mirror of
https://github.com/github/codeql.git
synced 2026-01-08 12:10:22 +01:00
Merge branch 'main' into mathiasvp/replace-ast-with-ir-use-usedataflow
This commit is contained in:
Mathias Vorreiter Pedersen
@@ -104,7 +104,7 @@ namespace Semmle.Autobuild.CSharp
|
||||
markdownMessage:
|
||||
"CodeQL found multiple potential build scripts for your project and " +
|
||||
$"attempted to run `{relScriptPath}`, which failed. " +
|
||||
"This may not be the right build script for your project. " +
|
||||
"This may not be the right build script for your project.\n\n" +
|
||||
$"Set up a [manual build command]({buildCommandDocsUrl})."
|
||||
) :
|
||||
new(
|
||||
@@ -113,7 +113,7 @@ namespace Semmle.Autobuild.CSharp
|
||||
"Unable to build project using build script",
|
||||
markdownMessage:
|
||||
"CodeQL attempted to build your project using a script located at " +
|
||||
$"`{relScriptPath}`, which failed. " +
|
||||
$"`{relScriptPath}`, which failed.\n\n" +
|
||||
$"Set up a [manual build command]({buildCommandDocsUrl})."
|
||||
);
|
||||
|
||||
@@ -135,7 +135,7 @@ namespace Semmle.Autobuild.CSharp
|
||||
"no-projects-or-solutions",
|
||||
"No project or solutions files found",
|
||||
markdownMessage:
|
||||
"CodeQL could not find any project or solution files in your repository. " +
|
||||
"CodeQL could not find any project or solution files in your repository.\n\n" +
|
||||
$"Set up a [manual build command]({buildCommandDocsUrl})."
|
||||
));
|
||||
}
|
||||
|
||||
@@ -84,8 +84,8 @@ namespace Semmle.Autobuild.CSharp
|
||||
This may lead to subsequent failures. You can check for common causes for missing project files:
|
||||
|
||||
- Ensure that the project is built using the {runsOnDocsUrl.ToMarkdownLink("intended operating system")} and that filenames on case-sensitive platforms are correctly specified.
|
||||
- If your repository uses Git submodules, ensure that those are {checkoutDocsUrl.ToMarkdownLink("checked out")} before the CodeQL action is run.
|
||||
- If you auto-generate some project files as part of your build process, ensure that these are generated before the CodeQL action is run.
|
||||
- If your repository uses Git submodules, ensure that those are {checkoutDocsUrl.ToMarkdownLink("checked out")} before the CodeQL Action is run.
|
||||
- If you auto-generate some project files as part of your build process, ensure that these are generated before the CodeQL Action is run.
|
||||
"""
|
||||
);
|
||||
}
|
||||
|
||||
@@ -151,7 +151,7 @@ namespace Semmle.Util
|
||||
/// </summary>
|
||||
public bool Internal { get; }
|
||||
public TspVisibility Visibility { get; }
|
||||
public TspLocation Location { get; }
|
||||
public TspLocation? Location { get; }
|
||||
/// <summary>
|
||||
/// Structured metadata about the diagnostic message.
