Invalid SARIF output #2345
Comments
nxvipin
added a commit
to nxvipin/clj-kondo
that referenced
this issue
Jun 28, 2024
- Fix the nesting level of `region` under the `results` property - Enhance SARIF output - Add Clj-kondo `version` to the SARIF output - Add `endLine` and `endColumn` to the linting results - Add `helpUri`, `level` and `enabled` to the linting rules
nxvipin
added a commit
to nxvipin/clj-kondo
that referenced
this issue
Jun 28, 2024
- Fix the nesting level of `region` under the `results` property - Enhance SARIF output - Add Clj-kondo `version` to the SARIF output - Add `endLine` and `endColumn` to the linting results - Add `helpUri`, `level` and `enabled` to the linting rules
nxvipin
added a commit
to nxvipin/clj-kondo
that referenced
this issue
Jun 28, 2024
- Fix the nesting level of `region` under the `results` property - Enhance SARIF output - Add Clj-kondo `version` to the SARIF output - Add `endLine` and `endColumn` to the linting results - Add `helpUri`, `level` and `enabled` to the linting rules
nxvipin
added a commit
to nxvipin/clj-kondo
that referenced
this issue
Jun 28, 2024
- Fix the nesting level of `region` under the `results` property
- Enhance SARIF output
- Add Clj-kondo `version` to the SARIF output
- Add `endLine` and `endColumn` to the linting results
- Add `helpUri`, `level` and `enabled` to the linting rules
- Remove `artifacts` key as it did not contain any additonal data
from what is available under the results key.
5 tasks
nxvipin
added a commit
to nxvipin/clj-kondo
that referenced
this issue
Jun 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version - 2024.05.24
Problem
The SARIF output generated by Clj-kondo does not conform to the schema specified here.
Specifically, the
regionattribute in theresultslocation is nested at an incorrect level.According to the specification the correct nesting of
regionisresults -> locations -> physicalLocation -> regionClj-kondo nests the
regionproperty underresults -> locations -> physicalLocation -> artifactLocation -> regionRepro
We have
bad_clojure.clj:If we run
clj-kondo --lint bad_clojure.clj --config '{:output {:format :sarif}}'we get this output -Output (Click to expand)
{ "version": "2.1.0", "$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.4", "runs": [ { "tool": { "driver": { "name": "Clj-kondo", "informationUri": "https://github.com/clj-kondo/clj-kondo", "rules": [ { "id": "hook" }, { "id": "docstring-leading-trailing-whitespace" }, { "id": "bb.edn-cyclic-task-dependency" }, { "id": "case-quoted-test" }, { "id": "datalog-syntax" }, { "id": "redundant-do" }, { "id": "plus-one" }, { "id": "conflicting-fn-arity" }, { "id": "redundant-fn-wrapper" }, { "id": "type-mismatch" }, { "id": "docstring-blank" }, { "id": "keyword-binding" }, { "id": "protocol-method-varargs" }, { "id": "format" }, { "id": "deps.edn" }, { "id": "underscore-in-namespace" }, { "id": "clj-kondo-config" }, { "id": "condition-always-true" }, { "id": "redundant-let" }, { "id": "misplaced-docstring" }, { "id": "discouraged-tag" }, { "id": "equals-true" }, { "id": "consistent-alias" }, { "id": "non-arg-vec-return-type-hint" }, { "id": "missing-test-assertion" }, { "id": "aliased-namespace-symbol" }, { "id": "line-length" }, { "id": "use" }, { "id": "unused-referred-var" }, { "id": "equals-false" }, { "id": "duplicate-set-key" }, { "id": "duplicate-map-key" }, { "id": "bb.edn-unexpected-key" }, { "id": "not-empty?" }, { "id": "file" }, { "id": "def-fn" }, { "id": "unknown-require-option" }, { "id": "missing-clause-in-try" }, { "id": "discouraged-namespace" }, { "id": "refer-all" }, { "id": "inline-def" }, { "id": "missing-body-in-when" }, { "id": "deprecated-namespace" }, { "id": "unresolved-symbol" }, { "id": "cond-else" }, { "id": "unsorted-required-namespaces" }, { "id": "missing-docstring" }, { "id": "conflicting-alias" }, { "id": "single-operand-comparison" }, { "id": "minus-one" }, { "id": "bb.edn-task-missing-docstring" }, { "id": "missing-else-branch" }, { "id": "loop-without-recur" }, { "id": "namespace-name-mismatch" }, { "id": "unused-import" }, { "id": "discouraged-var" }, { "id": "shadowed-var" }, { "id": "var-same-name-except-case" }, { "id": "unexpected-recur" }, { "id": "self-requiring-namespace" }, { "id": "deprecated-var" }, { "id": "earmuffed-var-not-dynamic" }, { "id": "unbound-destructuring-default" }, { "id": "equals-expected-position" }, { "id": "dynamic-var-not-earmuffed" }, { "id": "redundant-expression" }, { "id": "multiple-async-in-deftest" }, { "id": "case-duplicate-test" }, { "id": "aliased-namespace-var-usage" }, { "id": "syntax" }, { "id": "single-key-in" }, { "id": "unused-value" }, { "id": "used-underscored-binding" }, { "id": "redundant-call" }, { "id": "unused-namespace" }, { "id": "java-static-field-call" }, { "id": "case-symbol-test" }, { "id": "unused-alias" }, { "id": "reduce-without-init" }, { "id": "private-call" }, { "id": "unresolved-var" }, { "id": "unsorted-imports" }, { "id": "duplicate-field" }, { "id": "not-a-function" }, { "id": "duplicate-require" }, { "id": "unused-private-var" }, { "id": "docstring-no-summary" }, { "id": "unresolved-namespace" }, { "id": "uninitialized-var" }, { "id": "main-without-gen-class" }, { "id": "invalid-arity" }, { "id": "single-logical-operand" }, { "id": "shadowed-fn-param" }, { "id": "warn-on-reflection" }, { "id": "bb.edn-undefined-task" }, { "id": "missing-map-value" }, { "id": "unreachable-code" }, { "id": "refer" }, { "id": "redefined-var" }, { "id": "unused-binding" }, { "id": "redundant-str-call" } ] } }, "artifacts": [ { "location": { "uri": "bad_clojure.clj" } } ], "results": [ { "level": "warning", "message": { "text": "namespace clojure.string is required but never used" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "bad_clojure.clj", "index": 0, "region": { "startLine": 2, "startColumn": 14 } } } } ], "ruleId": "unused-namespace", "ruleIndex": 74 }, { "level": "warning", "message": { "text": "use alias or :refer" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "bad_clojure.clj", "index": 0, "region": { "startLine": 3, "startColumn": 34 } } } } ], "ruleId": "refer-all", "ruleIndex": 39 }, { "level": "warning", "message": { "text": "Unused private var bad-clojure/foo" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "bad_clojure.clj", "index": 0, "region": { "startLine": 5, "startColumn": 8 } } } } ], "ruleId": "unused-private-var", "ruleIndex": 85 }, { "level": "warning", "message": { "text": "unused binding bar" }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "bad_clojure.clj", "index": 0, "region": { "startLine": 5, "startColumn": 13 } } } } ], "ruleId": "unused-binding", "ruleIndex": 99 } ] } ] }This output is invalid and can be validated here.
Expected behavior
The SARIF output would conform to the specification.
I can submit a PR that fixes this issue.
The text was updated successfully, but these errors were encountered: