Support SARIF output #1482
Merged
Support SARIF output #1482
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ndmitchell
reviewed
Apr 2, 2023
|
|
||
| {- | | ||
| Description: Formats hlint ideas in the Statis Analysis Results Interchange Format (SARIF). | ||
| License: BSD-3-Clause |
There was a problem hiding this comment.
Any reason to add a license to just this one file, given the entire project is BSD3 licensed?
There was a problem hiding this comment.
I fill out Haddock module documentation fields out of habit, and the license field was just something that could be filled. Other than the fact that I wrote these lines, there's no reason this file needs special treatment.
|
Looks good - thanks for the very well structured pull request! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the ability to output into SARIF from HLint. SARIF is an open interchange format for exchanging results for static analyses. In particular, GitHub uses SARIF for reading results from code scanning tools; this would allow HLint to be used as a code scanning tool in GitHub. The output is complete enough such that output uploaded from a test workflow shows up as a code scanning alert.
The changes adds a
--sarifflag and a "SARIF" module. E.g., the following will result in the hints being output in SARIF.There are now quite a few output formats that HLint supports. I.e., HLint-native JSON, Code Climate, HTML, Refactor, and now SARIF. I was almost tempted to add a
--format=sarifflag instead and put the module in "Format.SARIF", but I didn't in order to maintain consistency with existing practice. However, if you would like such a change made, I would be very happy to make it (obviously, I would keep the existing flags alone).This change does not use the sarif package. While it would have not added any new dependencies other than itself, I was a little worried by it having an extra module in the "Data.Aeson" namespace. It is not on Stackage, either, so it would have been a little more work to get it working on stack.
This pull request will resolve #1469.
By raising this pull request, I confirm I am licensing my contribution under all licenses that apply to this project and that I have no patents covering my contribution.