|
||||
/// </summary>
|
||||
@@ -173,7 +173,7 @@ namespace Semmle.Util
|
||||
this.Attributes = new Dictionary<string, object>();
|
||||
this.Severity = severity;
|
||||
this.Visibility = visibility ?? TspVisibility.All;
|
||||
this.Location = location ?? new TspLocation();
|
||||
this.Location = location;
|
||||
this.Internal = intrnl ?? false;
|
||||
this.MarkdownMessage = markdownMessage;
|
||||
this.PlaintextMessage = plaintextMessage;
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL found some projects which cannot be built with .NET Core:\n\n- `test.csproj`",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
@@ -20,7 +19,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.sln`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
@@ -20,8 +19,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "Some project files were not found when CodeQL built your project:\n\n- `Example.csproj`\n- `Example.Test.csproj`\n\nThis may lead to subsequent failures. You can check for common causes for missing project files:\n\n- Ensure that the project is built using the [intended operating system](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on) and that filenames on case-sensitive platforms are correctly specified.\n- If your repository uses Git submodules, ensure that those are [checked out](https://github.com/actions/checkout#usage) before the CodeQL action is run.\n- If you auto-generate some project files as part of your build process, ensure that these are generated before the CodeQL action is run.",
|
||||
"markdownMessage": "Some project files were not found when CodeQL built your project:\n\n- `Example.csproj`\n- `Example.Test.csproj`\n\nThis may lead to subsequent failures. You can check for common causes for missing project files:\n\n- Ensure that the project is built using the [intended operating system](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idruns-on) and that filenames on case-sensitive platforms are correctly specified.\n- If your repository uses Git submodules, ensure that those are [checked out](https://github.com/actions/checkout#usage) before the CodeQL Action is run.\n- If you auto-generate some project files as part of your build process, ensure that these are generated before the CodeQL Action is run.",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL was unable to build the following projects using .NET Core:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
@@ -20,7 +19,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL was unable to build the following projects using MSBuild:\n\n- `test.csproj`\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
@@ -38,7 +36,6 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "[Configure your workflow](https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-xamarin-applications) for this SDK before running CodeQL.",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL attempted to build your project using a script located at `build.sh`, which failed. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL attempted to build your project using a script located at `build.sh`, which failed.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
@@ -20,8 +19,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
@@ -20,8 +19,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL found multiple potential build scripts for your project and attempted to run `build.sh`, which failed. This may not be the right build script for your project. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL found multiple potential build scripts for your project and attempted to run `build.sh`, which failed. This may not be the right build script for your project.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL attempted to build your project using a script located at `build.bat`, which failed. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL attempted to build your project using a script located at `build.bat`, which failed.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
@@ -20,8 +19,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
|
||||
@@ -2,8 +2,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL could not find any project or solution files in your repository.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
@@ -20,8 +19,7 @@
|
||||
"attributes": {},
|
||||
"helpLinks": [],
|
||||
"internal": false,
|
||||
"location": {},
|
||||
"markdownMessage": "CodeQL found multiple potential build scripts for your project and attempted to run `build.bat`, which failed. This may not be the right build script for your project. Set up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"markdownMessage": "CodeQL found multiple potential build scripts for your project and attempted to run `build.bat`, which failed. This may not be the right build script for your project.\n\nSet up a [manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "An Android build may have failed. Ensure the Code Scanning workflow installs required dependencies, and that the [Gradle and Android SDK versions are compatible](https://developer.android.com/studio/releases/gradle-plugin#updating-gradle).\n\nSuspicious output line: ` > Minimum supported Gradle version is 7.4. Current version is 7.3. If using the gradle wrapper, try editing the distributionUrl in <test-root-directory>/gradle/wrapper/gradle-wrapper.properties to gradle-7.4-all.zip`",
