Refactor script, update sarifs to with removed rules

Author: zhamborova

.github/actions/tool-tests/action.yml

@@ -0,0 +1,45 @@
+name: 'Tool Tests'
+description: 'Run tool tests with specified shell'
+
+inputs:
+  shell:
+    description: 'Shell to use (bash or wsl)'
+    required: true
+    default: 'bash'
+
+runs:
+  using: "composite"
+  steps:
+    - name: Run tool tests
+      id: run_tests
+      continue-on-error: true
+      shell: ${{ inputs.shell }}
+      run: |
+        # Make the script executable
+        chmod +x run-tool-tests.sh
+        
+        # Initialize failed tools file
+        rm -f /tmp/failed_tools.txt
+        touch /tmp/failed_tools.txt
+        
+        # Run tests for each tool directory
+        for tool_dir in plugins/tools/*/; do
+          tool_name=$(basename "$tool_dir")
+          if [ -d "$tool_dir/test/src" ]; then
+            echo "Running tests for $tool_name..."
+            ./run-tool-tests.sh "$tool_name" || {
+              echo "❌ Test failed for $tool_name"
+              echo "$tool_name" >> /tmp/failed_tools.txt
+            }
+          fi
+        done
+        
+        # Check if any tools failed
+        if [ -s /tmp/failed_tools.txt ] && [ "$(wc -l < /tmp/failed_tools.txt)" -gt 0 ]; then
+          echo -e "\n❌ The following tools failed their tests:"
+          cat /tmp/failed_tools.txt
+          echo "::error::Some tool tests failed. Please check the logs above for details."
+          exit 1
+        else
+          echo "✅ All tool tests passed successfully!"
+        fi 

.github/workflows/it-test.yml

@@ -68,7 +68,7 @@ jobs:
         if: matrix.os != 'windows-latest'
         run: chmod +x cli-v2
 
-      - name: Run init tests on Windows
+      - name: Run init tests on Windows native
         if: matrix.os == 'windows-latest'
         id: run_init_tests_windows
         continue-on-error: true
@@ -96,13 +96,13 @@ jobs:
 
       - name: Run tool tests on Unix
         if: matrix.os != 'windows-latest'
-        uses: ./.github/workflows/tool-tests.yml
+        uses: ./.github/actions/tool-tests
         with:
           shell: bash
 
-      - name: Run tool tests on Windows
+      - name: Run tool tests on Windows WSL
         if: matrix.os == 'windows-latest'
-        uses: ./.github/workflows/tool-tests.yml
+        uses: ./.github/actions/tool-tests
         with:
           shell: wsl
 

plugins/tools/codacy-enigma-cli/test/expected.sarif

@@ -5,7 +5,8 @@
     {
       "tool": {
         "driver": {
-          "name": "codacy-enigma-cli"
+          "name": "codacy-enigma-cli",
+          "rules": null
         }
       },
       "results": [

plugins/tools/dartanalyzer/test/expected.sarif

@@ -42,10 +42,11 @@
       ],
       "tool": {
         "driver": {
-          "name": "dartanalyzer"
+          "name": "dartanalyzer",
+          "rules": null
         }
       }
     }
   ],
   "version": "2.1.0"
-}
+}

plugins/tools/eslint/test/expected.sarif

@@ -44,11 +44,11 @@
         "driver": {
           "informationUri": "https://eslint.org",
           "name": "ESLint",
-          "rules": [],
+          "rules": null,
           "version": "8.57.0"
         }
       }
     }
   ],
   "version": "2.1.0"
-}
+}

