Conversation
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Mar 29, 2024
Resolves: csutils#136 Closes: csutils#167
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Apr 1, 2024
Resolves: csutils#136 Closes: csutils#167
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Apr 3, 2024
Resolves: csutils#136 Closes: csutils#167
jamacku
reviewed
Apr 3, 2024
Member
jamacku
left a comment
jamacku
left a comment
There was a problem hiding this comment.
Thank you for working on this RFE. I have tried to test it, and unfortunately, the endLine/endColumn properties aren't filled for the following shell script.
[root@vm-10-0-187-125 ~]# cat main.sh
# shell.sh
echo $1 # Unquoted variables
find . -name *.ogg # Unquoted find/grep patterns
rm "~/my file.txt" # Quoted tilde expansion
v='--verbose="true"'; cmd $v # Literal quotes in variables
for f in "*.ogg" # Incorrectly quoted 'for' loops
touch $@ # Unquoted $@
[root@vm-10-0-187-125 ~]# shellcheck --format=json1 main.sh | csgrep --mode=sarif | sarif-fmt
error: Couldn't parse this for loop. Fix to allow more checks.
┌─ main.sh:6:1
│
6 │ for f in "*.ogg" # Incorrectly quoted 'for' loops
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
error: Expected 'do'.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
error: Expected 'do'. Fix any mentioned problems and try again.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
error: 0 errors emitted
[root@vm-10-0-187-125 ~]# shellcheck --format=json main.sh | shellcheck-sarif | sarif-fmt
error: Couldn't parse this for loop. Fix to allow more checks.
┌─ main.sh:6:1
│
6 │ for f in "*.ogg" # Incorrectly quoted 'for' loops
│ ^
│
= SC1073
= For more information: https://www.shellcheck.net/wiki/SC1073
error: Expected 'do'.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^
│
= SC1058
= For more information: https://www.shellcheck.net/wiki/SC1058
error: Expected 'do'. Fix any mentioned problems and try again.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^
│
= SC1072
= For more information: https://www.shellcheck.net/wiki/SC1072
error: 0 errors emitted
But when I commented last two lines, so ShellCheck could parse the whole file, the properties are set correctly by csgrep
[root@vm-10-0-187-125 ~]# cat main.sh
# shell.sh
echo $1 # Unquoted variables
find . -name *.ogg # Unquoted find/grep patterns
rm "~/my file.txt" # Quoted tilde expansion
v='--verbose="true"'; cmd $v # Literal quotes in variables
#for f in "*.ogg" # Incorrectly quoted 'for' loops
#touch $@ # Unquoted $@
shellcheck --format=json1 main.sh | csgrep --mode=sarif | sarif-fmt
error: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
┌─ main.sh:1:1
│
1 │ # shell.sh
│ ^^^^^^^^^^
warning: Double quote to prevent globbing and word splitting.
┌─ main.sh:2:6
│
2 │ echo $1 # Unquoted variables
│ ^^
warning: Quote the parameter to -name so the shell won't interpret it.
┌─ main.sh:3:14
│
3 │ find . -name *.ogg # Unquoted find/grep patterns
│ ^^^^^
warning: Use ./*glob* or -- *glob* so names with dashes won't become options.
┌─ main.sh:3:14
│
3 │ find . -name *.ogg # Unquoted find/grep patterns
│ ^
warning: Tilde does not expand in quotes. Use $HOME.
┌─ main.sh:4:5
│
4 │ rm "~/my file.txt" # Quoted tilde expansion
│ ^^^^^^^^^^^^^
warning: Quotes/backslashes will be treated literally. Use an array.
┌─ main.sh:5:3
│
5 │ v='--verbose="true"'; cmd $v # Literal quotes in variables
│ ^^^^^^^^^^^^^^^^^^
warning: Quotes/backslashes in this variable will not be respected.
┌─ main.sh:5:27
│
5 │ v='--verbose="true"'; cmd $v # Literal quotes in variables
│ ^^
warning: 6 warnings emitted
error: 6 errors emitted
lzaoral
requested changes
Apr 3, 2024
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Apr 3, 2024
... paired with each startLine/startColumn to be compatible with `shellcheck-sarif` and `sarif-fmt`. Resolves: csutils#136 Closes: csutils#167
Member
Author
jamacku
reviewed
Apr 3, 2024
Member
jamacku
left a comment
jamacku
left a comment
There was a problem hiding this comment.
