diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 15d0059a0..5ddb1b882 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -112377,12 +112377,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifLog.runs || []) { const artifacts = run2.artifacts || []; for (const result of run2.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -112422,7 +112422,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -112678,9 +112678,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -112703,8 +112703,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -112713,7 +112713,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -112776,14 +112776,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -112791,21 +112791,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -112822,12 +112822,12 @@ async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProc } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -112979,9 +112979,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -113000,13 +113000,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { const locations = [ @@ -113027,7 +113027,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/upload-sarif.ts diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 7bc36d338..a58d1ed6e 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -169453,12 +169453,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run3 of sarif.runs || []) { + for (const run3 of sarifLog.runs || []) { const artifacts = run3.artifacts || []; for (const result of run3.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -169498,7 +169498,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -169723,9 +169723,9 @@ function getSarifFilePaths(sarifPath, isSarif) { } return sarifFiles; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -169748,8 +169748,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -169758,7 +169758,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -169821,14 +169821,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -169836,21 +169836,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { const sarifPaths = getSarifFilePaths( @@ -169884,12 +169884,12 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -170026,9 +170026,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run3 of sarif.runs) { + for (const run3 of sarifLog.runs) { const id = run3?.automationDetails?.id; const tool = run3.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -170047,13 +170047,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run3 of sarif.runs) { + for (const run3 of sarifLog.runs) { if (run3.results) { run3.results = run3.results.filter((result) => { const locations = [ @@ -170074,7 +170074,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/workflow.ts diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 13996f1d0..4faf8586f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -110264,12 +110264,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run of sarif.runs || []) { + for (const run of sarifLog.runs || []) { const artifacts = run.artifacts || []; for (const result of run.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -110309,7 +110309,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -110582,9 +110582,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -110607,8 +110607,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -110617,7 +110617,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -110680,14 +110680,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -110695,21 +110695,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -110756,12 +110756,12 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -110913,9 +110913,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -110934,13 +110934,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { if (run.results) { run.results = run.results.filter((result) => { const locations = [ @@ -110961,7 +110961,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 5cf366968..00c563e74 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -110856,12 +110856,12 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) { } return uri; } -async function addFingerprints(sarif, sourceRoot, logger) { +async function addFingerprints(sarifLog, sourceRoot, logger) { logger.info( `Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.