File Coverage

File:	lib/CheckSpelling/Sarif.pm
Coverage:	86.7%

line	stmt	bran	cond	sub	time	code
1						#! --perl--
2
3						package CheckSpelling::Sarif;
4
5						our $VERSION='0.1.0';
6						our $flatten=0;
7
8	1 1 1			1	112046 2 3	use utf8;
9
10	1 1 1			1	16 1 37	use File::Basename;
11	1 1 1			1	188 1296 74	use Digest::SHA qw($errmsg);
12	1 1 1			1	2 1 28	use JSON::PP;
13	1 1 1			1	180 3702 25	use Hash::Merge qw( merge );
14	1 1 1			1	144 1 17	use CheckSpelling::Util;
15	1 1 1			1	153 1 1774	use CheckSpelling::GitSources;
16
17						sub encode_low_ascii {
18	9			9	263	$_ = shift;
19	9 1				13 4	s/([\x{0}-\x{9}\x{0b}\x{1f}#%])/"\\u".sprintf("%04x",ord($1))/eg;
20	9				11	return $_;
21						}
22
23						sub url_encode {
24	10			10	13	$_ = shift;
25	10 0				15 0	s<([^-!\$&'()*+,/:;=?\@A-Za-z0-9_.~])><"%".sprintf("%02x",ord($1))>eg;
26	10				17	return $_;
27						}
28
29						sub double_slash_escape {
30	8			8	3	$_ = shift;
31	8				32	s/(["()\]\\])/\\\\$1/g;
32	8				9	return $_;
33						}
34
35						sub fingerprintLocations {
36	6			6	8	my ($locations, $encoded_files_ref, $line_hashes_ref, $hashes_needed_for_files_ref, $message, $hashed_message) = @_;
37	6				22	my @locations_json = ();
38	6				3	my @fingerprints = ();
39	6				9	for my $location (@$locations) {
40	9				6	my $encoded_file = $location->{uri};
41	9				7	my $line = $location->{startLine};
42	9				5	my $column = $location->{startColumn};
43	9				7	my $endColumn = $location->{endColumn};
44	9				7	my $partialFingerprint = '';
45	9				6	my $file = $encoded_files_ref->{$encoded_file};
46	9	100			7	if (defined $line_hashes_ref->{$file}) {
47	8				34	my $line_hash = $line_hashes_ref->{$file}{$line};
48	8	100			6	if (defined $line_hash) {
49	4 4				4 6	my @instances = sort keys %{$hashes_needed_for_files_ref->{$file}{$line}{$hashed_message}};
50	4				4	my $hit = scalar @instances;
51	4				4	while (--$hit > 0) {
52	0	0			0	last if $instances[$hit] == $column;
53						}
54	4				10	$partialFingerprint = Digest::SHA::sha1_base64("$line_hash:$message:$hit");
55						}
56						}
57	9				8	push @fingerprints, $partialFingerprint;
58	9	50			10	my $startColumn = $column ? qq<, "startColumn": $column> : '';
59	9	50			10	$endColumn = $endColumn ? qq<, "endColumn": $endColumn> : '';
60	9	50			7	$line = 1 unless $line;
61	9				10	my $json_fragment = qq<{ "physicalLocation": { "artifactLocation": { "uri": "$encoded_file", "uriBaseId": "%SRCROOT%" }, "region": { "startLine": $line$startColumn$endColumn } } }>;
62	9				9	push @locations_json, $json_fragment;
63						}
64	6				13	return { locations_json => \@locations_json, fingerprints => \@fingerprints };
65						}
66
67						sub hashFiles {
68	2			2	4	my ($hashes_needed_for_files_ref, $line_hashes_ref, $directoryToRepo_ref, $used_hashes_ref) = @_;
69	2				11	for my $file (sort keys %$hashes_needed_for_files_ref) {
70	3				4	$line_hashes_ref->{$file} = ();
71	3	100			34	unless (-e $file) {
72	1				2	delete $hashes_needed_for_files_ref->{$file};
73	1				1	next;
74						}
75	2 2				3 6	my @lines = sort (keys %{$hashes_needed_for_files_ref->{$file}});
76	2	50			143	unless (defined $directoryToRepo_ref->{dirname($file)}) {
77	2				16	my ($parsed_file, $git_base_dir, $prefix, $remote_url, $rev, $branch) = CheckSpelling::GitSources::git_source_and_rev($file);
78						}
79	2				34	open $file_fh, '<', $file;
80	2				2	my $line = shift @lines;
81	2	100			6	$line = 2 if $line == 1;
82	2				2	my $buffer = '';
83	2				17	while (<$file_fh>) {
84	95	100			80	if ($line == $.) {