|
||||
"markdownMessage": "An Android build may have failed. Ensure the Code Scanning workflow installs required dependencies, and that the [Gradle and Android SDK versions are compatible](https://developer.android.com/studio/releases/gradle-plugin#updating-gradle).\n\nRelevant output line: ` > Minimum supported Gradle version is 7.4. Current version is 7.3. If using the gradle wrapper, try editing the distributionUrl in <test-root-directory>/gradle/wrapper/gradle-wrapper.properties to gradle-7.4-all.zip`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -13,7 +13,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "An Android build may have failed. Ensure the Code Scanning workflow installs required dependencies, and that the [Gradle and Android SDK versions are compatible](https://developer.android.com/studio/releases/gradle-plugin#updating-gradle).\n\nSuspicious output line: `Caused by: java.lang.RuntimeException: Minimum supported Gradle version is 7.4. Current version is 7.3. If using the gradle wrapper, try editing the distributionUrl in <test-root-directory>/gradle/wrapper/gradle-wrapper.properties to gradle-7.4-all.zip`",
|
||||
"markdownMessage": "An Android build may have failed. Ensure the Code Scanning workflow installs required dependencies, and that the [Gradle and Android SDK versions are compatible](https://developer.android.com/studio/releases/gradle-plugin#updating-gradle).\n\nRelevant output line: `Caused by: java.lang.RuntimeException: Minimum supported Gradle version is 7.4. Current version is 7.3. If using the gradle wrapper, try editing the distributionUrl in <test-root-directory>/gradle/wrapper/gradle-wrapper.properties to gradle-7.4-all.zip`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nSuspicious output line: `[ERROR] COMPILATION ERROR : `",
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nRelevant output line: `[ERROR] COMPILATION ERROR : `",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -13,7 +13,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nSuspicious output line: `[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project maven-sample: Compilation failure`",
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nRelevant output line: `[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project maven-sample: Compilation failure`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -27,7 +27,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nSuspicious output line: `org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project maven-sample: Compilation failure`",
|
||||
"markdownMessage": "A compilation error was observed while autobuilding your code. Check that your Code Scanning workflow installs the needed compiler version and dependencies.\n\nRelevant output line: `org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project maven-sample: Compilation failure`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "A dependency failed to download. Check that all dependencies are available, and [supply credentials for any private dependencies](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#set-up-secrets-in-github-action-workflows).\n\nSuspicious output line: `Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact junit:junit-nonesuch:jar:4.11 in central (https://repo.maven.apache.org/maven2)`",
|
||||
"markdownMessage": "A dependency failed to download. Check that all dependencies are available, and [supply credentials for any private dependencies](https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#set-up-secrets-in-github-action-workflows).\n\nRelevant output line: `Caused by: org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact junit:junit-nonesuch:jar:4.11 in central (https://repo.maven.apache.org/maven2)`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "Your project may need a different JDK version. Ensure your Code Scanning workflow file has [an appropriate `setup-java` step](https://github.com/actions/setup-java#eclipse-temurin).\n\nSuspicious output line: `> Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)'.`",
|
||||
"markdownMessage": "Your project may need a different JDK version. Ensure your Code Scanning workflow file has [an appropriate `setup-java` step](https://github.com/actions/setup-java#eclipse-temurin).\n\nRelevant output line: `> Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)'.`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -13,7 +13,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "Your project may need a different JDK version. Ensure your Code Scanning workflow file has [an appropriate `setup-java` step](https://github.com/actions/setup-java#eclipse-temurin).\n\nSuspicious output line: `Caused by: java.lang.IllegalArgumentException: Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)'.`",
|
||||
"markdownMessage": "Your project may need a different JDK version. Ensure your Code Scanning workflow file has [an appropriate `setup-java` step](https://github.com/actions/setup-java#eclipse-temurin).\n\nRelevant output line: `Caused by: java.lang.IllegalArgumentException: Could not target platform: 'Java SE 11' using tool chain: 'JDK 8 (1.8)'.`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nSuspicious output line: `Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nRelevant output line: `Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
