Undowngrade devskim (oxsecurity#2748)

* Undowngrade devskim Fixes oxsecurity#2745 * Change devskim parameters * arg names * Add new type sarif for counting lines and use it on Devskim * fix * fix * [MegaLinter] Apply linters fixes * Fix sarif extract --------- Co-authored-by: nvuillam <nvuillam@users.noreply.github.com>
sanmai-NL · Oct 4, 2023 · 059b288 · 059b288
1 parent f8609ca
commit 059b288
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -674,7 +674,7 @@ ENV PATH="~/.raku/bin:/opt/rakudo-pkg/bin:/opt/rakudo-pkg/share/perl6/site/bin:$
 #     && ./dotnet-install.sh --install-dir /usr/share/dotnet -channel 6.0 -version latest
 # Next line commented because already managed by another linter
 # ENV PATH="${PATH}:/root/.dotnet/tools:/usr/share/dotnet"
-RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI --version 0.7.104 \
+RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI \
 
 # dustilock installation
 # Managed with COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock

diff --git a/flavors/security/Dockerfile b/flavors/security/Dockerfile
@@ -211,7 +211,7 @@ RUN printf '#!/bin/bash \n\nif [[ -x "$1" ]]; then exit 0; else echo "Error: Fil
     && ./dotnet-install.sh --install-dir /usr/share/dotnet -channel 6.0 -version latest
 
 ENV PATH="${PATH}:/root/.dotnet/tools:/usr/share/dotnet"
-RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI --version 0.7.104 \
+RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI \
 
 # dustilock installation
 # Managed with COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock

diff --git a/linters/repository_devskim/Dockerfile b/linters/repository_devskim/Dockerfile
@@ -136,7 +136,7 @@ RUN wget --tries=5 -q -O dotnet-install.sh https://dot.net/v1/dotnet-install.sh
     && ./dotnet-install.sh --install-dir /usr/share/dotnet -channel 6.0 -version latest
 
 ENV PATH="${PATH}:/root/.dotnet/tools:/usr/share/dotnet"
-RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI --version 0.7.104
+RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI
 
 #OTHER__END
 

diff --git a/megalinter/Linter.py b/megalinter/Linter.py
@@ -1330,6 +1330,18 @@ def get_total_number_errors(self, stdout: str):
             total_errors = sum(
                 not line.isspace() and line != "" for line in stdout.splitlines()
             )
+        # Count number of results in sarif format
+        elif self.cli_lint_errors_count == "sarif":
+            sarif = None
+            sarif_stdout = utils.find_json_in_stdout(stdout)
+            try:
+                sarif = json.loads(sarif_stdout)
+            except ValueError as e:
+                logging.warning(f"Unable to parse sarif ({str(e)}):" + stdout)
+            if sarif and sarif["runs"] and sarif["runs"][0]["results"]:
+                total_errors = len(sarif["runs"][0]["results"])
+            else:
+                logging.warning("Unable to find results in :" + stdout)
         # Return result if found, else default value according to status
         if total_errors > 0:
             return total_errors

diff --git a/megalinter/descriptors/repository.megalinter-descriptor.yml b/megalinter/descriptors/repository.megalinter-descriptor.yml
@@ -67,17 +67,19 @@ linters:
       - --file-format
       - sarif
     cli_lint_extra_args_after:
+      - --source-code
       - "."
       - -E
+      - --skip-git-ignored-files
       - --ignore-globs
       - "**/megalinter-reports/**"
-    cli_lint_errors_count: regex_count
-    cli_lint_errors_regex: "(\\[.*\\])"
+    cli_help_arg_name: --help
+    cli_version_arg_name: --version
+    cli_lint_errors_count: sarif
     test_folder: devskim
     examples:
       - "devskim analyze ."
       - "devskim analyze --file-format sarif ."
-    downgraded_version: true
     install:
       apk:
         - icu-libs
@@ -94,7 +96,7 @@ linters:
               && chmod +x dotnet-install.sh \
               && ./dotnet-install.sh --install-dir /usr/share/dotnet -channel 6.0 -version latest
         - ENV PATH="${PATH}:/root/.dotnet/tools:/usr/share/dotnet"
-        - RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI --version 0.7.104
+        - RUN dotnet tool install --global Microsoft.CST.DevSkim.CLI
     ide:
       vscode:
         - name: VSCode DevSkim

diff --git a/megalinter/descriptors/schemas/megalinter-descriptor.jsonschema.json b/megalinter/descriptors/schemas/megalinter-descriptor.jsonschema.json
@@ -603,7 +603,8 @@
               "regex_number",
               "regex_count",
               "regex_sum",
-              "total_lines"
+              "total_lines",
+              "sarif"
             ],
             "examples": [
               "regex_number",