85	5				5	my $sample = substr $buffer, -100, 100;
86	5				9	my $hash = Digest::SHA::sha1_base64($sample);
87	5				6	for (; $line == $.; $line = shift @lines) {
88	6				28	my $hit = $used_hashes_ref->{$hash}++;
89	6	100			7	$hash = "$hash:$hit" if $hit;
90	6				6	$line_hashes_ref->{$file}{$line} = $hash;
91	6	100			10	last unless @lines;
92						}
93						}
94	95				56	$buffer .= $_;
95	95				464	$buffer =~ s/\s+/ /g;
96	95				104	$buffer = substr $buffer, -100, 100;
97						}
98	2				9	close $file_fh;
99						}
100						}
101
102						sub addToHashesNeededForFiles {
103	9			9	11	my ($file, $line, $column, $message, $hashes_needed_for_files_ref) = @_;
104	9				37	my $hashed_message = Digest::SHA::sha1_base64($message);
105	9	100			12	$hashes_needed_for_files_ref->{$file} = () unless defined $hashes_needed_for_files_ref->{$file};
106	9	100			21	$hashes_needed_for_files_ref->{$file}{$line} = () unless defined $hashes_needed_for_files_ref->{$file}{$line};
107	9	100			21	$hashes_needed_for_files_ref->{$file}{$line}{$hashed_message} = () unless defined $hashes_needed_for_files_ref->{$file}{$line}{$hashed_message};
108	9				27	$hashes_needed_for_files_ref->{$file}{$line}{$hashed_message}{$column} = '1';
109						}
110
111						sub parse_warnings {
112	1			1	2	my ($warnings) = @_;
113	1				0	our $flatten;
114	1				1	our %directoryToRepo;
115	1				0	our $provenanceInsertion;
116	1				1	our %provenanceStringToIndex;
117	1				1	our %directoryToProvenanceInsertion;
118	1				0	my @results;
119	1	50			25	unless (open WARNINGS, '<', $warnings) {
120	0				0	print STDERR "Could not open $warnings\n";
121	0				0	return [];
122						}
123	1				1	my $rules = ();
124	1				1	my %encoded_files = ();
125	1				2	my %hashes_needed_for_files = ();
126	1				18	while (<WARNINGS>) {
127	10	100			14	next if m{^https://};
128	9	100			42	next unless m{^(.+):(\d+):(\d+) \.\.\. (\d+),\s(Error\|Warning\|Notice)\s-\s(.+\s$(.+)$)$};
129	8				28	my ($file, $line, $column, $endColumn, $severity, $message, $code) = ($1, $2, $3, $4, $5, $6, $7);
130	8				111	my $directory = dirname($file);
131	8	100			9	unless (defined $directoryToProvenanceInsertion{$directory}) {
132	2				4	my $provenanceString = collectVersionControlProvenance($file);
133	2	50			197	if (defined $provenanceStringToIndex{$provenanceString}) {
134	0				0	$directoryToProvenanceInsertion{$directory} = $provenanceStringToIndex{$provenanceString};
135						} else {
136	2				7	$provenanceStringToIndex{$provenanceString} = $provenanceInsertion;
137	2				4	$directoryToProvenanceInsertion{$directory} = $provenanceInsertion;
138	2				5	++$provenanceInsertion;
139						}
140						}
141						# single-slash-escape `"` and `\`
142	8				12	$message =~ s/(["\\])/\\$1/g;
143	8				7	$message = encode_low_ascii $message;
144						# double-slash-escape `"`, `(`, `)`, `]`
145	8				9	$message = double_slash_escape $message;
146						# encode `message` and `file` to protect against low ascii`
147	8				6	my $encoded_file = url_encode $file;
148	8				11	$encoded_files{$encoded_file} = $file;
149						# hack to make the first `...` identifier a link (that goes nowhere, but is probably blue and underlined) in GitHub's SARIF view
150	8	100			9	if ($message =~ /(`{2,})/) {
151	1				23	my $backticks = $1;
152	1				34	while ($message =~ /($backticks`+)(?=[`].*?\g{-1})/gs) {
153	0	0			0	$backticks = $1 if length($1) > length($backticks);
154						}
155	1				20	$message =~ s/(^\|[^\\])$backticks(.+?)$backticks/${1}[${2}](#security-tab)/;
156						} else {
