From aec607b30f7a03729b5a21947ad62fa60f9cb9e2 Mon Sep 17 00:00:00 2001 From: Yoann Padioleau Date: Mon, 13 Jan 2025 08:53:10 +0100 Subject: [PATCH] cleanup semgrep ci config section (#334) test plan: make - [x] I ran `make setup && make` to update the generated code after editing a `.atd` file (TODO: have a CI check) - [x] I made sure we're still backward compatible with old versions of the CLI. For example, the Semgrep backend need to still be able to *consume* data generated by Semgrep 1.50.0. See https://atd.readthedocs.io/en/latest/atdgen-tutorial.html#smooth-protocol-upgrades Note that the types related to the semgrep-core JSON output or the semgrep-core RPC do not need to be backward compatible! Co-authored-by: pad --- semgrep_output_v1.atd | 179 +++++++++--------- semgrep_output_v1.jsonschema | 180 +++++++++--------- semgrep_output_v1.proto | 90 ++++----- semgrep_output_v1.py | 8 +- semgrep_output_v1.ts | 352 +++++++++++++++++------------------ semgrep_output_v1_j.ml | 142 +++++++------- semgrep_output_v1_j.mli | 4 +- 7 files changed, 477 insertions(+), 478 deletions(-) diff --git a/semgrep_output_v1.atd b/semgrep_output_v1.atd index e9b9a9e..f25c999 100644 --- a/semgrep_output_v1.atd +++ b/semgrep_output_v1.atd @@ -1120,13 +1120,12 @@ type killing_parent = { * types used to communicate with the Semgrep backend and are not meant * to be consumed directly by Semgrep users or tools wrapping Semgrep. * - * The sequence of HTTP requests is mostly: - * - /deployments/current with token + * The sequence of HTTP requests for 'semgrep ci' is mostly: + * - /api/agent/deployments/current with token * and response with deployment name in a deployment config - * - /deployments/scans when starting a scan, with information about the project - * and response with scan_id - * - /scans//config to request the scan config - * and response with scan_config including the rules to use + * (TODO? get rid of this one? useful?) + * - /api/cli/scans when starting a scan, with information about the project + * and response with scan_id and scan_config including the rules to use * - /results to send the findings to the backend * and response with errors and task_id * - /complete when done, with the exit code and a few more information @@ -1186,7 +1185,7 @@ type action = [ ] (* ----------------------------- *) -(* CI Configuration *) +(* CI configurations *) (* ----------------------------- *) (* Response by the backend to the CLI to the POST deployments/current *) @@ -1222,21 +1221,16 @@ type ci_config_from_repo = { (* ex: "webapp" *) type tag = string -(* Response by the backend to the CLI to the POST /scans//config *) +(* Response by the backend to the CLI to the POST deployments/scans/config + * DEPRECATED? seems to be used only by semgrep lsp. + *) type scan_config = { - (* TODO: remove deployment_id + deployment_name from here, instead this - * will be in scan_response.scan_info - *) deployment_id: int; deployment_name: string; (* ex: "audit", "comment", "block" TODO use enum? TODO: seems dead *) policy_names: string list; (* rules raw content in JSON format (but still sent as a string) *) rule_config: string; - (* since 1.47.0 but not created by the backend (nor used by the CLI) *) - ?ci_config_from_cloud: ci_config_from_cloud option; - - (* Deprecated: should rely on ci_config_from_cloud instead *) inherit features; inherit triage_ignored; (* glob patterns *) @@ -1245,8 +1239,70 @@ type scan_config = { ?enabled_products: product list option; (* since 1.64.0 *) ~actions: action list; + (* since 1.47.0 but not created by the backend (nor used by the CLI) *) + ?ci_config_from_cloud: ci_config_from_cloud option; } +(* Response from the backend to the CLI to the POST /api/cli/scans *) +type scan_response = { + info: scan_info; + config: scan_configuration; + engine_params: engine_configuration; + (* TODO: ~actions: action list; *) +} + +(* meta info about the scan *) +type scan_info = { + ?id: int option; (* the scan id, null for dry-runs *) + enabled_products: product list; + (* redundant with deployment_config? + * TODO? remove the intermediate call to get the deployment and + * start a scan to /api/cli/scans/ without first accessing + * api/agent/deployments/current? + *) + deployment_id: int; + deployment_name: string; +} + +(* config specific to the scan, eg *) +type scan_configuration = { + rules: raw_json; (* can we type this better *) + inherit triage_ignored; +} + +(* settings for the cli *) +type engine_configuration = { + inherit features; + (* TODO? glob list? fpath list? *) + ~ignored_files: string list; + (* from 1.71.0 *) + ?product_ignored_files: product_ignored_files option; + (* for features we only want to turn on for select customers *) + ~generic_slow_rollout: bool; + (* from 1.63.0 *) + ?historical_config: historical_configuration option; + (* from 1.93. + * Indicate that fail-open should always be enabled, overriding the CLI flag. + * coupling: server/semgrep_app/saas/models/deployment_products_mixin.py + *) + ~always_suppress_errors: bool; +} + +type glob = string + +type product_ignored_files = (product * glob list) list + (* We omit the usual otherwise we get a + * "keys must be strings" error *) + + +(* configuration for scanning version control history, + * e.g., looking back at past git commits for committed credentials which may + * have been removed *) +type historical_configuration = { + enabled: bool; + ?lookback_days: int option; +} + (* ----------------------------- *) (* CI Deployment response *) (* ----------------------------- *) @@ -1258,13 +1314,27 @@ type deployment_response = { (* CI Scan request *) (* ----------------------------- *) +(* Sent by the CLI to the POST /api/cli/scans to create a scan. *) +type scan_request = { + (* added in 1.43 as options, and mandatory since 1.100.0 (replacing meta) *) + project_metadata: project_metadata; + scan_metadata: scan_metadata; + + (* added in 1.43 *) + ?project_config: ci_config_from_repo option; + + (* deprecated: moved as an option in 1.100.0 and was duplicative of + * information in project_metadata and scan_metadata since 1.43.0 + * old: 'meta: project_metadata;' before 1.43 + *) + ?meta: raw_json option; +} + (* Collect information about a project from the environment, filesystem, * git repo, etc. * See also semgrep_metrics.atd and PRIVACY.md - * - * TODO: - * - we could split it in different parts and use inherit to make things clearer - * (while still being backward compatible) + * TODO: we could split it in different parts and use inherit to make things + * clearer (while still being backward compatible) *) type project_metadata = { (* TODO: deprecate in favor of scan_metadata.cli_version *) @@ -1353,77 +1423,6 @@ type scan_metadata = { ?sms_scan_id: string option; } -(* Sent by the CLI to the POST /api/cli/scans to create a scan. *) -type scan_request = { - (* added in 1.43 as options, and mandatory since 1.100.0 (replacing meta) *) - project_metadata: project_metadata; - scan_metadata: scan_metadata; - - (* added in 1.43 *) - ?project_config: ci_config_from_repo option; - - (* deprecated: moved as an option in 1.100.0 and was duplicative of - * information in project_metadata and scan_metadata since 1.43.0 - * old: 'meta: project_metadata;' before 1.43 - *) - ?meta: raw_json option; -} - -(* Response from the backend to the CLI to the POST /api/cli/scans *) -type scan_response = { - info: scan_info; - config: scan_configuration; - engine_params: engine_configuration; -} - -(* meta info about the scan *) -type scan_info = { - ?id: int option; (* the scan id, null for dry-runs *) - enabled_products: product list; - deployment_id: int; - deployment_name: string; -} - - - -(* config specific to the scan, eg *) -type scan_configuration = { - rules: raw_json; (* can we type this better *) - inherit triage_ignored; -} - -(* configuration for scanning version control history, - * e.g., looking back at past git commits for committed credentials which may - * have been removed *) -type historical_configuration = { - enabled: bool; - ?lookback_days: int option; -} - -type glob = string - -type product_ignored_files = (product * glob list) list - (* We omit the usual otherwise we get a - * "keys must be strings" error *) - - -(* settings for the cli *) -type engine_configuration = { - inherit features; - ~ignored_files: string list; - (* from 1.71.0 *) - ?product_ignored_files: product_ignored_files option; - (* for features we only want to turn on for select customers *) - ~generic_slow_rollout: bool; - (* from 1.63.0 *) - ?historical_config: historical_configuration option; - (* from 1.93. - * Indicate that fail-open should always be enabled, overriding the CLI flag. - * coupling: server/semgrep_app/saas/models/deployment_products_mixin.py - *) - ~always_suppress_errors: bool; -} - (* ----------------------------- *) (* Findings *) (* ----------------------------- *) diff --git a/semgrep_output_v1.jsonschema b/semgrep_output_v1.jsonschema index 2368698..508773e 100644 --- a/semgrep_output_v1.jsonschema +++ b/semgrep_output_v1.jsonschema @@ -928,9 +928,6 @@ "deployment_name": { "type": "string" }, "policy_names": { "type": "array", "items": { "type": "string" } }, "rule_config": { "type": "string" }, - "ci_config_from_cloud": { - "$ref": "#/definitions/ci_config_from_cloud" - }, "autofix": { "type": "boolean" }, "deepsemgrep": { "type": "boolean" }, "dependency_query": { "type": "boolean" }, @@ -951,9 +948,89 @@ "actions": { "type": "array", "items": { "$ref": "#/definitions/action" } + }, + "ci_config_from_cloud": { + "$ref": "#/definitions/ci_config_from_cloud" } } }, + "scan_response": { + "type": "object", + "required": [ "info", "config", "engine_params" ], + "properties": { + "info": { "$ref": "#/definitions/scan_info" }, + "config": { "$ref": "#/definitions/scan_configuration" }, + "engine_params": { "$ref": "#/definitions/engine_configuration" } + } + }, + "scan_info": { + "type": "object", + "required": [ "enabled_products", "deployment_id", "deployment_name" ], + "properties": { + "id": { "type": "integer" }, + "enabled_products": { + "type": "array", + "items": { "$ref": "#/definitions/product" } + }, + "deployment_id": { "type": "integer" }, + "deployment_name": { "type": "string" } + } + }, + "scan_configuration": { + "type": "object", + "required": [ "rules" ], + "properties": { + "rules": { "$ref": "#/definitions/raw_json" }, + "triage_ignored_syntactic_ids": { + "type": "array", + "items": { "type": "string" } + }, + "triage_ignored_match_based_ids": { + "type": "array", + "items": { "type": "string" } + } + } + }, + "engine_configuration": { + "type": "object", + "required": [], + "properties": { + "autofix": { "type": "boolean" }, + "deepsemgrep": { "type": "boolean" }, + "dependency_query": { "type": "boolean" }, + "path_to_transitivity": { "type": "boolean" }, + "ignored_files": { "type": "array", "items": { "type": "string" } }, + "product_ignored_files": { + "$ref": "#/definitions/product_ignored_files" + }, + "generic_slow_rollout": { "type": "boolean" }, + "historical_config": { + "$ref": "#/definitions/historical_configuration" + }, + "always_suppress_errors": { "type": "boolean" } + } + }, + "glob": { "type": "string" }, + "product_ignored_files": { + "type": "array", + "items": { + "type": "array", + "minItems": 2, + "items": false, + "prefixItems": [ + { "$ref": "#/definitions/product" }, + { "type": "array", "items": { "$ref": "#/definitions/glob" } } + ] + } + }, + "historical_configuration": { + "type": "object", + "required": [ "enabled" ], + "properties": { + "enabled": { "type": "boolean" }, + "lookback_days": { "type": "integer" } + } + }, "deployment_response": { "type": "object", "required": [ "deployment" ], @@ -961,6 +1038,16 @@ "deployment": { "$ref": "#/definitions/deployment_config" } } }, + "scan_request": { + "type": "object", + "required": [ "project_metadata", "scan_metadata" ], + "properties": { + "project_metadata": { "$ref": "#/definitions/project_metadata" }, + "scan_metadata": { "$ref": "#/definitions/scan_metadata" }, + "project_config": { "$ref": "#/definitions/ci_config_from_repo" }, + "meta": { "$ref": "#/definitions/raw_json" } + } + }, "project_metadata": { "type": "object", "required": [ @@ -1015,93 +1102,6 @@ "sms_scan_id": { "type": "string" } } }, - "scan_request": { - "type": "object", - "required": [ "project_metadata", "scan_metadata" ], - "properties": { - "project_metadata": { "$ref": "#/definitions/project_metadata" }, - "scan_metadata": { "$ref": "#/definitions/scan_metadata" }, - "project_config": { "$ref": "#/definitions/ci_config_from_repo" }, - "meta": { "$ref": "#/definitions/raw_json" } - } - }, - "scan_response": { - "type": "object", - "required": [ "info", "config", "engine_params" ], - "properties": { - "info": { "$ref": "#/definitions/scan_info" }, - "config": { "$ref": "#/definitions/scan_configuration" }, - "engine_params": { "$ref": "#/definitions/engine_configuration" } - } - }, - "scan_info": { - "type": "object", - "required": [ "enabled_products", "deployment_id", "deployment_name" ], - "properties": { - "id": { "type": "integer" }, - "enabled_products": { - "type": "array", - "items": { "$ref": "#/definitions/product" } - }, - "deployment_id": { "type": "integer" }, - "deployment_name": { "type": "string" } - } - }, - "scan_configuration": { - "type": "object", - "required": [ "rules" ], - "properties": { - "rules": { "$ref": "#/definitions/raw_json" }, - "triage_ignored_syntactic_ids": { - "type": "array", - "items": { "type": "string" } - }, - "triage_ignored_match_based_ids": { - "type": "array", - "items": { "type": "string" } - } - } - }, - "historical_configuration": { - "type": "object", - "required": [ "enabled" ], - "properties": { - "enabled": { "type": "boolean" }, - "lookback_days": { "type": "integer" } - } - }, - "glob": { "type": "string" }, - "product_ignored_files": { - "type": "array", - "items": { - "type": "array", - "minItems": 2, - "items": false, - "prefixItems": [ - { "$ref": "#/definitions/product" }, - { "type": "array", "items": { "$ref": "#/definitions/glob" } } - ] - } - }, - "engine_configuration": { - "type": "object", - "required": [], - "properties": { - "autofix": { "type": "boolean" }, - "deepsemgrep": { "type": "boolean" }, - "dependency_query": { "type": "boolean" }, - "path_to_transitivity": { "type": "boolean" }, - "ignored_files": { "type": "array", "items": { "type": "string" } }, - "product_ignored_files": { - "$ref": "#/definitions/product_ignored_files" - }, - "generic_slow_rollout": { "type": "boolean" }, - "historical_config": { - "$ref": "#/definitions/historical_configuration" - }, - "always_suppress_errors": { "type": "boolean" } - } - }, "finding": { "type": "object", "required": [ diff --git a/semgrep_output_v1.proto b/semgrep_output_v1.proto index e8a7ab5..9396e90 100644 --- a/semgrep_output_v1.proto +++ b/semgrep_output_v1.proto @@ -1,6 +1,6 @@ // Generated by jsonschema2protobuf. DO NOT EDIT! // Source file: semgrep_output_v1.jsonschema -// Source file sha256 digest: b528a41b8d32b802921305aec117b05bf8623ba75a34ad2d8f12d1711ce89e54 +// Source file sha256 digest: 8eec7fa475dcdfa9d54dbf1a6cbc1f86731f97350d74e88bb8c9645750b0ff72 syntax = "proto3"; @@ -328,7 +328,6 @@ message ScanConfig { string deployment_name = 129624728; repeated string policy_names = 175625923; string rule_config = 403140712; - CiConfigFromCloud ci_config_from_cloud = 120268883; bool autofix = 82457874; bool deepsemgrep = 444846865; bool dependency_query = 471197362; @@ -338,12 +337,56 @@ message ScanConfig { repeated string ignored_files = 482076310; repeated google.protobuf.Any enabled_products = 447415338; repeated google.protobuf.Any actions = 91184897; + CiConfigFromCloud ci_config_from_cloud = 120268883; +} + +message ScanResponse { + ScanInfo info = 3408338; + ScanConfiguration config = 364565635; + EngineConfiguration engine_params = 411399043; +} + +message ScanInfo { + int64 id = 3205; + repeated google.protobuf.Any enabled_products = 447415338; + int64 deployment_id = 188822146; + string deployment_name = 129624728; +} + +message ScanConfiguration { + google.protobuf.Any rules = 109321335; + repeated string triage_ignored_syntactic_ids = 211590151; + repeated string triage_ignored_match_based_ids = 327942260; +} + +message EngineConfiguration { + bool autofix = 82457874; + bool deepsemgrep = 444846865; + bool dependency_query = 471197362; + bool path_to_transitivity = 52910370; + repeated string ignored_files = 482076310; + repeated google.protobuf.Any product_ignored_files = 298217262; + bool generic_slow_rollout = 78139686; + HistoricalConfiguration historical_config = 66628402; + bool always_suppress_errors = 432871568; +} + +message HistoricalConfiguration { + bool enabled = 476613995; + int64 lookback_days = 382926518; } message DeploymentResponse { DeploymentConfig deployment = 498084672; } +message ScanRequest { + ProjectMetadata project_metadata = 24255885; + ScanMetadata scan_metadata = 76122041; + CiConfigFromRepo project_config = 317758767; + google.protobuf.Any meta = 3004443; +} + message ProjectMetadata { string semgrep_version = 118812144; string scan_environment = 288669428; @@ -382,49 +425,6 @@ message ScanMetadata { string sms_scan_id = 129251445; } -message ScanRequest { - ProjectMetadata project_metadata = 24255885; - ScanMetadata scan_metadata = 76122041; - CiConfigFromRepo project_config = 317758767; - google.protobuf.Any meta = 3004443; -} - -message ScanResponse { - ScanInfo info = 3408338; - ScanConfiguration config = 364565635; - EngineConfiguration engine_params = 411399043; -} - -message ScanInfo { - int64 id = 3205; - repeated google.protobuf.Any enabled_products = 447415338; - int64 deployment_id = 188822146; - string deployment_name = 129624728; -} - -message ScanConfiguration { - google.protobuf.Any rules = 109321335; - repeated string triage_ignored_syntactic_ids = 211590151; - repeated string triage_ignored_match_based_ids = 327942260; -} - -message HistoricalConfiguration { - bool enabled = 476613995; - int64 lookback_days = 382926518; -} - -message EngineConfiguration { - bool autofix = 82457874; - bool deepsemgrep = 444846865; - bool dependency_query = 471197362; - bool path_to_transitivity = 52910370; - repeated string ignored_files = 482076310; - repeated google.protobuf.Any product_ignored_files = 298217262; - bool generic_slow_rollout = 78139686; - HistoricalConfiguration historical_config = 66628402; - bool always_suppress_errors = 432871568; -} - message Finding { string check_id = 244492357; string path = 3212859; diff --git a/semgrep_output_v1.py b/semgrep_output_v1.py index 8f473d3..53b13f1 100644 --- a/semgrep_output_v1.py +++ b/semgrep_output_v1.py @@ -5422,7 +5422,6 @@ class ScanConfig: deployment_name: str policy_names: List[str] rule_config: str - ci_config_from_cloud: Optional[CiConfigFromCloud] = None autofix: bool = field(default_factory=lambda: False) deepsemgrep: bool = field(default_factory=lambda: False) dependency_query: bool = field(default_factory=lambda: False) @@ -5432,6 +5431,7 @@ class ScanConfig: ignored_files: List[str] = field(default_factory=lambda: []) enabled_products: Optional[List[Product]] = None actions: List[Action] = field(default_factory=lambda: []) + ci_config_from_cloud: Optional[CiConfigFromCloud] = None @classmethod def from_json(cls, x: Any) -> 'ScanConfig': @@ -5441,7 +5441,6 @@ def from_json(cls, x: Any) -> 'ScanConfig': deployment_name=_atd_read_string(x['deployment_name']) if 'deployment_name' in x else _atd_missing_json_field('ScanConfig', 'deployment_name'), policy_names=_atd_read_list(_atd_read_string)(x['policy_names']) if 'policy_names' in x else _atd_missing_json_field('ScanConfig', 'policy_names'), rule_config=_atd_read_string(x['rule_config']) if 'rule_config' in x else _atd_missing_json_field('ScanConfig', 'rule_config'), - ci_config_from_cloud=CiConfigFromCloud.from_json(x['ci_config_from_cloud']) if 'ci_config_from_cloud' in x else None, autofix=_atd_read_bool(x['autofix']) if 'autofix' in x else False, deepsemgrep=_atd_read_bool(x['deepsemgrep']) if 'deepsemgrep' in x else False, dependency_query=_atd_read_bool(x['dependency_query']) if 'dependency_query' in x else False, @@ -5451,6 +5450,7 @@ def from_json(cls, x: Any) -> 'ScanConfig': ignored_files=_atd_read_list(_atd_read_string)(x['ignored_files']) if 'ignored_files' in x else [], enabled_products=_atd_read_list(Product.from_json)(x['enabled_products']) if 'enabled_products' in x else None, actions=_atd_read_list(Action.from_json)(x['actions']) if 'actions' in x else [], + ci_config_from_cloud=CiConfigFromCloud.from_json(x['ci_config_from_cloud']) if 'ci_config_from_cloud' in x else None, ) else: _atd_bad_json('ScanConfig', x) @@ -5461,8 +5461,6 @@ def to_json(self) -> Any: res['deployment_name'] = _atd_write_string(self.deployment_name) res['policy_names'] = _atd_write_list(_atd_write_string)(self.policy_names) res['rule_config'] = _atd_write_string(self.rule_config) - if self.ci_config_from_cloud is not None: - res['ci_config_from_cloud'] = (lambda x: x.to_json())(self.ci_config_from_cloud) res['autofix'] = _atd_write_bool(self.autofix) res['deepsemgrep'] = _atd_write_bool(self.deepsemgrep) res['dependency_query'] = _atd_write_bool(self.dependency_query) @@ -5473,6 +5471,8 @@ def to_json(self) -> Any: if self.enabled_products is not None: res['enabled_products'] = _atd_write_list((lambda x: x.to_json()))(self.enabled_products) res['actions'] = _atd_write_list((lambda x: x.to_json()))(self.actions) + if self.ci_config_from_cloud is not None: + res['ci_config_from_cloud'] = (lambda x: x.to_json())(self.ci_config_from_cloud) return res @classmethod diff --git a/semgrep_output_v1.ts b/semgrep_output_v1.ts index 6209cf6..64cf645 100644 --- a/semgrep_output_v1.ts +++ b/semgrep_output_v1.ts @@ -506,7 +506,6 @@ export type ScanConfig = { deployment_name: string; policy_names: string[]; rule_config: string; - ci_config_from_cloud?: CiConfigFromCloud; autofix: boolean; deepsemgrep: boolean; dependency_query: boolean; @@ -516,12 +515,60 @@ export type ScanConfig = { ignored_files: string[]; enabled_products?: Product[]; actions: Action[]; + ci_config_from_cloud?: CiConfigFromCloud; +} + +export type ScanResponse = { + info: ScanInfo; + config: ScanConfiguration; + engine_params: EngineConfiguration; +} + +export type ScanInfo = { + id?: number /*int*/; + enabled_products: Product[]; + deployment_id: number /*int*/; + deployment_name: string; +} + +export type ScanConfiguration = { + rules: RawJson; + triage_ignored_syntactic_ids: string[]; + triage_ignored_match_based_ids: string[]; +} + +export type EngineConfiguration = { + autofix: boolean; + deepsemgrep: boolean; + dependency_query: boolean; + path_to_transitivity: boolean; + ignored_files: string[]; + product_ignored_files?: ProductIgnoredFiles; + generic_slow_rollout: boolean; + historical_config?: HistoricalConfiguration; + always_suppress_errors: boolean; +} + +export type Glob = string + +export type ProductIgnoredFiles = Map + +export type HistoricalConfiguration = { + enabled: boolean; + lookback_days?: number /*int*/; } export type DeploymentResponse = { deployment: DeploymentConfig; } +export type ScanRequest = { + project_metadata: ProjectMetadata; + scan_metadata: ScanMetadata; + project_config?: CiConfigFromRepo; + meta?: RawJson; +} + export type ProjectMetadata = { semgrep_version: Version; scan_environment: string; @@ -560,53 +607,6 @@ export type ScanMetadata = { sms_scan_id?: string; } -export type ScanRequest = { - project_metadata: ProjectMetadata; - scan_metadata: ScanMetadata; - project_config?: CiConfigFromRepo; - meta?: RawJson; -} - -export type ScanResponse = { - info: ScanInfo; - config: ScanConfiguration; - engine_params: EngineConfiguration; -} - -export type ScanInfo = { - id?: number /*int*/; - enabled_products: Product[]; - deployment_id: number /*int*/; - deployment_name: string; -} - -export type ScanConfiguration = { - rules: RawJson; - triage_ignored_syntactic_ids: string[]; - triage_ignored_match_based_ids: string[]; -} - -export type HistoricalConfiguration = { - enabled: boolean; - lookback_days?: number /*int*/; -} - -export type Glob = string - -export type ProductIgnoredFiles = Map - -export type EngineConfiguration = { - autofix: boolean; - deepsemgrep: boolean; - dependency_query: boolean; - path_to_transitivity: boolean; - ignored_files: string[]; - product_ignored_files?: ProductIgnoredFiles; - generic_slow_rollout: boolean; - historical_config?: HistoricalConfiguration; - always_suppress_errors: boolean; -} - export type Finding = { check_id: RuleId; path: Fpath; @@ -2646,7 +2646,6 @@ export function writeScanConfig(x: ScanConfig, context: any = x): any { 'deployment_name': _atd_write_required_field('ScanConfig', 'deployment_name', _atd_write_string, x.deployment_name, x), 'policy_names': _atd_write_required_field('ScanConfig', 'policy_names', _atd_write_array(_atd_write_string), x.policy_names, x), 'rule_config': _atd_write_required_field('ScanConfig', 'rule_config', _atd_write_string, x.rule_config, x), - 'ci_config_from_cloud': _atd_write_optional_field(writeCiConfigFromCloud, x.ci_config_from_cloud, x), 'autofix': _atd_write_field_with_default(_atd_write_bool, false, x.autofix, x), 'deepsemgrep': _atd_write_field_with_default(_atd_write_bool, false, x.deepsemgrep, x), 'dependency_query': _atd_write_field_with_default(_atd_write_bool, false, x.dependency_query, x), @@ -2656,6 +2655,7 @@ export function writeScanConfig(x: ScanConfig, context: any = x): any { 'ignored_files': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.ignored_files, x), 'enabled_products': _atd_write_optional_field(_atd_write_array(writeProduct), x.enabled_products, x), 'actions': _atd_write_field_with_default(_atd_write_array(writeAction), [], x.actions, x), + 'ci_config_from_cloud': _atd_write_optional_field(writeCiConfigFromCloud, x.ci_config_from_cloud, x), }; } @@ -2665,7 +2665,6 @@ export function readScanConfig(x: any, context: any = x): ScanConfig { deployment_name: _atd_read_required_field('ScanConfig', 'deployment_name', _atd_read_string, x['deployment_name'], x), policy_names: _atd_read_required_field('ScanConfig', 'policy_names', _atd_read_array(_atd_read_string), x['policy_names'], x), rule_config: _atd_read_required_field('ScanConfig', 'rule_config', _atd_read_string, x['rule_config'], x), - ci_config_from_cloud: _atd_read_optional_field(readCiConfigFromCloud, x['ci_config_from_cloud'], x), autofix: _atd_read_field_with_default(_atd_read_bool, false, x['autofix'], x), deepsemgrep: _atd_read_field_with_default(_atd_read_bool, false, x['deepsemgrep'], x), dependency_query: _atd_read_field_with_default(_atd_read_bool, false, x['dependency_query'], x), @@ -2675,6 +2674,115 @@ export function readScanConfig(x: any, context: any = x): ScanConfig { ignored_files: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['ignored_files'], x), enabled_products: _atd_read_optional_field(_atd_read_array(readProduct), x['enabled_products'], x), actions: _atd_read_field_with_default(_atd_read_array(readAction), [], x['actions'], x), + ci_config_from_cloud: _atd_read_optional_field(readCiConfigFromCloud, x['ci_config_from_cloud'], x), + }; +} + +export function writeScanResponse(x: ScanResponse, context: any = x): any { + return { + 'info': _atd_write_required_field('ScanResponse', 'info', writeScanInfo, x.info, x), + 'config': _atd_write_required_field('ScanResponse', 'config', writeScanConfiguration, x.config, x), + 'engine_params': _atd_write_required_field('ScanResponse', 'engine_params', writeEngineConfiguration, x.engine_params, x), + }; +} + +export function readScanResponse(x: any, context: any = x): ScanResponse { + return { + info: _atd_read_required_field('ScanResponse', 'info', readScanInfo, x['info'], x), + config: _atd_read_required_field('ScanResponse', 'config', readScanConfiguration, x['config'], x), + engine_params: _atd_read_required_field('ScanResponse', 'engine_params', readEngineConfiguration, x['engine_params'], x), + }; +} + +export function writeScanInfo(x: ScanInfo, context: any = x): any { + return { + 'id': _atd_write_optional_field(_atd_write_int, x.id, x), + 'enabled_products': _atd_write_required_field('ScanInfo', 'enabled_products', _atd_write_array(writeProduct), x.enabled_products, x), + 'deployment_id': _atd_write_required_field('ScanInfo', 'deployment_id', _atd_write_int, x.deployment_id, x), + 'deployment_name': _atd_write_required_field('ScanInfo', 'deployment_name', _atd_write_string, x.deployment_name, x), + }; +} + +export function readScanInfo(x: any, context: any = x): ScanInfo { + return { + id: _atd_read_optional_field(_atd_read_int, x['id'], x), + enabled_products: _atd_read_required_field('ScanInfo', 'enabled_products', _atd_read_array(readProduct), x['enabled_products'], x), + deployment_id: _atd_read_required_field('ScanInfo', 'deployment_id', _atd_read_int, x['deployment_id'], x), + deployment_name: _atd_read_required_field('ScanInfo', 'deployment_name', _atd_read_string, x['deployment_name'], x), + }; +} + +export function writeScanConfiguration(x: ScanConfiguration, context: any = x): any { + return { + 'rules': _atd_write_required_field('ScanConfiguration', 'rules', writeRawJson, x.rules, x), + 'triage_ignored_syntactic_ids': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.triage_ignored_syntactic_ids, x), + 'triage_ignored_match_based_ids': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.triage_ignored_match_based_ids, x), + }; +} + +export function readScanConfiguration(x: any, context: any = x): ScanConfiguration { + return { + rules: _atd_read_required_field('ScanConfiguration', 'rules', readRawJson, x['rules'], x), + triage_ignored_syntactic_ids: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['triage_ignored_syntactic_ids'], x), + triage_ignored_match_based_ids: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['triage_ignored_match_based_ids'], x), + }; +} + +export function writeEngineConfiguration(x: EngineConfiguration, context: any = x): any { + return { + 'autofix': _atd_write_field_with_default(_atd_write_bool, false, x.autofix, x), + 