Skip to content

Fix #5525: [core] Add Sarif Level Property #5573

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adangel merged 8 commits into from
Apr 18, 2025
Merged

Fix #5525: [core] Add Sarif Level Property #5573

adangel merged 8 commits into from
Apr 18, 2025

Conversation

@julees7
Copy link
Contributor

@julees7 julees7 commented Mar 5, 2025
edited by adangel
Loading

Describe the PR

Adding and filling the field for the severeness of a rule in the sarif report according to the defined priorities in the pmd ruleset.

Related issues

Ready?

  • Added unit tests for fixed bug/feature
  • Passing all unit tests
  • Complete build ./mvnw clean verify passes (checked automatically by github actions)
  • Added (in-code) documentation (if needed)

@adangel adangel changed the title [core] Adding Sarif Level Property #5525 Fix #5525: [core] Add Sarif Level Property Mar 6, 2025
adangel
adangel requested changes Mar 6, 2025
View reviewed changes
Copy link
Member

@adangel adangel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR!

Could you please also update the example on https://docs.pmd-code.org/latest/pmd_userdocs_report_formats.html#sarif ? The file to change is https://github.com/pmd/pmd/blob/main/docs/report-examples/pmd-report.sarif.json

Then I think, we should additionally add the property "defaultConfiguration" to "runs[0].tool.driver.rules[x]". There we can specify the default log level per rule. See https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141791100 and https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141791105 .

In theory, when we have such a default configuration, we wouldn't need the level property on each result, as the specification defines precisely how to derive the value (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790898).
However, we could still keep it, as it makes it easier for the tools (e.g. VS Code's SARIF Viewer recognizes the defaultConfiguration, while IntelliJ's build-in Service-Side Analysis tool window doesn't seem to).

@bdovaz bdovaz mentioned this pull request Mar 6, 2025
Merged
@julees7
Copy link
Contributor Author

julees7 commented Mar 22, 2025
edited
Loading

@adangel So I added the ReportingConfiguration as a Class to be used for the attribute "defaultConfiguration", but I need more information on what this should be filled with or where ^^'

@adangel
Copy link
Member

adangel commented Mar 25, 2025

@adangel So I added the ReportingConfiguration as a Class to be used for the attribute "defaultConfiguration", but I need more information on what this should be filled with or where ^^'

Let's start with "where": the defaultConfiguration property is part of the reportingDescriptor object - which is created when the SarifLogBuilder processes a rule violation at

pmd/pmd-core/src/main/java/net/sourceforge/pmd/renderers/internal/sarif/SarifLogBuilder.java

Lines 44 to 46 in 901d976

public SarifLogBuilder add(RuleViolation violation) {
final ReportingDescriptor ruleDescriptor = getReportingDescriptor(violation);
int ruleIndex = rules.indexOf(ruleDescriptor);

That means, you need to create a new defaultConfiguration object here

pmd/pmd-core/src/main/java/net/sourceforge/pmd/renderers/internal/sarif/SarifLogBuilder.java

Lines 170 to 179 in 901d976

private ReportingDescriptor getReportingDescriptor(RuleViolation rv) {
return ReportingDescriptor.builder()
.id(rv.getRule().getName())
.shortDescription(new MultiformatMessage(rv.getDescription()))
.fullDescription(new MultiformatMessage(rv.getRule().getDescription()))
.helpUri(rv.getRule().getExternalInfoUrl())
.help(new MultiformatMessage(rv.getRule().getDescription()))
.properties(getRuleProperties(rv))
.build();
}

However, before you can add it to the reportingDescriptor builder, you need to add the property "defaultConfiguration" to the ReportingDescriptor class along with a setter in the builder:

pmd/pmd-core/src/main/java/net/sourceforge/pmd/renderers/internal/sarif/SarifLog.java

Line 2067 in 08fb81a

public static class ReportingDescriptor {
and

pmd/pmd-core/src/main/java/net/sourceforge/pmd/renderers/internal/sarif/SarifLog.java

Line 2119 in 08fb81a

public static class ReportingDescriptorBuilder {

The "what" is not so much different than what you already did: In getReportingDescriptor() you have access to the rule's priority setting via rv.getRule().getPriority() that you need to map to "error", "warning", "note".

Pankraz76
Pankraz76 reviewed Apr 1, 2025
View reviewed changes
Copy link
Contributor

@Pankraz76 Pankraz76 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Pankraz76 Pankraz76 mentioned this pull request Apr 1, 2025
Closed
3 tasks
@bdovaz
Copy link

bdovaz commented Apr 14, 2025

How is this PR going? I am interested in this change as well.

Thanks.

@github-actions
Copy link

github-actions bot commented Apr 14, 2025
edited
Loading

Documentation Preview

Compared to main:
This changeset changes 0 violations,
introduces 0 new violations, 0 new errors and 0 new configuration errors,
removes 0 violations, 0 errors and 0 configuration errors.

Regression Tester Report

@julees7 julees7 requested a review from adangel April 16, 2025 19:52
@adangel adangel added this to the 7.13.0 milestone Apr 17, 2025
@adangel adangel self-assigned this Apr 17, 2025
adangel
adangel approved these changes Apr 18, 2025
View reviewed changes
Copy link
Member

@adangel adangel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR!

I'm going to fix one bug before I merge this: The enabled property of the defaultConfiguration should either be true or not specified at all. Currently it is false, which is irritating, as the report definitely contains a result for this rule but the rule seems to be disabled...

adangel added a commit that referenced this pull request Apr 18, 2025
@adangel
[doc] Update release notes (#5525, #5573)
88ac8d5
@adangel adangel merged commit 89195d1 into pmd:main Apr 18, 2025
8 checks passed
adangel added a commit that referenced this pull request Apr 18, 2025
@adangel
Fix #5525: [core] Add Sarif Level Property (#5573)
b8d9724 
Merge pull request #5573 from julees7:main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adangel adangel adangel approved these changes

+1 more reviewer

@Pankraz76 Pankraz76 Pankraz76 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@adangel adangel

Labels

None yet

Projects

None yet

Milestone

7.13.0

Development

Successfully merging this pull request may close these issues.

[core] Add rule priority as level to Sarif report

4 participants

@julees7 @adangel @bdovaz @Pankraz76