157	7				24	$message =~ s/(^\|[^\\])\`([^`]+[^`\\])\`/${1}[${2}](#security-tab)/;
158						}
159						# replace '`' with `\`+`'` because GitHub's SARIF parser doesn't like them
160	8				43	$message =~ s/\`/'/g;
161	8	100			11	unless (defined $rules->{$code}) {
162	2				7	$rules->{$code} = {};
163						}
164	8				4	my $rule = $rules->{$code};
165	8	100			10	unless (defined $rule->{$message}) {
166	5				10	$rule->{$message} = [];
167						}
168	8				12	addToHashesNeededForFiles($file, $line, $column, $message, \%hashes_needed_for_files);
169	8				5	my $locations = $rule->{$message};
170	8				22	my $physicalLocation = {
171						'uri' => $encoded_file,
172						'startLine' => $line,
173						'startColumn' => $column,
174						'endColumn' => $endColumn,
175						};
176	8				3	push @$locations, $physicalLocation;
177	8				31	$rule->{$message} = $locations;
178						}
179	1				1	my %line_hashes = ();
180	1				1	my %used_hashes = ();
181	1				3	hashFiles(\%hashes_needed_for_files, \%line_hashes, \%directoryToRepo, \%used_hashes);
182	1 1				1 4	for my $code (sort keys %{$rules}) {
183	2				3	my $rule = $rules->{$code};
184	2 2				2 4	for my $message (sort keys %{$rule}) {
185	5				10	my $hashed_message = Digest::SHA::sha1_base64($message);
186	5				2	my $locations = $rule->{$message};
187	5				5	my $fingerprintResults = fingerprintLocations($locations, \%encoded_files, \%line_hashes, \%hashes_needed_for_files, $message, $hashed_message);
188	5 5				2 5	my @locations_json = @{$fingerprintResults->{locations_json}};
189	5 5				4 4	my @fingerprints = @{$fingerprintResults->{fingerprints}};
190	5	50			5	if ($flatten) {
191	0				0	my $locations_json_flat = join ',', @locations_json;
192	0				0	my $partialFingerprints;
193	0				0	my $partialFingerprint = (sort @fingerprints)[0];
194	0	0			0	if ($partialFingerprint ne '') {
195	0				0	$partialFingerprints = qq<"partialFingerprints": { "cs0" : "$partialFingerprint" },>;
196						}
197	0				0	$message =~ s/\s\\\\$[^()]+?\\$$//g;
198	0				0	my $result_json = qq<{"ruleId": "$code", $partialFingerprints "message": { "text": "$message" }, "locations": [ $locations_json_flat ] }>;
199	0				0	my $result = decode_json $result_json;
200	0				0	push @results, $result;
201						} else {
202	5				4	my $limit = scalar @locations_json;
203	5				4	for (my $i = 0; $i < $limit; ++$i) {
204	8				7	my $locations_json_flat = $locations_json[$i];
205	8				4	my $partialFingerprints = '';
206	8				5	my $partialFingerprint = $fingerprints[$i];
207	8	100			5	if ($partialFingerprint ne '') {
208	4				2	$partialFingerprints = qq<"partialFingerprints": { "cs0" : "$partialFingerprint" },>;
209						}
210	8				22	$message =~ s/\s\\\\$[^()]+?\\$$//g;
211	8				9	my $result_json = qq<{"ruleId": "$code", $partialFingerprints "message": { "text": "$message" }, "locations": [ $locations_json_flat ] }>;
212	8				8	my $result = decode_json $result_json;
213	8				8936	push @results, $result;
214						}
215						}
216						}
217						}
218	1				8	close WARNINGS;
219	1				21	return \@results;
220						}
221
222						sub get_runs_from_sarif {
223	2			2	2	my ($sarif_json) = @_;
224	2				1	my %runs_view;
225	2	50			5	return %runs_view unless $sarif_json->{'runs'};
226	2 2				1 3	my @sarif_json_runs=@{$sarif_json->{'runs'}};
227	2				3	foreach my $sarif_json_run (@sarif_json_runs) {
228	2 2				1 5	my %sarif_json_run_hash=%{$sarif_json_run};
229	2	50			3	next unless defined $sarif_json_run_hash{'tool'};
230
231	2 2				4 2	my %sarif_json_run_tool_hash = %{$sarif_json_run_hash{'tool'}};
