I don't know if this will be useful to anyone besides me, but when I tried to use Visual Studio to work with the static analysis results in the .sarif files, I ran into some headaches. So I've written a small SARIF file processor that I am using to clean the files so they work well with Visual Studio (and presumably other SARIF readers, but I haven't tested anything else). It's on GitHub, of course: https://github.com/chennes/CleanSARIF
I've put up some precompiled binaries for Windows and Linux (I don't really know how to package for Linux, though, so you might be better off just compiling it yourself!). Comments, bug reports, etc. are all welcome. It needs some polishing, but I've been using it and it more or less does what I needed it to .
GitHub CodeQL (formerly Semmle LGTM)
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
Be nice to others! Respect the FreeCAD code of conduct!
Re: LGTM (Semmle CodeQL)
Looks Great! The different scanners do have some options to exports the logs in a few different ways, but obviously it is hard to make this usefully for everyone and specially in a such diverse project development as we have with FreeCAD, this should indeed be a great tool for everyone to adjust the logs to their own needs. Thanks!chennes wrote: ↑Mon Feb 15, 2021 4:26 am I don't know if this will be useful to anyone besides me, but when I tried to use Visual Studio to work with the static analysis results in the .sarif files, I ran into some headaches. So I've written a small SARIF file processor that I am using to clean the files so they work well with Visual Studio (and presumably other SARIF readers, but I haven't tested anything else). It's on GitHub, of course: https://github.com/chennes/CleanSARIF
Re: LGTM (Semmle CodeQL)
I've made some minor tweaks and posted CleanSARIF Release Candidate 2 (it sounds so fancy and formal!). Mostly I added icons . I've attached two generic filter files to this post. I've been using these on the most recent batch of FreeCAD results to get rid of some of the results that aren't needed. I've found that it's also helpful sometimes to add filters that exclude everything but a particular workbench, so I can focus on just that one (since PRs should be broken down by WB, ideally).
To use these in the app, remove the extra ".txt" extension added to make the forums happy.
To use these in the app, remove the extra ".txt" extension added to make the forums happy.
- Attachments
-
- LGTM_Filters.json.txt
- (766 Bytes) Downloaded 76 times
-
- PVS_Filters.json.txt
- (2.2 KiB) Downloaded 85 times
Re: LGTM (Semmle CodeQL)
neat!
Alone you go faster. Together we go farther
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
Please mark thread [Solved]
Want to contribute back to FC? Checkout:
'good first issues' | Open TODOs and FIXMEs | How to Help FreeCAD | How to report Bugs
Re: LGTM (Semmle CodeQL)
New report from build 0.20.25220 has been created...
Re: LGTM (Semmle CodeQL)
New report from build 0.20.28030 has been created...
Re: LGTM (Semmle CodeQL)
New report from build 0.21.30257 has been created...
Also a note about the shut down of LGTM.com
https://github.blog/2022-08-15-the-next ... -scanning/
Also a note about the shut down of LGTM.com
https://github.blog/2022-08-15-the-next ... -scanning/
Re: GitHub CodeQL (formerly Semmle LGTM)
New report from build 0.21.32049 has been created for cpp and python. Since we had this on the LGTM site before, I guess it is ok to also publish this now public...
https://mega.nz/file/vQJzDAoC#9veX3vSMI ... sUdVSLIwr4
https://mega.nz/file/vQJzDAoC#9veX3vSMI ... sUdVSLIwr4
Re: GitHub CodeQL (formerly Semmle LGTM)
New report from build 0.21.33678 has been created...
https://mega.nz/file/KNRRzBwY#Jkd1DmRrQ ... mj69EiRTNM
Few recent blogposts about some of the technologies behind CodeQL, for those that have some interest in this...
https://github.blog/2023-03-31-codeql-z ... -research/ CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
https://github.blog/2023-06-15-codeql-z ... th-codeql/ CodeQL zero to hero part 2: getting started with CodeQL
https://github.blog/2023-10-19-icymi-im ... or-lombok/ ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok
https://mega.nz/file/KNRRzBwY#Jkd1DmRrQ ... mj69EiRTNM
Few recent blogposts about some of the technologies behind CodeQL, for those that have some interest in this...
https://github.blog/2023-03-31-codeql-z ... -research/ CodeQL zero to hero part 1: the fundamentals of static analysis for vulnerability research
https://github.blog/2023-06-15-codeql-z ... th-codeql/ CodeQL zero to hero part 2: getting started with CodeQL
https://github.blog/2023-10-19-icymi-im ... or-lombok/ ICYMI: improved C++ vulnerability coverage and CodeQL support for Lombok