From 8f6b812845a585d981f46422e212c6326ac1fd5c Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 14:31:25 +0800 Subject: [PATCH 01/38] Delete ossary-analysis.yml --- .github/workflows/ossar-analysis.yml | 61 ---------------------------- 1 file changed, 61 deletions(-) delete mode 100644 .github/workflows/ossar-analysis.yml diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml deleted file mode 100644 index 5a519561571..00000000000 --- a/.github/workflows/ossar-analysis.yml +++ /dev/null @@ -1,61 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow integrates a collection of open source static analysis tools -# with GitHub code scanning. For documentation, or to provide feedback, visit -# https://github.com/github/ossar-action -name: OSSAR - -on: - push: - branches: [ "master" ] - pull_request: - branches: - -permissions: - contents: read - -jobs: - OSSAR-Scan: - # OSSAR runs on windows-latest. - # ubuntu-latest and macos-latest support coming soon - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. - # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. - # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: - # - name: Install .NET - # uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: '3.1.x' - - # Run open source static analysis tools - - name: Run OSSAR - uses: github/ossar-action@v2.0.0 - id: ossar - - # Upload results to the Security tab - - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} From cab2b093168b1c0a0ee4fe537dded7b2b090d017 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 14:31:51 +0800 Subject: [PATCH 02/38] Add ESLint GitHub workflow --- .github/workflows/eslint.yml | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/eslint.yml diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml new file mode 100644 index 00000000000..9447eccc114 --- /dev/null +++ b/.github/workflows/eslint.yml @@ -0,0 +1,54 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# ESLint is a tool for identifying and reporting on patterns +# found in ECMAScript/JavaScript code. +# More details at https://github.com/eslint/eslint +# and https://eslint.org + +name: ESLint + +on: + push: + branches: [ "master" ] + pull_request: + +jobs: + eslint: + name: Run eslint scanning + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + steps: + - name: Checkout code + uses: actions/checkout@v4 + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + - name: Install ESLint + run: | + npm install eslint@8.10.0 + npm install @microsoft/eslint-formatter-sarif@2.1.7 + + - name: Run ESLint + run: npx eslint . + --config .eslintrc.js + --ext .js,.jsx,.ts,.tsx + --format @microsoft/eslint-formatter-sarif + --output-file eslint-results.sarif + continue-on-error: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: eslint-results.sarif + wait-for-processing: true \ No newline at end of file From 97e59be2bd3c38fa8ea4c0fec50c20a0c29ea701 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:04:42 +0800 Subject: [PATCH 03/38] Install ESLint version 8.57.0 --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 9447eccc114..9e1575d8638 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -36,7 +36,7 @@ jobs: - name: Install ESLint run: | - npm install eslint@8.10.0 + npm install eslint@8.57.0 npm install @microsoft/eslint-formatter-sarif@2.1.7 - name: Run ESLint From 9d5c223f9e347bc15ddef36a8c128f47cff63e74 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:05:34 +0800 Subject: [PATCH 04/38] Install eslint-formatter-sarif version 3.1.0 --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 9e1575d8638..236fbc93313 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -37,7 +37,7 @@ jobs: - name: Install ESLint run: | npm install eslint@8.57.0 - npm install @microsoft/eslint-formatter-sarif@2.1.7 + npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint run: npx eslint . From 4f747a6c2f7005dedac9b3f17b8d4f31a6c58be5 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:07:30 +0800 Subject: [PATCH 05/38] Fix syntax error --- .github/workflows/eslint.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 236fbc93313..196b591f304 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -27,7 +27,8 @@ jobs: uses: actions/checkout@v4 # We must fetch at least the immediate parents so that if this is # a pull request then we can checkout the head. - fetch-depth: 2 + with: + fetch-depth: 2 # If this run was triggered by a pull request event, then checkout # the head of the pull request instead of the merge commit. From 39013991d748a1a73d7383c23d6c556d041cc69e Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:07:58 +0800 Subject: [PATCH 06/38] Use upload-sarif version 3 --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 196b591f304..bb1686e8440 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -49,7 +49,7 @@ jobs: continue-on-error: true - name: Upload analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: eslint-results.sarif wait-for-processing: true \ No newline at end of file From 46fc54f63b61f6a58b7ae47daca556b62c028204 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:09:27 +0800 Subject: [PATCH 07/38] Use existing npm script "test_eslint" --- .github/workflows/eslint.