232	2	50			2	next unless defined $sarif_json_run_tool_hash{'driver'};
233
234	2 2				1 5	my %sarif_json_run_tool_driver_hash = %{$sarif_json_run_tool_hash{'driver'}};
235						next unless defined $sarif_json_run_tool_driver_hash{'name'} &&
236	2	50	33		7	defined $sarif_json_run_tool_driver_hash{'rules'};
237
238	2				2	my $driver_name = $sarif_json_run_tool_driver_hash{'name'};
239	2 2				0 8	my @sarif_json_run_tool_driver_rules = @{$sarif_json_run_tool_driver_hash{'rules'}};
240	2				1	my %driver_view;
241	2				2	for my $driver_rule (@sarif_json_run_tool_driver_rules) {
242	38	50			33	next unless defined $driver_rule->{'id'};
243	38				50	$driver_view{$driver_rule->{'id'}} = $driver_rule;
244						}
245	2				6	$runs_view{$sarif_json_run_tool_driver_hash{'name'}} = \%driver_view;
246						}
247	2				3	return %runs_view;
248						}
249
250						sub collectVersionControlProvenance {
251	2			2	3	my ($file) = @_;
252	2				8	my ($parsed_file, $git_base_dir, $prefix, $remote_url, $rev, $branch) = CheckSpelling::GitSources::git_source_and_rev($file);
253	2				4	my $base = substr $parsed_file, 0, length($file);
254	2				4	my $provenance = [$remote_url, $rev, $branch, $git_base_dir];
255	2				8	return JSON::PP::encode_json($provenance);
256						}
257
258						sub generateVersionControlProvenance {
259	1			1	1	my ($versionControlProvenanceList, $run) = @_;
260	1				1	my %provenance;
261						sub buildVersionControlProvenance {
262	1			1	0	my $d = $_;
263	1 1				1 1	my ($remote_url, $rev, $branch, $git_base_dir) = @{JSON::PP::decode_json($d)};
264	1	50			321	my $dir = $git_base_dir eq '.' ? '%SRCROOT%' : "DIR_$provenanceStringToIndex{$d}";
265	1				2	my $mappedTo = {
266						"uriBaseId" => $dir
267						};
268	1				3	my $versionControlProvenance = {
269						"mappedTo" => $mappedTo
270						};
271	1	50			3	$versionControlProvenance->{"revisionId"} = $rev if defined $rev;
272	1	50			3	$versionControlProvenance->{"branch"} = $branch if defined $branch;
273	1	50			2	$versionControlProvenance->{"repositoryUri"} = $remote_url if defined $remote_url;
274	1				2	return $versionControlProvenance;
275						}
276	1				3	@provenanceList = map(buildVersionControlProvenance,@$versionControlProvenanceList);
277	1				2	$run->{"versionControlProvenance"} = \@provenanceList;
278						}
279
280						my $provenanceInsertion = 0;
281						my %provenanceStringToIndex = ();
282						my %directoryToProvenanceInsertion = ();
283
284						sub main {
285	1			1	18901	my ($sarif_template_file, $sarif_template_overlay_file, $category) = @_;
286	1	50			6	unless (-f $sarif_template_file) {
287	0				0	warn "Could not find sarif template";
288	0				0	return '';
289						}
290
291	1	50			3	$ENV{GITHUB_SERVER_URL} = '' unless defined $ENV{GITHUB_SERVER_URL};
292	1	50			2	$ENV{GITHUB_REPOSITORY} = '' unless defined $ENV{GITHUB_REPOSITORY};
293	1				14	my $sarif_template = CheckSpelling::Util::read_file $sarif_template_file;
294	1	50			2	die "sarif template is empty" unless $sarif_template;
295
296	1 0			0	13 0	my $json = JSON::PP->new->utf8->pretty->sort_by(sub { $JSON::PP::a cmp $JSON::PP::b });
297	1				101	my $sarif_json = $json->decode($sarif_template);
298
299	1	50	33		109467	if (defined $sarif_template_overlay_file && -s $sarif_template_overlay_file) {
300	1				23	my $merger = Hash::Merge->new();
301	1				146	my $merge_behaviors = $merger->{'behaviors'}->{$merger->get_behavior()};
302	1				9	my $merge_arrays = $merge_behaviors->{'ARRAY'}->{'ARRAY'};
303
304						$merge_behaviors->{'ARRAY'}->{'ARRAY'} = sub {
