Prune results of Ruby query from SARIF

2022-11-04 13:58:27 +00:00 · 2022-11-04 13:58:27 +00:00 · 862a512899
commit 862a512899
parent 71510779c2
8 changed files with 316 additions and 19 deletions
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@ -28,6 +28,7 @@ const ava_1 = __importDefault(require("ava"));
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
+const upload_lib_1 = require("./upload-lib");
 const util_1 = require("./util");
 (0, testing_utils_1.setupTests)(ava_1.default);
 ava_1.default.beforeEach(() => {
@ -200,6 +201,105 @@ ava_1.default.beforeEach(() => {
    t.throws(() => uploadLib.validateUniqueCategory(sarif1));
    t.throws(() => uploadLib.validateUniqueCategory(sarif2));
 });
+(0, ava_1.default)("pruneInvalidResults", (t) => {
+    const loggedMessages = [];
+    const mockLogger = {
+        info: (message) => {
+            loggedMessages.push(message);
+        },
+    };
+    const sarif = {
+        runs: [
+            {
+                tool: otherTool,
+                results: [resultWithBadMessage1, resultWithGoodMessage],
+            },
+            {
+                tool: affectedCodeQLVersion,
+                results: [
+                    resultWithOtherRuleId,
+                    resultWithBadMessage1,
+                    resultWithBadMessage2,
+                    resultWithGoodMessage,
+                ],
+            },
+            {
+                tool: unaffectedCodeQLVersion,
+                results: [resultWithBadMessage1, resultWithGoodMessage],
+            },
+        ],
+    };
+    const result = (0, upload_lib_1.pruneInvalidResults)(sarif, mockLogger);
+    const expected = {
+        runs: [
+            {
+                tool: otherTool,
+                results: [resultWithBadMessage1, resultWithGoodMessage],
+            },
+            {
+                tool: affectedCodeQLVersion,
+                results: [resultWithOtherRuleId, resultWithGoodMessage],
+            },
+            {
+                tool: unaffectedCodeQLVersion,
+                results: [resultWithBadMessage1, resultWithGoodMessage],
+            },
+        ],
+    };
+    t.deepEqual(result, expected);
+    t.deepEqual(loggedMessages.length, 1);
+    t.assert(loggedMessages[0].includes("Pruned 2 results"));
+});
+const affectedCodeQLVersion = {
+    driver: {
+        name: "CodeQL",
+        semanticVersion: "2.11.2",
+    },
+};
+const unaffectedCodeQLVersion = {
+    driver: {
+        name: "CodeQL",
+        semanticVersion: "2.11.3",
+    },
+};
+const otherTool = {
+    driver: {
+        name: "Some other tool",
+        semanticVersion: "2.11.2",
+    },
+};
+const resultWithOtherRuleId = {
+    ruleId: "doNotPrune",
+    message: {
+        text: "should not be pruned even though it says MD5 in it",
+    },
+    locations: [],
+    partialFingerprints: {},
+};
+const resultWithGoodMessage = {
+    ruleId: "rb/weak-cryptographic-algorithm",
+    message: {
+        text: "should not be pruned SHA128 is not a FP",
+    },
+    locations: [],
+    partialFingerprints: {},
+};
+const resultWithBadMessage1 = {
+    ruleId: "rb/weak-cryptographic-algorithm",
+    message: {
+        text: "should be pruned MD5 is a FP",
+    },
+    locations: [],
+    partialFingerprints: {},
+};
+const resultWithBadMessage2 = {
+    ruleId: "rb/weak-cryptographic-algorithm",
+    message: {
+        text: "should be pruned SHA1 is a FP",
+    },
+    locations: [],
+    partialFingerprints: {},
+};
 function createMockSarif(id, tool) {
    return {
        runs: [