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index bb1686e8440..c63707b8f37 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -41,11 +41,7 @@ jobs: npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npx eslint . - --config .eslintrc.js - --ext .js,.jsx,.ts,.tsx - --format @microsoft/eslint-formatter-sarif - --output-file eslint-results.sarif + run: npm run test_eslint continue-on-error: true - name: Upload analysis results to GitHub From 21ee7a486e58c88dd72b807791a4dd174ad06875 Mon Sep 17 00:00:00 2001 From: martgil Date: Fri, 24 May 2024 17:24:36 +0800 Subject: [PATCH 08/38] Update "Run ESLint" commands --- .github/workflows/eslint.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index c63707b8f37..98742918141 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -41,7 +41,9 @@ jobs: npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npm run test_eslint + run: npx eslint --ext ts extension test tooling + --format @microsoft/eslint-formatter-sarif + --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 876c44221a819809105f32fc06321ca7fda2b901 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 12:40:44 +0800 Subject: [PATCH 09/38] Temporary hotfix: add eslint-sarif-formatter.js --- eslint-sarif-formatter.js | 303 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 303 insertions(+) create mode 100644 eslint-sarif-formatter.js diff --git a/eslint-sarif-formatter.js b/eslint-sarif-formatter.js new file mode 100644 index 00000000000..136ee11299e --- /dev/null +++ b/eslint-sarif-formatter.js @@ -0,0 +1,303 @@ +/* eslint-disable unicorn/no-null */ +/** + * @fileoverview SARIF v2.1 formatter + * @author Microsoft + */ + +'use strict'; + +const fs = require('fs'); +const url = require('url'); +const utf8 = require('utf8'); +const lodash = require('lodash'); +const jschardet = require('jschardet'); + +//------------------------------------------------------------------------------ +// Helper Functions +//------------------------------------------------------------------------------ + +/** + * Returns the version of used eslint package + * @returns {string} eslint version or undefined + * @private + */ +function getESLintVersion() { + try { + // Resolve ESLint relative to main entry script, not the formatter + const { ESLint } = require.main.require('eslint'); + return ESLint.version; + } catch { + // Formatter was not called from eslint, return undefined + return; + } +} + +/** + * Returns the severity of warning or error + * @param {Object} message message object to examine + * @returns {string} severity level + * @private + */ +function getResultLevel(message) { + if (message.fatal || message.severity === 2) { + return 'error'; + } + return 'warning'; +} + +//------------------------------------------------------------------------------ +// Public Interface +//------------------------------------------------------------------------------ + +module.exports = function (results, data) { + const rulesMeta = lodash.get(data, 'rulesMeta', null); + + const sarifLog = { + version: '2.1.0', + $schema: 'http://json.schemastore.org/sarif-2.1.0-rtm.5', + runs: [ + { + tool: { + driver: { + name: 'ESLint', + informationUri: 'https://eslint.org', + rules: [], + }, + }, + }, + ], + }; + + const eslintVersion = getESLintVersion(); + if (typeof eslintVersion !== 'undefined') { + sarifLog.runs[0].tool.driver.version = eslintVersion; + } + + const sarifFiles = {}; + const sarifArtifactIndices = {}; + let nextArtifactIndex = 0; + const sarifRules = {}; + const sarifRuleIndices = {}; + let nextRuleIndex = 0; + const sarifResults = []; + const embedFileContents = process.env.SARIF_ESLINT_EMBED === 'true'; + const ignoreSuppressed = process.env.SARIF_ESLINT_IGNORE_SUPPRESSED === 'true'; + + // Emit a tool configuration notification with this id if ESLint emits a message with + // no ruleId (which indicates an internal error in ESLint). + // + // It is not clear whether we should treat these messages tool configuration notifications, + // tool execution notifications, or a mixture of the two, based on the properties of the + // message. https://github.com/microsoft/sarif-sdk/issues/1798, "ESLint formatter can't + // distinguish between an internal error and a misconfiguration", tracks this issue. + const internalErrorId = 'ESL0999'; + + const toolConfigurationNotifications = []; + let executionSuccessful = true; + + for (const result of results) { + // Only add it if not already there. + if (typeof sarifFiles[result.filePath] === 'undefined') { + sarifArtifactIndices[result.filePath] = nextArtifactIndex++; + + let contentsUtf8; + + // Create a new entry in the files dictionary. + sarifFiles[result.filePath] = { + location: { + uri: url.pathToFileURL(result.filePath), + }, + }; + + if (embedFileContents) { + try { + // Try to get the file contents and encoding. + const contents = fs.readFileSync(result.filePath); + const encoding = jschardet.detect(contents); + + // Encoding will be null if it could not be determined. + if (encoding) { + // Convert the content bytes to a UTF-8 string. + contentsUtf8 = utf8.encode(contents.toString(encoding.encoding)); + + sarifFiles[result.filePath].contents = { + text: contentsUtf8, + }; + sarifFiles[result.filePath].encoding = encoding.encoding; + } + } catch (error) { + console.log(error); + } + } + + const containsSuppressedMessages = result.suppressedMessages && result.suppressedMessages.length > 0; + const messages = containsSuppressedMessages && !ignoreSuppressed ? [...result.messages, ...result.suppressedMessages] : result.messages; + + if (messages.length > 0) { + for (const message of messages) { + const sarifRepresentation = { + level: getResultLevel(message), + message: { + text: message.message, + }, + locations: [ + { + physicalLocation: { + artifactLocation: { + uri: url.pathToFileURL(result.filePath), + index: sarifArtifactIndices[result.filePath], + }, + }, + }, + ], + }; + + if (message.ruleId) { + sarifRepresentation.ruleId = message.ruleId; + + if (rulesMeta && typeof sarifRules[message.ruleId] === 'undefined') { + const meta = rulesMeta[message.ruleId]; + + // An unknown ruleId will return null. This check prevents unit test failure. + if (meta) { + sarifRuleIndices[message.ruleId] = nextRuleIndex++; + + if (meta.docs) { + // Create a new entry in the rules dictionary. + sarifRules[message.ruleId] = { + id: message.ruleId, + helpUri: meta.docs.url, + properties: { + category: meta.docs.category, + }, + }; + if (meta.docs.description) { + sarifRules[message.ruleId].shortDescription = { + text: meta.docs.description, + }; + } + // Some rulesMetas do not have docs property + } else { + sarifRules[message.ruleId] = { + id: message.ruleId, + helpUri: 'Please see details in message', + properties: { + category: 'No category provided', + }, + }; + } + } + } + + if (sarifRuleIndices[message.ruleId] !== 'undefined') { + sarifRepresentation.ruleIndex = sarifRuleIndices[message.ruleId]; + } + + if (containsSuppressedMessages && !ignoreSuppressed) { + const uniqueSuppressions = new Set(); + + sarifRepresentation.suppressions = message.suppressions + ? message.suppressions.reduce((acc, suppression) => { + const suppressionKey = `${suppression.kind}:${suppression.justification}`; + + if (!uniqueSuppressions.has(suppressionKey)) { + uniqueSuppressions.add(suppressionKey); + + acc.push({ + kind: suppression.kind === 'directive' ? 'inSource' : 'external', + + justification: suppression.justification, + }); + } + + return acc; + }, []) + : []; + } + } else { + // ESLint produces a message with no ruleId when it encounters an internal + // error. SARIF represents this as a tool execution notification rather + // than as a result, and a notification has a descriptor.id property rather + // than a ruleId property. + sarifRepresentation.descriptor = { + id: internalErrorId, + }; + + // As far as we know, whenever ESLint produces a message with no rule id, + // it has severity: 2 which corresponds to a SARIF error. But check here + // anyway. + if (sarifRepresentation.level === 'error') { + // An error-level notification means that the tool failed to complete + // its task. + executionSuccessful = false; + } + } + + if (message.line > 0 || message.column > 0) { + sarifRepresentation.locations[0].physicalLocation.region = {}; + if (message.line > 0) { + sarifRepresentation.locations[0].physicalLocation.region.startLine = message.line; + } + if (message.column > 0) { + sarifRepresentation.locations[0].physicalLocation.region.startColumn = message.column; + } + if (message.endLine > 0) { + sarifRepresentation.locations[0].physicalLocation.region.endLine = message.endLine; + } + if (message.endColumn > 0) { + sarifRepresentation.locations[0].physicalLocation.region.endColumn = message.endColumn; + } + } + + if (message.source) { + // Create an empty region if we don't already have one from the line / column block above. + sarifRepresentation.locations[0].physicalLocation.region = sarifRepresentation.locations[0].physicalLocation.region || {}; + sarifRepresentation.locations[0].physicalLocation.region.snippet = { + text: message.source, + }; + } + + if (message.ruleId) { + sarifResults.push(sarifRepresentation); + } else { + toolConfigurationNotifications.push(sarifRepresentation); + } + } + } + } + } + + if (Object.keys(sarifFiles).length > 0) { + sarifLog.runs[0].artifacts = []; + + for (const path of Object.keys(sarifFiles)) { + sarifLog.runs[0].artifacts.push(sarifFiles[path]); + } + } + + // Per the SARIF spec §3.14.23, run.results must be present even if there are no results. + // This provides a positive indication that the run completed and no results were found. + sarifLog.runs[0].results = sarifResults; + + if (toolConfigurationNotifications.length > 0) { + sarifLog.runs[0].invocations = [ + { + toolConfigurationNotifications: toolConfigurationNotifications, + executionSuccessful: executionSuccessful, + }, + ]; + } + + if (Object.keys(sarifRules).length > 0) { + for (const ruleId of Object.keys(sarifRules)) { + const rule = sarifRules[ruleId]; + sarifLog.runs[0].tool.driver.rules.push(rule); + } + } + + return JSON.stringify( + sarifLog, + null, // replacer function + 2 // # of spaces for indents + ); +}; From b9aebc788baa4b8e1c4bc48a336c920bb3f70673 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 12:43:19 +0800 Subject: [PATCH 10/38] Temporary hotfix: use modified version of @microsoft/eslint-formatter-sarif --- .github/workflows/eslint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 98742918141..c431cc7a284 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -38,11 +38,11 @@ jobs: - name: Install ESLint run: | npm install eslint@8.57.0 - npm install @microsoft/eslint-formatter-sarif@3.1.0 + # npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint run: npx eslint --ext ts extension test tooling - --format @microsoft/eslint-formatter-sarif + --format ./eslint-sarif-formatter.js --output-file eslint-results.sarif continue-on-error: true From 024d13ee61536d775c6144d7ea17ee592358c591 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:01:45 +0800 Subject: [PATCH 11/38] Add debug code --- .github/workflows/eslint.