnalysis.Sarif.VersionOne;
+using Newtonsoft.Json;
+using Serilog;
+
+namespace CodeQualityToGitlab.SarifConverters;
+
+public class Converter1(FileInfo source, string? pathRoot)
+{
+    public List<CodeQuality> Convert()
+    {
+Log.Information("Sarif Version 1 detected");
+
+var logContents = File.ReadAllText(source.FullName);
+
+            var settings = new JsonSerializerSettings
+            {
+                ContractResolver = SarifContractResolverVersionOne.Instance
+            };
+
+            var log = JsonConvert.DeserializeObject<SarifLogVersionOne>(logContents, settings);
+
+            var results = log.Runs
+                             .SelectMany(x => x.Results)
+                             .Where(r => r.SuppressionStates == SuppressionStatesVersionOne.None);
+
+            var cqrs = new List<CodeQuality>();
+            foreach (var result in results)
+            {
+                var begin = result.Locations?.FirstOrDefault();
+
+                if (begin == null)
+                {
+                    Log.Warning("An issue has no location, skipping: {Result}", result.Message);
+                    continue;
+                }
+
+                try
+                {
+                    var cqr = new CodeQuality
+                    {
+                        Description = $"{result.RuleId}: {result.Message}",
+                        Severity = GetSeverity(result.Level),
+                        Location = new()
+                        {
+                            Path = GetPath(pathRoot, begin),
+                            Lines = new()
+                            { Begin = begin.ResultFile.Region.StartLine }
+                        },
+                        Fingerprint = Common.GetHash(
+                        $"{result.RuleId}|{begin.ResultFile.Uri}|{begin.ResultFile.Region.StartLine}"
+                        )
+                    };
+                    cqrs.Add(cqr);
+                }
+                catch (Exception e)
+                {
+                    Log.Error(e, "Could not convert {@Result}, skipping", result);
+                }
+            }
+
+            return cqrs;
+    }
+
+    private static string GetPath(string? pathRoot, LocationVersionOne begin)
+    {
+        // nullability says Uri is always set, but there are tools which omit this.
+        if (begin.ResultFile.Uri == null)
+        {
+            Log.Error(
+            "There is no valid Path for the issue {@Region}, cannot create a path. Check the source sarif for missing physicalLocation.uri",
+            begin.ResultFile.Region
+            );
+            return "noPathInSourceSarif";
+        }
+
+        if (!begin.ResultFile.Uri!.IsAbsoluteUri)
+        {
+            return begin.ResultFile.Uri.ToString();
+        }
+
+        if (string.IsNullOrWhiteSpace(pathRoot))
+        {
+            return begin.ResultFile.Uri.LocalPath.Replace("//", "\\");
+        }
+        var uri = new Uri(pathRoot);
+        return uri.MakeRelativeUri(begin.ResultFile.Uri).ToString().Replace("//", "\\");
+    }
+
+    private static Severity GetSeverity(ResultLevelVersionOne resultLevel)
+    {
+        return resultLevel switch
+        {
+            ResultLevelVersionOne.NotApplicable => Severity.minor,
+            ResultLevelVersionOne.Pass => Severity.minor,
+            ResultLevelVersionOne.Note => Severity.minor,
+            ResultLevelVersionOne.Warning => Severity.major,
+            ResultLevelVersionOne.Default => Severity.major,
+            ResultLevelVersionOne.Error => Severity.blocker,
+            _ => throw new ArgumentOutOfRangeException(nameof(resultLevel), resultLevel, null)
+        };
+    }
+}

