Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: adding sarif file extension validation support #217

Open
wants to merge 27 commits into
base: main
Choose a base branch
from
Open

feat: adding sarif file extension validation support #217

wants to merge 27 commits into from

Conversation

arthurflame
Copy link

As discussed in this PR #183:

  • Parsing the report as JSON
  • Validating that schema is specified
  • Validating that the content of the .sarif file matches the schema

Content of .sarif files was taken from these samples.

@arthurflame arthurflame mentioned this pull request Nov 17, 2024
Closed
ccoVeille
ccoVeille reviewed Nov 17, 2024
View reviewed changes
pkg/filetype/file_type.go Outdated Show resolved Hide resolved
pkg/validator/sarif.go Outdated Show resolved Hide resolved
pkg/validator/sarif.go Outdated Show resolved Hide resolved
pkg/validator/sarif.go Outdated Show resolved Hide resolved
pkg/validator/sarif.go Outdated Show resolved Hide resolved
pkg/validator/sarif.go Outdated Show resolved Hide resolved
@arthurflame
fixes:
0d9006c 
* schemaUrl variable changed to schemaURL
* error formatting when schema is absent, and when schema isn't valid
* validation that schema is a string
* formatError function refactor, typo fix, and return multiple errors (if applicable)
@kehoecj kehoecj added OSS Community Contribution Contributions from the OSS Community waiting-on-maintainer-review PR is waiting to be reviewed and functionally tested by the maintainers labels Dec 3, 2024
@kehoecj kehoecj self-requested a review December 10, 2024 15:31
@kehoecj kehoecj added pr-action-requested PR is awaiting feedback from the submitting developer and removed waiting-on-maintainer-review PR is waiting to be reviewed and functionally tested by the maintainers labels Dec 10, 2024
kehoecj
kehoecj requested changes Dec 10, 2024
View reviewed changes
Copy link
Collaborator

@kehoecj kehoecj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arthurflame Looks good! Please take care of the golint-ci findings and resolve conflicts from the dependency changes in main

arthurflame and others added 9 commits December 11, 2024 19:49
@arthurflame
initial resolve and connect implementation
019cab5
@arthurflame
error placement outside of the loop
4718959
@arthurflame
error refactor
43bf9d1
@arthurflame
Merge branch 'main' into feature/sarif-validation
65c8788
@arthurflame
go mod tidy
433d1fd
@arthurflame
golangci-lint warning fix
6fa39db
@arthurflame
fixing golint errors
b15a2ee 
* moved defer out of the for loop
* wrapping error using %w
@arthurflame
fixes:
7d3a360 
* golint: truly moved defer out of the for loop
* golint: error handling for connection.Close()
* timeout for DialTimeout increased to 3 seconds
* removed "error -" prefix from error messages to prevent "error: error - " duplicates
@arthurflame
refactoring:
f8b557c 
* modified Test_FileSystemFinderDuplicateFiles to check for a different length of files in a directory
* updated validate_test.go to include sarif files in testData
* added loadFile function to read the contents of sample files in test/fixtures/ instead of creating lengthy variables
* removed embed package since it wasn't used
* added comments
kehoecj
kehoecj requested changes Dec 16, 2024
View reviewed changes
Copy link
Collaborator

@kehoecj kehoecj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arthurflame Only at 86% code coverage

@arthurflame arthurflame requested a review from kehoecj December 16, 2024 18:00
@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point.
Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those.
Any suggestions? @kehoecj

@kehoecj
Copy link
Collaborator

kehoecj commented Dec 18, 2024

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

arthurflame and others added 2 commits December 19, 2024 11:23
@arthurflame
fixes:
9082728 
* included a separate directory to cover most cases for .sarif validation
* ignored returning an error from schema.Validate() since this error wasn't reachable
@arthurflame
Merge branch 'main' into feature/sarif-validation
c20be6d
@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,

Awesome, thanks for the tip!
Made some changes, please take a look.

@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,

Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner.
image

Referring to this error:
https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,
Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner. image

Referring to this error: https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

Have been sitting on this for a while.
Still can't figure out the root cause of failing tests.

Prior to Test_CLI in cli_test.go is executed, as far as I understood, reporter_test.go has to generate result.json file and place it under test/output/ directory.
And since it wasn't generated (?), test fails.

Could it be a race condition?

Also, a rather strange behaviour that I've seen while trying to address this problem.
image
The second test execution generates files mentioned on the screenshot, the first one - didn't.
Not sure if it's expected, jfyi.
image

Would greatly appreciate any help.
Thank you!
@kehoecj

@kehoecj kehoecj added waiting-on-maintainer-review PR is waiting to be reviewed and functionally tested by the maintainers and removed pr-action-requested PR is awaiting feedback from the submitting developer labels Jan 7, 2025
@kehoecj
Copy link
Collaborator

kehoecj commented Jan 14, 2025

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,
Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner. image
Referring to this error: https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

Have been sitting on this for a while. Still can't figure out the root cause of failing tests.