305	36	50		36	4290	return $merge_arrays->(@_) if ref($_[0][0]).ref($_[1][0]);
306	36 36				15 45	return [@{$_[1]}];
307	1				4	};
308
309	1				3	my $sarif_template_overlay = CheckSpelling::Util::read_file $sarif_template_overlay_file;
310	1				2	my %runs_base = get_runs_from_sarif($sarif_json);
311
312	1				3	my $sarif_template_hash = $json->decode($sarif_template_overlay);
313	1				1901	my %runs_overlay = get_runs_from_sarif($sarif_template_hash);
314	1				19	for my $run_id (keys %runs_overlay) {
315	1	50			1	if (defined $runs_base{$run_id}) {
316	1				1	my $run_base_hash = $runs_base{$run_id};
317	1				1	my $run_overlay_hash = $runs_overlay{$run_id};
318	1				1	for my $overlay_id (keys %$run_overlay_hash) {
319						$run_base_hash->{$overlay_id} = $merger->merge(
320						$run_overlay_hash->{$overlay_id},
321	1				3	$run_base_hash->{$overlay_id}
322						);
323						}
324						} else {
325	0				0	$runs_base{$run_id} = $runs_overlay{$run_id};
326						}
327						}
328						#$sarif_json->
329	1 1				18 1	my @sarif_json_runs = @{$sarif_json->{'runs'}};
330	1				1	foreach my $sarif_json_run (@sarif_json_runs) {
331	1 1				1 2	my %sarif_json_run_hash=%{$sarif_json_run};
332	1	50			1	next unless defined $sarif_json_run_hash{'tool'};
333
334	1 1				1 1	my %sarif_json_run_tool_hash = %{$sarif_json_run_hash{'tool'}};
335	1	50			1	next unless defined $sarif_json_run_tool_hash{'driver'};
336
337	1 1				1 2	my %sarif_json_run_tool_driver_hash = %{$sarif_json_run_tool_hash{'driver'}};
338	1				1	my $driver_name = $sarif_json_run_tool_driver_hash{'name'};
339						next unless defined $driver_name &&
340	1	50	33		3	defined $sarif_json_run_tool_driver_hash{'rules'};
341
342	1				1	my $driver_view_hash = $runs_base{$driver_name};
343	1	50			1	next unless defined $driver_view_hash;
344
345	1 1				0 5	my @sarif_json_run_tool_driver_rules = @{$sarif_json_run_tool_driver_hash{'rules'}};
346	1				2	for my $driver_rule_number (0 .. scalar @sarif_json_run_tool_driver_rules) {
347	38				2848	my $driver_rule = $sarif_json_run_tool_driver_rules[$driver_rule_number];
348	38				19	my $driver_rule_id = $driver_rule->{'id'};
349						next unless defined $driver_rule_id &&
350	38	100	67		59	defined $driver_view_hash->{$driver_rule_id};
351	37				28	$sarif_json_run_tool_driver_hash{'rules'}[$driver_rule_number] = $merger->merge($driver_view_hash->{$driver_rule_id}, $driver_rule);
352						}
353						}
354	1				3	delete $sarif_template_hash->{'runs'};
355	1				2	$sarif_json = $merger->merge($sarif_json, $sarif_template_hash);
356						}
357						{
358	1 1 1				636 1 2	my @sarif_json_runs = @{$sarif_json->{'runs'}};
359	1				1	foreach my $sarif_json_run (@sarif_json_runs) {
360	1				1	my %sarif_json_run_automationDetails;
361	1				1	$sarif_json_run_automationDetails{id} = $category;
362	1				2	$sarif_json_run->{'automationDetails'} = \%sarif_json_run_automationDetails;
363						}
364						}
365
366	1 1				0 2	my %sarif = %{$sarif_json};
367
368	1				43	$sarif{'runs'}[0]{'tool'}{'driver'}{'version'} = $ENV{CHECK_SPELLING_VERSION};
369
370	1				2	my $results = parse_warnings $ENV{warning_output};
371	1	50			1	if ($results) {
372	1				2	$sarif{'runs'}[0]{'results'} = $results;
373	1				1	our %provenanceStringToIndex;
374	1				3	my @provenanceList = keys %provenanceStringToIndex;
375	1				2	generateVersionControlProvenance(\@provenanceList, $sarif{'runs'}[0]);
376	1				1	my %codes;
377	1				3	for my $result_ref (@$results) {
378	8 8				1 10	my %result = %{$result_ref};
379	8				9	$codes{$result{'ruleId'}} = 1;