plugins/tools/lizard/test/expected.sarif

@@ -8,52 +8,7 @@
           "name": "Lizard",
           "version": "1.17.10",
           "informationUri": "https://github.com/terryyin/lizard",
-          "rules": [
-            {
-              "id": "Lizard_ccn-medium",
-              "shortDescription": {
-                "text": "Check the Cyclomatic Complexity value of a function or logic block. If the threshold is not met, raise a Medium issue. The default threshold is 8."
-              },
-              "properties": {
-                "tags": [
-                  "warning"
-                ]
-              }
-            },
-            {
-              "id": "Lizard_file-nloc-medium",
-              "shortDescription": {
-                "text": "Check the number of lines of code (without comments) in a file. If the threshold is not met, raise a Medium issue. The default threshold is 500."
-              },
-              "properties": {
-                "tags": [
-                  "warning"
-                ]
-              }
-            },
-            {
-              "id": "Lizard_nloc-medium",
-              "shortDescription": {
-                "text": "Check the number of lines of code (without comments) in a function. If the threshold is not met, raise a Medium issue. The default threshold is 50."
-              },
-              "properties": {
-                "tags": [
-                  "warning"
-                ]
-              }
-            },
-            {
-              "id": "Lizard_parameter-count-medium",
-              "shortDescription": {
-                "text": "Check the number of parameters sent to a function. If the threshold is not met, raise a Medium issue. The default threshold is 8."
-              },
-              "properties": {
-                "tags": [
-                  "warning"
-                ]
-              }
-            }
-          ]
+          "rules": null
         }
       },
       "results": [

plugins/tools/pmd/test/expected.sarif

@@ -8,48 +8,7 @@
           "name": "PMD",
           "version": "6.55.0",
           "informationUri": "https://pmd.github.io/pmd/",
-          "rules": [
-            {
-              "id": "UnusedPrivateField",
-              "shortDescription": {
-                "text": "Avoid unused private fields such as 'unusedField'."
-              },
-              "fullDescription": {
-                "text": "\nDetects when a private field is declared and/or assigned a value, but not used.\n\nSince PMD 6.50.0 private fields are ignored, if the fields are annotated with any annotation or the\nenclosing class has any annotation. Annotations often enable a framework (such as dependency injection, mocking\nor e.g. Lombok) which use the fields by reflection or other means. This usage can't be detected by static code analysis.\nPreviously these frameworks where explicitly allowed by listing their annotations in the property\n\"ignoredAnnotations\", but that turned out to be prone of false positive for any not explicitly considered framework.\n        "
-              },
-              "helpUri": "https://pmd.github.io/pmd-6.55.0/pmd_rules_java_bestpractices.html#unusedprivatefield",
-              "help": {
-                "text": "\nDetects when a private field is declared and/or assigned a value, but not used.\n\nSince PMD 6.50.0 private fields are ignored, if the fields are annotated with any annotation or the\nenclosing class has any annotation. Annotations often enable a framework (such as dependency injection, mocking\nor e.g. Lombok) which use the fields by reflection or other means. This usage can't be detected by static code analysis.\nPreviously these frameworks where explicitly allowed by listing their annotations in the property\n\"ignoredAnnotations\", but that turned out to be prone of false positive for any not explicitly considered framework.\n        "
-              },
-              "properties": {
-                "ruleset": "Best Practices",
-                "priority": 3,
-                "tags": [
-                  "Best Practices"
-                ]
-              }
-            },
-            {
-              "id": "UnconditionalIfStatement",
-              "shortDescription": {
-                "text": "Do not use if statements that are always true or always false"
-              },
-              "fullDescription": {
-                "text": "\nDo not use \"if\" statements whose conditionals are always true or always false.\n        "
-              },
-              "helpUri": "https://pmd.github.io/pmd-6.55.0/pmd_rules_java_errorprone.html#unconditionalifstatement",
-              "help": {
-                "text": "\nDo not use \"if\" statements whose conditionals are always true or always false.\n        "
-              },
-              "properties": {
-                "ruleset": "Error Prone",
-                "priority": 3,
-                "tags": [
-                  "Error Prone"
-                ]
-              }
-            }
-          ]
+          "rules": null
         }
       },
       "results": [

plugins/tools/pylint/test/expected.sarif

@@ -1,5 +1,4 @@
 {
-  
   "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
   "version": "2.1.0",
   "runs": [
@@ -116,4 +115,4 @@
       ]
     }
   ]
-} 
+}

