search

golangci / golangci-lint

Fast linters runner for Go
https://golangci-lint.run
GNU General Public License v3.0
15.43k stars 1.38k forks source link

fix: sanitize level property for SARIF #4831

Closed Zxilly closed 3 months ago

Zxilly commented 3 months ago

https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790898

level can only be none, note, warning, error, some linter like gosec may report something like high

For real-world error, see https://github.com/Zxilly/go-size-analyzer/actions/runs/9586342361/job/26434117667

ldez commented 3 months ago

There is no severity convention inside golangci-lint but you can override or define your own inside the severity section.

https://golangci-lint.run/usage/configuration/#severity-configuration

Zxilly commented 3 months ago

I'm not familiar with the golangci lint codebase, but I was wondering if an e2e test exists? Maybe we can add to these tests for sarif and we can validate the output json file with a json schema.

ldez commented 3 months ago

we don't need e2e to validate the output, and to be honest, I was thinking of adding a test about that. But those tests will not be more useful than the current tests.