Fix #1035: Support SARIF output (#2311)

clj-kondo · Apr 4, 2024 · 0728512 · 0728512
1 parent 39efd4b
commit 0728512
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -92,3 +92,4 @@ tmp
 corpus/issue-2223/.clj-kondo
 corpus/issue-2239/.clj-kondo/.cache
 src/scratch.clj
+.portal
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@ For a list of breaking changes, check [here](#breaking-changes).
 <!-- - [ ] update lein-clj-kondo -->
 <!-- - [ ] update carve -->
 
+## 2024.04.04
+
+- [#1035](https://github.com/clj-kondo/clj-kondo/issues/1035): Support SARIF output with `--config {:output {:format :sarif}}`
+
 ## 2024.03.19
 
 - [#2302](https://github.com/clj-kondo/clj-kondo/issues/2302): New linter: `:equals-expected-position` to enforce expected value to be in first (or last) position. See [docs](https://github.com/clj-kondo/clj-kondo/blob/master/doc/linters.md)

diff --git a/doc/config.md b/doc/config.md
@@ -418,6 +418,10 @@ $ clj-kondo --lint corpus --config '{:output {:format :json}}' | jq '.findings[0
 
 Printing in EDN format is also supported.
 
+### Print results in SARIF format
+
+Use `--config '{:output {:format :sarif}}`
+
 ### Print results with a custom format
 
 ``` shell

diff --git a/src/clj_kondo/core.clj b/src/clj_kondo/core.clj
@@ -10,6 +10,7 @@
    [clj-kondo.impl.findings :as findings]
    [clj-kondo.impl.linters :as l]
    [clj-kondo.impl.overrides :refer [overrides]]
+   [clj-kondo.impl.sarif :as sarif]
    [clj-kondo.impl.utils :as utils]
    [clojure.java.io :as io]))
 
@@ -49,7 +50,9 @@
                   (:summary output-cfg)
                   (assoc :summary summary)
                   analysis
-                  (assoc :analysis analysis))))))
+                  (assoc :analysis analysis))))
+      :sarif (println (-> (sarif/generate-sarif {:findings findings})
+                          (cheshire/generate-string)))))
   (flush)
   nil)
 

diff --git a/src/clj_kondo/impl/sarif.clj b/src/clj_kondo/impl/sarif.clj
@@ -0,0 +1,36 @@
+(ns clj-kondo.impl.sarif
+  (:require [clj-kondo.impl.config :as config]))
+
+;; https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md#simple-example
+
+(set! *warn-on-reflection* true)
+
+(defn finding->sarif [rules files finding]
+  {:level (:level finding)
+   :message {:text (:message finding)}
+   :locations [{:physicalLocation
+                {:artifactLocation
+                 {:uri (:filename finding)
+                  :index (.indexOf ^java.util.List files (:filename finding))
+                  :region {:startLine (:row finding)
+                           :startColumn (:col finding)}}}}]
+   :ruleId (:type finding)
+   :ruleIndex (:index (get rules (:type finding)))})
+
+(defn generate-sarif [{:keys [findings]}]
+  (let [linters (:linters config/default-config)
+        rules (zipmap (keys linters)
+                      (mapv (fn [[k _] i]
+                              {:id k :index i})
+                            linters
+                            (range)))
+        files (vec (distinct (map :filename findings)))]
+    {:version "2.1.0"
+     "$schema" "http://json.schemastore.org/sarif-2.1.0-rtm.4"
+     :runs [{:tool {:driver {:name "Clj-kondo"
+                             :informationUri "https://github.com/clj-kondo/clj-kondo"
+                             :rules (mapv #(dissoc % :index) (vals rules))}}
+             :artifacts (mapv (fn [file]
+                                {:location {:uri file}})
+                              files)
+             :results (mapv #(finding->sarif rules files %) findings)}]}))