SARIF report for all linters (a dream ?!) but for PHP linters (a reality) #3693
Replies: 16 comments 9 replies
-
I really wish that we can have SARIF on all linters, it would allow major enhancements in MegaLinter :) I requested SARIF output on many linter repos... some mantainers did it, some other dit not want, some others said "maybe later...." :D That's an amazing news that thanks to you we can have it for PHP linters :) |
Beta Was this translation helpful? Give feedback.
-
Here are list of PHP Linters that already support SARIF and new ones (v2.0) that already supports it If you want some of them to be include later on MegaLinter, please tell me !
|
Beta Was this translation helpful? Give feedback.
-
@llaville you are the PHP expert here, if you think it's relevant to add new PHP Linters, I'll follow your opinion :) |
Beta Was this translation helpful? Give feedback.
-
I've thrilled to announce that I've finished my prototype, that will allow to add SARIF support to all other linters. For example, if I run Python
Where When I convert such kind of contents (chunk or report printed here)
I got this SARIF output{
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "PyLint",
"shortDescription": {
"text": "Pylint is a static code analyser for Python 2 or 3."
},
"informationUri": "https://github.com/pylint-dev/pylint",
"rules": [
{
"id": "C0114",
"name": "missing-module-docstring"
},
{
"id": "C0301",
"name": "line-too-long"
}
]
},
"extensions": [
{
"name": "bartlett/sarif-php-sdk",
"shortDescription": {
"text": "PyLint SARIF Converter"
},
"version": "2.0.9999999.9999999-dev"
}
]
},
"invocations": [
{
"executionSuccessful": true,
"commandLine": "report-converter",
"arguments": [
"convert",
"pylint",
"\\Bartlett\\Sarif\\Converter\\PyLintConverter",
"--input-format=parseable",
"--input-file=examples/converters/pylint/pylint3.txt",
"-v",
"--output-file=examples/converters/pylint/pylint.sarif.json"
],
"workingDirectory": {
"uri": "file:///shared/backups/bartlett/sarif-php-sdk/"
}
}
],
"originalUriBaseIds": {
"WORKINGDIR": {
"uri": "file:///shared/backups/bartlett/sarif-php-sdk/"
}
},
"results": [
{
"message": {
"text": "Missing module docstring"
},
"ruleId": "C0114",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "../../github/megalinter/megalinter/__init__.py",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 1,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m1| \u001b[0m\u001b[36m#!/usr/bin/env python3\u001b[0m"
}
}
},
"contextRegion": {
"startLine": 1,
"endLine": 3,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m1| \u001b[0m\u001b[36m#!/usr/bin/env python3\u001b[0m\n \u001b[90m2| \u001b[0m\u001b[36mfrom .alpaca import alpaca\u001b[0m\n \u001b[90m3| \u001b[0m\u001b[36mfrom .Linter import Linter\u001b[0m\n \u001b[90m4| \u001b[0m\u001b[36mfrom .MegaLinter import Megalinter\u001b[0m\n \u001b[90m5| \u001b[0m\u001b[36mfrom .Reporter import Reporter\u001b[0m"
}
}
}
}
}
],
"partialFingerprints": {
"C0114": "b4704d889baac77e1c8cecff2480bd8028d795034cdb6c0472b040525a8c6e0c"
}
},
{
"message": {
"text": "Line too long (108/100)"
},
"ruleId": "C0301",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "../../github/megalinter/megalinter/Linter.py",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 10,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m10| \u001b[0m\u001b[36m- field config_file_name (optional) ex: \".eslintrc.yml\". If not set, no default config file will be searched\u001b[0m"
}
}
},
"contextRegion": {
"startLine": 8,
"endLine": 12,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m 8| \u001b[0m\u001b[36m- field linter_url (required) ex: \"https://eslint.org/\"\u001b[0m\n \u001b[90m 9| \u001b[0m\u001b[36m- field test_folder (optional) ex: \"docker\". If not set, language.lowercase() value is used\u001b[0m\n \u001b[90m10| \u001b[0m\u001b[36m- field config_file_name (optional) ex: \".eslintrc.yml\". If not set, no default config file will be searched\u001b[0m\n \u001b[90m11| \u001b[0m\u001b[36m- field file_extensions (optional) ex: [\".js\"]. At least file_extension or file_names_regex must be set\u001b[0m\n \u001b[90m12| \u001b[0m\u001b[36m- field file_names_regex (optional) ex: [\"Dockerfile(-.+)?\"]. At least file_extension or file_names_regex must be set\u001b[0m"
}
}
}
}
}
],
"partialFingerprints": {
"C0301": "b73d6afe6f65de63dcab62e85571ca66073ca196208dc98b4466c90fc3f36adc"
}
},
{
"message": {
"text": "Line too long (103/100)"
},
"ruleId": "C0301",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "../../github/megalinter/megalinter/Linter.py",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 11,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m11| \u001b[0m\u001b[36m- field file_extensions (optional) ex: [\".js\"]. At least file_extension or file_names_regex must be set\u001b[0m"
}
}
},
"contextRegion": {
"startLine": 9,
"endLine": 13,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m 9| \u001b[0m\u001b[36m- field test_folder (optional) ex: \"docker\". If not set, language.lowercase() value is used\u001b[0m\n \u001b[90m10| \u001b[0m\u001b[36m- field config_file_name (optional) ex: \".eslintrc.yml\". If not set, no default config file will be searched\u001b[0m\n \u001b[90m11| \u001b[0m\u001b[36m- field file_extensions (optional) ex: [\".js\"]. At least file_extension or file_names_regex must be set\u001b[0m\n \u001b[90m12| \u001b[0m\u001b[36m- field file_names_regex (optional) ex: [\"Dockerfile(-.+)?\"]. At least file_extension or file_names_regex must be set\u001b[0m\n \u001b[90m13| \u001b[0m\u001b[36m- method build_lint_command (optional) : Return CLI command to lint a file with the related linter\u001b[0m"
