37 releases
0.6.6 | Sep 2, 2024 |
---|---|
0.6.0 | Jul 30, 2024 |
0.4.2 | Sep 7, 2023 |
0.4.1 | Jul 30, 2023 |
0.2.15 | Jul 6, 2021 |
#6 in Command line utilities
63,248 downloads per month
86KB
1.5K
SLoC
sarif-fmt
This crate provides a command line tool to pretty print SARIF files to easy human readable output.
The latest documentation can be found here.
SARIF or the Static Analysis Results Interchange Format is an industry standard format for the output of static analysis tools. More information can be found on the official website: https://sarifweb.azurewebsites.net/.
Installation
sarif-fmt
may be installed via cargo
cargo install sarif-fmt
via cargo-binstall
cargo binstall sarif-fmt
or downloaded directly from Github Releases
# make sure to adjust the target and version (you may also want to pin to a specific version)
curl -sSL https://github.com/psastras/sarif-rs/releases/download/sarif-fmt-v0.6.6/sarif-fmt-x86_64-unknown-linux-gnu -o sarif-fmt
Fedora Linux
sudo dnf install <cli_name> # ex. cargo binstall sarif-fmt
Nix
Through the nix
cli,
nix --accept-flake-config profile install github:psastras/sarif-rs#sarif-fmt
Usage
For most cases, simply pipe a SARIF file into sarif-fmt
(cat ./foo.sarif | sarif-fmt
)
Example
$ cargo clippy --message-format=json | clippy-sarif | sarif-fmt
$ warning: using `Option.and_then(|x| Some(y))`, which is more succinctly expressed as `map(|x| y)`
┌─ sarif-fmt/src/bin.rs:423:13
│
423 │ ╭ the_rule
424 │ │ .full_description
425 │ │ .as_ref()
426 │ │ .and_then(|mfms| Some(mfms.text.clone()))
│ ╰───────────────────────────────────────────────────────^
│
= `#[warn(clippy::bind_instead_of_map)]` on by default
for further information visit https://rust-lang.github.io/rust-clippy/master#bind_instead_of_map
Often it is useful to record the SARIF file for machine processing but also
print the nicely formatted results to stdout at the same time. This can be done
using the tee
command:
$ clang-tidy -checks=cert-* cpp.cpp -- | clang-tidy-sarif | tee clang-tidy.sarif | sarif-fmt
$ 2 warnings generated.
warning: 'atoi' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead [cert-err34-c]
┌─ /home/psastras/repos/sarif-rs/sarif-fmt/tests/data/cpp.cpp:4:10
│
4 │ return atoi(num);
│ ^^^^^^^^^^
warning: calling 'system' uses a command processor [cert-env33-c]
┌─ /home/psastras/repos/sarif-rs/sarif-fmt/tests/data/cpp.cpp:8:3
│
8 │ system("ls");
│ ^^^^^^^^^^^^^
$ cat clang-tidy.sarif
{
"runs": [
{
"results": [
{
"level": "warning",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "cpp.cpp"
},
"region": {
"startColumn": 10,
"startLine": 4
}
}
}
],
"message": {
"text": "'atoi' used to convert a string to an integer value, but function will not report conversion errors; consider using 'strtol' instead [cert-err34-c]"
}
},
{
"level": "warning",
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "cpp.cpp"
},
"region": {
"startColumn": 3,
"startLine": 8
}
}
}
],
"message": {
"text": "calling 'system' uses a command processor [cert-env33-c]"
}
}
],
"tool": {
"driver": {
"name": "clang-tidy"
}
}
}
],
"version": "2.1.0"
}
License: MIT
Dependencies
~3–11MB
~109K SLoC