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index c431cc7a284..9d170ab8244 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -46,6 +46,9 @@ jobs: --output-file eslint-results.sarif continue-on-error: true + - name: Debug + run: cat eslint-results.sarif + - name: Upload analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 with: From 3fb92c085c8a11e96ea8cb340ee2cc1d1b714a18 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:04:17 +0800 Subject: [PATCH 12/38] Add write permission on actions tab --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 9d170ab8244..4072acc5e4b 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -21,7 +21,7 @@ jobs: permissions: contents: read security-events: write - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: write # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Checkout code uses: actions/checkout@v4 From 216ca598697d9327b17f5317f141b9f4f9dfdd0f Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:08:36 +0800 Subject: [PATCH 13/38] Add write permissions to contents --- .github/workflows/eslint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 4072acc5e4b..2c838184ab3 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -19,9 +19,9 @@ jobs: name: Run eslint scanning runs-on: ubuntu-latest permissions: - contents: read + contents: write security-events: write - actions: write # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: - name: Checkout code uses: actions/checkout@v4 From 72ecf558dccec0fe0d4c9a62d0f0a02add798ef1 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:24:20 +0800 Subject: [PATCH 14/38] Add debug code: check file writing capability --- .github/workflows/eslint.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 2c838184ab3..a7bd5032af2 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -47,7 +47,11 @@ jobs: continue-on-error: true - name: Debug - run: cat eslint-results.sarif + run: | + cat eslint-results.sarif + ls + echo "test" > test.txt + cat test.txt - name: Upload analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 From ad6df78e03ca378e7ce6da0cb8b42feceeb51d0b Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:28:18 +0800 Subject: [PATCH 15/38] Add debug code: add continue-on-error --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index a7bd5032af2..c113a2440f8 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -48,10 +48,10 @@ jobs: - name: Debug run: | - cat eslint-results.sarif ls echo "test" > test.txt cat test.txt + continue-or-error: true - name: Upload analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 From e986152dee7bab3dbb075bc5c6928242d1bc940e Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:31:44 +0800 Subject: [PATCH 16/38] Fix typo --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index c113a2440f8..1d217b72474 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -51,7 +51,7 @@ jobs: ls echo "test" > test.txt cat test.txt - continue-or-error: true + continue-on-error: true - name: Upload analysis results to GitHub uses: github/codeql-action/upload-sarif@v3 From e06fa98191c0048b6f8ca3ddcc33137cdb04ddf3 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:39:07 +0800 Subject: [PATCH 17/38] Add debug code: add alternative output writing method --- .github/workflows/eslint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 1d217b72474..64aeef5bce9 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -42,8 +42,8 @@ jobs: - name: Run ESLint run: npx eslint --ext ts extension test tooling - --format ./eslint-sarif-formatter.js - --output-file eslint-results.sarif + --format ./eslint-sarif-formatter.js > eslint-results.sarif + # --output-file eslint-results.sarif continue-on-error: true - name: Debug From 36aff3704dc3df8c0ca7f0fc8c4386fc9787df71 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:44:16 +0800 Subject: [PATCH 18/38] Add debug code: read eslint-results.sarif --- .github/workflows/eslint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 64aeef5bce9..975b64f20c4 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -49,8 +49,8 @@ jobs: - name: Debug run: | ls - echo "test" > test.txt - cat test.txt + echo "===="; + cat eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 4a46d2d2629d2c58ea0a785dbab8fa89f0cfb6e3 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:50:06 +0800 Subject: [PATCH 19/38] Add debug code: try other file writing method --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 975b64f20c4..f886dc4ca94 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -42,7 +42,7 @@ jobs: - name: Run ESLint run: npx eslint --ext ts extension test tooling - --format ./eslint-sarif-formatter.js > eslint-results.sarif + --format ./eslint-sarif-formatter.js >> eslint-results.sarif # --output-file eslint-results.sarif continue-on-error: true From 000acaac96c23ad2be6e262401f6160ca5823b57 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 13:57:21 +0800 Subject: [PATCH 20/38] Add debug code: add more debug code --- .github/workflows/eslint.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index f886dc4ca94..36c1e9f4736 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -41,8 +41,10 @@ jobs: # npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npx eslint --ext ts extension test tooling - --format ./eslint-sarif-formatter.js >> eslint-results.sarif + run: | + npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js > eslint-results.sarif + npx eslint -h + command npx eslint -h # --output-file eslint-results.sarif continue-on-error: true From 9795943341666591c9826b251c90f30acd202cd1 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:08:50 +0800 Subject: [PATCH 21/38] Install utf8 module --- .github/workflows/eslint.