'deepsemgrep': _atd_write_field_with_default(_atd_write_bool, false, x.deepsemgrep, x), + 'dependency_query': _atd_write_field_with_default(_atd_write_bool, false, x.dependency_query, x), + 'path_to_transitivity': _atd_write_field_with_default(_atd_write_bool, false, x.path_to_transitivity, x), + 'ignored_files': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.ignored_files, x), + 'product_ignored_files': _atd_write_optional_field(writeProductIgnoredFiles, x.product_ignored_files, x), + 'generic_slow_rollout': _atd_write_field_with_default(_atd_write_bool, false, x.generic_slow_rollout, x), + 'historical_config': _atd_write_optional_field(writeHistoricalConfiguration, x.historical_config, x), + 'always_suppress_errors': _atd_write_field_with_default(_atd_write_bool, false, x.always_suppress_errors, x), + }; +} + +export function readEngineConfiguration(x: any, context: any = x): EngineConfiguration { + return { + autofix: _atd_read_field_with_default(_atd_read_bool, false, x['autofix'], x), + deepsemgrep: _atd_read_field_with_default(_atd_read_bool, false, x['deepsemgrep'], x), + dependency_query: _atd_read_field_with_default(_atd_read_bool, false, x['dependency_query'], x), + path_to_transitivity: _atd_read_field_with_default(_atd_read_bool, false, x['path_to_transitivity'], x), + ignored_files: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['ignored_files'], x), + product_ignored_files: _atd_read_optional_field(readProductIgnoredFiles, x['product_ignored_files'], x), + generic_slow_rollout: _atd_read_field_with_default(_atd_read_bool, false, x['generic_slow_rollout'], x), + historical_config: _atd_read_optional_field(readHistoricalConfiguration, x['historical_config'], x), + always_suppress_errors: _atd_read_field_with_default(_atd_read_bool, false, x['always_suppress_errors'], x), + }; +} + +export function writeGlob(x: Glob, context: any = x): any { + return _atd_write_string(x, context); +} + +export function readGlob(x: any, context: any = x): Glob { + return _atd_read_string(x, context); +} + +export function writeProductIgnoredFiles(x: ProductIgnoredFiles, context: any = x): any { + return _atd_write_assoc_map_to_array(writeProduct, _atd_write_array(writeGlob))(x, context); +} + +export function readProductIgnoredFiles(x: any, context: any = x): ProductIgnoredFiles { + return _atd_read_assoc_array_into_map(readProduct, _atd_read_array(readGlob))(x, context); +} + +export function writeHistoricalConfiguration(x: HistoricalConfiguration, context: any = x): any { + return { + 'enabled': _atd_write_required_field('HistoricalConfiguration', 'enabled', _atd_write_bool, x.enabled, x), + 'lookback_days': _atd_write_optional_field(_atd_write_int, x.lookback_days, x), + }; +} + +export function readHistoricalConfiguration(x: any, context: any = x): HistoricalConfiguration { + return { + enabled: _atd_read_required_field('HistoricalConfiguration', 'enabled', _atd_read_bool, x['enabled'], x), + lookback_days: _atd_read_optional_field(_atd_read_int, x['lookback_days'], x), }; } @@ -2690,6 +2798,24 @@ export function readDeploymentResponse(x: any, context: any = x): DeploymentResp }; } +export function writeScanRequest(x: ScanRequest, context: any = x): any { + return { + 'project_metadata': _atd_write_required_field('ScanRequest', 'project_metadata', writeProjectMetadata, x.project_metadata, x), + 'scan_metadata': _atd_write_required_field('ScanRequest', 'scan_metadata', writeScanMetadata, x.scan_metadata, x), + 'project_config': _atd_write_optional_field(writeCiConfigFromRepo, x.project_config, x), + 'meta': _atd_write_optional_field(writeRawJson, x.meta, x), + }; +} + +export function readScanRequest(x: any, context: any = x): ScanRequest { + return { + project_metadata: _atd_read_required_field('ScanRequest', 'project_metadata', readProjectMetadata, x['project_metadata'], x), + scan_metadata: _atd_read_required_field('ScanRequest', 'scan_metadata', readScanMetadata, x['scan_metadata'], x), + project_config: _atd_read_optional_field(readCiConfigFromRepo, x['project_config'], x), + meta: _atd_read_optional_field(readRawJson, x['meta'], x), + }; +} + export function writeProjectMetadata(x: ProjectMetadata, context: any = x): any { return { 'semgrep_version': _atd_write_required_field('ProjectMetadata', 'semgrep_version', writeVersion, x.semgrep_version, x), @@ -2774,132 +2900,6 @@ export function readScanMetadata(x: any, context: any = x): ScanMetadata { }; } -export function writeScanRequest(x: ScanRequest, context: any = x): any { - return { - 'project_metadata': _atd_write_required_field('ScanRequest', 'project_metadata', writeProjectMetadata, x.project_metadata, x), - 'scan_metadata': _atd_write_required_field('ScanRequest', 'scan_metadata', writeScanMetadata, x.scan_metadata, x), - 'project_config': _atd_write_optional_field(writeCiConfigFromRepo, x.project_config, x), - 'meta': _atd_write_optional_field(writeRawJson, x.meta, x), - }; -} - -export function readScanRequest(x: any, context: any = x): ScanRequest { - return { - project_metadata: _atd_read_required_field('ScanRequest', 'project_metadata', readProjectMetadata, x['project_metadata'], x), - scan_metadata: _atd_read_required_field('ScanRequest', 'scan_metadata', readScanMetadata, x['scan_metadata'], x), - project_config: _atd_read_optional_field(readCiConfigFromRepo, x['project_config'], x), - meta: _atd_read_optional_field(readRawJson, x['meta'], x), - }; -} - -export function writeScanResponse(x: ScanResponse, context: any = x): any { - return { - 'info': _atd_write_required_field('ScanResponse', 'info', writeScanInfo, x.info, x), - 'config': _atd_write_required_field('ScanResponse', 'config', writeScanConfiguration, x.config, x), - 'engine_params': _atd_write_required_field('ScanResponse', 'engine_params', writeEngineConfiguration, x.engine_params, x), - }; -} - -export function readScanResponse(x: any, context: any = x): ScanResponse { - return { - info: _atd_read_required_field('ScanResponse', 'info', readScanInfo, x['info'], x), - config: _atd_read_required_field('ScanResponse', 'config', readScanConfiguration, x['config'], x), - engine_params: _atd_read_required_field('ScanResponse', 'engine_params', readEngineConfiguration, x['engine_params'], x), - }; -} - -export function writeScanInfo(x: ScanInfo, context: any = x): any { - return { - 'id': _atd_write_optional_field(_atd_write_int, x.id, x), - 'enabled_products': _atd_write_required_field('ScanInfo', 'enabled_products', _atd_write_array(writeProduct), x.enabled_products, x), - 'deployment_id': _atd_write_required_field('ScanInfo', 'deployment_id', _atd_write_int, x.deployment_id, x), - 'deployment_name': _atd_write_required_field('ScanInfo', 'deployment_name', _atd_write_string, x.deployment_name, x), - }; -} - -export function readScanInfo(x: any, context: any = x): ScanInfo { - return { - id: _atd_read_optional_field(_atd_read_int, x['id'], x), - enabled_products: _atd_read_required_field('ScanInfo', 'enabled_products', _atd_read_array(readProduct), x['enabled_products'], x), - deployment_id: _atd_read_required_field('ScanInfo', 'deployment_id', _atd_read_int, x['deployment_id'], x), - deployment_name: _atd_read_required_field('ScanInfo', 'deployment_name', _atd_read_string, x['deployment_name'], x), - }; -} - -export function writeScanConfiguration(x: ScanConfiguration, context: any = x): any { - return { - 'rules': _atd_write_required_field('ScanConfiguration', 'rules', writeRawJson, x.rules, x), - 'triage_ignored_syntactic_ids': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.triage_ignored_syntactic_ids, x), - 