Fix NullReferenceException in WorkItemFiler when all results baseline state are unchange/absent/updated

[yongyan-gh]

Description:

BUG: Got NullReferenceException when WorkItemFiler tries to file a work item for the result that has baseline state should be ignored.

Fixes:

• Handle null results case in SarifLog CreateWorkItemDescription extension method, which happens if all results are not eligible for filing work item. result.ShouldBeFiled() == false
• In WorkItemFiler.FileWorkItems(), do not create work item if all the results of target Sarif Log are not eligible for filing a work item.

Currently the result is treated as it should not be file as work item if

• Its baseline State is one of Unchanged, Absent, Updated
• It's suppressed

[lgtm-com]

This pull request introduces 1 alert when merging d1928a1 into 678e283 - view on LGTM.com

new alerts:

• 1 for Dereferenced variable may be null

---

In reply to: 983119894

[yongyan-gh]

the issue has been resolved in commits after this.

---

In reply to: 983119894

[shaopeng-gh]

@"C:\Test\Data\File{0}sarif"

suggest change to not using windows specific format, like:
Path.Combine(Directory.GetCurrentDirectory(), "Test", "Data", "File{0}sarif");
#Closed

[eddynaka]

results?.FirstOrDefault()?.Locations?[0].PhysicalLocation?.ArtifactLocation?.Uri

can u unwrap and wrap making ? and : be in separate lines? #Closed

[eddynaka]

                       .Count();

you can replace where for count and do thee unwrap/wrap as well

---

In reply to: 989110458

---

In reply to: 989110458

---

In reply to: 989110458

---

In reply to: 989110458

---

Refers to: src/Sarif.WorkItems/SarifWorkItemsExtensions.cs:166 in 9665225. [](commit_id = 9665225, deletion_comment = False)

[shaopeng-gh]

if (sarifLog.Runs?.Any(run => run.Results?.Any(result => result.ShouldBeFiled()) == true) != true)

was thinking about the case of one run have work item and the other have empty array if this condiftion works.

do we think better to expand the nested condition, easiler to read and maintenance :) #Closed

[yongyan-gh]

removed in latest change

[shaopeng-gh]

do we think also add a safety check in this method as well

public static bool ShouldBeFiled(this Result result)
{
if(result ==null) return false;
......
} #Closed

[yongyan-gh]

Added the check to ShouldBeFiled() and added test cases.

[shaopeng-gh]

[michaelcfanning]

@marmegh @EasyRhinoMSFT

[michaelcfanning]

true

As a rule don't embed literals in method calls. What does true here mean? We don't know.

Instead, qualify the literal with the parameter name. If the parameter name is good, the code will be cleaner:

TestWorkItemFiler(sarifLog, context, adoClient: true) #Resolved

[michaelcfanning]

true

Is it important for these tests to verify the adoClient == false code path?

I think probably it is important, because we want to ensure the GitHub filer also doesn't file work items?

Or is the relevant code sufficiently covered by the adoClient case? #Resolved

[yongyan-gh]

Parameter adoClient controls which FilingClient mock object it generates, adoClient or githubClient. Added/updated test cases also covers githubClient.

[michaelcfanning]

readonly

Please add a comment here explaining that we create the test file path in this way so that we don't use a single, platform-specific file path rendering (i.e., we'll get Windows paths on Windows and Linux running xplat). #Closed

[michaelcfanning]

sarifLog

You should add logging to this code path, don't you think? @rtaket, does someone from your team need to review this change as well?

[michaelcfanning]

                        if (updatedSarifWorkItemModel == null)

Notice this 'return null' code path has good logging.

---

Refers to: src/Sarif.WorkItems/SarifWorkItemFiler.cs:329 in 5ebe0c8. [](commit_id = 5ebe0c8, deletion_comment = False)

[michaelcfanning]

sarifLog

I don't understand why this code path is what we want. You are going to traverse the entire log file, which could be very large. Is that what we want? What is this going to save us in work that we won't perform (when there are no issues to file)?

[yongyan-gh]

If the SARIF log doesn't have any eligible result to file as a work item and it doesn't return null, the following code will create a SarifWorkItemModel:

var sarifWorkItemModel = new SarifWorkItemModel(sarifLog, filingContext);

In SarifWorkItemModel code, it iterates all results and get first result which should be filed, to construct work item title. If none of result is eligible, the SairfWorkItemModel's title will be set to null, which causes NullReferenceException when calling filingClient.FileWorkItems() to file work item.

Another solution I can think is before calling FileWorkItemInternal(), in SplitLogFile method, make sure there is only eligible results in split logs. But seems traverse of the results is still needed.

[yongyan-gh]

Moved the check to SplitLogFile method, this way the sarifLog only includes eligible results to file work item, no need to traverse results. Pls let me know what do you think?

[michaelcfanning]

result

Why did we add this? Why wouldn't a null dereference be the expected condition?

i.e., why do we require

myObject?.ThisIsAnActualMethod()

to protect against a null variable but

myObject.ThisIsAnExtensionMethod()

should work when myObject is null?

I am asking a sincere question. But I'm not sure this change is a good design pattern, Shaopeng, what's your argument for it? :)

[yongyan-gh]

I think it depends on which one should be responsible for the null check, the caller or the extension method.

If the caller should handle null value then we don't need this check inside extension method.

myObject?.ThisIsAnExtensionMethod()

[shaopeng-gh]

I am not sure, my thought was similar to the IDictionary cast that we were looking at last PR, either a helper already did that for you or need to cast to IDictionary everywhere it is used,
in this case if the extension method did the check for you,
or where you call the extension method.
only differ when user forgot to check null before call this extension seeing an unhandled exception because we call result.BaselineState at the first line, the other case is no exception returns false.

A quick find reference I see about 10 usages of this method.

In .net source code they also do null check at the first line of the
extension methods, like below, our logic doe not need to throw:

public static partial class StringNormalizationExtensions
{
public static bool IsNormalized(this string strInput, NormalizationForm normalizationForm)
{
if (strInput == null)
{
throw new ArgumentNullException(nameof(strInput));
}

        return strInput.IsNormalized(normalizationForm);
    }

[yongyan-gh]

Like the way how .net handles in the extension method. The extension method will have similar behavior to instance method and can be protected by ? operation:

myObject?.ThisIsAnExtensionMethod()

[eddynaka]

[michaelcfanning]

Remove this comment. First, it does not follow convention, starting with a capital letter, ending with a period. It doesn't read very well grammatically. Not sure it provides useful additional information. Finally, this line of code is identical to other lines in this file, why are they commented? If they don't need to be, why is this line commented?

[michaelcfanning]

I suggest removing this, because it is additional work and suggests a general pattern we should adhere that doesn't seem to have good ROI.

[michaelcfanning]

my personal opinion is this code isn't super readable and i avoid linq statements that potentially entail multiple iterations over a collection (in a pathological case).

[michaelcfanning]

// Use portable file path so the tests can run on windows and other platforms.

What's the utility of this comment? #Closed

[michaelcfanning]

testSarifFilePath

please make this static and give it an s_ prefix #Closed

[yongyan-gh]

Test coverage data:

[michaelcfanning]