package sarif

  1. Overview
  2. Docs
Static Analysis Results Interchange Format (SARIF) Version 2.1.0

Install

Dune Dependency

Authors

Maintainers

Sources

0.2.0.tar.gz
md5=f6263adb6936d17de2df6a6717f06f90
sha512=e854558cbeb4566406c61f839fefa477d8c711c62910ae5eab388ace2e3e38ba255ba134ade7ae5a693211d41eccf220cc499332b01f890c0ac7f44328411f66

Description

Static Analysis Results Interchange Format (SARIF) Version 2.1.0

Tags

sarif

Published: 19 Jan 2024

README

README.md

API Documentation: https://gborough.github.io/sarif/sarif/sarif/index.html

SARIF(v2.1.0)

Reference implementation of the Static Analysis Results Interchange Format (SARIF) For OCaml, currently supporting version 2.1.0(latest: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html)

This library uses atdgen to generate ocaml types therefore familiarity with its naming and conversion convention is highly recommended

User Manual

Module organisation

The core type of sarif is: Sarif_v_2_1_0_t.sarif_json_schema

Sarif_v_2_1_0_t -> Generated ocaml types for all sarif objects and properties

Sarif_v_2_1_0_j -> Generated json helper functions for all relevant ocaml types

Sarif_v_2_1_0_v -> Generated validation functions for all relevant ocaml types

Sarif_v_2_1_0_util -> Utility functions which the validation functions rely on

Parsing example

Assume that a well-formed sarif json file "example.sarif" and we'd like to parse and print

open Core
open Sarif

let sarif_json = In_channel.read_all "example.sarif" in
let parsed_core_type = Sarif_v_2_1_0_j.sarif_json_schema_of_string sarif_json in
let core_type_string = Sarif_v_2_1_0_j.string_of_sarif_json_schema parsed_core_type in
print_endline core_type_string

Validation example

Assume that a malformed sarif json file "malformed.sarif" and we suspect the "runs" field is invalid

open Core
open Sarif

let sarif_json = In_channel.read_all "malformed.sarif" in
let parsed_core_type = Sarif_v_2_1_0_j.sarif_json_schema_of_string sarif_json in
let run = Sarif_v_2_1_0_j.string_of_run @@ List.hd_exn @@ parsed_core_type.runs in
let parsed_run = Sarif_v_2_1_0_j.run_of_string run in
let res = Sarif_v_2_1_0_util.validate_run parsed_run in
if res then print_endline "valid" else print_endline "invalid"

Or to validate payload via directly constructing the types with Sarif_v_2_1_0_t, we can use validation functions present in Sarif_v_2_1_0_v. Please refer to atdgen validation example(https://github.com/ahrefs/atd/tree/master/doc/atdgen-tutorial-data/validate)

License

This project is licensed under the MIT license.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in sarif by you, shall be licensed as MIT, without any additional terms or conditions.

Dependencies (11)

  1. uri >= "4.4.0"
  2. ppx_expect < "v0.17"
  3. ppx_deriving
  4. ppx_jane
  5. timedesc
  6. atdgen-runtime >= "2.12.0"
  7. atdgen >= "2.10.0"
  8. re2
  9. core
  10. dune >= "3.12"
  11. ocaml >= "4.14.0"

Dev Dependencies (1)

  1. odoc with-doc

Used by

None

Conflicts

None

OCaml

Innovation. Community. Security.