'triage_ignored_match_based_ids': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.triage_ignored_match_based_ids, x), - }; -} - -export function readScanConfiguration(x: any, context: any = x): ScanConfiguration { - return { - rules: _atd_read_required_field('ScanConfiguration', 'rules', readRawJson, x['rules'], x), - triage_ignored_syntactic_ids: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['triage_ignored_syntactic_ids'], x), - triage_ignored_match_based_ids: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['triage_ignored_match_based_ids'], x), - }; -} - -export function writeHistoricalConfiguration(x: HistoricalConfiguration, context: any = x): any { - return { - 'enabled': _atd_write_required_field('HistoricalConfiguration', 'enabled', _atd_write_bool, x.enabled, x), - 'lookback_days': _atd_write_optional_field(_atd_write_int, x.lookback_days, x), - }; -} - -export function readHistoricalConfiguration(x: any, context: any = x): HistoricalConfiguration { - return { - enabled: _atd_read_required_field('HistoricalConfiguration', 'enabled', _atd_read_bool, x['enabled'], x), - lookback_days: _atd_read_optional_field(_atd_read_int, x['lookback_days'], x), - }; -} - -export function writeGlob(x: Glob, context: any = x): any { - return _atd_write_string(x, context); -} - -export function readGlob(x: any, context: any = x): Glob { - return _atd_read_string(x, context); -} - -export function writeProductIgnoredFiles(x: ProductIgnoredFiles, context: any = x): any { - return _atd_write_assoc_map_to_array(writeProduct, _atd_write_array(writeGlob))(x, context); -} - -export function readProductIgnoredFiles(x: any, context: any = x): ProductIgnoredFiles { - return _atd_read_assoc_array_into_map(readProduct, _atd_read_array(readGlob))(x, context); -} - -export function writeEngineConfiguration(x: EngineConfiguration, context: any = x): any { - return { - 'autofix': _atd_write_field_with_default(_atd_write_bool, false, x.autofix, x), - 'deepsemgrep': _atd_write_field_with_default(_atd_write_bool, false, x.deepsemgrep, x), - 'dependency_query': _atd_write_field_with_default(_atd_write_bool, false, x.dependency_query, x), - 'path_to_transitivity': _atd_write_field_with_default(_atd_write_bool, false, x.path_to_transitivity, x), - 'ignored_files': _atd_write_field_with_default(_atd_write_array(_atd_write_string), [], x.ignored_files, x), - 'product_ignored_files': _atd_write_optional_field(writeProductIgnoredFiles, x.product_ignored_files, x), - 'generic_slow_rollout': _atd_write_field_with_default(_atd_write_bool, false, x.generic_slow_rollout, x), - 'historical_config': _atd_write_optional_field(writeHistoricalConfiguration, x.historical_config, x), - 'always_suppress_errors': _atd_write_field_with_default(_atd_write_bool, false, x.always_suppress_errors, x), - }; -} - -export function readEngineConfiguration(x: any, context: any = x): EngineConfiguration { - return { - autofix: _atd_read_field_with_default(_atd_read_bool, false, x['autofix'], x), - deepsemgrep: _atd_read_field_with_default(_atd_read_bool, false, x['deepsemgrep'], x), - dependency_query: _atd_read_field_with_default(_atd_read_bool, false, x['dependency_query'], x), - path_to_transitivity: _atd_read_field_with_default(_atd_read_bool, false, x['path_to_transitivity'], x), - ignored_files: _atd_read_field_with_default(_atd_read_array(_atd_read_string), [], x['ignored_files'], x), - product_ignored_files: _atd_read_optional_field(readProductIgnoredFiles, x['product_ignored_files'], x), - generic_slow_rollout: _atd_read_field_with_default(_atd_read_bool, false, x['generic_slow_rollout'], x), - historical_config: _atd_read_optional_field(readHistoricalConfiguration, x['historical_config'], x), - always_suppress_errors: _atd_read_field_with_default(_atd_read_bool, false, x['always_suppress_errors'], x), - }; -} - export function writeFinding(x: Finding, context: any = x): any { return { 'check_id': _atd_write_required_field('Finding', 'check_id', writeRuleId, x.check_id, x), diff --git a/semgrep_output_v1_j.ml b/semgrep_output_v1_j.ml index ed759d3..89bc7df 100644 --- a/semgrep_output_v1_j.ml +++ b/semgrep_output_v1_j.ml @@ -475,7 +475,6 @@ type scan_config = Semgrep_output_v1_t.scan_config = { deployment_name: string; policy_names: string list; rule_config: string; - ci_config_from_cloud: ci_config_from_cloud option; autofix: bool; deepsemgrep: bool; dependency_query: bool; @@ -484,7 +483,8 @@ type scan_config = Semgrep_output_v1_t.scan_config = { triage_ignored_match_based_ids: string list; ignored_files: string list; enabled_products: product list option; - actions: action list + actions: action list; + ci_config_from_cloud: ci_config_from_cloud option } type sca_parser_name = Semgrep_output_v1_t.sca_parser_name @@ -18284,17 +18284,6 @@ let write_scan_config : _ -> scan_config -> _ = ( Yojson.Safe.write_string ) ob x.rule_config; - (match x.ci_config_from_cloud with None -> () | Some x -> - if !is_first then - is_first := false - else - Buffer.add_char ob ','; - Buffer.add_string ob "\"ci_config_from_cloud\":"; - ( - write_ci_config_from_cloud - ) - ob x; - ); if !is_first then is_first := false else @@ -18378,6 +18367,17 @@ let write_scan_config : _ -> scan_config -> _ = ( write__action_list ) ob x.actions; + (match x.ci_config_from_cloud with None -> () | Some x -> + if !is_first then + is_first := false + else + Buffer.add_char ob ','; + Buffer.add_string ob "\"ci_config_from_cloud\":"; + ( + write_ci_config_from_cloud + ) + ob x; + ); Buffer.add_char ob '}'; ) let string_of_scan_config ?(len = 1024) x = @@ -18392,7 +18392,6 @@ let read_scan_config = ( let field_deployment_name = ref (None) in let field_policy_names = ref (None) in let field_rule_config = ref (None) in - let field_ci_config_from_cloud = ref (None) in let field_autofix = ref (false) in let field_deepsemgrep = ref (false) in let field_dependency_query = ref (false) in @@ -18402,6 +18401,7 @@ let read_scan_config = ( let field_ignored_files = ref ([]) in let field_enabled_products = ref (None) in let field_actions = ref ([]) in + let field_ci_config_from_cloud = ref (None) in try Yojson.Safe.read_space p lb; Yojson.Safe.read_object_end lb; @@ -18416,7 +18416,7 @@ let read_scan_config = ( match String.unsafe_get s (pos+1) with | 'c' -> ( if String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'i' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 's' then ( - 13 + 12 ) else ( -1 @@ -18424,7 +18424,7 @@ let read_scan_config = ( ) | 'u' -> ( if String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'x' then ( - 5 + 4 ) else ( -1 @@ -18442,7 +18442,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'd' -> ( if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'e' && String.unsafe_get s (pos+3) = 'p' && String.unsafe_get s (pos+4) = 's' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'm' && String.unsafe_get s (pos+7) = 'g' && String.unsafe_get s (pos+8) = 'r' && String.unsafe_get s (pos+9) = 'e' && String.unsafe_get s (pos+10) = 'p' then ( - 6 + 5 ) else ( -1 @@ -18480,7 +18480,7 @@ let read_scan_config = ( ) | 'i' -> ( if String.unsafe_get s (pos+1) = 'g' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'r' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'f' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = 'e' && String.unsafe_get s (pos+12) = 's' then ( - 11 + 10 ) else ( -1 @@ -18502,7 +18502,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'd' -> ( if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 