Works great, Thank you
[root@vm-10-0-187-125 ~]# shellcheck --format=json1 main.sh | csgrep --mode=sarif | sarif-fmt
error: Couldn't parse this for loop. Fix to allow more checks.
┌─ main.sh:6:1
│
6 │ for f in "*.ogg" # Incorrectly quoted 'for' loops
│ ^
error: Expected 'do'.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^
error: Expected 'do'. Fix any mentioned problems and try again.
┌─ main.sh:7:1
│
7 │ touch $@ # Unquoted $@
│ ^
error: 0 errors emitted
[root@vm-10-0-187-125 ~]# shellcheck --format=json1 main.sh | csgrep --mode=sarif | sarif-fmt
error: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
┌─ main.sh:1:1
│
1 │ # shell.sh
│ ^
warning: Double quote to prevent globbing and word splitting.
┌─ main.sh:2:6
│
2 │ echo $1 # Unquoted variables
│ ^^
warning: Quote the parameter to -name so the shell won't interpret it.
┌─ main.sh:3:14
│
3 │ find . -name *.ogg # Unquoted find/grep patterns
│ ^^^^^
warning: Use ./*glob* or -- *glob* so names with dashes won't become options.
┌─ main.sh:3:14
│
3 │ find . -name *.ogg # Unquoted find/grep patterns
│ ^
warning: Tilde does not expand in quotes. Use $HOME.
┌─ main.sh:4:5
│
4 │ rm "~/my file.txt" # Quoted tilde expansion
│ ^^^^^^^^^^^^^
warning: Quotes/backslashes will be treated literally. Use an array.
┌─ main.sh:5:3
│
5 │ v='--verbose="true"'; cmd $v # Literal quotes in variables
│ ^^^^^^^^^^^^^^^^^^
warning: Quotes/backslashes in this variable will not be respected.
┌─ main.sh:5:27
│
5 │ v='--verbose="true"'; cmd $v # Literal quotes in variables
│ ^^
warning: 6 warnings emitted
error: 6 errors emitted
Member
Author
|
@jamacku Perfect. Thank you for testing it! |
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Apr 4, 2024
Resolves: csutils#136 Closes: csutils#167
kdudka
added a commit
to kdudka/csdiff
that referenced
this pull request
Apr 4, 2024
... paired with each startLine/startColumn to be compatible with `shellcheck-sarif` and `sarif-fmt`. Resolves: csutils#136 Closes: csutils#167
lzaoral
reviewed
Apr 9, 2024
tests/csgrep/0090-sarif-writer-illegal-utf8-sequence-stdout.txt
Outdated
Show resolved
Hide resolved
Member
|
@jamacku This is probably unrelated to this PR but the first output from |
Member
TBH, I'm not sure what those values should represent. It is possible that values might be a bit misleading. For example the second report shows number of errors 6 but there is 7 reports. |
lzaoral
approved these changes
Apr 9, 2024
Member
lzaoral
left a comment
lzaoral
left a comment
There was a problem hiding this comment.
Approving. The comments above are either minor remarks or questions.
If no line number is available, skip writing of the `region` object in order not to break validation of the resulting SARIF format. Related: csutils#167
Initially csdiff supported only startLine/startColumn. Some scanners provide also endLine/endColumn to denote a region of certain size. The extra information is stored efficiently in the internal data structure and in csdiff's native JSON format by tracking the diff between startLine/endLine and startColumn/endColumn, respectively, and only when the diff is a non-zero (positive) number. Related: csutils#136
Otherwise fallback to `caret`, which was the only field used so far. Related: csutils#136
Resolves: csutils#136 Closes: csutils#167
... paired with each startLine/startColumn to be compatible with `shellcheck-sarif` and `sarif-fmt`. Resolves: csutils#136 Closes: csutils#167
Member
Author
|
Thank you both for review! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Initially csdiff supported only
startLine/startColumn. Some scanners provide alsoendLine/endColumnto denote a region of certain size.The extra information is stored efficiently in the internal data structure and in csdiff's native JSON format by tracking the diff between
startLine/endLineandstartColumn/endColumn, respectively, and only when the diff is a non-zero (positive) number.Resolves: #136