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 36c1e9f4736..10b3f545e78 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -38,6 +38,7 @@ jobs: - name: Install ESLint run: | npm install eslint@8.57.0 + npm install utf8 # npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint @@ -45,6 +46,7 @@ jobs: npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js > eslint-results.sarif npx eslint -h command npx eslint -h + e # --output-file eslint-results.sarif continue-on-error: true From de67f64c944f925c3298acec37aa0010daddf7ef Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:12:40 +0800 Subject: [PATCH 22/38] Add reported missing node module --- .github/workflows/eslint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 10b3f545e78..9a48f8e9548 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -39,6 +39,7 @@ jobs: run: | npm install eslint@8.57.0 npm install utf8 + npm install jschardet # npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint From e921798c3303e6bfd513b36774bfafb27bf61018 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:18:25 +0800 Subject: [PATCH 23/38] cleanup --- .github/workflows/eslint.yml | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 9a48f8e9548..fdf6c7ca386 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -19,7 +19,7 @@ jobs: name: Run eslint scanning runs-on: ubuntu-latest permissions: - contents: write + contents: read security-events: write actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: @@ -40,22 +40,10 @@ jobs: npm install eslint@8.57.0 npm install utf8 npm install jschardet - # npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint run: | - npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js > eslint-results.sarif - npx eslint -h - command npx eslint -h - e - # --output-file eslint-results.sarif - continue-on-error: true - - - name: Debug - run: | - ls - echo "===="; - cat eslint-results.sarif + npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 53146d7da878d89d0846d8c113e4961c96d418ef Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:22:32 +0800 Subject: [PATCH 24/38] Specify pull requests on master branch --- .github/workflows/eslint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index fdf6c7ca386..2cbb8d3f90e 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -13,6 +13,7 @@ on: push: branches: [ "master" ] pull_request: + branches: [ "master" ] jobs: eslint: From 132aa44a194d266591c93e5c2113521ccd5ba1de Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:25:34 +0800 Subject: [PATCH 25/38] cleanup --- .github/workflows/eslint.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 2cbb8d3f90e..03a1038b8db 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -44,7 +44,9 @@ jobs: - name: Run ESLint run: | - npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js --output-file eslint-results.sarif + npx eslint --ext ts extension test tooling + --format ./eslint-sarif-formatter.js + --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 7b5ca648792e91a9e8468fb065f887121e8db0eb Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:37:01 +0800 Subject: [PATCH 26/38] Add write permissions on contents --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 03a1038b8db..0233396de24 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -20,7 +20,7 @@ jobs: name: Run eslint scanning runs-on: ubuntu-latest permissions: - contents: read + contents: write security-events: write actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: From b41b4664af64e6c9a04e06b8a314d0d3c866f502 Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:42:00 +0800 Subject: [PATCH 27/38] cleanup --- .github/workflows/eslint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 0233396de24..0afd99b2672 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -20,7 +20,7 @@ jobs: name: Run eslint scanning runs-on: ubuntu-latest permissions: - contents: write + contents: read security-events: write actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status steps: @@ -46,7 +46,7 @@ jobs: run: | npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js - --output-file eslint-results.sarif + > eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From efcc9ef5e3a2eded575644119ef51d5606d4297f Mon Sep 17 00:00:00 2001 From: martgil Date: Sun, 26 May 2024 14:43:57 +0800 Subject: [PATCH 28/38] cleanup --- .github/workflows/eslint.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 0afd99b2672..481cdc53547 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -43,10 +43,7 @@ jobs: npm install jschardet - name: Run ESLint - run: | - npx eslint --ext ts extension test tooling - --format ./eslint-sarif-formatter.js - > eslint-results.sarif + run: npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 9963b4b4491861c04c792e4965f59860066e5228 Mon Sep 17 00:00:00 2001 From: martgil Date: Mon, 27 May 2024 10:37:23 +0800 Subject: [PATCH 29/38] Replace reduce() with for...of --- eslint-sarif-formatter.js | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/eslint-sarif-formatter.js b/eslint-sarif-formatter.js index 136ee11299e..7570d89ae32 100644 --- a/eslint-sarif-formatter.js +++ b/eslint-sarif-formatter.js @@ -195,24 +195,20 @@ module.exports = function (results, data) { if (containsSuppressedMessages && !ignoreSuppressed) { const uniqueSuppressions = new Set(); - - sarifRepresentation.suppressions = message.suppressions - ? message.suppressions.reduce((acc, suppression) => { - const suppressionKey = `${suppression.kind}:${suppression.justification}`; - - if (!uniqueSuppressions.has(suppressionKey)) { - uniqueSuppressions.add(suppressionKey); - - acc.push({ - kind: suppression.kind === 'directive' ? 