"id": "java/autobuilder/non-https-repository",
|
||||
"name": "A non-https Maven repository access failed"
|
||||
"name": "A non-HTTPS Maven repository access failed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": false,
|
||||
@@ -13,12 +13,12 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nSuspicious output line: `Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nRelevant output line: `Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
"id": "java/autobuilder/non-https-repository",
|
||||
"name": "A non-https Maven repository access failed"
|
||||
"name": "A non-HTTPS Maven repository access failed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": false,
|
||||
@@ -27,12 +27,12 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nSuspicious output line: `Caused by: org.eclipse.aether.transfer.NoRepositoryConnectorException: Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nRelevant output line: `Caused by: org.eclipse.aether.transfer.NoRepositoryConnectorException: Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)]`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
"id": "java/autobuilder/non-https-repository",
|
||||
"name": "A non-https Maven repository access failed"
|
||||
"name": "A non-HTTPS Maven repository access failed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": false,
|
||||
@@ -41,12 +41,12 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nSuspicious output line: `[ERROR] Failed to execute goal on project maven-sample: Could not resolve dependencies for project com.example:maven-sample:jar:1.0-SNAPSHOT: Failed to collect dependencies at junit-nonesuch:junit-nonesuch:jar:4.11: Failed to read artifact descriptor for junit-nonesuch:junit-nonesuch:jar:4.11: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)] -> [Help 1]`",
|
||||
"markdownMessage": "Building your code triggered an access to an insecure HTTP Maven repository. Allow access to insecure repositories, or [update your build to use HTTPS](https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked).\n\nRelevant output line: `[ERROR] Failed to execute goal on project maven-sample: Could not resolve dependencies for project com.example:maven-sample:jar:1.0-SNAPSHOT: Failed to collect dependencies at junit-nonesuch:junit-nonesuch:jar:4.11: Failed to read artifact descriptor for junit-nonesuch:junit-nonesuch:jar:4.11: Could not transfer artifact junit-nonesuch:junit-nonesuch:pom:4.11 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [insecure (http://repo.maven.apache.org/maven2/, default, releases+snapshots)] -> [Help 1]`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
"id": "java/autobuilder/non-https-repository",
|
||||
"name": "A non-https Maven repository access failed"
|
||||
"name": "A non-HTTPS Maven repository access failed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "Building using Maven was skipped because there were multiple sibling build directories containing build files: [./maven-project-1,./maven-project-2]. If you want to use one of these, please [manually supply a build command](https://docs.github.com/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"markdownMessage": "Building using Maven was skipped because there were multiple sibling build directories containing build files: [./maven-project-1,./maven-project-2]. If you want to use one of these, please [manually supply a build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -13,7 +13,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "If you want to use one of the candidate build systems and directories (see previous warnings), please [supply a manual a build command](https://docs.github.com/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"markdownMessage": "Could not identify a unique top-level project to build. [Supply a manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "Could not find a Gradle, Maven or Ant top-level project to build. Please [supply a manual build command](https://docs.github.com/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"markdownMessage": "Could not find a Gradle, Maven or Ant top-level project to build. [Supply a manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language).",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle",
|
||||
"markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
@@ -13,7 +13,7 @@
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "Gradle project does not define a `testClasses` goal. [Supply a manual build command](https://docs.github.com/en/github-ae@latest/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language) that builds the code that should be analyzed.\n\nSuspicious output line: `org.gradle.execution.TaskSelectionException: Task 'testClasses' not found in root project 'no-gradle-test-classes'.`",
|
||||
"markdownMessage": "Gradle project does not define a `testClasses` goal. [Supply a manual build command](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language) that builds the code that should be analyzed.\n\nRelevant output line: `org.gradle.execution.TaskSelectionException: Task 'testClasses' not found in root project 'no-gradle-test-classes'.`",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle",