Prior to Test_CLI in cli_test.go is executed, as far as I understood, reporter_test.go has to generate result.json file and place it under test/output/ directory. And since it wasn't generated (?), test fails.

Could it be a race condition?

Also, a rather strange behaviour that I've seen while trying to address this problem. image The second test execution generates files mentioned on the screenshot, the first one - didn't. Not sure if it's expected, jfyi. image

Would greatly appreciate any help. Thank you! @kehoecj

Thanks for the analysis @arthurflame - I'll take a look

@kehoecj
Copy link
Collaborator

kehoecj commented Jan 21, 2025

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,
Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner. image
Referring to this error: https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

Have been sitting on this for a while. Still can't figure out the root cause of failing tests.
Prior to Test_CLI in cli_test.go is executed, as far as I understood, reporter_test.go has to generate result.json file and place it under test/output/ directory. And since it wasn't generated (?), test fails.
Could it be a race condition?
Also, a rather strange behaviour that I've seen while trying to address this problem. image The second test execution generates files mentioned on the screenshot, the first one - didn't. Not sure if it's expected, jfyi. image
Would greatly appreciate any help. Thank you! @kehoecj

Thanks for the analysis @arthurflame - I'll take a look

I was able to fix the tests locally by forcing the tests to run sequentially rather than in parallel. I believe running in parallel with output files was causing the issue. If you update the https://github.com/Boeing/config-file-validator/blob/main/.github/workflows/go.yml#L101 to include -parallel=1 then the tests will succeed.

@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,
Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner. image
Referring to this error: https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

Have been sitting on this for a while. Still can't figure out the root cause of failing tests.
Prior to Test_CLI in cli_test.go is executed, as far as I understood, reporter_test.go has to generate result.json file and place it under test/output/ directory. And since it wasn't generated (?), test fails.
Could it be a race condition?
Also, a rather strange behaviour that I've seen while trying to address this problem. image The second test execution generates files mentioned on the screenshot, the first one - didn't. Not sure if it's expected, jfyi. image
Would greatly appreciate any help. Thank you! @kehoecj

Thanks for the analysis @arthurflame - I'll take a look

I was able to fix the tests locally by forcing the tests to run sequentially rather than in parallel. I believe running in parallel with output files was causing the issue. If you update the https://github.com/Boeing/config-file-validator/blob/main/.github/workflows/go.yml#L101 to include -parallel=1 then the tests will succeed.

Perfect, thank you very much for taking a look.
Will check on it tomorrow!

@arthurflame
Copy link
Author

Hey, not sure how to increase test coverage at this point. Was thinking about covering additional functions from sarif.go file, although, don't want to bloat the validator_test.go file with those. Any suggestions? @kehoecj

Hi @arthurflame - you're just missing several lines of your coverage because you're not testing all the failure conditions. Check the coverage report and see what lines you're missing:

go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out -o coverage.html
google-chrome coverage.html

Hey,
Awesome, thanks for the tip! Made some changes, please take a look.

Running go test -coverprofile=coverage.out ./... locally, can't reproduce the same error that can be seen on the runner. image
Referring to this error: https://github.com/Boeing/config-file-validator/actions/runs/12417060386/job/34667432261#step:6:304

Have been sitting on this for a while. Still can't figure out the root cause of failing tests.
Prior to Test_CLI in cli_test.go is executed, as far as I understood, reporter_test.go has to generate result.json file and place it under test/output/ directory. And since it wasn't generated (?), test fails.
Could it be a race condition?
Also, a rather strange behaviour that I've seen while trying to address this problem. image The second test execution generates files mentioned on the screenshot, the first one - didn't. Not sure if it's expected, jfyi. image
Would greatly appreciate any help. Thank you! @kehoecj

Thanks for the analysis @arthurflame - I'll take a look

I was able to fix the tests locally by forcing the tests to run sequentially rather than in parallel. I believe running in parallel with output files was causing the issue. If you update the https://github.com/Boeing/config-file-validator/blob/main/.github/workflows/go.yml#L101 to include -parallel=1 then the tests will succeed.

Perfect, thank you very much for taking a look. Will check on it tomorrow!

Unfortunately, adding -parallel={1,2} doesn't do the trick, tests are still failing on the runners.
Any other ideas how I should approach this?
@kehoecj

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccoVeille ccoVeille Awaiting requested review from ccoVeille

@kehoecj kehoecj Awaiting requested review from kehoecj

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
OSS Community Contribution Contributions from the OSS Community waiting-on-maintainer-review PR is waiting to be reviewed and functionally tested by the maintainers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arthurflame @kehoecj @ccoVeille