'inSource' : 'external', - - justification: suppression.justification, - }); - } - - return acc; - }, []) - : []; + const suppressionsList = []; + if (message.suppressions) { + for (const suppression of message.suppressions) { + const suppressionKey = `${suppression.kind}:${suppression.justification}`; + if (!uniqueSuppressions.has(suppressionKey)) { + uniqueSuppressions.add(suppressionKey); + suppressionsList.push({ + kind: suppression.kind === 'directive' ? 'inSource' : 'external', + justification: suppression.justification, + }); + } + } + } + sarifRepresentation.suppressions = suppressionsList; } } else { // ESLint produces a message with no ruleId when it encounters an internal From 2d4dfdfb0b05b81100f25e0bf39237eeecd981eb Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 12:06:47 +0300 Subject: [PATCH 30/38] wip --- .github/workflows/eslint.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 481cdc53547..355a3c93b90 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -38,12 +38,11 @@ jobs: - name: Install ESLint run: | - npm install eslint@8.57.0 - npm install utf8 - npm install jschardet + npm install + npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npx eslint --ext ts extension test tooling --format ./eslint-sarif-formatter.js --output-file eslint-results.sarif + run: npx eslint --ext ts extension test tooling --format @microsoft/eslint-formatter-sarif --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 970168fc3559d3103a9c5e387958e3401d1a6ba2 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 12:23:19 +0300 Subject: [PATCH 31/38] wip --- .github/workflows/eslint.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 355a3c93b90..2aae23643cf 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -42,7 +42,10 @@ jobs: npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npx eslint --ext ts extension test tooling --format @microsoft/eslint-formatter-sarif --output-file eslint-results.sarif + run: npx eslint . + --ext ts extension test tooling + --format @microsoft/eslint-formatter-sarif + --output-file eslint-results.sarif continue-on-error: true - name: Upload analysis results to GitHub From 4ac12b2a90a0e78d46f200b690e88311cfe8bf6f Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 13:01:01 +0300 Subject: [PATCH 32/38] wip --- .eslintignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.eslintignore b/.eslintignore index c9835ed3d3a..0fe9da10af6 100644 --- a/.eslintignore +++ b/.eslintignore @@ -1,5 +1,5 @@ extension/types extension/js/common/core/types -test/source/core/types +test/source/core build/ extension/lib From 6f2441d74ddcc9b003177982d415103a34a695f1 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:04:23 +0300 Subject: [PATCH 33/38] wip --- .github/workflows/eslint.yml | 7 ++----- package.json | 1 + 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 2aae23643cf..4eedb3b64bb 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -38,14 +38,11 @@ jobs: - name: Install ESLint run: | - npm install + npm install --ignore-scripts npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint - run: npx eslint . - --ext ts extension test tooling - --format @microsoft/eslint-formatter-sarif - --output-file eslint-results.sarif + run: SARIF_ESLINT_IGNORE_SUPPRESSED=true npm run test_eslint_ci continue-on-error: true - name: Upload analysis results to GitHub diff --git a/package.json b/package.json index 66296976452..3f12dbb9ee2 100644 --- a/package.json +++ b/package.json @@ -77,6 +77,7 @@ "test_local_chrome_consumer_mock_headless": "xvfb-run npm run test_local_chrome_consumer_mock", "test_stylelint": "stylelint extension/css/cryptup.css extension/css/settings.css extension/css/webmail.css && stylelint extension/**/*.htm --custom-syntax postcss-html", "test_eslint": "eslint --ext ts extension test tooling", + "test_eslint_ci": "npm run test_eslint -- --format @microsoft/eslint-formatter-sarif --output-file eslint-results.sarif", "test_patterns": "node build/test/test/source/patterns.js", "test_async_stack": "node build/test/test/source/async-stack.js", "test_buf": "npx ava --timeout=3m --verbose --concurrency=10 build/test/test/source/buf.js", From 61cff3b784b5a2405951402dd6b7a270a14d4641 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:20:04 +0300 Subject: [PATCH 34/38] wip --- .github/workflows/eslint.