Skip to content

Commit f5de8ff

Browse files
danmardanmar
committed
Fix #14006 (CI: use cppcheck sarif output in github)
1 parent 8f3d36a commit f5de8ff

2 files changed

Lines changed: 43 additions & 3 deletions

File tree

.github/workflows/selfcheck.yml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -187,3 +187,41 @@ jobs:
187187
with:
188188
name: Callgrind Output
189189
path: ./callgrind.*
190+
191+
build_extra: # extra warnings
192+
# certain suppressed warnings are saved in sarif report that is uploaded to github
193+
# to allow manual inspection
194+
# these warnings do not make CI red, by intention.
195+
# * tests the github integration
196+
# * more comfortable release procedure
197+
198+
strategy:
199+
fail-fast: false # Prefer quick result
200+
201+
runs-on: ubuntu-24.04
202+
203+
steps:
204+
- uses: actions/checkout@v4
205+
with:
206+
persist-credentials: false
207+
208+
- name: Build Cppcheck
209+
run: |
210+
make CXXFLAGS=-O2 MATCOMPILER=yes -j$(nproc)
211+
212+
- name: Run Cppcheck
213+
run: |
214+
./cppcheck -D__CPPCHECK__ -D__GNUC__ -DCHECK_INTERNAL -DHAVE_RULES --std=c++11 --library=cppcheck-lib --library=qt --enable=style --inconclusive --inline-suppr --suppress=useStlAlgorithm --suppress=*:externals/picojson.h --suppress=normalCheckLevelMaxBranches cli gui/*.cpp lib --output-format=sarif 2> results.sarif
215+
216+
- name: Results
217+
run: |
218+
cat results.sarif
219+
220+
- uses: actions/upload-artifact@v4
221+
with:
222+
name: results
223+
path: results.sarif
224+
225+
- uses: github/codeql-action/upload-sarif@v3
226+
with:
227+
sarif_file: results.sarif

cli/cppcheckexecutor.cpp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,7 +109,8 @@ namespace {
109109
// rule.properties.precision, rule.properties.problem.severity
110110
picojson::object properties;
111111
properties["precision"] = picojson::value(sarifPrecision(finding));
112-
double securitySeverity = 0;
112+
/* skipped: "security-severity" caused error when uploading to github
113+
double securitySeverity = 0;
113114
if (finding.severity == Severity::error && !ErrorLogger::isCriticalErrorId(finding.id))
114115
securitySeverity = 9.9; // We see undefined behavior
115116
//else if (finding.severity == Severity::warning)
@@ -119,6 +120,7 @@ namespace {
119120
const picojson::array tags{picojson::value("security")};
120121
properties["tags"] = picojson::value(tags);
121122
}
123+
*/
122124
rule["properties"] = picojson::value(properties);
123125
// rule.defaultConfiguration.level
124126
picojson::object defaultConfiguration;
@@ -139,8 +141,8 @@ namespace {
139141
artifactLocation["uri"] = picojson::value(location.getfile(false));
140142
physicalLocation["artifactLocation"] = picojson::value(artifactLocation);
141143
picojson::object region;
142-
region["startLine"] = picojson::value(static_cast<int64_t>(location.line));
143-
region["startColumn"] = picojson::value(static_cast<int64_t>(location.column));
144+
region["startLine"] = picojson::value(static_cast<int64_t>(std::max(1,location.line)));
145+
region["startColumn"] = picojson::value(static_cast<int64_t>(std::max(1U,location.column)));
144146
region["endLine"] = region["startLine"];
145147
region["endColumn"] = region["startColumn"];
146148
physicalLocation["region"] = picojson::value(region);

0 commit comments

Comments
 (0)