7 + 6 ) else ( -1 @@ -18510,7 +18510,7 @@ let read_scan_config = ( ) | 'e' -> ( if String.unsafe_get s (pos+1) = 'n' && String.unsafe_get s (pos+2) = 'a' && String.unsafe_get s (pos+3) = 'b' && String.unsafe_get s (pos+4) = 'l' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'p' && String.unsafe_get s (pos+9) = 'r' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'd' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'c' && String.unsafe_get s (pos+14) = 't' && String.unsafe_get s (pos+15) = 's' then ( - 12 + 11 ) else ( -1 @@ -18524,7 +18524,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'c' -> ( if String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = '_' && String.unsafe_get s (pos+3) = 'c' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 'f' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = '_' && String.unsafe_get s (pos+10) = 'f' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'm' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 'c' && String.unsafe_get s (pos+16) = 'l' && String.unsafe_get s (pos+17) = 'o' && String.unsafe_get s (pos+18) = 'u' && String.unsafe_get s (pos+19) = 'd' then ( - 4 + 13 ) else ( -1 @@ -18532,7 +18532,7 @@ let read_scan_config = ( ) | 'p' -> ( if String.unsafe_get s (pos+1) = 'a' && String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'h' && String.unsafe_get s (pos+4) = '_' && String.unsafe_get s (pos+5) = 't' && String.unsafe_get s (pos+6) = 'o' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 't' && String.unsafe_get s (pos+9) = 'r' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 'n' && String.unsafe_get s (pos+12) = 's' && String.unsafe_get s (pos+13) = 'i' && String.unsafe_get s (pos+14) = 't' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'v' && String.unsafe_get s (pos+17) = 'i' && String.unsafe_get s (pos+18) = 't' && String.unsafe_get s (pos+19) = 'y' then ( - 8 + 7 ) else ( -1 @@ -18544,7 +18544,7 @@ let read_scan_config = ( ) | 28 -> ( if String.unsafe_get s pos = 't' && String.unsafe_get s (pos+1) = 'r' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'g' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = 'n' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 'd' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 's' && String.unsafe_get s (pos+16) = 'y' && String.unsafe_get s (pos+17) = 'n' && String.unsafe_get s (pos+18) = 't' && String.unsafe_get s (pos+19) = 'a' && String.unsafe_get s (pos+20) = 'c' && String.unsafe_get s (pos+21) = 't' && String.unsafe_get s (pos+22) = 'i' && String.unsafe_get s (pos+23) = 'c' && String.unsafe_get s (pos+24) = '_' && String.unsafe_get s (pos+25) = 'i' && String.unsafe_get s (pos+26) = 'd' && String.unsafe_get s (pos+27) = 's' then ( - 9 + 8 ) else ( -1 @@ -18552,7 +18552,7 @@ let read_scan_config = ( ) | 30 -> ( if String.unsafe_get s pos = 't' && String.unsafe_get s (pos+1) = 'r' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'g' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = 'n' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 'd' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 'm' && String.unsafe_get s (pos+16) = 'a' && String.unsafe_get s (pos+17) = 't' && String.unsafe_get s (pos+18) = 'c' && String.unsafe_get s (pos+19) = 'h' && String.unsafe_get s (pos+20) = '_' && String.unsafe_get s (pos+21) = 'b' && String.unsafe_get s (pos+22) = 'a' && String.unsafe_get s (pos+23) = 's' && String.unsafe_get s (pos+24) = 'e' && String.unsafe_get s (pos+25) = 'd' && String.unsafe_get s (pos+26) = '_' && String.unsafe_get s (pos+27) = 'i' && String.unsafe_get s (pos+28) = 'd' && String.unsafe_get s (pos+29) = 's' then ( - 10 + 9 ) else ( -1 @@ -18599,16 +18599,6 @@ let read_scan_config = ( ) ); | 4 -> - if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_ci_config_from_cloud := ( - Some ( - ( - read_ci_config_from_cloud - ) p lb - ) - ); - ) - | 5 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_autofix := ( ( @@ -18616,7 +18606,7 @@ let read_scan_config = ( ) p lb ); ) - | 6 -> + | 5 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_deepsemgrep := ( ( @@ -18624,7 +18614,7 @@ let read_scan_config = ( ) p lb ); ) - | 7 -> + | 6 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_dependency_query := ( ( @@ -18632,7 +18622,7 @@ let read_scan_config = ( ) p lb ); ) - | 8 -> + | 7 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_path_to_transitivity := ( ( @@ -18640,7 +18630,7 @@ let read_scan_config = ( ) p lb ); ) - | 9 -> + | 8 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_triage_ignored_syntactic_ids := ( ( @@ -18648,7 +18638,7 @@ let read_scan_config = ( ) p lb ); ) - | 10 -> + | 9 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_triage_ignored_match_based_ids := ( ( @@ -18656,7 +18646,7 @@ let read_scan_config = ( ) p lb ); ) - | 11 -> + | 10 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_ignored_files := ( ( @@ -18664,7 +18654,7 @@ let read_scan_config = ( ) p lb ); ) - | 12 -> + | 11 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_enabled_products := ( Some ( @@ -18674,7 +18664,7 @@ let read_scan_config = ( ) ); ) - | 13 -> + | 12 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_actions := ( ( @@ -18682,6 +18672,16 @@ let read_scan_config = ( ) p lb ); ) + | 13 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_ci_config_from_cloud := ( + Some ( + ( + read_ci_config_from_cloud + ) p lb + ) + ); + ) | _ -> ( Yojson.Safe.skip_json p lb ) @@ -18700,7 +18700,7 @@ let read_scan_config = ( match String.unsafe_get s (pos+1) with | 'c' -> ( if String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'i' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 's' then ( - 13 + 12 ) else ( -1 @@ -18708,7 +18708,7 @@ let read_scan_config = ( ) | 'u' -> ( if String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'f' && String.unsafe_get s (pos+5) = 'i' && String.unsafe_get s (pos+6) = 'x' then ( - 5 + 4 ) else ( -1 @@ -18726,7 +18726,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'd' -> ( if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'e' && String.unsafe_get s (pos+3) = 'p' && String.unsafe_get s (pos+4) = 's' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'm' && String.unsafe_get s (pos+7) = 'g' && String.unsafe_get s (pos+8) = 'r' && String.unsafe_get s (pos+9) = 'e' && String.unsafe_get s (pos+10) = 'p' then ( - 6 + 5 ) else ( -1 @@ -18764,7 +18764,7 @@ let read_scan_config = ( ) | 'i' -> ( if String.unsafe_get s (pos+1) = 'g' && String.unsafe_get s (pos+2) = 'n' && String.unsafe_get s (pos+3) = 'o' && String.unsafe_get s (pos+4) = 'r' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'f' && String.unsafe_get s (pos+9) = 'i' && String.unsafe_get s (pos+10) = 'l' && String.unsafe_get s (pos+11) = 'e' && String.unsafe_get s (pos+12) = 's' then ( - 11 + 10 ) else ( -1 @@ -18786,7 +18786,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'd' -> ( if String.unsafe_get s (pos+1) = 'e' && String.unsafe_get s (pos+2) = 'p' && String.unsafe_get s (pos+3) = 'e' && String.unsafe_get s (pos+4) = 'n' && String.unsafe_get s (pos+5) = 'd' && String.unsafe_get s (pos+6) = 'e' && String.unsafe_get s (pos+7) = 'n' && String.unsafe_get s (pos+8) = 'c' && String.unsafe_get s (pos+9) = 'y' && String.unsafe_get s (pos+10) = '_' && String.unsafe_get s (pos+11) = 'q' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'e' && String.unsafe_get s (pos+14) = 'r' && String.unsafe_get s (pos+15) = 'y' then ( - 7 + 6 ) else ( -1 @@ -18794,7 +18794,7 @@ let read_scan_config = ( ) | 'e' -> ( if String.unsafe_get s (pos+1) = 'n' && String.unsafe_get s (pos+2) = 'a' && String.unsafe_get s (pos+3) = 'b' && String.unsafe_get s (pos+4) = 'l' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = 'd' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 'p' && String.unsafe_get s (pos+9) = 'r' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'd' && String.unsafe_get s (pos+12) = 'u' && String.unsafe_get s (pos+13) = 'c' && String.unsafe_get s (pos+14) = 't' && String.unsafe_get s (pos+15) = 's' then ( - 12 + 11 ) else ( -1 @@ -18808,7 +18808,7 @@ let read_scan_config = ( match String.unsafe_get s pos with | 'c' -> ( if String.unsafe_get s (pos+1) = 'i' && String.unsafe_get s (pos+2) = '_' && String.unsafe_get s (pos+3) = 'c' && String.unsafe_get s (pos+4) = 'o' && String.unsafe_get s (pos+5) = 'n' && String.unsafe_get s (pos+6) = 'f' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = '_' && String.unsafe_get s (pos+10) = 'f' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'o' && String.unsafe_get s (pos+13) = 'm' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 'c' && String.unsafe_get s (pos+16) = 'l' && String.unsafe_get s (pos+17) = 'o' && String.unsafe_get s (pos+18) = 'u' && String.unsafe_get s (pos+19) = 'd' then ( - 4 + 13 ) else ( -1 @@ -18816,7 +18816,7 @@ let read_scan_config = ( ) | 'p' -> ( if String.unsafe_get s (pos+1) = 'a' && String.unsafe_get s (pos+2) = 't' && String.unsafe_get s (pos+3) = 'h' && String.unsafe_get s (pos+4) = '_' && String.unsafe_get s (pos+5) = 't' && String.unsafe_get s (pos+6) = 'o' && String.unsafe_get s (pos+7) = '_' && String.unsafe_get s (pos+8) = 't' && String.unsafe_get s (pos+9) = 'r' && String.unsafe_get s (pos+10) = 'a' && String.unsafe_get s (pos+11) = 'n' && String.unsafe_get s (pos+12) = 's' && String.unsafe_get s (pos+13) = 'i' && String.unsafe_get s (pos+14) = 't' && String.unsafe_get s (pos+15) = 'i' && String.unsafe_get s (pos+16) = 'v' && String.unsafe_get s (pos+17) = 'i' && String.unsafe_get s (pos+18) = 't' && String.unsafe_get s (pos+19) = 'y' then ( - 8 + 7 ) else ( -1 @@ -18828,7 +18828,7 @@ let read_scan_config = ( ) | 28 -> ( if String.unsafe_get s pos = 't' && String.unsafe_get s (pos+1) = 'r' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'g' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = 'n' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 'd' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 's' && String.unsafe_get s (pos+16) = 'y' && String.unsafe_get s (pos+17) = 'n' && String.unsafe_get s (pos+18) = 't' && String.unsafe_get s (pos+19) = 'a' && String.unsafe_get s (pos+20) = 'c' && String.unsafe_get s (pos+21) = 't' && String.unsafe_get s (pos+22) = 'i' && String.unsafe_get s (pos+23) = 'c' && String.unsafe_get s (pos+24) = '_' && String.unsafe_get s (pos+25) = 'i' && String.unsafe_get s (pos+26) = 'd' && String.unsafe_get s (pos+27) = 's' then ( - 9 + 8 ) else ( -1 @@ -18836,7 +18836,7 @@ let read_scan_config = ( ) | 30 -> ( if String.unsafe_get s pos = 't' && String.unsafe_get s (pos+1) = 'r' && String.unsafe_get s (pos+2) = 'i' && String.unsafe_get s (pos+3) = 'a' && String.unsafe_get s (pos+4) = 'g' && String.unsafe_get s (pos+5) = 'e' && String.unsafe_get s (pos+6) = '_' && String.unsafe_get s (pos+7) = 'i' && String.unsafe_get s (pos+8) = 'g' && String.unsafe_get s (pos+9) = 'n' && String.unsafe_get s (pos+10) = 'o' && String.unsafe_get s (pos+11) = 'r' && String.unsafe_get s (pos+12) = 'e' && String.unsafe_get s (pos+13) = 'd' && String.unsafe_get s (pos+14) = '_' && String.unsafe_get s (pos+15) = 'm' && String.unsafe_get s (pos+16) = 'a' && String.unsafe_get s (pos+17) = 't' && String.unsafe_get s (pos+18) = 'c' && String.unsafe_get s (pos+19) = 'h' && String.unsafe_get s (pos+20) = '_' && String.unsafe_get s (pos+21) = 'b' && String.unsafe_get s (pos+22) = 'a' && String.unsafe_get s (pos+23) = 's' && String.unsafe_get s (pos+24) = 'e' && String.unsafe_get s (pos+25) = 'd' && String.unsafe_get s (pos+26) = '_' && String.unsafe_get s (pos+27) = 'i' && String.unsafe_get s (pos+28) = 'd' && String.unsafe_get s (pos+29) = 's' then ( - 10 + 9 ) else ( -1 @@ -18883,16 +18883,6 @@ let read_scan_config = ( ) ); | 4 -> - if not (Yojson.Safe.read_null_if_possible p lb) then ( - field_ci_config_from_cloud := ( - Some ( - ( - read_ci_config_from_cloud - ) p lb - ) - ); - ) - | 5 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_autofix := ( ( @@ -18900,7 +18890,7 @@ let read_scan_config = ( ) p lb ); ) - | 6 -> + | 5 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_deepsemgrep := ( ( @@ -18908,7 +18898,7 @@ let read_scan_config = ( ) p lb ); ) - | 7 -> + | 6 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_dependency_query := ( ( @@ -18916,7 +18906,7 @@ let read_scan_config = ( ) p lb ); ) - | 8 -> + | 7 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_path_to_transitivity := ( ( @@ -18924,7 +18914,7 @@ let read_scan_config = ( ) p lb ); ) - | 9 -> + | 8 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_triage_ignored_syntactic_ids := ( ( @@ -18932,7 +18922,7 @@ let read_scan_config = ( ) p lb ); ) - | 10 -> + | 9 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_triage_ignored_match_based_ids := ( ( @@ -18940,7 +18930,7 @@ let read_scan_config = ( ) p lb ); ) - | 11 -> + | 10 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_ignored_files := ( ( @@ -18948,7 +18938,7 @@ let read_scan_config = ( ) p lb ); ) - | 12 -> + | 11 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_enabled_products := ( Some ( @@ -18958,7 +18948,7 @@ let read_scan_config = ( ) ); ) - | 13 -> + | 12 -> if not (Yojson.Safe.read_null_if_possible p lb) then ( field_actions := ( ( @@ -18966,6 +18956,16 @@ let read_scan_config = ( ) p lb ); ) + | 13 -> + if not (Yojson.Safe.read_null_if_possible p lb) then ( + field_ci_config_from_cloud := ( + Some ( + ( + read_ci_config_from_cloud + ) p lb + ) + ); + ) | _ -> ( Yojson.Safe.skip_json p lb ) @@ -18979,7 +18979,6 @@ let read_scan_config = ( deployment_name = (match !field_deployment_name with Some x -> x | None -> Atdgen_runtime.Oj_run.missing_field p "deployment_name"); policy_names = (match !field_policy_names with Some x -> x | None -> Atdgen_runtime.Oj_run.missing_field p "policy_names"); rule_config = (match !field_rule_config with Some x -> x | None -> Atdgen_runtime.Oj_run.missing_field p "rule_config"); - ci_config_from_cloud = !field_ci_config_from_cloud; autofix = !field_autofix; deepsemgrep = !field_deepsemgrep; dependency_query = !field_dependency_query; @@ -18989,6 +18988,7 @@ let read_scan_config = ( ignored_files = !field_ignored_files; enabled_products = !field_enabled_products; actions = !field_actions; + ci_config_from_cloud = !field_ci_config_from_cloud; } : scan_config) ) diff --git a/semgrep_output_v1_j.mli b/semgrep_output_v1_j.mli index 92a2440..aac9526 100644 --- a/semgrep_output_v1_j.mli +++ b/semgrep_output_v1_j.mli @@ -475,7 +475,6 @@ type scan_config = Semgrep_output_v1_t.scan_config = { deployment_name: string; policy_names: string list; rule_config: string; - ci_config_from_cloud: ci_config_from_cloud option; autofix: bool; deepsemgrep: bool; dependency_query: bool; @@ -484,7 +483,8 @@ type scan_config = Semgrep_output_v1_t.scan_config = { triage_ignored_match_based_ids: string list; ignored_files: string list; enabled_products: product list option; - actions: action list + actions: action list; + ci_config_from_cloud: ci_config_from_cloud option } type sca_parser_name = Semgrep_output_v1_t.sca_parser_name