mirror of
https://github.com/hohn/sarif-cli.git
synced 2025-12-16 17:23:03 +01:00
68 lines
2.6 KiB
Org Mode
68 lines
2.6 KiB
Org Mode
* sarif-cli quickstart
|
|
Set up the virtual environment and install the packages:
|
|
#+BEGIN_SRC sh
|
|
cd ~/work-gh/sarif-cli/
|
|
|
|
# set up virtual environment
|
|
python3 -m venv .venv
|
|
. .venv/bin/activate
|
|
|
|
# Use requirementsDEV.txt
|
|
python -m pip install -r requirementsDEV.txt
|
|
|
|
# install scripts
|
|
pip install -e .
|
|
|
|
# force symlinks for development
|
|
rm -f "$VIRTUAL_ENV/bin/sarif-"*
|
|
ln -sf "$PWD/bin/sarif-"* "$VIRTUAL_ENV/bin/"
|
|
|
|
#+END_SRC
|
|
|
|
Run SARIF extraction for one test file and inspect results.
|
|
This assumes you are in the above virtual environment where all =sarif-*= tools
|
|
are on =$PATH=.
|
|
|
|
#+BEGIN_SRC sh
|
|
cd ~/work-gh/sarif-cli/data/codeql-dataflow-sql-injection
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 1. Set base name of the original SARIF file (without extension)
|
|
# ---------------------------------------------------------------------
|
|
orig="sqlidb-1"
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 2. Remove any stale output from previous runs
|
|
# ---------------------------------------------------------------------
|
|
rm -fR -- "${orig}.1.sarif."*
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 3. Ensure versionControlProvenance field is present
|
|
# ---------------------------------------------------------------------
|
|
sarif-insert-vcp "${orig}.sarif" > "${orig}.1.sarif"
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 4. Run the converter (CLI input signature)
|
|
# - Logs are written only if errors occur.
|
|
# ---------------------------------------------------------------------
|
|
sarif-extract-scans-runner --input-signature CLI - > /dev/null <<EOF
|
|
${orig}.1.sarif
|
|
EOF
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 5. If errors occurred, show the scan log.
|
|
# The log lists the exact commands that can be re-run manually under pdb.
|
|
# ---------------------------------------------------------------------
|
|
if [[ -f "${orig}.1.sarif.scanlog" ]]; then
|
|
echo "Conversion errors logged in ${orig}.1.sarif.scanlog"
|
|
cat "${orig}.1.sarif.scanlog"
|
|
fi
|
|
|
|
# ---------------------------------------------------------------------
|
|
# 6. Examine results (converted SARIF, logs, etc.)
|
|
# ---------------------------------------------------------------------
|
|
ls -l "${orig}.1.sarif"*
|
|
#+END_SRC
|
|
For interactive examination / debugging, see [[file:README.org::*Run using embedded repls][Run using embedded repls]]
|
|
|