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 4eedb3b64bb..713a94fd7ab 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -36,6 +36,11 @@ jobs: - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} + - name: Setup node.js 20 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - name: Install ESLint run: | npm install --ignore-scripts From 7c3dc374472ad4a8793c127521e95fcab5b132f8 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:20:17 +0300 Subject: [PATCH 35/38] wip --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 713a94fd7ab..e468dde21d3 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -43,7 +43,7 @@ jobs: - name: Install ESLint run: | - npm install --ignore-scripts + npm ci --ignore-scripts npm install @microsoft/eslint-formatter-sarif@3.1.0 - name: Run ESLint From 992ccf090159781cb269b7b26c8cd5e7f0e44e3f Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:21:25 +0300 Subject: [PATCH 36/38] wip --- .github/workflows/eslint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index e468dde21d3..eb825152384 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -40,6 +40,7 @@ jobs: - uses: actions/setup-node@v4 with: node-version: 20 + cache: 'npm' - name: Install ESLint run: | From 196549e26f300822b58ea215291ddee3dcf7f7c3 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:23:27 +0300 Subject: [PATCH 37/38] fix --- .github/workflows/eslint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index eb825152384..81565109ceb 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -37,7 +37,7 @@ jobs: if: ${{ github.event_name == 'pull_request' }} - name: Setup node.js 20 - - uses: actions/setup-node@v4 + uses: actions/setup-node@v4 with: node-version: 20 cache: 'npm' From 764daf24cbd7b855ef06888305dd76f45483f7a0 Mon Sep 17 00:00:00 2001 From: Roma Sosnovsky Date: Mon, 27 May 2024 15:33:49 +0300 Subject: [PATCH 38/38] wip --- .eslintignore | 2 +- .github/workflows/eslint.yml | 6 - eslint-sarif-formatter.js | 299 ----------------------------------- 3 files changed, 1 insertion(+), 306 deletions(-) delete mode 100644 eslint-sarif-formatter.js diff --git a/.eslintignore b/.eslintignore index 0fe9da10af6..c9835ed3d3a 100644 --- a/.eslintignore +++ b/.eslintignore @@ -1,5 +1,5 @@ extension/types extension/js/common/core/types -test/source/core +test/source/core/types build/ extension/lib diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml index 81565109ceb..d9c7d429327 100644 --- a/.github/workflows/eslint.yml +++ b/.github/workflows/eslint.yml @@ -36,12 +36,6 @@ jobs: - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} - - name: Setup node.js 20 - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: 'npm' - - name: Install ESLint run: | npm ci --ignore-scripts diff --git a/eslint-sarif-formatter.js b/eslint-sarif-formatter.js deleted file mode 100644 index 7570d89ae32..00000000000 --- a/eslint-sarif-formatter.js +++ /dev/null @@ -1,299 +0,0 @@ -/* eslint-disable unicorn/no-null */ -/** - * @fileoverview SARIF v2.1 formatter - * @author Microsoft - */ - -'use strict'; - -const fs = require('fs'); -const url = require('url'); -const utf8 = require('utf8'); -const lodash = require('lodash'); -const jschardet = require('jschardet'); - -//------------------------------------------------------------------------------ -// Helper Functions -//------------------------------------------------------------------------------ - -/** - * Returns the version of used eslint package - * @returns {string} eslint version or undefined - * @private - */ -function getESLintVersion() { - try { - // Resolve ESLint relative to main entry script, not the formatter - const { ESLint } = require.main.require('eslint'); - return ESLint.version; - } catch { - // Formatter was not called from eslint, return undefined - return; - } -} - -/** - * Returns the severity of warning or error - * @param {Object} message message object to examine - * @returns {string} severity level - * @private - */ -function getResultLevel(message) { - if (message.fatal || message.severity === 2) { - return 'error'; - } - return 'warning'; -} - -//------------------------------------------------------------------------------ -// Public Interface -//------------------------------------------------------------------------------ - -module.exports = function (results, data) { - const rulesMeta = lodash.get(data, 'rulesMeta', null); - - const sarifLog = { - version: '2.1.0', - $schema: 'http://json.schemastore.org/sarif-2.1.0-rtm.5', - runs: [ - { - tool: { - driver: { - name: 'ESLint', - informationUri: 'https://eslint.org', - rules: [], - }, - }, - }, - ], - }; - - const eslintVersion = getESLintVersion(); - if (typeof eslintVersion !== 'undefined') { - sarifLog.runs[0].tool.driver.version = eslintVersion; - } - - const sarifFiles = {}; - const sarifArtifactIndices = {}; - let nextArtifactIndex = 0; - const sarifRules = {}; - const sarifRuleIndices = {}; - let nextRuleIndex = 0; - const sarifResults = []; - const embedFileContents = process.env.SARIF_ESLINT_EMBED === 'true'; - const ignoreSuppressed = process.env.SARIF_ESLINT_IGNORE_SUPPRESSED === 'true'; - - // Emit a tool configuration notification with this id if ESLint emits a message with - // no ruleId (which indicates an internal error in ESLint). - // - // It is not clear whether we should treat these messages tool configuration notifications, - // tool execution notifications, or a mixture of the two, based on the properties of the - // message. https://github.com/microsoft/sarif-sdk/issues/1798, "ESLint formatter can't - // distinguish between an internal error and a misconfiguration", tracks this issue. - const internalErrorId = 'ESL0999'; - - const toolConfigurationNotifications = []; - let executionSuccessful = true; - - for (const result of results) { - // Only add it if not already there. - if (typeof sarifFiles[result.filePath] === 'undefined') { - sarifArtifactIndices[result.filePath] = nextArtifactIndex++; - - let contentsUtf8; - - // Create a new entry in the files dictionary. - sarifFiles[result.filePath] = { - location: { - uri: url.pathToFileURL(result.filePath), - }, - }; - - if (embedFileContents) { - try { - // Try