Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Exporting QueryTree as SARIF result #1967

Merged
merged 7 commits into from
Jan 31, 2025
Merged

Exporting QueryTree as SARIF result #1967

merged 7 commits into from
Jan 31, 2025

Conversation

oxisto
Copy link
Member

@oxisto oxisto commented Jan 23, 2025
edited
Loading

This PR offers functionality to covert the result of a QueryTree into SARIF output. We use it in the evaluated queries of the codyze-compliance module.

@oxisto oxisto added the publish-to-github-packages If added to a PR, builds from it will be published as a GitHub package label Jan 24, 2025
@oxisto oxisto force-pushed the query-tree-sarif branch 2 times, most recently from 626da12 to 483fedc Compare January 24, 2025 15:06
@codecov Codecov
Copy link

codecov bot commented Jan 24, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 80.98160% with 31 lines in your changes missing coverage. Please review.

Project coverage is 78.07%. Comparing base (3a7107a) to head (78c3b18).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...rc/main/kotlin/de/fraunhofer/aisec/codyze/Sarif.kt 73.07% 4 Missing and 17 partials ⚠️
.../main/kotlin/de/fraunhofer/aisec/codyze/Project.kt 88.23% 2 Missing and 2 partials ⚠️
...ain/kotlin/de/fraunhofer/aisec/codyze/QueryHost.kt 62.50% 1 Missing and 2 partials ⚠️
...nhofer/aisec/codyze/compliance/ProjectExtension.kt 92.00% 0 Missing and 2 partials ⚠️
...n/de/fraunhofer/aisec/codyze/compliance/Command.kt 90.90% 0 Missing and 1 partial ⚠️
Additional details and impacted files
Files with missing lines Coverage Δ
...fraunhofer/aisec/codyze/compliance/SecurityGoal.kt 73.17% <ø> (ø)
...e/fraunhofer/aisec/codyze/QueryScriptDefinition.kt 91.30% <100.00%> (+3.06%) ⬆️
...n/de/fraunhofer/aisec/codyze/compliance/Command.kt 88.88% <90.90%> (-4.22%) ⬇️
...nhofer/aisec/codyze/compliance/ProjectExtension.kt 92.00% <92.00%> (ø)
...ain/kotlin/de/fraunhofer/aisec/codyze/QueryHost.kt 72.72% <62.50%> (-8.53%) ⬇️
.../main/kotlin/de/fraunhofer/aisec/codyze/Project.kt 88.88% <88.23%> (+3.17%) ⬆️
...rc/main/kotlin/de/fraunhofer/aisec/codyze/Sarif.kt 73.07% <73.07%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@oxisto oxisto marked this pull request as ready for review January 24, 2025 17:33
@oxisto oxisto requested a review from fwendland as a code owner January 24, 2025 17:33
@oxisto oxisto linked an issue Jan 24, 2025 that may be closed by this pull request
Provide API for "findings" supporting SARIF #1938
Closed
This was linked to issues Jan 24, 2025
Provide "chain of findings" in SARIF output #1980
Closed
Provide an error if one defines a query that does not return a QueryTree #1981
Closed
@oxisto oxisto removed the publish-to-github-packages If added to a PR, builds from it will be published as a GitHub package label Jan 25, 2025
@oxisto oxisto mentioned this pull request Jan 25, 2025
Closed
@oxisto oxisto force-pushed the query-tree-sarif branch 2 times, most recently from 8c7419c to 9560cfd Compare January 29, 2025 18:09
@oxisto oxisto added the codyze label Jan 30, 2025
fwendland
fwendland requested changes Jan 30, 2025
View reviewed changes
@oxisto oxisto requested a review from fwendland January 31, 2025 07:02
@oxisto oxisto enabled auto-merge (squash) January 31, 2025 09:27
@oxisto oxisto merged commit eafa496 into main Jan 31, 2025
4 checks passed
@oxisto oxisto deleted the query-tree-sarif branch January 31, 2025 09:30
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@fwendland fwendland fwendland approved these changes

Assignees
No one assigned
Labels
codyze
Projects
None yet
Milestone
No milestone
2 participants
@oxisto @fwendland