feature request: parse clang-tidy "note" messages and add them to SARIF output

Question

feature request: parse clang-tidy "note" messages and add them to SARIF output

igrr opened this issue 2 years ago · 2 comments

When clang-tidy produces a warning, it sometimes adds multiple "note" lines which explain why the warning is emitted. This can help the developer understand the conditions which lead to a particular issue.

Example:

src/arg_dstr.c:307:9: warning: Null pointer passed as 1st argument to string copy function [clang-analyzer-unix.cstring.NullArg]
        strcpy(ds->append_data, ds->data);
        ^
/Library/Developer/CommandLineTools/SDKs/MacOSX12.3.sdk/usr/include/secure/_string.h:84:3: note: expanded from macro 'strcpy'
                __builtin___strcpy_chk (dest, __VA_ARGS__, __darwin_obsz (dest))
                ^
src/arg_dstr.c:181:5: note: Calling 'setup_append_buf'
    setup_append_buf(ds, 2);
    ^~~~~~~~~~~~~~~~~~~~~~~
src/arg_dstr.c:268:9: note: Assuming field 'data' is not equal to field 'append_data'
    if (ds->data != ds->append_data) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
src/arg_dstr.c:268:5: note: Taking true branch
    if (ds->data != ds->append_data) {
    ^
src/arg_dstr.c:274:13: note: Assuming field 'append_data_size' is > 500
        if (ds->append_data_size > 500) {
            ^~~~~~~~~~~~~~~~~~~~~~~~~~
src/arg_dstr.c:274:9: note: Taking true branch
        if (ds->append_data_size > 500) {
        ^
src/arg_dstr.c:276:13: note: Null pointer value stored to field 'append_data'
            ds->append_data = NULL;
            ^~~~~~~~~~~~~~~~~~~~~~
src/arg_dstr.c:290:9: note: Assuming 'total_space' is < field 'append_data_size'
    if (total_space >= ds->append_data_size) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/arg_dstr.c:290:5: note: Taking false branch
    if (total_space >= ds->append_data_size) {
    ^
src/arg_dstr.c:306:20: note: Field 'data' is not equal to field 'append_data'
    } else if (ds->data != ds->append_data) {
                   ^
src/arg_dstr.c:306:12: note: Taking true branch
    } else if (ds->data != ds->append_data) {
           ^
src/arg_dstr.c:307:9: note: Null pointer passed as 1st argument to string copy function
        strcpy(ds->append_data, ds->data);
        ^
/Library/Developer/CommandLineTools/SDKs/MacOSX12.3.sdk/usr/include/secure/_string.h:84:3: note: expanded from macro 'strcpy'
                __builtin___strcpy_chk (dest, __VA_ARGS__, __darwin_obsz (dest))
                ^                       ~~~~

Currently clang_tidy converter only parses the warning/error/info lines. The feature request is to parse these note lines and include them in SARIF output, attached to the warning/error they are related to.

If such feature can be accepted, I can try to make a PR implementing it.

Answer 1 · 2022-11-07T07:42:30.000Z

@igrr generally this seems like a good idea to me and open to contributions.

i guess some questions:

What SARIF field(s) do you think this should go into?
Would we want sarif-fmt to be able to print these out also? If it's not in the (admittedly pretty basic fields that sarif-fmt understands, we'd need to update it)

Answer 2 · 2023-02-26T09:34:53.000Z

Looking at the docs and the examples, looks like this should go into the relatedLocations field which is already handled by sarif-fmt.