Add coverity parser

[josejobin45]

Hi,

Could you add support for Coverity report (JSON v7) files. I am adding a type script which provides the type of data structure it has.

export interface CoverityIssuesView {
  type: string
  formatVersion: number
  suppressedIssueCount: number
  issues: IssueOccurrence[]
  error?: Error
  warnings: Error[]
  desktopAnalysisSettings: DesktopAnalysisSettings
}

// Issues

export interface IssueOccurrence {
  mergeKey: string
  occurrenceCountForMK: number
  occurrenceNumberInMK: number
  referenceOccurrenceCountForMK: number
  checkerName: string
  subcategory: string
  type: string
  subtype: string
  extra: string
  domain: string
  language?: string
  'code-language'?: string
  mainEventFilePathname: string
  mainEventLineNumber: number
  properties: Map<string, string> | any
  functionDisplayName?: string
  functionMangledName?: string
  localStatus?: string
  ordered: boolean
  events: Event[]
  checkerProperties?: CheckerProperties
  stateOnServer?: StateOnServer
}

export interface Event {
  covLStrEventDescription: string
  eventDescription: string
  eventNumber: number
  eventTreePosition: string
  eventSet: number
  eventTag: string
  filePathname: string
  strippedFilePathname: string
  lineNumber: number
  main: boolean
  moreInformationId?: string
  remediation: boolean
  events?: Event[]
}

export interface CheckerProperties {
  category: string
  categoryDescription: string
  cweCategory: string
  issueKinds: string[]
  eventSetCaptions: string[]
  impact: string
  impactDescription: string
  subcategoryLocalEffect: string
  subcategoryLongDescription: string
  subcategoryShortDescription: string
  MISRACategory?: string
}

export interface StateOnServer {
  cid: number
  presentInReferenceSnapshot: boolean
  firstDetectedDateTime: string
  stream: string
  components: string[]
  componentOwners?: any
  cached: boolean
  retrievalDateTime: string
  ownerLdapServerName: string
  triage: Triage
  customTriage: CustomTriage
}

export interface Triage {
  classification: string
  action: string
  fixTarget: string
  severity: string
  legacy: string
  owner: string
  externalReference: string
}

export interface CustomTriage {
  // set of key-value pairs
}

// Error/Warnings

export interface Error {
  errorType: string
  errorSubType: string
  errorMessage: any
  // ... other errorType-specific attributes ...
}

// Desktop Analysis Settings

export interface DesktopAnalysisSettings {
  analysisDateTime: string
  covRunDesktopArgs: string[]
  effectiveStripPaths: string[]
  analysisScopePathnames: string[]
  strippedAnalysisScopePathnames: string[]
  auxiliaryScopePathnames: string[]
  strippedAuxiliaryScopePathnames: string[]
  relativeTo?: string
  intermediateDir: string
  effectiveAnalysisSettings: PortableAnalysisSettings
  referenceSnapshot?: ReferenceSnapshotDetails
}

export interface ReferenceSnapshotDetails {
  snapshotId: number
  codeVersionDateTime: string
  description: string
  version: string
  analysisVersion: string
  analysisVersionOverride: string
  target: string
  analysisSettings: PortableAnalysisSettings
}

export interface PortableAnalysisSettings {
  covAnalyzeArgs: string[]
  fbExcludeConfigurations: string[]
  fbIncludeConfiguration: string
  fileCheckerOptions: FileCheckerOption[]
}

export interface FileCheckerOption {
  checkerName: string
  optionName: string
  fileContents: string
}```

PS: I got the type script from Coverity Report For v7 JSON Output GitHub plugin

[tomasbjerre]

I need an example report file

[josejobin45]

Here you go. This is an example JSON format.

{
  "type": "Coverity issues",
  "formatVersion": 7,
  "suppressedIssueCount": 0,
  "issues": [
    {
      "mergeKey": "example_merge_key",
      "occurrenceCountForMK": 1,
      "occurrenceNumberInMK": 1,
      "referenceOccurrenceCountForMK": null,
      "checkerName": "example_checker_name",
      "subcategory": "example_subcategory",
      "type": "example_type",
      "subtype": "example_subtype",
      "code-language": "example_code_language",
      "extra": "example_extra",
      "domain": "example_domain",
      "language": "example_language",
      "mainEventFilePathname": "example_file_path",
      "strippedMainEventFilePathname": "example_stripped_file_path",
      "mainEventLineNumber": 123,
      "properties": {},
      "functionDisplayName": "example_function_display_name",
      "functionMangledName": "example_function_mangled_name",
      "localStatus": null,
      "ordered": false,
      "events": [
        {
          "covLStrEventDescription": "example_event_description",
          "eventDescription": "example_event_description",
          "eventNumber": 1,
          "eventTreePosition": "1",
          "eventSet": 0,
          "eventTag": "example_event_tag",
          "filePathname": "example_file_path",
          "strippedFilePathname": "example_stripped_file_path",
          "lineNumber": 123,
          "main": true,
          "moreInformationId": null,
          "remediation": false,
          "events": null
        }
      ],
      "stateOnServer": null,
      "checkerProperties": {
        "category": "example_category",
        "categoryDescription": "example_category_description",
        "cweCategory": "example_cwe_category",
        "issueKinds": [
          "example_issue_kind"
        ],
        "eventSetCaptions": [],
        "impact": "example_impact",
        "impactDescription": "example_impact_description",
        "subcategoryLocalEffect": "example_subcategory_local_effect",
        "subcategoryShortDescription": "example_subcategory_short_description",
        "subcategoryLongDescription": "example_subcategory_long_description"
      }
    }
  ],
  "desktopAnalysisSettings": null,
  "error": null,
  "warnings": []
}

[tomasbjerre]

I dont see any obvious mapping to the Violation model used by this library. It would perhaps be easier to see if the example was not so anonymous.

[josejobin45]

Sorry for the late reply. Will this JSON help?

{
"type" : "Coverity issues",
  "formatVersion" : 7,
  "suppressedIssueCount" : 0,
  "issues" : [
    {
      "mergeKey" : "884ed7531feed32eb916d9038a3b9bd6",
      "occurrenceCountForMK" : 1,
      "occurrenceNumberInMK" : 1,
      "referenceOccurrenceCountForMK" : null,
      "checkerName" : "CONSTANT_EXPRESSION_RESULT",
      "subcategory" : "bit_and_with_zero",
      "type" : "constant_expression_result",
      "subtype" : "bit_and_with_zero",
      "code-language" : "c#",
      "extra" : "status",
      "domain" : "STATIC_CS",
      "language" : "C#",
      "mainEventFilePathname" : "C:\\Workspace\\workspace\\Build_jenkins_development\\somefile.cs",
      "strippedMainEventFilePathname" : "\\workspace\\Build_jenkins_development\\Architecture\\somefile.cs",
      "mainEventLineNumber" : 79,
      "properties" : {},
      "functionDisplayName" : "somename",
      "functionMangledName" : "somename",
      "localStatus" : null,
      "ordered" : false,
      "events" : [
        {
          "covLStrEventDescription" : "{CovLStrv2{{t{{0} is always 0.}{{code{status & System.Printing.PrintJobStatus.None}}}}{t{ This occurs as a value.}}}}",
          "eventDescription" : "\"status & System.Printing.PrintJobStatus.None\" is always 0. This occurs as a value.",
          "eventNumber" : 1,
          "eventTreePosition" : "1",
          "eventSet" : 0,
          "eventTag" : "bit_and_with_zero",
          "filePathname" : "C:\\Workspace\\workspace\\Build_jenkins_development\\somefile.cs",
          "strippedFilePathname" : "\\workspace\\Build_jenkins_development\\Architecture\\somefile.cs",
          "lineNumber" : 79,
          "main" : true,
          "moreInformationId" : null,
          "remediation" : false,
          "events" : null
        }
      ],
      "stateOnServer" : null,
      "checkerProperties" : {
        "category" : "Integer handling issues",
        "categoryDescription" : "Integer handling issues",
        "cweCategory" : "569",
        "issueKinds" : [
          "QUALITY"
        ],
        "eventSetCaptions" : [],
        "impact" : "Medium",
        "impactDescription" : "Medium",
        "subcategoryLocalEffect" : "The expression's value is always zero; construct may indicate an inadvertent logic error.",
        "subcategoryShortDescription" : "Bitwise-and with zero",
        "subcategoryLongDescription" : "Bitwise-and ('&') operation applied to zero always produces zero"
      }
    }
   ]  
  "desktopAnalysisSettings" : null,
  "error" : null,
  "warnings" : []
} 

Alternatively I could convert the JSON to below format

{

    "Type": "coverity issues",

    "issues": [

        {

            "fileName": "test.xml",

            "severity": "ERROR",

            "lineStart": 110,

            "lineEnd": 111,

            "columnStart": 210,

            "columnEnd": 220,

            "message": "some message",

            "description": "some description"

        }

   ]

}

But I believe you are against implementing a generic parser. Is there a workaround ?

[josejobin45]

Do you have any suggestions on other parsers to which I can convert these results?

[tomasbjerre]

How would you construct the "some message" string?

[josejobin45]

Right now i am using "issue.checkerProperties.subcategoryLocalEffect" for it For description "issue.checkerProperties.subcategoryLongDescription" For category "issue.checkerProperties.category" For filename "issue.mainEventFilePathname" For severity "issue.checkerProperties.impact"

[josejobin45]

If it's too much effort, could you suggest alternative parsers.

[tomasbjerre]

Can you take a look at this: https://github.com/tomasbjerre/violations-lib/pull/187

Is that good?

[josejobin45]

Yes, This looks good. Thanks

[tomasbjerre]

Ok, releasing it now.