Vous utilisez GitHub, écrivez du code et faites d'autres choses amusantes. Pour améliorer la qualité de votre travail et optimiser votre temps, utilisez un analyseur statique. Et puis vous avez une idée - pourquoi ne pas regarder les erreurs générées par l'analyseur directement dans GitHub? Et aussi pour le rendre beau. Que faire dans ce cas? La réponse est très simple. Votre choix est SARIF. De quoi s'agit-il, comment le configurer et sera abordé dans cet article. Bonne lecture.
Qu'est-ce que SARIF?
SARIF (Static Analysis Results Interchange Format) – JSON . , , - , GitHub Visual Studio Code.
- , . , (, JSON), . .
(SARIF) , . . , , SARIF . , . , , \, . !
GitHub
, "Security".
"Code scanning alerts" "Set up code scanning".
"Set up this workflow".
yml ( upload-sarif.yml) :
name: "Upload SARIF"
# Run workflow each time code is pushed to your repository and on a schedule.
# The scheduled workflow runs every at 00:00 on Sunday UTC time.
on:
push:
schedule:
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
:
"Start commit", - ( "Create upload-sarif.yml") .
, ! SARIF .
SARIF
, SARIF – , . PVS-Studio PlogConverter. – .
SARIF , . ++ . - ? :) :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if ( !((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int main()
{
std::cout << "error" << std::endl;
}
, , " PVS-Studio , ".
, PVS-Studio. - "PVS-Studio_Cmd.exe". C++, C# MSBuild- Windows. "C:\Program Files (x86)\PVS-Studio". .
, . :
PVS-Studio_Cmd.exe -t "D:\Use_SARIF_Example\BestProjectCpp.sln" \
-o "D:\Use_SARIF_Example\results.plog" -e "D:\Use_SARIF_Example\"
. "-t" . (sln csproj/vcxproj ). "-o" , . "-e" - , PVS-Studio . , .
, plog SARIF . PlogConverter.
Plog SARIF
PlogConverter, . PlogConverter – , PVS-Studio . .
, PlogConverter.exe . PVS-Studio "PVS-Studio_Cmd.exe". , :
PlogConverter.exe "D:\Use_SARIF_Example\results.plog" \
-o "D:\Use_SARIF_Example" -t sarif -n results
. .
,
, , SARIF . "Add file -> Upload files".
SARIF , . , , "Actions" .
, "Security". "Code scanning alerts -> PVS-Studio".
. - :
:
;
. , ;
.
SARIF GitHub
, . , , - , SARIF . , , . C++ :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if (!((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int ComputeProjectionMatrixFOV(float fov)
{
float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);
return yScale;
}
int main()
{
std::cout << "error" << std::endl;
}
, , SARIF ( ) . , . .
. "Security" -> "Code scanning alerts" -> "PVS-Studio" "Branch" . :
, . , . , , bat , , SARIF SARIF .
?
, . ? , , — , . "Open" "Closed". "Open" — , . "Closed" – , .
— (, ).
. , .
GitHub "false positive", "used in tests", "won't fix" :). , ( checkbox) "Dismiss".
, , SARIF .
"Open", . "Closed", , , "Reopen".
, , . , "Open", , "Closed". SARIF . pull request, . , . SARIF pull request .
C++?
, . , – , SARIF . , PVS-Studio C++, C#, Java. C#, . , , C# . , :
using System;
using System.Collections.Generic;
using System.Linq;
namespace TestSarif
{
class Program
{
static void Main()
{
var result = Formula42(3, 5);
}
static int Formula42(int? coefficientA, int? coefficientB)
{
var data = new List<int>();
if (coefficientA != null)
data.Add(Formula42(coefficientA.Value));
else if (coefficientB != null)
data.Add(Formula42(coefficientA.Value));
return data.SingleOrDefault();
}
static private int Formula42(int coefficient)
{
return coefficient;
}
}
}
:
.
, , SARIF — , . SARIF . , VS Code . , , , . , - , .
. .
, : Nikolay Mironov, Evgeniy Ovsannikov. How to Get Nice Error Reports Using SARIF.