hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

sarif-extract-multi: extract combined tables from multiple sarif files

Browse Source 
This command introduces a new tree structure that pulls in a collection
of sarif files.  In yaml format, an example is

    - creation_date: '2021-12-09'   # Repository creation date
      primary_language: javascript  # By lines of code
      project_name: treeio/treeio   # Repo name-short name
      query_commit_id: fa9571646c   # Commit id for custom (non-library) queries
      sarif_content: {}             # The sarif content will be attached here
      sarif_file_name: 2021-12-09/results.sarif # Path to sarif file
      scan_start_date: '2021-12-09'             # Beginning date/time of scan
      scan_stop_date:  '2021-12-10'             # End date/time of scan
      tool_name: codeql
      tool_version: v1.27

    - creation_date: '2022-02-25'
      primary_language: javascript
      ...

At run time,

    cd ~/local/sarif-cli/data/treeio
    sarif-extract-multi multi-sarif-01.json test-multi-table

will load the specified sarif files and put them in place of
`sarif_content`, then build tables against the new signature found in
sarif_cli/signature_multi.py, and merge those into 6 larger tables.  The
exported tables are

    artifacts.csv  path-problem.csv  project.csv
    codeflows.csv  problem.csv       related-locations.csv

and they have join keys for further operations.

The new typegraph is rendered in

    notes/typegraph-multi.pdf

using the instructions in

    sarif_cli/signature_multi.py
This commit is contained in:
Michael Hohn
2022-03-11 23:00:53 -08:00
committed by =Michael Hohn
parent 9c151e295b
commit 0f070a6ae4
19 changed files with 78848 additions and 25044 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/file-level-tests.sh
View File

@@ -29,7 +29,7 @@ done
# cases covering the different output options. They are intended for manual use
# and review.
#
read -r file srcroot <<< "../data/treeio/results.sarif ../data/treeio/treeio"
read -r file srcroot <<< "../data/treeio/2021-12-09/results.sarif ../data/treeio/treeio"
# All results, minimal output
sarif-results-summary $file | less

11
scripts/table-tests.sh Normal file
View File

@@ -0,0 +1,11 @@
# -*- sh -*-
#
# Sanity tests for the table-producing scripts. Should succeed and produce
# nothing on stdout/stderr
#
cd ~/local/sarif-cli/data/treeio/2021-12-09
sarif-extract-tables results.sarif test-tables
cd ~/local/sarif-cli/data/treeio
sarif-extract-multi multi-sarif-01.json test-multi-table