sarif-results-summary: add codeFlow (path-problem) output, remove meta-data

The per-language result counts are removed; they belong in a separate sarif-info script.
2025-12-16 17:23:03 +01:00 · 2021-11-20 14:49:49 -08:00
parent 29b62b8b1a
commit 85ddaaafe1
2 changed files with 43 additions and 25 deletions
--- a/bin/sarif-results-summary
+++ b/bin/sarif-results-summary
@@ -19,17 +19,16 @@ with open(args.file, 'r') if args.file != '-' else sys.stdin as fp:

 for runi in S.indices(sarif_struct, 'runs'):
    num_results = len(S.get(sarif_struct, 'runs', runi, 'results'))
-    language = S.get(sarif_struct, 'runs', runi, 'properties',
-                     'semmle.sourceLanguage')
-    S.msg("Found %d results for %s\n" %  (num_results, language))
    if num_results == 0: continue
    # 
    for resi in S.indices(sarif_struct, 'runs', runi, 'results'):
        result = S.get(sarif_struct, 'runs', runi, 'results', resi)
+        if 'locations' in result:
+            # Non-path problems
            message, artifact, region = S.get_location_message_info(result)
            l1, c1, l2, c2 = S.lineinfo(region)
            filepath = "%s:%d:%d:%d:%d" % (artifact['uri'], l1, c1, l2, c2)
-        S.msg("%s: %s\n\n" % (filepath, message))
+            S.msg("RESULT: %s: %s\n\n" % (filepath, message))
            if args.list_source:
                lines = S.load_lines(args.list_source, artifact['uri'], l1, l2)
                for line, line_num in zip(lines, range(l1, l2+1)):
@@ -43,7 +42,21 @@ for runi in S.indices(sarif_struct, 'runs'):
                        message, artifact, region = S.get_relatedlocation_message_info(relo)
                        l1, c1, l2, c2 = S.lineinfo(region)
                        filepath = "%s:%d:%d:%d:%d" % (artifact['uri'], l1, c1, l2, c2)
-                    S.msg("info: %s: %s\n\n" % (filepath, message))
+                        S.msg("REFERENCE: %s: %s\n\n" % (filepath, message))
+                        if args.list_source:
+                            lines = S.load_lines(args.list_source, artifact['uri'], l1, l2)
+                            for line, line_num in zip(lines, range(l1, l2+1)):
+                                S.display_underlined(l1, c1, l2, c2, line, line_num)
+        if 'codeFlows' in result:
+            # Path problems
+            for codeFlow in S.get(result, 'codeFlows'):
+                for threadFlow in S.get(codeFlow, 'threadFlows'):
+                    for loci in S.indices(threadFlow, 'locations'):
+                        location = S.get(threadFlow, 'locations', loci, 'location')
+                        message, artifact, region = S.get_relatedlocation_message_info(location)
+                        l1, c1, l2, c2 = S.lineinfo(region)
+                        filepath = "%s:%d:%d:%d:%d" % (artifact['uri'], l1, c1, l2, c2)
+                        S.msg("FLOW STEP %d: %s: %s\n\n" % (loci, filepath, message))
                        if args.list_source:
                            lines = S.load_lines(args.list_source, artifact['uri'], l1, l2)
                            for line, line_num in zip(lines, range(l1, l2+1)):
--- a/sarif_cli/init.py
+++ b/sarif_cli/init.py
@@ -11,6 +11,11 @@ def get_relatedlocation_message_info(related_location):

    The relatedLocation typically starts from 
    get(sarif_struct, 'runs', [int], 'results', [int], 'relatedLocations', [int])
+
+    For a threadFlow, extract message information for a location contained in it.
+
+    The location typically starts from 
+    get(sarif_struct, 'runs', _i, 'results', _i, 'codeFlows', _i, 'threadFlows', _i, 'locations', _i) 
    """
    message = get(related_location, 'message', 'text')
    artifact = get(related_location, 'physicalLocation', 'artifactLocation')