Add some basic validation when parsing SARIF

Dave Bartolomeo · Dave Bartolomeo · commit d68e270e905d · 2024-07-19T16:46:03.000-04:00
This is roughly equivalent to the validation we had before, when we were only including `runs.0.results`.
diff --git a/extensions/ql-vscode/src/common/sarif-parser.ts b/extensions/ql-vscode/src/common/sarif-parser.ts
@@ -40,7 +40,17 @@ export async function sarifParser(
       });
 
       asm.on("done", (asm) => {
-        const log: Log = asm.current;
+        const log = asm.current;
+
+        // Do some trivial validation. This isn't a full validation of the SARIF file, but it's at
+        // least enough to ensure that we're not trying to parse complete garbage later.
+        if (log.runs === undefined || log.runs.length < 1) {
+          reject(
+            new Error(
+              "Invalid SARIF file: expecting at least one run with result.",
+            ),
+          );
+        }
 
         resolve(log);
         alreadyDone = true;
