hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update the sarif-results-summary examples

Browse Source
This commit is contained in:
Michael Hohn
2021-12-22 17:46:33 -08:00
committed by =Michael Hohn
parent 558e218d3b
commit 7d49c3bd08
1 changed files with 118 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
README.org
View File

@@ -52,59 +52,140 @@
Following are short summaries of each. Following are short summaries of each.
** =sarif-results-summary= ** =sarif-results-summary=
Display the SARIF results in human-readable plain text form. Taking the warning around Display the SARIF results in human-readable plain text form.
Starting with the =data/wxWidgets= sample and the warning around
#+BEGIN_SRC text #+BEGIN_SRC text
src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30:
#+END_SRC #+END_SRC
as example, there are two options using only the SARIF file, and one more when there are several options using only the SARIF file, and one more when
source code is available. source code is available.
1. Display only main result. Using The following show the command and the output, limited to the intended result
#+BEGIN_SRC sh via =sed=:
sarif-results-summary data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\
grep LexMySQL.cxx 1. Display only main result, using no options.
#+END_SRC #+BEGIN_SRC shell :results output code :exports both
only displays .venv/bin/sarif-results-summary \
#+BEGIN_SRC text data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\
RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1). sed -n "/LexMySQL.cxx:153:24:153:30/,/RESULT/p" | sed '$d'
#+END_SRC #+END_SRC
2. Display the related information. Using #+RESULTS:
#+BEGIN_SRC sh #+begin_src shell
sarif-results-summary \ RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1).
#+end_src
2. Display the related information.
#+BEGIN_SRC shell :results output code :exports both
.venv/bin/sarif-results-summary \
-r data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\ -r data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\
grep -A 2 LexMySQL.cxx sed -n "/LexMySQL.cxx:153:24:153:30/,/RESULT/p" | sed '$d'
#+END_SRC
displays
#+BEGIN_SRC text
RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1).
REFERENCE: src/stc/scintilla/lexers/LexMySQL.cxx:108:68:108:74: parameter of the same name
#+END_SRC #+END_SRC
3. Either display can be supplemented by source code snippets if the source is #+RESULTS:
available. Using #+begin_src shell
#+BEGIN_SRC sh RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1).
sarif-results-summary \ REFERENCE: src/stc/scintilla/lexers/LexMySQL.cxx:108:68:108:74: parameter of the same name
#+end_src
3. Include source code snippets (when the source is available):
#+BEGIN_SRC shell :results output code :exports both
.venv/bin/sarif-results-summary \
-s data/wxWidgets-small \ -s data/wxWidgets-small \
-r data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\ -r data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif 2>&1 |\
grep -A 4 LexMySQL.cxx sed -n "/LexMySQL.cxx:153:24:153:30/,/RESULT/p" | sed '$d'
#+END_SRC #+END_SRC
displays the source code with underlines
#+BEGIN_SRC text
RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1).
Sci_Position length = sc.LengthCurrent() + 1; #+RESULTS:
^^^^^^ #+begin_src shell
REFERENCE: src/stc/scintilla/lexers/LexMySQL.cxx:108:68:108:74: parameter of the same name RESULT: src/stc/scintilla/lexers/LexMySQL.cxx:153:24:153:30: Local variable 'length' hides a [parameter of the same name](1).