}
}
}
}
}
],
"partialFingerprints": {
"C0301": "b73d6afe6f65de63dcab62e85571ca66073ca196208dc98b4466c90fc3f36adc"
}
},
{
"message": {
"text": "Line too long (117/100)"
},
"ruleId": "C0301",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "../../github/megalinter/megalinter/Linter.py",
"uriBaseId": "WORKINGDIR"
},
"region": {
"startLine": 12,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m12| \u001b[0m\u001b[36m- field file_names_regex (optional) ex: [\"Dockerfile(-.+)?\"]. At least file_extension or file_names_regex must be set\u001b[0m"
}
}
},
"contextRegion": {
"startLine": 10,
"endLine": 14,
"snippet": {
"rendered": {
"text": "\u001b[31m > \u001b[0m\u001b[90m10| \u001b[0m\u001b[36m- field config_file_name (optional) ex: \".eslintrc.yml\". If not set, no default config file will be searched\u001b[0m\n \u001b[90m11| \u001b[0m\u001b[36m- field file_extensions (optional) ex: [\".js\"]. At least file_extension or file_names_regex must be set\u001b[0m\n \u001b[90m12| \u001b[0m\u001b[36m- field file_names_regex (optional) ex: [\"Dockerfile(-.+)?\"]. At least file_extension or file_names_regex must be set\u001b[0m\n \u001b[90m13| \u001b[0m\u001b[36m- method build_lint_command (optional) : Return CLI command to lint a file with the related linter\u001b[0m\n \u001b[90m14| \u001b[0m\u001b[36m Default: linter_name + (if config_file(-c + config_file)) + config_file\u001b[0m"
}
}
}
}
}
],
"partialFingerprints": {
"C0301": "b73d6afe6f65de63dcab62e85571ca66073ca196208dc98b4466c90fc3f36adc"
}
}
],
"automationDetails": {
"id": "Daily run 2024-06-26T07:31:33+00:00"
}
}
]
} |
Beta Was this translation helpful? Give feedback.
-
@nvuillam FYI: When I've look deeper on markdownlint (with MegaLinter), |
Beta Was this translation helpful? Give feedback.
-
FYI: As I'm ready to publish next generation of SARIF PHP binding code, I'll push a little patch on MegaLinter |
Beta Was this translation helpful? Give feedback.
-
@nvuillam FYI: PHPStan 1.11.6 seems ok for me, and fix BC break with previous 1.11.5 especially on SARIF context. Warning message is printed on STDERR, while SARIF report is printed on STDOUT unless you write results to file |
Beta Was this translation helpful? Give feedback.
-
Now, i've just released major version of SARIF PHP SDK https://github.com/llaville/sarif-php-sdk/releases/tag/2.0.0, I plan to publish source code of all my converters into https://github.com/llaville/sarif-php-converters (next days), and later this week a fix to use it for MegaLinter. |
Beta Was this translation helpful? Give feedback.
-
Important MegaLinter 7.12.x cannot support PHPLint 9.4.x and SARIF reporter ! |
Beta Was this translation helpful? Give feedback.
-
I've a very good new ! Results I got, match what I've expected : sarif reports seems ok. I'll give you a summary of my tests and patch tomorrow. |
Beta Was this translation helpful? Give feedback.
-
Here are finally my results : got from https://github.com/llaville/sarif-php-converters repository context itself With MegaLinter config file
|
Beta Was this translation helpful? Give feedback.
-
@echoix : This time, I've not forgotten to run the |
Beta Was this translation helpful? Give feedback.
-
My comment on PR #3745 is to consider for beta deployment of MegaLinter only (demo purpose).
Of course for MegaLinter production (next stable version) we should have a constraint set to But the |
Beta Was this translation helpful? Give feedback.
-
Related to my previous comment about Composer constraint, we can avoid BC breaks and issues (even on dev/beta deployment). This TIP came from Composer itself, and is called Version Aliases (article may be found at https://getcomposer.org/doc/articles/aliases.md), even if snapshot (commit hash tag is not really highlighted). So to fix a dev version as if it was a production stable version we can use this patch
That means On Docker image built we can find such log results to confirm that it was used :
|
Beta Was this translation helpful? Give feedback.
-
@llaville great work :) I merged your PR... I think that as all test cases are working it's ok to release a MegaLinter version with it ^^ (we had test case failure without it anyway) |
Beta Was this translation helpful? Give feedback.
-
I've just tested new version 7.13.0 and all are ok for me : no regressions found, and sarif support is as expected |
Beta Was this translation helpful? Give feedback.
-
Hello,
I'm happy to announce that I'm (still) working on a unified solution that may be able to produce SARIF report for all linters that support at least the
checkstyle
format.On my roadmap, of course my favorites and highest priority are PHP Linters :
Since MegaLinter 7.12.0, we have SARIF support for PHP_CodeSniffer, PHPStan, PSALM and PHPLint
Only PHP-CS-Fixer was not supported because project leaders did not accept my proposals.
The very good new is it's no longer a barrier, because my project SARIF-PHP-SDK with upcoming version 2.0.0 will be able to produce basic SARIF report for all linter that support checkstyle format.
Here is a preview of what we can have with SARIF PHP SDK 2.0 and PHP-CS-Fixer
SARIF output
Beta Was this translation helpful? Give feedback.
All reactions