` ); const callbacksByFile = {}; - for (const run2 of sarif.runs || []) { + for (const run2 of sarifLog.runs || []) { const artifacts = run2.artifacts || []; for (const result of run2.results || []) { const primaryLocation = (result.locations || [])[0]; @@ -110901,7 +110901,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { }; await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } // src/init.ts @@ -111157,9 +111157,9 @@ async function getGroupedSarifFilePaths(logger, sarifPath) { } return results; } -function countResultsInSarif(sarif) { +function countResultsInSarif(sarifLog) { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -111182,8 +111182,8 @@ function readSarifFile2(sarifFilePath) { ); } } -function validateSarifFileSchema(sarif, sarifFilePath, logger) { - if (areAllRunsProducedByCodeQL([sarif]) && // We want to validate CodeQL SARIF in testing environments. +function validateSarifFileSchema(sarifLog, sarifFilePath, logger) { + if (areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !getTestingEnvironment()) { logger.debug( `Skipping SARIF schema validation for ${sarifFilePath} as all runs are produced by CodeQL.` @@ -111192,7 +111192,7 @@ function validateSarifFileSchema(sarif, sarifFilePath, logger) { } logger.info(`Validating ${sarifFilePath}`); const schema2 = require_sarif_schema_2_1_0(); - const result = new jsonschema2.Validator().validate(sarif, schema2); + const result = new jsonschema2.Validator().validate(sarifLog, schema2); const warningAttributes = ["uri-reference", "uri"]; const errors = (result.errors ?? []).filter( (err) => !(err.name === "format" && typeof err.argument === "string" && warningAttributes.includes(err.argument)) @@ -111255,14 +111255,14 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Post-processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); - let sarif; + let sarifLog; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile2(sarifPath); validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -111270,21 +111270,21 @@ async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile2(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + sarifLog = readSarifFile2(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await getAnalysisKey(); const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProcessingResults) { const outputPath = pathInput || getOptionalEnvVar("CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */); @@ -111301,12 +111301,12 @@ async function writePostProcessedFiles(logger, pathInput, uploadTarget, postProc } async function uploadPostProcessedFiles(logger, checkoutPath, uploadTarget, postProcessingResults) { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -111458,9 +111458,9 @@ function handleProcessingResultForUnsuccessfulExecution(response, status, logger assertNever(status); } } -function validateUniqueCategory(sarif, sentinelPrefix) { +function validateUniqueCategory(sarifLog, sentinelPrefix) { const categories = {}; - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { const id = run2?.automationDetails?.id; const tool = run2.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -111479,13 +111479,13 @@ function validateUniqueCategory(sarif, sentinelPrefix) { function sanitize(str2) { return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger, sarif) { +function filterAlertsByDiffRange(logger, sarifLog) { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = getRequiredInput("checkout_path"); - for (const run2 of sarif.runs) { + for (const run2 of sarifLog.runs) { if (run2.results) { run2.results = run2.results.filter((result) => { const locations = [ @@ -111506,7 +111506,7 @@ function filterAlertsByDiffRange(logger, sarif) { }); } } - return sarif; + return sarifLog; } // src/upload-sarif.ts diff --git a/src/analyze.ts b/src/analyze.ts index 6f5693044..c7af4fec9 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -25,6 +25,7 @@ import { FeatureEnablement, Feature } from "./feature-flags"; import { KnownLanguage, Language } from "./languages"; import { Logger, withGroupAsync } from "./logging"; import { OverlayDatabaseMode } from "./overlay"; +import type * as sarif from "./sarif"; import { DatabaseCreationTimings, EventReport } from "./status-report"; import { endTracingForCluster } from "./tracer-config"; import * as util from "./util"; @@ -594,7 +595,7 @@ export async function runQueries( function getPerQueryAlertCounts(sarifPath: string): Record { const sarifObject = JSON.parse( fs.readFileSync(sarifPath, "utf8"), - ) as util.SarifFile; + ) as sarif.Log; // We do not need to compute fingerprints because we are not sending data based off of locations. // Generate the query: alert count object diff --git a/src/fingerprints.test.ts b/src/fingerprints.test.ts index 6c29537d0..6cb9b6861 100644 --- a/src/fingerprints.test.ts +++ b/src/fingerprints.test.ts @@ -6,6 +6,7 @@ import test from "ava"; import * as fingerprints from "./fingerprints"; import { getRunnerLogger } from "./logging"; +import * as sarif from "./sarif"; import { setupTests } from "./testing-utils"; import * as util from "./util"; @@ -201,7 +202,7 @@ test("addFingerprints", async (t) => { fs .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`) .toString(), - ) as util.SarifFile; + ) as sarif.Log; const expected = JSON.parse( fs .readFileSync( @@ -229,7 +230,7 @@ test("missingRegions", async (t) => { fs .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`) .toString(), - ) as util.SarifFile; + ) as sarif.Log; const expected = JSON.parse( fs .readFileSync( diff --git a/src/fingerprints.ts b/src/fingerprints.ts index 443238ed4..e6c5bd131 100644 --- a/src/fingerprints.ts +++ b/src/fingerprints.ts @@ -5,7 +5,7 @@ import Long from "long"; import { DocUrl } from "./doc-url"; import { Logger } from "./logging"; -import { SarifFile, SarifResult } from "./util"; +import type * as sarif from "./sarif"; const tab = "\t".charCodeAt(0); const space = " ".charCodeAt(0); @@ -138,7 +138,7 @@ export async function hash(callback: hashCallback, filepath: string) { // Generate a hash callback function that updates the given result in-place // when it receives a hash for the correct line number. Ignores hashes for other lines. function locationUpdateCallback( - result: SarifResult, + result: sarif.Result, location: any, logger: Logger, ): hashCallback { @@ -256,17 +256,17 @@ export function resolveUriToFile( // Compute fingerprints for results in the given sarif file // and return an updated sarif file contents. export async function addFingerprints( - sarif: SarifFile, + sarifLog: sarif.Log, sourceRoot: string, logger: Logger, -): Promise { +): Promise { logger.info( `Adding fingerprints to SARIF file. See ${DocUrl.TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS} for more information.`, ); // Gather together results for the same file and construct // callbacks to accept hashes for that file and update the location const callbacksByFile: { [filename: string]: hashCallback[] } = {}; - for (const run of sarif.runs || []) { + for (const run of sarifLog.runs || []) { // We may need the list of artifacts to resolve against const artifacts = run.artifacts || []; @@ -316,5 +316,5 @@ export async function addFingerprints( await hash(teeCallback, filepath); } - return sarif; + return sarifLog; } diff --git a/src/sarif/index.test.ts b/src/sarif/index.test.ts index 94d1c5f18..115d35013 100644 --- a/src/sarif/index.test.ts +++ b/src/sarif/index.test.ts @@ -4,7 +4,7 @@ import test from "ava"; import { setupTests } from "../testing-utils"; -import { getToolNames, type SarifFile } from "."; +import { getToolNames, type Log } from "."; setupTests(test); @@ -13,6 +13,6 @@ test("getToolNames", (t) => { `${__dirname}/../../src/testdata/tool-names.sarif`, "utf8", ); - const toolNames = getToolNames(JSON.parse(input) as SarifFile); + const toolNames = getToolNames(JSON.parse(input) as Log); t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]); }); diff --git a/src/sarif/index.ts b/src/sarif/index.ts index acb19e1e9..628c77226 100644 --- a/src/sarif/index.ts +++ b/src/sarif/index.ts @@ -4,16 +4,10 @@ import { Logger } from "../logging"; import * as sarif from "sarif"; -// Re-export some types with other names for backwards-compatibility -export type SarifLocation = sarif.Location; -export type SarifNotification = sarif.Notification; -export type SarifInvocation = sarif.Invocation; -export type SarifResult = sarif.Result; -export type SarifRun = sarif.Run; -export type SarifFile = sarif.Log; +export type * from "sarif"; // `automationId` is non-standard. -export type SarifRunKey = sarif.ToolComponent & { +export type RunKey = sarif.ToolComponent & { automationId: string | undefined; }; @@ -27,7 +21,7 @@ export class InvalidSarifUploadError extends Error {} * * Returns an array of unique string tool names. */ -export function getToolNames(sarifFile: SarifFile): string[] { +export function getToolNames(sarifFile: sarif.Log): string[] { const toolNames = {}; for (const run of sarifFile.runs || []) { @@ -41,8 +35,8 @@ export function getToolNames(sarifFile: SarifFile): string[] { return Object.keys(toolNames); } -export function readSarifFile(sarifFilePath: string): SarifFile { - return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as SarifFile; +export function readSarifFile(sarifFilePath: string): sarif.Log { + return JSON.parse(fs.readFileSync(sarifFilePath, "utf8")) as sarif.Log; } // Takes a list of paths to sarif files and combines them together, @@ -50,9 +44,9 @@ export function readSarifFile(sarifFilePath: string): SarifFile { export function combineSarifFiles( sarifFiles: string[], logger: Logger, -): SarifFile { +): sarif.Log { logger.info(`Loading SARIF file(s)`); - const combinedSarif: SarifFile = { + const combinedSarif: sarif.Log = { version: "2.1.0", runs: [], }; @@ -79,7 +73,7 @@ export function combineSarifFiles( * Checks whether all the runs in the given SARIF files were produced by CodeQL. * @param sarifObjects The list of SARIF objects to check. */ -export function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { +export function areAllRunsProducedByCodeQL(sarifObjects: sarif.Log[]): boolean { return sarifObjects.every((sarifObject) => { return sarifObject.runs?.every( (run) => run.tool?.driver?.name === "CodeQL", @@ -87,7 +81,7 @@ export function areAllRunsProducedByCodeQL(sarifObjects: SarifFile[]): boolean { }); } -function createRunKey(run: SarifRun): SarifRunKey { +function createRunKey(run: sarif.Run): RunKey { return { name: run.tool?.driver?.name, fullName: run.tool?.driver?.fullName, @@ -103,7 +97,7 @@ function createRunKey(run: SarifRun): SarifRunKey { * criteria used by Code Scanning to determine analysis categories). * @param sarifObjects The list of SARIF objects to check. */ -export function areAllRunsUnique(sarifObjects: SarifFile[]): boolean { +export function areAllRunsUnique(sarifObjects: sarif.Log[]): boolean { const keys = new Set(); for (const sarifObject of sarifObjects) { diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index dbaa7d8e0..9926fed5b 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -10,15 +10,11 @@ import * as analyses from "./analyses"; import { AnalysisKind, CodeQuality, CodeScanning } from "./analyses"; import * as api from "./api-client"; import { getRunnerLogger, Logger } from "./logging"; +import * as sarif from "./sarif"; import { setupTests } from "./testing-utils"; import * as uploadLib from "./upload-lib"; import { UploadPayload } from "./upload-lib/types"; -import { - GitHubVariant, - initializeEnvironment, - SarifFile, - withTmpDir, -} from "./util"; +import { GitHubVariant, initializeEnvironment, withTmpDir } from "./util"; setupTests(test); @@ -268,13 +264,13 @@ test("getGroupedSarifFilePaths - Other file", async (t) => { test("populateRunAutomationDetails", (t) => { const tool = { driver: { name: "test tool" } }; - let sarif: SarifFile = { + let sarifLog: sarif.Log = { version: "2.1.0", runs: [{ tool }], }; const analysisKey = ".github/workflows/codeql-analysis.yml:analyze"; - let expectedSarif: SarifFile = { + let expectedSarif: sarif.Log = { version: "2.1.0", runs: [ { tool, automationDetails: { id: "language:javascript/os:linux/" } }, @@ -283,7 +279,7 @@ test("populateRunAutomationDetails", (t) => { // Category has priority over analysis_key/environment let modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, "language:javascript/os:linux", analysisKey, '{"language": "other", "os": "other"}', @@ -292,7 +288,7 @@ test("populateRunAutomationDetails", (t) => { // It doesn't matter if the category has a slash at the end or not modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, "language:javascript/os:linux/", analysisKey, "", @@ -300,7 +296,7 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check that the automation details doesn't get overwritten - sarif = { + sarifLog = { version: "2.1.0", runs: [{ tool, automationDetails: { id: "my_id" } }], }; @@ -309,7 +305,7 @@ test("populateRunAutomationDetails", (t) => { runs: [{ tool, automationDetails: { id: "my_id" } }], }; modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, undefined, analysisKey, '{"os": "linux", "language": "javascript"}', @@ -317,7 +313,7 @@ test("populateRunAutomationDetails", (t) => { t.deepEqual(modifiedSarif, expectedSarif); // check multiple runs - sarif = { + sarifLog = { version: "2.1.0", runs: [{ tool, automationDetails: { id: "my_id" } }, { tool }], }; @@ -334,7 +330,7 @@ test("populateRunAutomationDetails", (t) => { ], }; modifiedSarif = uploadLib.populateRunAutomationDetails( - sarif, + sarifLog, undefined, analysisKey, '{"os": "linux", "language": "javascript"}', @@ -570,7 +566,7 @@ test("validateUniqueCategory for multiple runs", (t) => { const sarif2 = createMockSarif("ghi", "jkl"); // duplicate categories are allowed within the same sarif file - const multiSarif: SarifFile = { + const multiSarif: sarif.Log = { version: "2.1.0", runs: [sarif1.runs[0], sarif1.runs[0], sarif2.runs[0]], }; @@ -903,7 +899,7 @@ test("shouldConsiderInvalidRequest returns correct recognises processing errors" t.false(uploadLib.shouldConsiderInvalidRequest(error3)); }); -function createMockSarif(id?: string, tool?: string): SarifFile { +function createMockSarif(id?: string, tool?: string): sarif.Log { return { version: "2.1.0", runs: [ diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 919adbccf..dcda04361 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -21,7 +21,7 @@ import * as gitUtils from "./git-utils"; import { initCodeQL } from "./init"; import { Logger } from "./logging"; import { getRepositoryNwo, RepositoryNwo } from "./repository"; -import type { SarifFile } from "./sarif"; +import * as sarif from "./sarif"; import { areAllRunsProducedByCodeQL, areAllRunsUnique, @@ -46,7 +46,7 @@ const GENERIC_404_MSG = // Checks whether the deprecation warning for combining SARIF files should be shown. export async function shouldShowCombineSarifFilesDeprecationWarning( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { // Do not show this warning on GHES versions before 3.14.0 @@ -66,7 +66,7 @@ export async function shouldShowCombineSarifFilesDeprecationWarning( } export async function throwIfCombineSarifFilesDisabled( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { if (!(await shouldDisableCombineSarifFiles(sarifObjects, githubVersion))) { @@ -83,7 +83,7 @@ export async function throwIfCombineSarifFilesDisabled( // Checks whether combining SARIF files should be disabled. async function shouldDisableCombineSarifFiles( - sarifObjects: util.SarifFile[], + sarifObjects: sarif.Log[], githubVersion: GitHubVersion, ) { if (githubVersion.type === GitHubVariant.GHES) { @@ -112,7 +112,7 @@ async function combineSarifFilesUsingCLI( gitHubVersion: GitHubVersion, features: FeatureEnablement, logger: Logger, -): Promise { +): Promise { logger.info("Combining SARIF files using the CodeQL CLI"); const sarifObjects = sarifFiles.map(util.readSarifFile); @@ -203,11 +203,11 @@ async function combineSarifFilesUsingCLI( // Populates the run.automationDetails.id field using the analysis_key and environment // and return an updated sarif file contents. export function populateRunAutomationDetails( - sarifFile: SarifFile, + sarifFile: sarif.Log, category: string | undefined, analysis_key: string, environment: string | undefined, -): SarifFile { +): sarif.Log { const automationID = getAutomationID(category, analysis_key, environment); if (automationID !== undefined) { @@ -429,9 +429,9 @@ export async function getGroupedSarifFilePaths( } // Counts the number of results in the given SARIF file -function countResultsInSarif(sarif: string): number { +function countResultsInSarif(sarifLog: string): number { let numResults = 0; - const parsedSarif = JSON.parse(sarif); + const parsedSarif = JSON.parse(sarifLog); if (!Array.isArray(parsedSarif.runs)) { throw new InvalidSarifUploadError("Invalid SARIF. Missing 'runs' array."); } @@ -447,9 +447,9 @@ function countResultsInSarif(sarif: string): number { return numResults; } -export function readSarifFile(sarifFilePath: string): SarifFile { +export function readSarifFile(sarifFilePath: string): sarif.Log { try { - return util.readSarifFile(sarifFilePath); + return sarif.readSarifFile(sarifFilePath); } catch (e) { throw new InvalidSarifUploadError( `Invalid SARIF. JSON syntax error: ${getErrorMessage(e)}`, @@ -460,12 +460,12 @@ export function readSarifFile(sarifFilePath: string): SarifFile { // Validates the given SARIF object and throws an error if the SARIF object is invalid. // The file path is only used in error messages to improve clarity. export