Sci_Position length = sc.LengthCurrent() + 1;
^^^^^^
REFERENCE: src/stc/scintilla/lexers/LexMySQL.cxx:108:68:108:74: parameter of the same name
static void ColouriseMySQLDoc(Sci_PositionU startPos, Sci_Position length, int initStyle, WordList *keywordlists[],
^^^^^^
static void ColouriseMySQLDoc(Sci_PositionU startPos, Sci_Position length, int initStyle, WordList *keywordlists[], #+end_src
^^^^^^
To illustrate the flow steps options, switch to the =data/treeio= sample:
1. Result with flow steps and relatedLocations
#+BEGIN_SRC shell :results output code :exports both
read -r file srcroot <<< "data/treeio/results.sarif data/treeio/treeio"
start="treeio.core.middleware.chat.py:395:29:395:33"
.venv/bin/sarif-results-summary -r $file | sed -n "/$start/,/RESULT/p" | sed '$d'
#+END_SRC #+END_SRC
#+RESULTS:
#+begin_src shell
RESULT: treeio/core/middleware/chat.py:395:29:395:33: [Error information](1) may be exposed to an external user
REFERENCE: treeio/core/middleware/chat.py:394:50:394:64: Error information
PATH 0
FLOW STEP 0: treeio/core/middleware/chat.py:394:50:394:64: ControlFlowNode for Attribute()
FLOW STEP 1: treeio/core/middleware/chat.py:394:38:394:66: ControlFlowNode for Dict
FLOW STEP 2: treeio/core/middleware/chat.py:394:13:394:67: ControlFlowNode for Dict
FLOW STEP 3: treeio/core/middleware/chat.py:395:29:395:33: ControlFlowNode for data
PATH 1
FLOW STEP 0: treeio/core/middleware/chat.py:394:50:394:64: ControlFlowNode for Attribute()
FLOW STEP 1: treeio/core/middleware/chat.py:394:46:394:65: ControlFlowNode for str()
FLOW STEP 2: treeio/core/middleware/chat.py:394:38:394:66: ControlFlowNode for Dict
FLOW STEP 3: treeio/core/middleware/chat.py:394:13:394:67: ControlFlowNode for Dict
FLOW STEP 4: treeio/core/middleware/chat.py:395:29:395:33: ControlFlowNode for data
#+end_src
2. Result with flow steps, relatedLocations, and source
#+BEGIN_SRC shell :results output code :exports both
read -r file srcroot <<< "data/treeio/results.sarif data/treeio/treeio"
start="treeio.core.middleware.chat.py:395:29:395:33"
.venv/bin/sarif-results-summary -r -s $srcroot $file | \
sed -n "/$start/,/RESULT/p" | sed '$d'
#+END_SRC
#+RESULTS:
#+begin_src shell
RESULT: treeio/core/middleware/chat.py:395:29:395:33: [Error information](1) may be exposed to an external user
return HttpResponse(data, content_type='application/json', status=200)
^^^^
REFERENCE: treeio/core/middleware/chat.py:394:50:394:64: Error information
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^
PATH 0
FLOW STEP 0: treeio/core/middleware/chat.py:394:50:394:64: ControlFlowNode for Attribute()
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^
FLOW STEP 1: treeio/core/middleware/chat.py:394:38:394:66: ControlFlowNode for Dict
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FLOW STEP 2: treeio/core/middleware/chat.py:394:13:394:67: ControlFlowNode for Dict
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FLOW STEP 3: treeio/core/middleware/chat.py:395:29:395:33: ControlFlowNode for data
return HttpResponse(data, content_type='application/json', status=200)
^^^^
PATH 1
FLOW STEP 0: treeio/core/middleware/chat.py:394:50:394:64: ControlFlowNode for Attribute()
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^
FLOW STEP 1: treeio/core/middleware/chat.py:394:46:394:65: ControlFlowNode for str()
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^^^^^^
FLOW STEP 2: treeio/core/middleware/chat.py:394:38:394:66: ControlFlowNode for Dict
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FLOW STEP 3: treeio/core/middleware/chat.py:394:13:394:67: ControlFlowNode for Dict
{"cmd": "Error", "data": {"msg": str(sys.exc_info())}})
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FLOW STEP 4: treeio/core/middleware/chat.py:395:29:395:33: ControlFlowNode for data
return HttpResponse(data, content_type='application/json', status=200)
^^^^
#+end_src
** =sarif-digest= ** =sarif-digest=
Get an idea of the SARIF file structure by showing only first / last entries in arrays. Get an idea of the SARIF file structure by showing only first / last entries in arrays.
#+BEGIN_SRC sh #+BEGIN_SRC shell
sarif-digest data/torvalds_linux__2021-10-21_10_07_00__export.sarif |less sarif-digest data/torvalds_linux__2021-10-21_10_07_00__export.sarif |less
#+END_SRC #+END_SRC
@@ -112,7 +193,7 @@
Display the SARIF file with explicit paths inserted before json objects and Display the SARIF file with explicit paths inserted before json objects and
selected array entries. Handy when reverse-engineering the format by searching selected array entries. Handy when reverse-engineering the format by searching
for results. for results.
#+BEGIN_SRC sh #+BEGIN_SRC shell
sarif-labeled data/torvalds_linux__2021-10-21_10_07_00__export.sarif |less sarif-labeled data/torvalds_linux__2021-10-21_10_07_00__export.sarif |less
#+END_SRC #+END_SRC
For example, the For example, the
@@ -130,7 +211,7 @@
Display the list of files referenced by a SARIF file. This is the tools used to Display the list of files referenced by a SARIF file. This is the tools used to
get file names that ultimately went into =data/linux-small/= and get file names that ultimately went into =data/linux-small/= and
=data/wxWidgets-small/=. =data/wxWidgets-small/=.
#+BEGIN_SRC sh #+BEGIN_SRC shell
sarif-list-files data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif sarif-list-files data/wxWidgets_wxWidgets__2021-11-21_16_06_30__export.sarif
#+END_SRC #+END_SRC