to get the file contents and encoding. - const contents = fs.readFileSync(result.filePath); - const encoding = jschardet.detect(contents); - - // Encoding will be null if it could not be determined. - if (encoding) { - // Convert the content bytes to a UTF-8 string. - contentsUtf8 = utf8.encode(contents.toString(encoding.encoding)); - - sarifFiles[result.filePath].contents = { - text: contentsUtf8, - }; - sarifFiles[result.filePath].encoding = encoding.encoding; - } - } catch (error) { - console.log(error); - } - } - - const containsSuppressedMessages = result.suppressedMessages && result.suppressedMessages.length > 0; - const messages = containsSuppressedMessages && !ignoreSuppressed ? [...result.messages, ...result.suppressedMessages] : result.messages; - - if (messages.length > 0) { - for (const message of messages) { - const sarifRepresentation = { - level: getResultLevel(message), - message: { - text: message.message, - }, - locations: [ - { - physicalLocation: { - artifactLocation: { - uri: url.pathToFileURL(result.filePath), - index: sarifArtifactIndices[result.filePath], - }, - }, - }, - ], - }; - - if (message.ruleId) { - sarifRepresentation.ruleId = message.ruleId; - - if (rulesMeta && typeof sarifRules[message.ruleId] === 'undefined') { - const meta = rulesMeta[message.ruleId]; - - // An unknown ruleId will return null. This check prevents unit test failure. - if (meta) { - sarifRuleIndices[message.ruleId] = nextRuleIndex++; - - if (meta.docs) { - // Create a new entry in the rules dictionary. - sarifRules[message.ruleId] = { - id: message.ruleId, - helpUri: meta.docs.url, - properties: { - category: meta.docs.category, - }, - }; - if (meta.docs.description) { - sarifRules[message.ruleId].shortDescription = { - text: meta.docs.description, - }; - } - // Some rulesMetas do not have docs property - } else { - sarifRules[message.ruleId] = { - id: message.ruleId, - helpUri: 'Please see details in message', - properties: { - category: 'No category provided', - }, - }; - } - } - } - - if (sarifRuleIndices[message.ruleId] !== 'undefined') { - sarifRepresentation.ruleIndex = sarifRuleIndices[message.ruleId]; - } - - if (containsSuppressedMessages && !ignoreSuppressed) { - const uniqueSuppressions = new Set(); - const suppressionsList = []; - if (message.suppressions) { - for (const suppression of message.suppressions) { - const suppressionKey = `${suppression.kind}:${suppression.justification}`; - if (!uniqueSuppressions.has(suppressionKey)) { - uniqueSuppressions.add(suppressionKey); - suppressionsList.push({ - kind: suppression.kind === 'directive' ? 'inSource' : 'external', - justification: suppression.justification, - }); - } - } - } - sarifRepresentation.suppressions = suppressionsList; - } - } else { - // ESLint produces a message with no ruleId when it encounters an internal - // error. SARIF represents this as a tool execution notification rather - // than as a result, and a notification has a descriptor.id property rather - // than a ruleId property. - sarifRepresentation.descriptor = { - id: internalErrorId, - }; - - // As far as we know, whenever ESLint produces a message with no rule id, - // it has severity: 2 which corresponds to a SARIF error. But check here - // anyway. - if (sarifRepresentation.level === 'error') { - // An error-level notification means that the tool failed to complete - // its task. - executionSuccessful = false; - } - } - - if (message.line > 0 || message.column > 0) { - sarifRepresentation.locations[0].physicalLocation.region = {}; - if (message.line > 0) { - sarifRepresentation.locations[0].physicalLocation.region.startLine = message.line; - } - if (message.column > 0) { - sarifRepresentation.locations[0].physicalLocation.region.startColumn = message.column; - } - if (message.endLine > 0) { - sarifRepresentation.locations[0].physicalLocation.region.endLine = message.endLine; - } - if (message.endColumn > 0) { - sarifRepresentation.locations[0].physicalLocation.region.endColumn = message.endColumn; - } - } - - if (message.source) { - // Create an empty region if we don't already have one from the line / column block above. - sarifRepresentation.locations[0].physicalLocation.region = sarifRepresentation.locations[0].physicalLocation.region || {}; - sarifRepresentation.locations[0].physicalLocation.region.snippet = { - text: message.source, - }; - } - - if (message.ruleId) { - sarifResults.push(sarifRepresentation); - } else { - toolConfigurationNotifications.push(sarifRepresentation); - } - } - } - } - } - - if (Object.keys(sarifFiles).length > 0) { - sarifLog.runs[0].artifacts = []; - - for (const path of Object.keys(sarifFiles)) { - sarifLog.runs[0].artifacts.push(sarifFiles[path]); - } - } - - // Per the SARIF spec §3.14.23, run.results must be present even if there are no results. - // This provides a positive indication that the run completed and no results were found. - sarifLog.runs[0].results = sarifResults; - - if (toolConfigurationNotifications.length > 0) { - sarifLog.runs[0].invocations = [ - { - toolConfigurationNotifications: toolConfigurationNotifications, - executionSuccessful: executionSuccessful, - }, - ]; - } - - if (Object.keys(sarifRules).length > 0) { - for (const ruleId of Object.keys(sarifRules)) { - const rule = sarifRules[ruleId]; - sarifLog.runs[0].tool.driver.rules.push(rule); - } - } - - return JSON.stringify( - sarifLog, - null, // replacer function - 2 // # of spaces for indents - ); -};