microsoft / sarif-tools

A set of Python command line tools for working with SARIF files produced by code analysis tools
MIT License
91 stars 21 forks source link

Improve logic for calculating result level #69

Closed debonte closed 1 month ago

debonte commented 2 months ago

Fix https://github.com/microsoft/sarif-tools/issues/43

Previously a result's "level" was simply result.level or "warning" if the result did not specify a level.

This PR updates our level calculation logic to match the rules described in the SARIF docs. The precedence order is:

  1. result.level if present
  2. "none" if the result.kind is not "fail"
  3. The invocation's override for level if present
  4. The level from the rule's defaultConfiguration if present
  5. Fall back to "warning"
debonte commented 1 month ago

@balgillo, thanks for the review!