Merge pull request #6 from advanced-security/sarif-updates

GeekMasher · web-flow · commit d44073efc519 · 2025-06-18T16:51:51.000+01:00
feat: Update SARIF parsing and loading
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -30,4 +30,4 @@ ghastoolkit = { version = "^0.11", features = ["toolcache"] }
 # GitHub API
 octocrab = "^0.44"
 openssl = { version = "0.10", features = ["vendored"] }
-serde_json = "1.0.140"
+serde_json = "1.0"
diff --git a/src/main.rs b/src/main.rs
@@ -188,8 +188,10 @@ async fn main() -> Result<()> {
         }
 
         log::info!("Post-processing SARIF results");
-        if let Ok(sarif_content) = std::fs::read_to_string(&sarif_path) {
-            if let Ok(mut sarif) = serde_json::from_str::<Sarif>(&sarif_content) {
+
+        match Sarif::try_from(sarif_path.clone()) {
+            Ok(mut sarif) => {
+                log::info!("Updating SARIF tool name for language: {language}");
                 sarif.runs.iter_mut().for_each(|run| {
                     run.tool.driver.name = format!("CodeQL - {language}");
                 });
@@ -201,12 +203,17 @@ async fn main() -> Result<()> {
                     log::info!("SARIF file written successfully: {sarif_path:?}");
                 }
             }
+            Err(e) => {
+                log::error!("Failed to read and parse SARIF file: {e}");
+            }
         }
 
         // Reload the database to get analysis info
         database.reload()?;
         log::info!("CodeQL Database LoC :: {}", database.lines_of_code());
 
+        log::info!("SARIF Output Path :: {sarif_path:?}");
+
         log::info!("Analysis complete :: {database:?}");
         groupend!();
     }

Original file line number	Diff line number	Diff line change
`@@ -188,8 +188,10 @@ async fn main() -> Result<()> {`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`log::info!("Post-processing SARIF results");`
`191`		`- if let Ok(sarif_content) = std::fs::read_to_string(&sarif_path) {`
`192`		`- if let Ok(mut sarif) = serde_json::from_str::<Sarif>(&sarif_content) {`
	`191`	`+`
	`192`	`+ match Sarif::try_from(sarif_path.clone()) {`
	`193`	`+ Ok(mut sarif) => {`
	`194`	`+ log::info!("Updating SARIF tool name for language: {language}");`
`193`	`195`	`sarif.runs.iter_mut().for_each(\|run\| {`
`194`	`196`	`run.tool.driver.name = format!("CodeQL - {language}");`
`195`	`197`	`});`
`@@ -201,12 +203,17 @@ async fn main() -> Result<()> {`
`201`	`203`	`log::info!("SARIF file written successfully: {sarif_path:?}");`
`202`	`204`	`}`
`203`	`205`	`}`
	`206`	`+ Err(e) => {`
	`207`	`+ log::error!("Failed to read and parse SARIF file: {e}");`
	`208`	`+ }`
`204`	`209`	`}`
`205`	`210`
`206`	`211`	`// Reload the database to get analysis info`
`207`	`212`	`database.reload()?;`
`208`	`213`	`log::info!("CodeQL Database LoC :: {}", database.lines_of_code());`
`209`	`214`
	`215`	`+ log::info!("SARIF Output Path :: {sarif_path:?}");`
	`216`	`+`
`210`	`217`	`log::info!("Analysis complete :: {database:?}");`
`211`	`218`	`groupend!();`
`212`	`219`	`}`