search

cake-contrib / Cake.Issues

:cake: :jigsaw: :mag_right: Cake addin for reading and managing issues from any code analyzer or linter that may occur during the build process
https://cakeissues.net
Other
5 stars 12 forks source link

Issues in SARIF report are marked as updated if branch / commit in file link has changed #692

Closed christianbumann closed 4 months ago

christianbumann commented 4 months ago

Discussion point:

Having two issues and comparing them the commit hash/branch name in the FileLink should be ignored for the comparision. The comparision is done here https://github.com/cake-contrib/Cake.Issues/blob/2148529faf9770445f5b167ef73d31a894a20b90/src/Cake.Issues/IIssueComparer.cs#L65

How it can be reproduced Add a test following content to the https://github.com/pascalberger/Cake.Issues/blob/develop/src/Cake.Issues.Tests/IIssueComparerTests.cs

        [Fact]
        public void Should_Return_True_If_FileLink_Only_Branch_Or_Commit_Changes()
        {
            var issue1 = IssueBuilder
                .NewIssue("Message Foo.", "ProviderType Foo", "ProviderName Foo")
                .WithFileLink(new Uri("https://github.com/cake-contrib/Cake.Issues/blob/develop/src/Cake.Issues.MsBuild/BaseMsBuildLogFileFormat.cs"))
                .Create();

            var issue2 = IssueBuilder
               .NewIssue("Message Foo.", "ProviderType Foo", "ProviderName Foo")
               .WithFileLink(new Uri("https://github.com/cake-contrib/Cake.Issues/blob/master/src/Cake.Issues.MsBuild/BaseMsBuildLogFileFormat.cs"))
               .Create();

            var comparer = new IIssueComparer();
            comparer.Equals(issue1, issue2).ShouldBe(true);
        }

On Github the link is different as on AzureDevOps Server - maybe there are other patterns

Example Github: https://github.com/cake-contrib/Cake.Issues/blob/2148529faf9770445f5b167ef73d31a894a20b90/src/Cake.Issues/IIssueComparer.cs#L65 or https://github.com/cake-contrib/Cake.Issues/blob/develope/src/Cake.Issues/IIssueComparer.cs#L65

Example Azure DevOps Server. https://url/collection/project/_git/repo?version=main&path=path_to_file or https://url/collection/project/_git/repo?version=GCf2037fe8ee543940c30190426eeae832f0da33af&path=path_to_file

Background: Create a Sarif Report would mark the issue as Updated, and not Unchanged

christianbumann commented 4 months ago

I don't know how this could be done reliable

The question is - make it sense to compare the file link itself. there are other properties e.g. ProjectFileRelativePath or AffectedFileRelativePath which are also used for comparing the issue e.g. file renaming.

Mabye add another flag to make it possible for the issue comparer to ignore the FileLink field?

pascalberger commented 4 months ago

@christianbumann See #693 for an extension of the IIssueComparer which allows to ignore any arbitrary properties.