function validateSarifFileSchema( - sarif: SarifFile, + sarifLog: sarif.Log, sarifFilePath: string, logger: Logger, ) { if ( - areAllRunsProducedByCodeQL([sarif]) && + areAllRunsProducedByCodeQL([sarifLog]) && // We want to validate CodeQL SARIF in testing environments. !util.getTestingEnvironment() ) { @@ -479,7 +479,7 @@ export function validateSarifFileSchema( // eslint-disable-next-line @typescript-eslint/no-require-imports const schema = require("../src/sarif-schema-2.1.0.json") as jsonschema.Schema; - const result = new jsonschema.Validator().validate(sarif, schema); + const result = new jsonschema.Validator().validate(sarifLog, schema); // Filter errors related to invalid URIs in the artifactLocation field as this // is a breaking change. See https://github.com/github/codeql-action/issues/1703 const warningAttributes = ["uri-reference", "uri"]; @@ -581,7 +581,7 @@ export function buildPayload( } export interface PostProcessingResults { - sarif: util.SarifFile; + sarif: sarif.Log; analysisKey: string; environment: string; } @@ -611,7 +611,7 @@ export async function postProcessSarifFiles( const gitHubVersion = await getGitHubVersion(); - let sarif: SarifFile; + let sarifLog: sarif.Log; category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { @@ -621,7 +621,7 @@ export async function postProcessSarifFiles( validateSarifFileSchema(parsedSarif, sarifPath, logger); } - sarif = await combineSarifFilesUsingCLI( + sarifLog = await combineSarifFilesUsingCLI( sarifPaths, gitHubVersion, features, @@ -629,26 +629,26 @@ export async function postProcessSarifFiles( ); } else { const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); + sarifLog = readSarifFile(sarifPath); + validateSarifFileSchema(sarifLog, sarifPath, logger); // Validate that there are no runs for the same category - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + await throwIfCombineSarifFilesDisabled([sarifLog], gitHubVersion); } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + sarifLog = filterAlertsByDiffRange(logger, sarifLog); + sarifLog = await fingerprints.addFingerprints(sarifLog, checkoutPath, logger); const analysisKey = await api.getAnalysisKey(); const environment = actionsUtil.getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + sarifLog = populateRunAutomationDetails( + sarifLog, category, analysisKey, environment, ); - return { sarif, analysisKey, environment }; + return { sarif: sarifLog, analysisKey, environment }; } /** @@ -754,13 +754,13 @@ export async function uploadPostProcessedFiles( ): Promise { logger.startGroup(`Uploading ${uploadTarget.name} results`); - const sarif = postProcessingResults.sarif; - const toolNames = util.getToolNames(sarif); + const sarifLog = postProcessingResults.sarif; + const toolNames = util.getToolNames(sarifLog); logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + validateUniqueCategory(sarifLog, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const sarifPayload = JSON.stringify(sarifLog); logger.debug(`Compressing serialized SARIF`); const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); @@ -1003,14 +1003,14 @@ function handleProcessingResultForUnsuccessfulExecution( } export function validateUniqueCategory( - sarif: SarifFile, + sarifLog: sarif.Log, sentinelPrefix: string, ): void { // duplicate categories are allowed in the same sarif file // but not across multiple sarif files const categories = {} as Record; - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { const id = run?.automationDetails?.id; const tool = run.tool?.driver?.name; const category = `${sanitize(id)}_${sanitize(tool)}`; @@ -1045,15 +1045,18 @@ function sanitize(str?: string) { return (str ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase(); } -function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile { +function filterAlertsByDiffRange( + logger: Logger, + sarifLog: sarif.Log, +): sarif.Log { const diffRanges = readDiffRangesJsonFile(logger); if (!diffRanges?.length) { - return sarif; + return sarifLog; } const checkoutPath = actionsUtil.getRequiredInput("checkout_path"); - for (const run of sarif.runs) { + for (const run of sarifLog.runs) { if (run.results) { run.results = run.results.filter((result) => { const locations = [ @@ -1089,5 +1092,5 @@ function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile { } } - return sarif; + return sarifLog; }