Du benutzt GitHub, schreibst Code und machst andere lustige Sachen. Verwenden Sie einen statischen Analysator, um die Qualität Ihrer Arbeit zu verbessern und Ihre Zeit zu optimieren. Und dann bekommen Sie eine Idee - warum nicht die vom Analysator direkt in GitHub erzeugten Fehler betrachten? Und auch, damit es schön aussieht. Was ist in diesem Fall zu tun? Die Antwort ist sehr einfach. Ihre Wahl ist SARIF. Was es ist, wie es konfiguriert wird, wird in diesem Artikel erläutert. Viel Spaß beim Lesen.
Was ist SARIF?
SARIF (Static Analysis Results Interchange Format) – JSON . , , - , GitHub Visual Studio Code.
- , . , (, JSON), . .
(SARIF) , . . , , SARIF . , . , , \, . !
GitHub
, "Security".
"Code scanning alerts" "Set up code scanning".
"Set up this workflow".
yml ( upload-sarif.yml) :
name: "Upload SARIF"
# Run workflow each time code is pushed to your repository and on a schedule.
# The scheduled workflow runs every at 00:00 on Sunday UTC time.
on:
push:
schedule:
- cron: '0 0 * * 0'
jobs:
build:
runs-on: ubuntu-latest
steps:
# This step checks out a copy of your repository.
- name: Checkout repository
uses: actions/checkout@v2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v1
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
:
"Start commit", - ( "Create upload-sarif.yml") .
, ! SARIF .
SARIF
, SARIF – , . PVS-Studio PlogConverter. – .
SARIF , . ++ . - ? :) :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if ( !((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int main()
{
std::cout << "error" << std::endl;
}
, , " PVS-Studio , ".
, PVS-Studio. - "PVS-Studio_Cmd.exe". C++, C# MSBuild- Windows. "C:\Program Files (x86)\PVS-Studio". .
, . :
PVS-Studio_Cmd.exe -t "D:\Use_SARIF_Example\BestProjectCpp.sln" \
-o "D:\Use_SARIF_Example\results.plog" -e "D:\Use_SARIF_Example\"
. "-t" . (sln csproj/vcxproj ). "-o" , . "-e" - , PVS-Studio . , .
, plog SARIF . PlogConverter.
Plog SARIF
PlogConverter, . PlogConverter – , PVS-Studio . .
, PlogConverter.exe . PVS-Studio "PVS-Studio_Cmd.exe". , :
PlogConverter.exe "D:\Use_SARIF_Example\results.plog" \
-o "D:\Use_SARIF_Example" -t sarif -n results
. .
,
, , SARIF . "Add file -> Upload files".
SARIF , . , , "Actions" .
, "Security". "Code scanning alerts -> PVS-Studio".
. - :
:
;
. , ;
.
SARIF GitHub
, . , , - , SARIF . , , . C++ :
#include <iostream>
void f(unsigned int ch)
{
unsigned int chx = -1;
if (ch >= 0x0fff0)
{
if (!((ch >= 0x0FF10) && (ch <= 0x0FF19))
|| ((ch >= 0x0FF21) && (ch <= 0x0FF3A))
|| ((ch >= 0x0FF41) && (ch <= 0x0FF5A)))
{
ch = chx;
}
}
}
int ComputeProjectionMatrixFOV(float fov)
{
float yScale = 1.0 / tan((3.141592538 / 180.0) * fov / 2);
return yScale;
}
int main()
{
std::cout << "error" << std::endl;
}
, , SARIF ( ) . , . .
. "Security" -> "Code scanning alerts" -> "PVS-Studio" "Branch" . :
, . , . , , bat , , SARIF SARIF .
?
, . ? , , — , . "Open" "Closed". "Open" — , . "Closed" – , .
— (, ).
. , .
GitHub "false positive", "used in tests", "won't fix" :). , ( checkbox) "Dismiss".
, , SARIF .
"Open", . "Closed", , , "Reopen".
, , . , "Open", , "Closed". SARIF . pull request, . , . SARIF pull request .
C++?
, . , – , SARIF . , PVS-Studio C++, C#, Java. C#, . , , C# . , :
using System;
using System.Collections.Generic;
using System.Linq;
namespace TestSarif
{
class Program
{
static void Main()
{
var result = Formula42(3, 5);
}
static int Formula42(int? coefficientA, int? coefficientB)
{
var data = new List<int>();
if (coefficientA != null)
data.Add(Formula42(coefficientA.Value));
else if (coefficientB != null)
data.Add(Formula42(coefficientA.Value));
return data.SingleOrDefault();
}
static private int Formula42(int coefficient)
{
return coefficient;
}
}
}
:
.
, , SARIF — , . SARIF . , VS Code . , , , . , - , .
. .
, : Nikolay Mironov, Evgeniy Ovsannikov. How to Get Nice Error Reports Using SARIF.