|
||||
"markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "java",
|
||||
|
||||
@@ -508,7 +508,7 @@ public class AutoBuild {
|
||||
* For use with the {@link #writeDiagnostics(String, JSDiagnosticKind)} method.
|
||||
*/
|
||||
public static enum JSDiagnosticKind {
|
||||
PARSE_ERROR("parse-error", "Parse error", DiagnosticLevel.Warning),
|
||||
PARSE_ERROR("parse-error", "Could not process some files due to syntax errors", DiagnosticLevel.Warning),
|
||||
INTERNAL_ERROR("internal-error", "Internal error", DiagnosticLevel.Debug);
|
||||
|
||||
private final String id;
|
||||
@@ -568,7 +568,7 @@ public class AutoBuild {
|
||||
}
|
||||
|
||||
// DiagnosticLevel level, String extractorName, String sourceId, String sourceName, String markdown
|
||||
diagnostics.get().writeMarkdown(error.getLevel(), "javascript", "javascript/" + error.getId(), error.getName(),
|
||||
diagnostics.get().writeMarkdown(error.getLevel(), "javascript", "js/" + error.getId(), error.getName(),
|
||||
message, location);
|
||||
}
|
||||
|
||||
|
||||
@@ -10,8 +10,8 @@
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "javascript",
|
||||
"id": "javascript/parse-error",
|
||||
"name": "Parse error"
|
||||
"id": "js/parse-error",
|
||||
"name": "Could not process some files due to syntax errors"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
|
||||
@@ -223,7 +223,7 @@ fn main() -> std::io::Result<()> {
|
||||
} else {
|
||||
diagnostics_writer.write(
|
||||
diagnostics_writer
|
||||
.new_entry("unknown-character-encoding", "Unknown character encoding")
|
||||
.new_entry("unknown-character-encoding", "Could not process some files due to an unknown character encoding")
|
||||
.file(&file_paths::normalize_path(&path))
|
||||
.message(
|
||||
"Unknown character encoding {} in {} {}.",
|
||||
|
||||
@@ -3,6 +3,7 @@ use std::io::Write;
|
||||
use std::path::PathBuf;
|
||||
/** SARIF severity */
|
||||
#[derive(Serialize)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
pub enum Severity {
|
||||
Error,
|
||||
Warning,
|
||||
|
||||
@@ -253,9 +253,10 @@ impl<'a> Visitor<'a> {
|
||||
end_line,
|
||||
end_column,
|
||||
);
|
||||
let mut mesg = self
|
||||
.diagnostics_writer
|
||||
.new_entry("parse-error", "Parse error");
|
||||
let mut mesg = self.diagnostics_writer.new_entry(
|
||||
"parse-error",
|
||||
"Could not process some files due to syntax errors",
|
||||
);
|
||||
&mesg
|
||||
.severity(diagnostics::Severity::Warning)
|
||||
.location(self.path, start_line, start_column, end_line, end_column)
|
||||
@@ -367,7 +368,10 @@ impl<'a> Visitor<'a> {
|
||||
self.record_parse_error(
|
||||
loc,
|
||||
self.diagnostics_writer
|
||||
.new_entry("parse-error", "Parse error")
|
||||
.new_entry(
|
||||
"parse-error",
|
||||
"Could not process some files due to syntax errors",
|
||||
)
|
||||
.severity(diagnostics::Severity::Warning)
|
||||
.location(self.path, start_line, start_column, end_line, end_column)
|
||||
.message(
|
||||
|
||||
@@ -11,11 +11,11 @@
|
||||
},
|
||||
"markdownMessage": "A parse error occurred. Check the syntax of the file. If the file is invalid, correct the error or [exclude](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning) the file from analysis.",
|
||||
"plaintextMessage": "A parse error occurred. Check the syntax of the file. If the file is invalid, correct the error or exclude the file from analysis.",
|
||||
"severity": "Warning",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "ruby",
|
||||
"id": "ruby/parse-error",
|
||||
"name": "Parse error"
|
||||
"name": "Could not process some files due to syntax errors"
|
||||
},
|
||||
"visibility": {
|
||||
"statusPage": true
|
||||
@@ -34,11 +34,11 @@
|
||||
},
|
||||
"markdownMessage": "A parse error occurred (expected `end` symbol). Check the syntax of the file. If the file is invalid, correct the error or [exclude](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning) the file from analysis.",
|
||||
"plaintextMessage": "A parse error occurred (expected end symbol). Check the syntax of the file. If the file is invalid, correct the error or exclude the file from analysis.",
|
||||
"severity": "Warning",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "ruby",
|
||||
"id": "ruby/parse-error",
|
||||
"name": "Parse error"
|
||||
"name": "Could not process some files due to syntax errors"
|
||||
},
|
||||
"visibility": {
|
||||
"statusPage": true
|
||||
|
||||
@@ -7,11 +7,11 @@
|
||||
},
|
||||
"markdownMessage": "Unknown character encoding `silly` in `#encoding:` [directive](https://docs.ruby-lang.org/en/master/syntax/comments_rdoc.html#label-encoding+Directive).",
|
||||
"plaintextMessage": "Unknown character encoding silly in #encoding: directive.",
|
||||
"severity": "Warning",
|
||||
"severity": "warning",
|
||||
"source": {
|
||||
"extractorName": "ruby",
|
||||
"id": "ruby/unknown-character-encoding",
|
||||
"name": "Unknown character encoding"
|
||||
"name": "Could not process some files due to an unknown character encoding"
|
||||
},
|
||||
"visibility": {
|
||||
"statusPage": true
|
||||
|
||||
Reference in New Issue
Block a user