Match results across SARIF files

space-ros / process_sarif

Tools to process and aggregate SARIF output from static analysis.

Apache License 2.0

5 stars 2 forks source link

Match results across SARIF files #2

Open Ronoman opened 2 years ago

Ronoman commented 2 years ago

Currently, duplicate Results within a single SarifFile are excluded from the SarifFile objects created by sarif.py. Results that are duplicated across SARIF files are not currently checked.

To implement:

Compare results that match the same Artifact and Region (line+Optional[column] numbers). a. If they match the same ruleId, report and discard one (which?) b. If they don't, we should inspect and determine whether they report the same issue. If they do, create a grouping that correlates those rules with each other.

Ronoman commented 2 years ago

This is now partially implemented in sarif_helpers:find_duplicate_results. However, ruleId is not checked, only matching Artifact and Region fields for Results.