microsoft
/
sarif-actions
зеркало из https://github.com/microsoft/sarif-actions.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

removing extra file

This commit is contained in:
Eddy Nakamura 2020-12-01 10:47:19 -03:00
Родитель e8abad01e8
Коммит 7f08410e3f
3 изменённых файлов: 3 добавлений и 229 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
.github/workflows/main.yml поставляемый
Просмотреть файл

@ -13,4 +13,4 @@ jobs:
- name: Sarif action step
uses: ./ # Uses an action in the root directory
with:
command: 'validate ./new.sarif'
command: 'help'

7
action.yml
Просмотреть файл

@ -1,13 +1,10 @@
name: 'sarif'
description: 'Execute sarif multitool'
inputs:
command: # id of input
description: 'command to be sent to sarif multitool'
command:
description: 'Command to be sent to sarif multitool'
required: false
default: 'version'
outputs:
time: # id of output
description: 'The time we greeted you'
runs:
using: 'docker'
image: 'Dockerfile'

223
new.sarif
Просмотреть файл

@ -1,223 +0,0 @@
{
"$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
"version": "2.1.0",
"runs": [
{
"results": [
{
"ruleId": "SARIF2002",
"ruleIndex": 0,
"level": "note",
"message": {
"id": "Note_Default",
"arguments": [
"runs[0].results[0].message"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///c:/temp/sarif_with_note_errors.sarif",
"index": 0
},
"region": {
"startLine": 21,
"startColumn": 22
}
}
}
]
},
{
"ruleId": "SARIF2005",
"ruleIndex": 1,
"message": {
"id": "Warning_ProvideToolnformationUri",
"arguments": [
"runs[0].tool.driver",
"CodeScanner"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///c:/temp/sarif_with_note_errors.sarif",
"index": 0
},
"region": {
"startLine": 7,
"startColumn": 19
}
}
}
]
},
{
"ruleId": "SARIF2007",
"ruleIndex": 2,
"message": {
"id": "Warning_ProvideUriBaseIdForMappedTo",
"arguments": [
"runs[0].versionControlProvenance[0]",
"https://github.com/microsoft/sarif-sdk"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///c:/temp/sarif_with_note_errors.sarif",
"index": 0
},
"region": {
"startLine": 13,
"startColumn": 9
}
}
}
]
},
{
"ruleId": "SARIF2016",
"ruleIndex": 3,
"level": "note",
"message": {
"id": "Note_Default",
"arguments": [
"runs[0].results[0].locations[0].physicalLocation.artifactLocation.uri",
"file:///c:/src/test.c"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///c:/temp/sarif_with_note_errors.sarif",
"index": 0
},
"region": {
"startLine": 28,
"startColumn": 48
}
}
}
]
}
],
"tool": {
"driver": {
"name": "Sarif.Multitool",
"organization": "Microsoft",
"product": "Microsoft SARIF SDK",
"fullName": "Sarif.Multitool 2.3.8.0",
"version": "2.3.8.0",
"semanticVersion": "2.3.8",
"rules": [
{
"id": "SARIF2002",
"fullDescription": {
"text": "In result messages, use the 'message.id' and 'message.arguments' properties rather than 'message.text'. This has several advantages. If 'text' is lengthy, using 'id' and 'arguments' makes the SARIF file smaller. If the rule metadata is stored externally to the SARIF log file, the message text can be improved (for example, by adding more text, clarifying the phrasing, or fixing typos), and the result messages will pick up the improvements the next time it is displayed. Finally, SARIF supports localizing messages into different languages, which is possible if the SARIF file contains 'message.id' and 'message.arguments', but not if it contains 'message.text' directly."
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html",
"messageStrings": {
"Note_Default": {
"text": "{0}: The 'message' property of this result contains a 'text' property. Consider replacing it with 'id' and 'arguments' properties. This potentially reduces the log file size, allows the message text to be improved without modifying the log file, and enables localization."
}
},
"shortDescription": {
"text": "In result messages, use the 'message.id' and 'message.arguments' properties rather than 'message.text'."
},
"name": "ProvideMessageArguments",
"defaultConfiguration": {
"level": "note"
}
},
{
"id": "SARIF2005",
"fullDescription": {
"text": "Provide information that makes it easy to identify the name and version of your tool.\r\n\r\nThe tool's 'name' property should be no more than three words long. This makes it easy to remember and allows it to fit into a narrow column when displaying a list of results. If you need to provide more information about your tool, use the 'fullName' property.\r\n\r\nThe tool should provide either or both of the 'version' and 'semanticVersion' properties. This enables the log file consumer to determine whether the file was produced by an up to date version, and to avoid accidentally comparing log files produced by different tool versions.\r\n\r\nIf 'version' is used, facilitate comparison between versions by specifying a version number that starts with an integer, optionally followed by any desired characters."
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html",
"messageStrings": {