plugins/tools/semgrep/test/expected.sarif

@@ -188,92 +188,7 @@
       "tool": {
         "driver": {
           "name": "Semgrep OSS",
-          "rules": [
-            {
-              "defaultConfiguration": {
-                "level": "warning"
-              },
-              "fullDescription": {
-                "text": "Unsafe command execution with os.system"
-              },
-              "help": {
-                "markdown": "Unsafe command execution with os.system",
-                "text": "Unsafe command execution with os.system"
-              },
-              "id": "codacy.tools-configs.python.lang.security.audit.os-system.os-system",
-              "name": "codacy.tools-configs.python.lang.security.audit.os-system.os-system",
-              "properties": {
-                "precision": "very-high",
-                "tags": []
-              },
-              "shortDescription": {
-                "text": "Semgrep Finding: codacy.tools-configs.python.lang.security.audit.os-system.os-system"
-              }
-            },
-            {
-              "defaultConfiguration": {
-                "level": "warning"
-              },
-              "fullDescription": {
-                "text": "Unsafe deserialization with pickle"
-              },
-              "help": {
-                "markdown": "Unsafe deserialization with pickle",
-                "text": "Unsafe deserialization with pickle"
-              },
-              "id": "codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle",
-              "name": "codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle",
-              "properties": {
-                "precision": "very-high",
-                "tags": []
-              },
-              "shortDescription": {
-                "text": "Semgrep Finding: codacy.tools-configs.python.lang.security.audit.pickle.avoid-pickle"
-              }
-            },
-            {
-              "defaultConfiguration": {
-                "level": "warning"
-              },
-              "fullDescription": {
-                "text": "Hardcoded password detected"
-              },
-              "help": {
-                "markdown": "Hardcoded password detected",
-                "text": "Hardcoded password detected"
-              },
-              "id": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password",
-              "name": "codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password",
-              "properties": {
-                "precision": "very-high",
-                "tags": []
-              },
-              "shortDescription": {
-                "text": "Semgrep Finding: codacy.tools-configs.python.lang.security.audit.hardcoded-password.hardcoded-password"
-              }
-            },
-            {
-              "defaultConfiguration": {
-                "level": "warning"
-              },
-              "fullDescription": {
-                "text": "Unsafe command execution with shell=True"
-              },
-              "help": {
-                "markdown": "Unsafe command execution with shell=True",
-                "text": "Unsafe command execution with shell=True"
-              },
-              "id": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true",
-              "name": "codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true",
-              "properties": {
-                "precision": "very-high",
-                "tags": []
-              },
-              "shortDescription": {
-                "text": "Semgrep Finding: codacy.tools-configs.python.lang.security.audit.subprocess-shell-true.subprocess-shell-true"
-              }
-            }
-          ],
+          "rules": null,
           "semanticVersion": "1.78.0"
         }
       }

plugins/tools/trivy/test/expected.sarif

@@ -8,35 +8,7 @@
           "fullName": "Trivy Vulnerability Scanner",
           "informationUri": "https://github.com/aquasecurity/trivy",
           "name": "Trivy",
-          "rules": [
-            {
-              "id": "CVE-2024-21538",
-              "name": "LanguageSpecificPackageVulnerability",
-              "shortDescription": {
-                "text": "cross-spawn: regular expression denial of service"
-              },
-              "fullDescription": {
-                "text": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string."
-              },
-              "defaultConfiguration": {
-                "level": "error"
-              },
-              "helpUri": "https://avd.aquasec.com/nvd/cve-2024-21538",
-              "help": {
-                "text": "Vulnerability CVE-2024-21538\nSeverity: HIGH\nPackage: cross-spawn\nFixed Version: 7.0.5, 6.0.6\nLink: [CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)\nVersions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.",
-                "markdown": "**Vulnerability CVE-2024-21538**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|cross-spawn|7.0.5, 6.0.6|[CVE-2024-21538](https://avd.aquasec.com/nvd/cve-2024-21538)|\n\nVersions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string."
-              },
-              "properties": {
-                "precision": "very-high",
-                "security-severity": "7.5",
-                "tags": [
-                  "vulnerability",
-                  "security",
-                  "HIGH"
-                ]
-              }
-            }
-          ],
+          "rules": null,
           "version": "0.59.1"
         }
       },