CodeQualityToGitlab/SarifConverters/Converter1.cs

@@ -0,0 +1,94 @@
+using Microsoft.CodeAnalysis.Sarif;
+using Serilog;
+
+namespace CodeQualityToGitlab.SarifConverters;
+
+public class Converter2(FileInfo source, string? pathRoot)
+{
+    public List<CodeQuality> Convert()
+    {
+        Log.Information("Sarif Version 2 detected");
+
+        var log = SarifLog.Load(source.FullName);
+
+        var results = log.Runs
+                         .SelectMany(x => x.Results)
+                         .Where(r => r.Suppressions == null || r.Suppressions.Any());
+
+        var cqrs = new List<CodeQuality>();
+        foreach (var result in results)
+        {
+            var begin = result.Locations?.FirstOrDefault();
+
+            if (begin == null)
+            {
+                Log.Warning("An issue has no location, skipping: {@Result}", result.Message);
+                continue;
+            }
+
+            try
+            {
+                var startLine = begin.PhysicalLocation.Region.StartLine;
+                var cqr = new CodeQuality
+                {
+                    Description = $"{result.RuleId}: {result.Message}",
+                    Severity = GetSeverity(result.Level),
+                    Location = new()
+                    {
+                        Path = GetPath(pathRoot, begin),
+                        Lines = new()
+                        { Begin = startLine }
+                    },
+                    Fingerprint = Common.GetHash(
+                    $"{result.RuleId}|{begin.PhysicalLocation.ArtifactLocation.Uri}|{startLine}"
+                    )
+                };
+                cqrs.Add(cqr);
+            }
+            catch (Exception e)
+            {
+                Log.Error(e, "Could not convert {@Result}, skipping", result);
+            }
+        }
+
+        return cqrs;
+    }
+
+    private static string GetPath(string? pathRoot, Microsoft.CodeAnalysis.Sarif.Location begin)
+    {
+        // nullability says Uri is always set, but there are tools which omit this.
+        var artifactLocationUri = begin.PhysicalLocation.ArtifactLocation.Uri;
+        if (artifactLocationUri == null)
+        {
+            Log.Error(
+            "There is no valid Path for the issue {@Region}, cannot create a path. Check the source sarif for missing physicalLocation.ArtifactLocation.uri",
+            begin.PhysicalLocation.ArtifactLocation
+            );
+            return "noPathInSourceSarif";
+        }
+
+        if (!artifactLocationUri.IsAbsoluteUri)
+        {
+            return artifactLocationUri.ToString();
+        }
+
+        if (string.IsNullOrWhiteSpace(pathRoot))
+        {
+            return artifactLocationUri.LocalPath.Replace("//", "\\");
+        }
+        var uri = new Uri(pathRoot);
+        return uri.MakeRelativeUri(artifactLocationUri).ToString().Replace("//", "\\");
+    }
+
+    private static Severity GetSeverity(FailureLevel resultLevel)
+    {
+        return resultLevel switch
+        {
+            FailureLevel.None => Severity.minor,
+            FailureLevel.Note => Severity.minor,
+            FailureLevel.Warning => Severity.major,
+            FailureLevel.Error => Severity.blocker,
+            _ => throw new ArgumentOutOfRangeException(nameof(resultLevel), resultLevel, null)
+        };
+    }
+}

CodeQualityToGitlab/SarifConverters/Converter2.cs

@@ -0,0 +1,17 @@
+namespace CodeQualityToGitlab.SarifConverters;
+
+public static class SarifConverter
+{
+    public static List<CodeQuality> ConvertToCodeQualityRaw(FileInfo source, string? pathRoot)
+    {
+        var logContents = File.ReadAllText(source.FullName);
+
+        return logContents.Contains(" \"$schema\": \"http://json.schemastore.org/sarif-2") ? new Converter2(source, pathRoot).Convert() : new Converter1(source, pathRoot).Convert();
+    }
+
+    public static void ConvertToCodeQuality(FileInfo source, FileInfo target, string? pathRoot = null)
+    {
+        var cqrs = ConvertToCodeQualityRaw(source, pathRoot);
+        Common.WriteToDisk(target, cqrs);
+    }
+}

CodeQualityToGitlab/SarifConverters/SarifConverter.cs

@@ -1,3 +1,4 @@
+using CodeQualityToGitlab.SarifConverters;
 using Microsoft.Extensions.FileSystemGlobbing;
 using Microsoft.Extensions.FileSystemGlobbing.Abstractions;
 using Serilog;