script to run semgrep tests against adapter PRs #2907
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Commit introduces script and helpers to run semgrep test against PRs and upload semgrep results as PR comment
onkarvhanumante
changed the title
Comment on lines
149
to
184
| const nonScannedCommits = await this.#getNonScannedCommits() | ||
| for (const commit of nonScannedCommits) { | ||
| const { data } = await this.github.rest.repos.getCommit({ | ||
| owner: this.owner, | ||
| repo: this.repo, | ||
| ref: commit, | ||
| }) | ||
|
|
||
| const commitDiff = await this.#getDiffForFiles(data.files) | ||
| const files = Object.keys(commitDiff) | ||
| for (const file of files) { | ||
| // Consider scenario where the changes made to a file in the initial commit are completely undone by subsequent commits | ||
| // In such cases, the modifications from the initial commit should not be taken into account | ||
| // If the changes were entirely removed, there should be no entry for the file in the pullRequestStats | ||
| const filePRDiff = pullRequestDiff[file] | ||
| if (!filePRDiff) { | ||
| continue | ||
| } | ||
|
|
||
| // Consider scenario where changes made in the commit were partially removed or modified by subsequent commits | ||
| // In such cases, include only those commit changes that are part of the pullRequestStats object | ||
| // This ensures that only the changes that are reflected in the pull request are considered | ||
| const changes = await this.#filterCommitDiff(commitDiff[file], filePRDiff) | ||
|
|
||
| if (changes.length !== 0) { | ||
| // Check if nonScannedCommitsDiff[file] exists, if not assign an empty array to it | ||
| nonScannedCommitsDiff[file] = nonScannedCommitsDiff[file] || [] | ||
| // Combine the existing nonScannedCommitsDiff[file] array with the commit changes | ||
| // Remove any duplicate elements using the Set data structure | ||
| nonScannedCommitsDiff[file] = [ | ||
| ...new Set([...nonScannedCommitsDiff[file], ...changes]), | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Do you think moving this code to separate function will help in code readibility? function like RetrieveNonScannedCommit?
There was a problem hiding this comment.
makes above sense
gargcreation1992
previously approved these changes
Jul 10, 2023
Sonali-More-Xandr
previously approved these changes
Jul 10, 2023
onkarvhanumante
dismissed stale reviews from Sonali-More-Xandr and gargcreation1992
via
9d06e6b
Builder struct name should be adapter. So changing severity to error
gargcreation1992
approved these changes
Jul 10, 2023
Peiling-Ding
pushed a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
Peiling-Ding
added a commit
to ParticleMedia/prebid-server
that referenced
this pull request
Jul 14, 2023
* Fix: deal tiers no longer ignored due to presence of tid (prebid#2829) * CAPT-787: GPP support for imds bidder. (prebid#2867) Co-authored-by: Timothy M. Ace <tace@imds.tv> * Adsinteractive: change usersync endpoint to https (prebid#2861) Co-authored-by: Balint Vargha <varghabalint@gmail.com> * consumable adapter: add gpp support (prebid#2883) * feat: IX Bid Adapter - gpp support for user sync urls (prebid#2873) Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> * fix: update links in readme (prebid#2888) authored by @akkapur * New Adapter: AIDEM (prebid#2824) Co-authored-by: AndreaC <67786179+darkstarac@users.noreply.github.com> Co-authored-by: Andrea Tumbarello <Wazabit@users.noreply.github.com> Co-authored-by: darkstar <canazza@wazabit.it> * Improve Digital adapter: Set currency in bid response (prebid#2886) * Sharethrough: Support multiformat bid request impression (prebid#2866) * Triplelift Bid Adapter: Adding GPP Support (prebid#2887) * YahooAdvertising rebranding to Yahoo Ads. (prebid#2872) Co-authored-by: oath-jac <dsp-supply-prebid@verizonmedia.com> * IX: MultiImp Implementation (prebid#2779) Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> Co-authored-by: Oronno Mamun <oronno.mamun@indexexchange.com> * Exchange unit test fix (prebid#2868) * Semgrep rules for adapters (prebid#2833) * IX: Remove glog statement (prebid#2909) * Activities framework (prebid#2844) * PWBID: Update Default Endpoint (prebid#2903) * script to run semgrep tests against adapter PRs (prebid#2907) authored by @onkarvhanumante * semgrep rule to detect undesirable package imports in adapter code (prebid#2911) * update package-import message (prebid#2913) authored by @onkarvhanumante * Bump google.golang.org/grpc from 1.46.2 to 1.53.0 (prebid#2905) --------- Co-authored-by: Brian Sardo <1168933+bsardo@users.noreply.github.com> Co-authored-by: Timothy Ace <github.com-1@timothyace.com> Co-authored-by: Timothy M. Ace <tace@imds.tv> Co-authored-by: balintvargha <122350182+balintvargha@users.noreply.github.com> Co-authored-by: Balint Vargha <varghabalint@gmail.com> Co-authored-by: Jason Piros <jasonpiros@gmail.com> Co-authored-by: ccorbo <ccorbo2013@gmail.com> Co-authored-by: Chris Corbo <chris.corbo@indexexchange.com> Co-authored-by: Ankush <ankush.kapur@gmail.com> Co-authored-by: Giovanni Sollazzo <gs@aidem.com> Co-authored-by: AndreaC <67786179+darkstarac@users.noreply.github.com> Co-authored-by: Andrea Tumbarello <Wazabit@users.noreply.github.com> Co-authored-by: darkstar <canazza@wazabit.it> Co-authored-by: Jozef Bartek <31618107+jbartek25@users.noreply.github.com> Co-authored-by: Max Dupuis <118775839+maxime-dupuis@users.noreply.github.com> Co-authored-by: Patrick Loughrey <ploughrey@triplelift.com> Co-authored-by: radubarbos <raduiquest79@gmail.com> Co-authored-by: oath-jac <dsp-supply-prebid@verizonmedia.com> Co-authored-by: Oronno Mamun <oronno.mamun@indexexchange.com> Co-authored-by: Veronika Solovei <kalypsonika@gmail.com> Co-authored-by: Onkar Hanumante <onkar.hanumante@xandr.com> Co-authored-by: Stephen Johnston <tiquortoo@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Testings
Tested script on fork repo - https://github.com/onkarvhanumante/prebid-server/pullsScenario 1 Adapter PR created
PR: https://github.com/onkarvhanumante/prebid-server/pull/44
Expected: Semgrep result get uploaded as comment. Semgrep PR checks will fail
Scenario 2 New commits pushed to fix some errors previously reported by PR checks
PR: https://github.com/onkarvhanumante/prebid-server/pull/45
Expected: No duplicate comments added for unaddressed errors. Since all the errors are not fixed therefore Semgrep PR checks will still continue to fail
Scenario 3 Commits pushed to fix all errors previously reported by PR checks
PR: https://github.com/onkarvhanumante/prebid-server/pull/46
Expected: All errors are addressed. So Semgrep PR checks will get passed
Scenario 4 PR has no adapter related change
PR: https://github.com/onkarvhanumante/prebid-server/pull/47
Expected: Semgrep checks won't be executed
Review notes
PR introduces 2 files -
semgrep.ymlandpull-request-utils.js. Action script semgrep.yml makes use of helpers from pull-request-utils.js.For example, semgrep.yml has above code block.
prebid-server/.github/workflows/semgrep.yml
Lines 21 to 27 in d78c3d2
Here pull-request-utils.js is imported on line 21. Helper class
diffHelperis initialised on line 26 and helper methodbuildDiff()is called on line 27. Therefore start reviewing from semgrep.yml file