Fix #14009 (sarif: fix github upload errors)

danmar · danmar · commit 68a082c18186 · 2025-07-14T16:10:28.000+02:00
diff --git a/cli/cppcheckexecutor.cpp b/cli/cppcheckexecutor.cpp
@@ -115,7 +115,8 @@ namespace {
                     //else if (finding.severity == Severity::warning)
                     //    securitySeverity = 5.1; // We see potential undefined behavior
                     if (securitySeverity > 0.5) {
-                        properties["security-severity"] = picojson::value(securitySeverity);
+                        // skipped: "security-severity" caused error when uploading to github
+                        // properties["security-severity"] = picojson::value(securitySeverity);
                         const picojson::array tags{picojson::value("security")};
                         properties["tags"] = picojson::value(tags);
                     }
@@ -139,8 +140,8 @@ namespace {
                 artifactLocation["uri"] = picojson::value(location.getfile(false));
                 physicalLocation["artifactLocation"] = picojson::value(artifactLocation);
                 picojson::object region;
-                region["startLine"] = picojson::value(static_cast<int64_t>(location.line));
-                region["startColumn"] = picojson::value(static_cast<int64_t>(location.column));
+                region["startLine"] = picojson::value(static_cast<int64_t>(location.line < 1 ? 1 : location.line));
+                region["startColumn"] = picojson::value(static_cast<int64_t>(location.column < 1 ? 1 : location.column));
                 region["endLine"] = region["startLine"];
                 region["endColumn"] = region["startColumn"];
                 physicalLocation["region"] = picojson::value(region);
diff --git a/test/cli/helloworld_test.py b/test/cli/helloworld_test.py
@@ -373,7 +373,8 @@ def test_sarif():
     assert res['runs'][0]['results'][0]['ruleId'] == 'zerodiv'
     assert res['runs'][0]['tool']['driver']['rules'][0]['id'] == 'zerodiv'
     assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['precision'] == 'high'
-    assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['security-severity'] > 9.5
+    # github does not seem to handle "security-severity" well so it's not added
+    #assert res['runs'][0]['tool']['driver']['rules'][0]['properties']['security-severity'] > 9.5
     assert 'security' in res['runs'][0]['tool']['driver']['rules'][0]['properties']['tags']
     assert re.match(r'[0-9]+(.[0-9]+)+', res['runs'][0]['tool']['driver']['semanticVersion'])
     assert 'level' in res['runs'][0]['tool']['driver']['rules'][0]['defaultConfiguration'] # #13885
