//== clang/Basic/Sarif.h - SARIF Diagnostics Object Model -------*- C++ -*--==// // // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. // See https://llvm.org/LICENSE.txt for license information. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // //===----------------------------------------------------------------------===// /// \file /// Defines clang::SarifDocumentWriter, clang::SarifRule, clang::SarifResult. /// /// The document built can be accessed as a JSON Object. /// Several value semantic types are also introduced which represent properties /// of the SARIF standard, such as 'artifact', 'result', 'rule'. /// /// A SARIF (Static Analysis Results Interchange Format) document is JSON /// document that describes in detail the results of running static analysis /// tools on a project. Each (non-trivial) document consists of at least one /// "run", which are themselves composed of details such as: /// * Tool: The tool that was run /// * Rules: The rules applied during the tool run, represented by /// \c reportingDescriptor objects in SARIF /// * Results: The matches for the rules applied against the project(s) being /// evaluated, represented by \c result objects in SARIF /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html">The SARIF standard</a> /// 2. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317836">SARIF<pre>reportingDescriptor</pre></a> /// 3. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317638">SARIF<pre>result</pre></a> //===----------------------------------------------------------------------===// #ifndef LLVM_CLANG_BASIC_SARIF_H #define LLVM_CLANG_BASIC_SARIF_H #include "clang/Basic/SourceLocation.h" #include "clang/Basic/Version.h" #include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/SmallVector.h" #include "llvm/ADT/StringMap.h" #include "llvm/ADT/StringRef.h" #include "llvm/Support/JSON.h" #include <cassert> #include <cstddef> #include <cstdint> #include <initializer_list> #include <optional> #include <string> namespace clang { class SarifDocumentWriter; class SourceManager; namespace detail { /// \internal /// An artifact location is SARIF's way of describing the complete location /// of an artifact encountered during analysis. The \c artifactLocation object /// typically consists of a URI, and/or an index to reference the artifact it /// locates. /// /// This builder makes an additional assumption: that every artifact encountered /// by \c clang will be a physical, top-level artifact. Which is why the static /// creation method \ref SarifArtifactLocation::create takes a mandatory URI /// parameter. The official standard states that either a \c URI or \c Index /// must be available in the object, \c clang picks the \c URI as a reasonable /// default, because it intends to deal in physical artifacts for now. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317427">artifactLocation object</a> /// 2. \ref SarifArtifact class SarifArtifactLocation { … }; /// \internal /// An artifact in SARIF is any object (a sequence of bytes) addressable by /// a URI (RFC 3986). The most common type of artifact for clang's use-case /// would be source files. SARIF's artifact object is described in detail in /// section 3.24. // /// Since every clang artifact MUST have a location (there being no nested /// artifacts), the creation method \ref SarifArtifact::create requires a /// \ref SarifArtifactLocation object. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317611">artifact object</a> class SarifArtifact { … }; } // namespace detail enum class ThreadFlowImportance { … }; /// The level of severity associated with a \ref SarifResult. /// /// Of all the levels, \c None is the only one that is not associated with /// a failure. /// /// A typical mapping for clang's DiagnosticKind to SarifResultLevel would look /// like: /// * \c None: \ref clang::DiagnosticsEngine::Level::Remark, \ref clang::DiagnosticsEngine::Level::Ignored /// * \c Note: \ref clang::DiagnosticsEngine::Level::Note /// * \c Warning: \ref clang::DiagnosticsEngine::Level::Warning /// * \c Error could be generated from one of: /// - \ref clang::DiagnosticsEngine::Level::Warning with \c -Werror /// - \ref clang::DiagnosticsEngine::Level::Error /// - \ref clang::DiagnosticsEngine::Level::Fatal when \ref clang::DiagnosticsEngine::ErrorsAsFatal is set. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648">level property</a> enum class SarifResultLevel { … }; /// A thread flow is a sequence of code locations that specify a possible path /// through a single thread of execution. /// A thread flow in SARIF is related to a code flow which describes /// the progress of one or more programs through one or more thread flows. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317744">threadFlow object</a> /// 2. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317740">codeFlow object</a> class ThreadFlow { … }; /// A SARIF Reporting Configuration (\c reportingConfiguration) object contains /// properties for a \ref SarifRule that can be configured at runtime before /// analysis begins. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317852">reportingConfiguration object</a> class SarifReportingConfiguration { … }; /// A SARIF rule (\c reportingDescriptor object) contains information that /// describes a reporting item generated by a tool. A reporting item is /// either a result of analysis or notification of a condition encountered by /// the tool. Rules are arbitrary but are identifiable by a hierarchical /// rule-id. /// /// This builder provides an interface to create SARIF \c reportingDescriptor /// objects via the \ref SarifRule::create static method. /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317836">reportingDescriptor object</a> class SarifRule { … }; /// A SARIF result (also called a "reporting item") is a unit of output /// produced when one of the tool's \c reportingDescriptor encounters a match /// on the file being analysed by the tool. /// /// This builder provides a \ref SarifResult::create static method that can be /// used to create an empty shell onto which attributes can be added using the /// \c setX(...) methods. /// /// For example: /// \code{.cpp} /// SarifResult result = SarifResult::create(...) /// .setRuleId(...) /// .setDiagnosticMessage(...); /// \endcode /// /// Reference: /// 1. <a href="https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317638">SARIF<pre>result</pre></a> class SarifResult { … }; /// This class handles creating a valid SARIF document given various input /// attributes. However, it requires an ordering among certain method calls: /// /// 1. Because every SARIF document must contain at least 1 \c run, callers /// must ensure that \ref SarifDocumentWriter::createRun is called before /// any other methods. /// 2. If SarifDocumentWriter::endRun is called, callers MUST call /// SarifDocumentWriter::createRun, before invoking any of the result /// aggregation methods such as SarifDocumentWriter::appendResult etc. class SarifDocumentWriter { … }; } // namespace clang #endif // LLVM_CLANG_BASIC_SARIF_H
Codebase Browser
llvm