Skip to content

Commit d68e270

Browse files
author
Dave Bartolomeo
committed
Add some basic validation when parsing SARIF
This is roughly equivalent to the validation we had before, when we were only including `runs.0.results`.
1 parent 97b9c43 commit d68e270

File tree

1 file changed

+11
-1
lines changed

1 file changed

+11
-1
lines changed

extensions/ql-vscode/src/common/sarif-parser.ts

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,17 @@ export async function sarifParser(
4040
});
4141

4242
asm.on("done", (asm) => {
43-
const log: Log = asm.current;
43+
const log = asm.current;
44+
45+
// Do some trivial validation. This isn't a full validation of the SARIF file, but it's at
46+
// least enough to ensure that we're not trying to parse complete garbage later.
47+
if (log.runs === undefined || log.runs.length < 1) {
48+
reject(
49+
new Error(
50+
"Invalid SARIF file: expecting at least one run with result.",
51+
),
52+
);
53+
}
4454

4555
resolve(log);
4656
alreadyDone = true;

0 commit comments

Comments
 (0)