1#!/usr/bin/env python3 2 3import json 4import sys 5 6# Return whether SARIF file contains error-level results 7def codeql_sarif_contain_error(filename): 8 with open(filename, 'r') as f: 9 s = json.load(f) 10 11 for run in s.get('runs', []): 12 rules_metadata = run['tool']['driver']['rules'] 13 if not rules_metadata: 14 rules_metadata = run['tool']['extensions'][0]['rules'] 15 16 for res in run.get('results', []): 17 if 'ruleIndex' in res: 18 rule_index = res['ruleIndex'] 19 elif 'rule' in res and 'index' in res['rule']: 20 rule_index = res['rule']['index'] 21 else: 22 continue 23 try: 24 rule_level = rules_metadata[rule_index]['defaultConfiguration']['level'] 25 except IndexError as e: 26 print(e, rule_index, len(rules_metadata)) 27 else: 28 if rule_level == 'error': 29 return True 30 return False 31 32if __name__ == "__main__": 33 if codeql_sarif_contain_error(sys.argv[1]): 34 sys.exit(1) 35
