Adds SARIF traces support to SAPP #93
Conversation
facebook-github-bot
added
the
CLA Signed
sapp/ui/trace.py
Outdated
| }, | ||
| "nestingLevel": nesting_level, | ||
| } | ||
| return location |
There was a problem hiding this comment.
Could we move all the logic regarding sarif into sarif.py?
There was a problem hiding this comment.
Which part exactly you'd like to move to sarif.py. The to_sarif function body just find the traces and calls _sarif_codeflow_location_from_trace_tuple. I don't want to move the latter to sarif.py because it is specific to traces. It is a private function that takes a trace_frame, tool and return the sarif codeflows object.
There was a problem hiding this comment.
Well IMO anything related to sarif should go into sarif.py. If we start putting function from every format into trace.py it will get overwhelming soon.
trace.py should provide a clean API that allows any formatter to get the data and do it's formatting.
From what I see, everything we use in the sarif functions is public? Tell me if I'm wrong.
|
I still believe we should move that code into |
the-storm
force-pushed
the
support-sarif-traces-sapp
branch
from
4a4a7c0
to
3196c96
Compare
|
@arthaud has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
the-storm
force-pushed
the
support-sarif-traces-sapp
branch
from
3196c96
to
d8f1b06
Compare
|
FYI There are type errors we need to fix: |
|
I fixed the type errors and I am landing this. Please pull before working on follow-ups since I had to make many changes. |
Summary:
**Pre-submission checklist**
- [✅] I've ran the following linters locally and fixed lint errors related to the files I modified in this PR
- [✅] `black .`
- [✅] `usort format .`
- [✅] `flake8`
- [✅]] I've installed dev dependencies `pip install -r requirements-dev.txt` and completed the following:
- [✅] I've ran tests with `./scripts/run-tests.sh` and made sure all tests are passing
- Tests are failing but already failing without this PR
This PR refactors the sarif relevant functions in the codebase and move it into `sarif.py` (centralized location). This was discussed as a follow-up to #93.
Pull Request resolved: #96
Test Plan: Run sapp on [exercise_3](https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/exercise3/views.py) from Pysa tutorial and compared the output with this PR and without this PR and noticed no changes in the output. SARIF output of [exercise3.txt](https://github.com/facebook/sapp/files/12164331/exercise3.txt)
Reviewed By: yuhshin-oss
Differential Revision: D47792963
Pulled By: arthaud
fbshipit-source-id: c58f2c5a1e1af5cd98210c4cd644c4c3d250154f
Pre-submission checklist
black .usort format .flake8pip install -r requirements-dev.txtand completed the following:./scripts/run-tests.shand made sure all tests are passingSummary
This PR adds a sarif output to SAPP traces. Currently SARIF output from SAPP doesn't output the trace of an issue. It just outputs the root node making it triage almost impossible.
Example of SARIF output on exercise_3 from Pysa tutorial is
Notice locations section only shows the root of where the issue is happening but not a full trace
Below is the SARIF output of the same issue after applying this PR
Notice the new object in SARIF output
codeFlowsThe PR is heavily inspired by
_generate_trace_from_issuefrom the interactive output for SAPPTest Plan
Analyzed exercise 3 with Pysa https://github.com/facebook/pyre-check/blob/main/documentation/pysa_tutorial/exercise3/ and attached the SARIF before and after
SARIF before this PR: exercise3_old.sarif.txt
SARIF after this PR: exercise3.sarif.txt
Screenshot before this PR
Screenshot after this PR
PS: I noticed there are no unit tests for SARIF output. I am happy to follow-up later with A PR that add some unit tests for SARIF export.
PS: I have also run the pre-submission checklist but I have noticed that the tests are already broken without any changes from my side.