"Warning_ProvideToolVersion": {
"text": "{0}: The tool '{1}' does not provide any of the version-related properties {2}. Providing version information enables the log file consumer to determine whether the file was produced by an up to date version, and to avoid accidentally comparing log files produced by different tool versions."
},
"Warning_ProvideConciseToolName": {
"text": "{0}: The tool name '{1}' contains {2} words, which is more than the recommended maximum of {3} words. A short tool name is easy to remember and fits into a narrow column when displaying a list of results. If you need to provide more information about your tool, use the 'fullName' property."
},
"Warning_UseNumericToolVersions": {
"text": "{0}: The tool '{1}' contains the 'version' property '{2}', which is not numeric. To facilitate comparison between versions, specify a 'version' that starts with an integer, optionally followed by any desired characters."
},
"Warning_ProvideToolnformationUri": {
"text": "{0}: The tool '{1}' does not provide 'informationUri'. This property helps the developer responsible for addessing a result by providing a way to learn more about the tool."
}
},
"shortDescription": {
"text": "Provide information that makes it easy to identify the name and version of your tool."
},
"name": "ProvideToolProperties"
},
{
"id": "SARIF2007",
"fullDescription": {
"text": "Provide information that makes it possible to determine the repo-relative locations of files that contain analysis results.\r\n\r\nEach element of the 'versionControlProvenance' array is a 'versionControlDetails' object that describes a repository containing files that were analyzed. 'versionControlDetails.mappedTo' defines the file system location to which the root of that repository is mapped. If 'mappedTo.uriBaseId' is present, and if result locations are expressed relative to that 'uriBaseId', then the repo-relative location of each result can be determined."
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html",
"messageStrings": {
"Warning_ExpressResultLocationsRelativeToMappedTo": {
"text": "{0}: This result location does not provide any of the 'uriBaseId' values that specify repository locations: '{1}'. As a result, it will not be possible to determine the location of the file containing this result relative to the root of the repository that contains it."
},
"Warning_ProvideUriBaseIdForMappedTo": {
"text": "{0}: The 'versionControlDetails' object that describes the repository '{1}' does not provide 'mappedTo.uriBaseId'. As a result, it will not be possible to determine the repo-relative location of files containing analysis results for this repository."
}
},
"shortDescription": {
"text": "Provide information that makes it possible to determine the repo-relative locations of files that contain analysis results."
},
"name": "ExpressPathsRelativeToRepoRoot"
},
{
"id": "SARIF2016",
"fullDescription": {
"text": "When an artifact location refers to a file on the local file system, specify a relative reference for the uri property and provide a uriBaseId property, rather than specifying an absolute URI.\r\n\r\nThere are several advantages to this approach:\r\n\r\nPortability: A log file that contains relative references together with uriBaseI properties can be interpreted on a machine where the files are located at a different absolute location.\r\n\r\nDeterminism: A log file that uses uriBaseId properties has a better chance of being 'deterministic'; that is, of being identical from run to run if none of its inputs have changed, even if those runs occur on machines where the files are located at different absolute locations.\r\n\r\nSecurity: The use of uriBaseId properties avoids the persistence of absolute path names in the log file. Absolute path names can reveal information that might be sensitive.\r\n\r\nSemantics: Assuming the reader of the log file (an end user or another tool) has the necessary context, they can understand the meaning of the location specified by the uri property, for example, 'this is a source file'."
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html",
"messageStrings": {
"Note_Default": {
"text": "{0}: The file location '{1}' is specified with absolute URI. Prefer a relative reference together with a uriBaseId property."
}
},
"shortDescription": {
"text": "When an artifact location refers to a file on the local file system, specify a relative reference for the uri property and provide a uriBaseId property, rather than specifying an absolute URI."
},
"name": "FileUrisShouldBeRelative",
"defaultConfiguration": {
"level": "note"
}
}
],
"properties": {
"Comments": "Command line tool to manipulate SARIF files."
}
}
},
"invocations": [
{
"startTimeUtc": "2020-11-26T17:04:12.645Z",
"endTimeUtc": "2020-11-26T17:04:20.675Z",
"executionSuccessful": true
}
],
"artifacts": [
{
"location": {
"uri": "file:///c:/temp/sarif_with_note_errors.sarif"
}
}
],
"columnKind": "utf16CodeUnits"
}
]
}