search

microsoft / sarif-visualstudio-extension

SARIF Microsoft Visual Studio Viewer Extension
MIT License
46 stars 19 forks source link

Addin Errors in VS2022 parsing codeql sarif #607

Open stephenegriffin opened 11 months ago

stephenegriffin commented 11 months ago

Since reports and reviews that the add-in isn't working are met with instruction to use it differently, I figured I would demonstrate that it does not appear to work.

Here's my project in VSCode, looking at a sarif file I generated with codeql: image

And here's what I see in the Error List after opening the same file with the same project in VS 2022: image

Those errors you do see were not in the .sarif - they're from code analysis. Whatever the add-in is supposed to be doing with the .sarif file, it doesn't appear to be doing it.

Proof the extension is installed: image

I can provide any other diagnostics you want on request.

stephenegriffin commented 11 months ago

Debug shows WriteRunToErrorList is throwing here: IEnumerable<string> uriBaseIds = dataCache.SarifErrors.Select(x => x.SarifResult?.Locations?.FirstOrDefault()?.PhysicalLocation?.ArtifactLocation?.UriBaseId);

when x.SarifResult is null. Adding a ? gets us past that but then we still have the very odd File/Open dialog with no file name. We can cancel out of that and then we throw here: Microsoft.Sarif.Viewer.SarifErrorListItem.RemapFilePath(string, string) in SarifErrorListItem.cs Microsoft.Sarif.Viewer.CodeAnalysisResultManager.RemapFilePaths(System.Collections.Generic.IList<Microsoft.Sarif.Viewer.SarifErrorListItem>, System.Collections.Generic.IEnumerable<string>, System.Collections.Generic.IEnumerable<string>) in CodeAnalysisResultManager.cs Microsoft.Sarif.Viewer.ErrorList.ErrorListService.WriteRunToErrorList(Microsoft.CodeAnalysis.Sarif.Run, string, Microsoft.CodeAnalysis.Sarif.SarifLog, out int) in ErrorListService.cs Microsoft.Sarif.Viewer.ErrorList.ErrorListService.ProcessSarifLogAsync(Microsoft.CodeAnalysis.Sarif.SarifLog, string, bool, bool) in ErrorListService.cs Microsoft.Sarif.Viewer.ErrorList.ErrorListService.ProcessLogFileCoreAsync(string, string, bool, bool, bool) in ErrorListService.cs

So my conclusion is this code is having trouble parsing my sarif and not doing a great job of making that clear.

Here's the sarif (again - produced by codeql) that you're failing to parse: sarif.zip

stephenegriffin commented 11 months ago

Here's the repo/branch that the sarif was produced against: https://github.com/microsoft/mfcmapi/tree/u/sgriffin/codeql