hohn/sarif-cli
1
0
Fork 0
mirror of https://github.com/hohn/sarif-cli.git synced 2025-12-16 17:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc8a4929fae74c8878fb236c83a0181a03c2cec8
sarif-cli/notes/README.org
Michael Hohn dc8a4929fa wip: notes cleanup
2023-07-11 20:26:40 -07:00

2.2 KiB
Raw Blame History

The notes directory

This directory is for notes that may be useful, but aren't complete enough to serve as documentation in their current state.

Think of it as staging for ../docs.

Short notes start as sections in this README. They will be moved if separate file make more sense.

The typegraphs

The type graph files are derived from a sarif input file, with various options controlling output.

To produce dot maps of a sarif file type graph, from raw (largest) to fully filled (most compact):

  cd ../data/treeio/2022-02-25

  # Everything:
  ../../../bin/sarif-to-dot -t -d  results.sarif | dot -Tpdf > typegraph-td.pdf

  # Suppress edges to int/bool/string types in dot graph
  ../../../bin/sarif-to-dot -td -n results.sarif | dot -Tpdf > typegraph-tdn.pdf

  # Additionally, only report unique array entry signatures
  ../../../bin/sarif-to-dot -td -nu results.sarif | dot -Tpdf > typegraph-tdnu.pdf

  # Additionally, fill in missing (optional) entries in sarif input before other steps.
  ../../../bin/sarif-to-dot -td -nuf results.sarif | dot -Tpdf > typegraph-tdnuf.pdf

The automationDetails.id

The automationDetails.id entry is produced by CodeQL when using the --sarif-category flag.

The prerequisites for tracing its flow through the tools is started in ../data/build-multiple-sarifs.sh

  cd ~/local/sarif-cli/ && ag -l automationDetails |cat
notes/README.org
notes/README.html
scripts/table-tests.sh
sarif_cli/signature_single_CLI.py
sarif_cli/table_joins_CLI.py
sarif_cli/scan_tables.py
sarif_cli/signature.py

hohn@gh-hohn ~/local/sarif-cli