Skip to content

Commit 3f1a15a

Browse files
nashifnashif
committed
coding guidelines in sarif
Signed-off-by: Anas Nashif <[email protected]>
1 parent 6595372 commit 3f1a15a

File tree

2 files changed

+61
-13
lines changed

2 files changed

+61
-13
lines changed

.github/workflows/coding_guidelines.yml

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -50,15 +50,17 @@ jobs:
5050
# debug
5151
ls -la
5252
git log --pretty=oneline | head -n 10
53-
./scripts/ci/guideline_check.py --output output.txt -c origin/${BASE_REF}..
53+
pip3 install simple-sarif
54+
./scripts/ci/guideline_check.py --sarif results.sarif -c origin/${BASE_REF}..
5455
55-
- name: check-warns
56-
run: |
57-
if [[ -s "output.txt" ]]; then
58-
errors=$(cat output.txt)
59-
errors="${errors//'%'/'%25'}"
60-
errors="${errors//$'\n'/'%0A'}"
61-
errors="${errors//$'\r'/'%0D'}"
62-
echo "::error file=output.txt::$errors"
63-
exit 1;
64-
fi
56+
- name: Post SARIF findings in the pull request
57+
if: github.event_name == 'pull_request'
58+
uses: sett-and-hive/[email protected]
59+
with:
60+
token: ${{ secrets.GITHUB_TOKEN }}
61+
repository: ${{ github.repository }}
62+
branch: ${{ github.head_ref }}
63+
pr-number: ${{ github.event.number }}
64+
sarif-file: results.sarif
65+
title: My security issue
66+
dry-run: false

scripts/ci/guideline_check.py

Lines changed: 48 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
import argparse
88
import re
99
from unidiff import PatchSet
10+
import simple_sarif
1011

1112
if "ZEPHYR_BASE" not in os.environ:
1213
exit("$ZEPHYR_BASE environment variable undefined.")
@@ -45,11 +46,31 @@ def parse_args():
4546
help="Commit range in the form: a..b")
4647
parser.add_argument("-o", "--output", required=False,
4748
help="Print violation into a file")
49+
parser.add_argument("-s", "--sarif", required=False,
50+
help="Genrate sarif file")
4851
return parser.parse_args()
4952

5053

5154
def main():
5255
args = parse_args()
56+
57+
if args.sarif:
58+
var = simple_sarif.Sarif(file=f"{args.sarif}", validate=True, recreate=True)
59+
var.add_rule(
60+
"MISRA 21.2",
61+
"zephyr.rule_21.1",
62+
"Should not used a reserved identifier",
63+
"Should not used a reserved identifier.",
64+
{
65+
"note": {
66+
"text": "Rule passed."
67+
},
68+
"error": {
69+
"text": "Rule failed."
70+
}
71+
}
72+
)
73+
5374
if not args.commits:
5475
exit("missing commit range")
5576

@@ -104,10 +125,32 @@ def main():
104125
for hunk in f:
105126
for line in hunk:
106127
if line.is_added:
107-
violation = "{}:{}".format(f.path, line.target_line_no)
128+
violation = f"{f.path}:{line.target_line_no}"
108129
if violation in violations:
109130
numViolations += 1
110-
if args.output:
131+
132+
if args.sarif:
133+
print(
134+
"{}:{}".format(
135+
violation, "\t\n".join(
136+
violations[violation])))
137+
var.add_result(
138+
ruleId="zephyr.rule_21.1",
139+
message_id="Should not used a reserved identifier",
140+
arguments=[],
141+
locations=[{
142+
"physicalLocation": {
143+
"artifactLocation": {
144+
"uri": f.path
145+
},
146+
"region": {
147+
"startLine": line.target_line_no
148+
}
149+
}
150+
}],
151+
level="error"
152+
)
153+
elif args.output:
111154
with open(args.output, "a+") as fp:
112155
fp.write("{}:{}\n".format(
113156
violation, "\t\n".join(
@@ -118,6 +161,9 @@ def main():
118161
violation, "\t\n".join(
119162
violations[violation])))
120163

164+
if args.sarif:
165+
var.save()
166+
print("sarif file generated")
121167
return numViolations
122168

123169

0 commit comments

Comments
 (0)