Merge pull request #2672 from github/robertbrignull/sarif-processing-no-location

robertbrignull · web-flow · commit f52a5127948d · 2023-08-08T16:56:03.000+01:00
Handle when an alert message contains links to files outside of the repository source
diff --git a/extensions/ql-vscode/src/common/sarif-utils.ts b/extensions/ql-vscode/src/common/sarif-utils.ts
@@ -2,7 +2,7 @@ import * as Sarif from "sarif";
 import type { HighlightedRegion } from "../variant-analysis/shared/analysis-result";
 import { ResolvableLocationValue } from "../common/bqrs-cli-types";
 
-interface SarifLink {
+export interface SarifLink {
   dest: number;
   text: string;
 }
diff --git a/extensions/ql-vscode/src/variant-analysis/sarif-processing.ts b/extensions/ql-vscode/src/variant-analysis/sarif-processing.ts
@@ -1,5 +1,6 @@
 import * as sarif from "sarif";
 import {
+  SarifLink,
   parseHighlightedLine,
   parseSarifPlainTextMessage,
   parseSarifRegion,
@@ -14,6 +15,7 @@ import {
   ThreadFlow,
   CodeSnippet,
   HighlightedRegion,
+  AnalysisMessageLocationTokenLocation,
 } from "./shared/analysis-result";
 
 // A line of more than 8k characters is probably generated.
@@ -303,24 +305,47 @@ function getMessage(
     if (typeof messagePart === "string") {
       tokens.push({ t: "text", text: messagePart });
     } else {
-      const relatedLocation = result.relatedLocations!.find(
-        (rl) => rl.id === messagePart.dest,
-      );
-      tokens.push({
-        t: "location",
-        text: messagePart.text,
-        location: {
-          fileLink: {
-            fileLinkPrefix,
-            filePath: relatedLocation!.physicalLocation!.artifactLocation!.uri!,
-          },
-          highlightedRegion: getHighlightedRegion(
-            relatedLocation!.physicalLocation!.region!,
-          ),
-        },
-      });
+      const location = getRelatedLocation(messagePart, result, fileLinkPrefix);
+      if (location === undefined) {
+        tokens.push({ t: "text", text: messagePart.text });
+      } else {
+        tokens.push({
+          t: "location",
+          text: messagePart.text,
+          location,
+        });
+      }
     }
   }
 
   return { tokens };
 }
+
+function getRelatedLocation(
+  messagePart: SarifLink,
+  result: sarif.Result,
+  fileLinkPrefix: string,
+): AnalysisMessageLocationTokenLocation | undefined {
+  const relatedLocation = result.relatedLocations!.find(
+    (rl) => rl.id === messagePart.dest,
+  );
+  if (
+    relatedLocation === undefined ||
+    relatedLocation.physicalLocation?.artifactLocation?.uri === undefined ||
+    relatedLocation.physicalLocation?.artifactLocation?.uri?.startsWith(
+      "file:",
+    ) ||
+    relatedLocation.physicalLocation?.region === undefined
+  ) {
+    return undefined;
+  }
+  return {
+    fileLink: {
+      fileLinkPrefix,
+      filePath: relatedLocation.physicalLocation.artifactLocation.uri,
+    },
+    highlightedRegion: getHighlightedRegion(
+      relatedLocation.physicalLocation.region,
+    ),
+  };
+}
diff --git a/extensions/ql-vscode/src/variant-analysis/shared/analysis-result.ts b/extensions/ql-vscode/src/variant-analysis/shared/analysis-result.ts
@@ -63,10 +63,12 @@ interface AnalysisMessageTextToken {
 export interface AnalysisMessageLocationToken {
   t: "location";
   text: string;
-  location: {
-    fileLink: FileLink;
-    highlightedRegion?: HighlightedRegion;
-  };
+  location: AnalysisMessageLocationTokenLocation;
+}
+
+export interface AnalysisMessageLocationTokenLocation {
+  fileLink: FileLink;
+  highlightedRegion?: HighlightedRegion;
 }
 
 export type ResultSeverity = "Recommendation" | "Warning" | "Error";
diff --git a/extensions/ql-vscode/test/unit-tests/sarif-processing.test.ts b/extensions/ql-vscode/test/unit-tests/sarif-processing.test.ts
@@ -720,6 +720,45 @@ describe("SARIF processing", () => {
       expectNoParsingError(result);
       expect(actualCodeSnippet).not.toBeUndefined();
     });
+
+    it("should be able to handle when a location has no uri", () => {
+      const sarif = buildValidSarifLog();
+      sarif.runs![0].results![0].message.text = "message [String](1)";
+      sarif.runs![0].results![0].relatedLocations = [
+        {
+          id: 1,
+          physicalLocation: {
+            artifactLocation: {
+              uri: "file:/modules/java.base/java/lang/String.class",
+              index: 1,
+            },
+          },
+          message: {
+            text: "String",
+          },
+        },
+      ];
+
+      const result = extractAnalysisAlerts(sarif, fakefileLinkPrefix);
+
+      expect(result).toBeTruthy();
+      expectNoParsingError(result);
+      expect(result.alerts[0].codeSnippet).not.toBeUndefined();
+      expect(result.alerts[0].message.tokens).toStrictEqual([
+        {
+          t: "text",
+          text: "message ",
+        },
+        {
+          t: "text",
+          text: "String",
+        },
+        {
+          t: "text",
+          text: "",
+        },
+      ]);
+    });
   });
 
   function expectResultParsingError(msg: string) {

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ import * as Sarif from "sarif";`
`2`	`2`	`import type { HighlightedRegion } from "../variant-analysis/shared/analysis-result";`
`3`	`3`	`import { ResolvableLocationValue } from "../common/bqrs-cli-types";`
`4`	`4`
`5`		`-interface SarifLink {`
	`5`	`+export interface SarifLink {`
`6`	`6`	`dest: number;`
`7`	`7`	`text: string;`
`8`	`8`	`}`