Skip to content

Fixed rule_id being inserted into finding_id field #1055

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
andrecsilva merged 2 commits into from
May 2, 2025
Merged

Fixed rule_id being inserted into finding_id field #1055

andrecsilva merged 2 commits into from
May 2, 2025

Conversation

@andrecsilva
Copy link
Contributor

@andrecsilva andrecsilva commented May 1, 2025

No description provided.

@andrecsilva andrecsilva marked this pull request as ready for review May 1, 2025 13:13
drdavella
drdavella reviewed May 1, 2025
View reviewed changes
Copy link
Member

@drdavella drdavella left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain the reason for this change? This behavior is intentional.

EDIT: fwiw my main objection is with making finding ID optional. If you are concerned about falling back on rule_id then we should just make it an error to not properly populate finding ID

@andrecsilva
Copy link
Contributor Author

andrecsilva commented May 2, 2025

Can you explain the reason for this change? This behavior is intentional.

EDIT: fwiw my main objection is with making finding ID optional. If you are concerned about falling back on rule_id then we should just make it an error to not properly populate finding ID

Finding id is optional as per the codetfv2 spec:

codemodder-python/src/codemodder/codetf/v2/codetf.py

Lines 143 to 145 in 05bbefc

class Finding(BaseModel):
id: Optional[str] = None
rule: Rule

The spec also expects the finding_id to be unique an thus falling back to rule_id may cause problems. Since we expect sarif (and similar formats) to have some unique id (i.e. guid in sarif) the fallback is not really necessary. Honestly, the rule_id fallback seems to be used by internal semgrep codemods, so we can safely ditch it.

I'll implement your suggestion and make it throw an error.

@sonarqubecloud
Copy link

sonarqubecloud bot commented May 2, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@andrecsilva andrecsilva added this pull request to the merge queue May 2, 2025
Merged via the queue into main with commit 676de98 May 2, 2025
14 checks passed
@andrecsilva andrecsilva deleted the fix-finding-ids branch May 2, 2025 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drdavella drdavella drdavella approved these changes

@clavedeluna clavedeluna Awaiting requested review from clavedeluna clavedeluna is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@andrecsilva @drdavella