Add some basic validation when parsing SARIF

This is roughly equivalent to the validation we had before, when we were only including `runs.0.results`.
2024-07-19 16:46:03 -04:00
parent 97b9c43ae1
commit d68e270e90
1 changed files with 11 additions and 1 deletions
--- a/extensions/ql-vscode/src/common/sarif-parser.ts
+++ b/extensions/ql-vscode/src/common/sarif-parser.ts
@@ -40,7 +40,17 @@ export async function sarifParser(
      });

      asm.on("done", (asm) => {
-        const log: Log = asm.current;
+        const log = asm.current;
+
+        // Do some trivial validation. This isn't a full validation of the SARIF file, but it's at
+        // least enough to ensure that we're not trying to parse complete garbage later.
+        if (log.runs === undefined || log.runs.length < 1) {
+          reject(
+            new Error(
+              "Invalid SARIF file: expecting at least one run with result.",
+            ),
+          );
+        }

        resolve(log);
        alreadyDone = true;