Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin Runner: Schema validation for findings #394

Merged
merged 6 commits into from
Dec 18, 2024
Merged

Plugin Runner: Schema validation for findings #394

merged 6 commits into from
Dec 18, 2024

Conversation

ZoogieZork
Copy link
Contributor

@ZoogieZork ZoogieZork commented Dec 17, 2024
edited
Loading

Description

Adds schema validation for the details field of plugin results.

The validation is now specified using JSON schemas. The results are somewhat less user-friendly, but in the future we may be able to sync it with the API spec.

Only the three finding types which are documented in plugins/README.md are included:

  • Secrets
  • Static Analysis
  • Vulnerability

As we fill-out our documentation of the plugin types, we will update the schemas as well.

Example output:

image

Motivation and Context

Enable debugging of plugin issues with the format of the findings which have caused runtime issues.

How Has This Been Tested?

Tested locally.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation change

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@ZoogieZork
Switch linter to use JSON schema.
8735732 
This is the start of validating the details of plugin results.

- Plugin type is now passed to the wrapper.
- Linter now relies on validating against a JSON schema. While the
  output isn't as user-friendly, it'll be easier to maintain long-term
  since we may be able to sync it with the API spec.
- Initial validation for static_analysis findings.
@ZoogieZork
Use plugin-type-specific finding schema.
6d59b5c
@ZoogieZork
Add schema for secrets findings.
d8c9328
@ZoogieZork
Add additional unit tests for findings.
bdb2ab1
@ZoogieZork
Don't report errors if there's no error.
26abae1
@ZoogieZork
Add note that the schemaRoot is just a name.
82e9f50
@ZoogieZork ZoogieZork marked this pull request as ready for review December 17, 2024 23:51
@ZoogieZork ZoogieZork requested a review from a team as a code owner December 17, 2024 23:51
mdfleury-wbd
mdfleury-wbd approved these changes Dec 18, 2024
View reviewed changes
Copy link
Contributor

@mdfleury-wbd mdfleury-wbd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't written enough Go to comment much there, but everything makes sense to me. Would it make sense to eventually convert plugin.sh to something else as that file is getting more complicated?

@ZoogieZork ZoogieZork merged commit 92efef6 into main Dec 18, 2024
6 checks passed
@ZoogieZork ZoogieZork deleted the zoogiezork/plugin-runner-lint-details branch December 18, 2024 15:02
@ZoogieZork ZoogieZork mentioned this pull request Dec 19, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdfleury-wbd mdfleury-wbd mdfleury-wbd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ZoogieZork @mdfleury-wbd