380						}
381	1				2	my $rules_ref = $sarif{'runs'}[0]{'tool'}{'driver'}{'rules'};
382	1 1				0 7	my @rules = @{$rules_ref};
383	1				0	my $missing_rule_definition_id = 'missing-rule-definition';
384	1 37				2 37	my ($missing_rule_definition_ref) = grep { $_->{'id'} eq $missing_rule_definition_id } @rules;
385	1 37				1 25	@rules = grep { defined $codes{$_->{'id'}} } @rules;
386	1				1	my $code_index = 0;
387	1 1				1 2	my %defined_codes = map { $_->{'id'} => $code_index++ } @rules;
388	1 2				2 2	my @missing_codes = grep { !defined $defined_codes{$_}} keys %codes;
389	1				1	my $missing_rule_definition_index;
390	1	50			2	if (@missing_codes) {
391	1				0	push @rules, $missing_rule_definition_ref;
392	1				3	$missing_rule_definition_index = $defined_codes{$missing_rule_definition_id} = $code_index++;
393	1		33		45	my $spellchecker = $ENV{spellchecker} \|\| dirname(dirname(dirname(__FILE__)));
394	1				2	my %hashes_needed_for_files = ();
395	1				1	my %line_hashes = ();
396	1				1	my %used_hashes = ();
397	1				1	our %directoryToRepo;
398	1				2	for my $missing_code (@missing_codes) {
399	1				1	my $message = "No rule definition for `$missing_code`";
400	1				164985	my $code_locations = `find '$spellchecker' -name '.git' -prune -type f -name '.sh' -o -name '.pl' -o -name '.pm' -o -name '*.t' -print0\|xargs -0 grep -n '$missing_code' \| perl -pe 's<^\./><>'`;
401	1				9	my @locations;
402	1				9	for my $line (split /\n/, $code_locations) {
403	1				4	chomp $line;
404	1				14	my ($file, $lineno, $code) = $line =~ /^(.+?):(\d+):(.+)$/;
405	1	50			4	next unless defined $file;
406	1				44	$code =~ /^(.*?)\b$missing_code\b/;
407	1				7	my $startColumn = length($1) + 1;
408	1				10	my $location = {
409						'uri' => url_encode($file),
410						'startLine' => $lineno,
411						'startColumn' => $startColumn,
412						'endColumn' => length($1) + length($missing_code) + 1,
413						};
414	1				1	push @locations, $location;
415	1				3	my $encoded_file = url_encode $file;
416	1				6	$encoded_files{$encoded_file} = $file;
417	1				5	addToHashesNeededForFiles($file, $lineno, $startColumn, $message, \%hashes_needed_for_files);
418						}
419	1				6	hashFiles(\%hashes_needed_for_files, \%line_hashes, \%directoryToRepo, \%used_hashes);
420	1				5	my $fingerprintResults = fingerprintLocations(\@locations, \%encoded_files, \%encoded_files, \%line_hashes, $message, Digest::SHA::sha1_base64($message));
421	1 1				1 3	my @locations_json = @{$fingerprintResults->{locations_json}};
422	1 1				1 3	my @fingerprints = @{$fingerprintResults->{fingerprints}};
423	1				1	my $locations_json_flat = join ',', @locations_json;
424	1				2	my $partialFingerprints = '';
425	1	50			5	my $locations = $locations_json_flat ? qq<, "locations": [ $locations_json_flat ]> : '';
426	1				3	my $result_json = qq<{"ruleId": "$missing_rule_definition_id", $partialFingerprints "message": { "text": "$message" }$locations }>;
427	1				10	my $result = decode_json $result_json;
428	1 1				1216 6	push @{$results}, $result;
429						}
430						}
431	1				5	$sarif{'runs'}[0]{'tool'}{'driver'}{'rules'} = \@rules;
432	1 1				1 2	for my $result_index (0 .. scalar @{$results}) {
433	10				8	my $result = $results->[$result_index];
434	10				6	my $ruleId = $result->{'ruleId'};
435	10	100	100		18	next if defined $ruleId && defined $defined_codes{$ruleId};
436	2				120	$result->{'ruleId'} = $missing_rule_definition_id;
437						}
438						}
439
440	1				4	return encode_json \%sarif;
441						}
442
443						1;