Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

script to run semgrep tests against adapter PRs #2907

Merged
merged 3 commits into from
Jul 10, 2023
Merged

script to run semgrep tests against adapter PRs #2907

merged 3 commits into from
Jul 10, 2023

Conversation

onkarvhanumante
Copy link
Contributor

@onkarvhanumante onkarvhanumante commented Jul 6, 2023
edited
Loading

Description

  • PR Semgrep rules for adapters #2833 introduced two Semgrep rules for adapters i.e builder-struct-name.yml and type-bid-assignment.yml
  • This PR adds a GitHub action script and some helper to run above Semgrep rules as PR checks. These checks are conditioned to run only if new PR makes some adapter related changes
  • Findings from above semgrep rules will be reported as PR code review comment. To avoid duplication, previous comments will not be added again
  • Script only considers findings that are relevant to the changes made in the PR. For example, if the PR modifies line 10 in the existing file "foo.go" and Semgrep detects issues on lines 5 and 10, only the issue on line 10 will be taken into account. This approach limits the scope of the Semgrep checks to the specific changes made in the PR
  • Script will continue to fail until all high severity errors reported by Semgrep are fixed

Testings

Tested script on fork repo - https://github.com/onkarvhanumante/prebid-server/pulls

Review notes

PR introduces 2 files - semgrep.yml and pull-request-utils.js. Action script semgrep.yml makes use of helpers from pull-request-utils.js.

For example, semgrep.yml has above code block.

prebid-server/.github/workflows/semgrep.yml

Lines 21 to 27 in d78c3d2

const utils = require('./.github/workflows/helpers/pull-request-utils.js')
// consider only non-test Go files that are part of the adapter code
function fileNameFilter(filename) {
return filename.startsWith("adapters/") && filename.split("/").length > 2 && filename.endsWith(".go") && !filename.endsWith("_test.go")
}
const helper = utils.diffHelper({github, context, fileNameFilter, event: "${{github.event.action}}", testName: "${{github.job}}"})
return await helper.buildDiff()

Here pull-request-utils.js is imported on line 21. Helper class diffHelper is initialised on line 26 and helper method buildDiff() is called on line 27. Therefore start reviewing from semgrep.yml file

@onkarvhanumante
Add github action script to run semgrep tests against adapter PRs
d78c3d2 
Commit introduces script and helpers to run semgrep test against PRs and upload semgrep results as PR comment
@onkarvhanumante onkarvhanumante changed the title Add github action script to run semgrep tests against adapter PRs script to run semgrep tests against adapter PRs Jul 6, 2023
@onkarvhanumante onkarvhanumante mentioned this pull request Jul 7, 2023
Merged
gargcreation1992
gargcreation1992 reviewed Jul 10, 2023
View reviewed changes
.github/workflows/helpers/pull-request-utils.js Outdated
Comment on lines 149 to 184
const nonScannedCommits = await this.#getNonScannedCommits()
for (const commit of nonScannedCommits) {
const { data } = await this.github.rest.repos.getCommit({
owner: this.owner,
repo: this.repo,
ref: commit,
})

const commitDiff = await this.#getDiffForFiles(data.files)
const files = Object.keys(commitDiff)
for (const file of files) {
// Consider scenario where the changes made to a file in the initial commit are completely undone by subsequent commits
// In such cases, the modifications from the initial commit should not be taken into account
// If the changes were entirely removed, there should be no entry for the file in the pullRequestStats
const filePRDiff = pullRequestDiff[file]
if (!filePRDiff) {
continue
}

// Consider scenario where changes made in the commit were partially removed or modified by subsequent commits
// In such cases, include only those commit changes that are part of the pullRequestStats object
// This ensures that only the changes that are reflected in the pull request are considered
const changes = await this.#filterCommitDiff(commitDiff[file], filePRDiff)

if (changes.length !== 0) {
// Check if nonScannedCommitsDiff[file] exists, if not assign an empty array to it
nonScannedCommitsDiff[file] = nonScannedCommitsDiff[file] || []
// Combine the existing nonScannedCommitsDiff[file] array with the commit changes
// Remove any duplicate elements using the Set data structure
nonScannedCommitsDiff[file] = [
...new Set([...nonScannedCommitsDiff[file], ...changes]),
]
}
}
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think moving this code to separate function will help in code readibility? function like RetrieveNonScannedCommit?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

9d06e6b

makes above sense

gargcreation1992
gargcreation1992 previously approved these changes Jul 10, 2023
View reviewed changes
Copy link
Contributor

@gargcreation1992 gargcreation1992 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!
Let me know if you would like to move that part of code to a separate function.

@onkarvhanumante
Change severity to error
32d76c7 
Builder struct name should be adapter. So changing severity to error
@onkarvhanumante onkarvhanumante merged commit a39f5ca into master Jul 10, 2023
@onkarvhanumante onkarvhanumante deleted the semgrepPRs/run-adapter-semgrep-tests branch July 10, 2023 09:56
Peiling-Ding pushed a commit to ParticleMedia/prebid-server that referenced this pull request Jul 14, 2023
@onkarvhanumante @Peiling-Ding
script to run semgrep tests against adapter PRs (prebid#2907)
9df856d 
authored by @onkarvhanumante
Peiling-Ding added a commit to ParticleMedia/prebid-server that referenced this pull request Jul 14, 2023
@Peiling-Ding @bsardo
@ecammit @balintvargha @jpiros @ccorbo @akkapur @gsollazzo @darkstarac @Wazabit @jbartek25 @maxime-dupuis @patrickloughrey @radubarbos @VeronikaSolovei9 @onkarvhanumante @GLStephen @dependabot
Peiling/chore/sync to v0.263.0 (#48)
345168a 
* Fix: deal tiers no longer ignored due to presence of tid (prebid#2829)

* CAPT-787: GPP support for imds bidder. (prebid#2867)

Co-authored-by: Timothy M. Ace <[email protected]>

* Adsinteractive: change usersync endpoint to https (prebid#2861)


Co-authored-by: Balint Vargha <[email protected]>

* consumable adapter: add gpp support (prebid#2883)

* feat: IX Bid Adapter - gpp support for user sync urls (prebid#2873)

Co-authored-by: Chris Corbo <[email protected]>

* fix: update links in readme (prebid#2888)

authored by @akkapur

* New Adapter: AIDEM (prebid#2824)


Co-authored-by: AndreaC <[email protected]>
Co-authored-by: Andrea Tumbarello <[email protected]>
Co-authored-by: darkstar <[email protected]>

* Improve Digital adapter: Set currency in bid response (prebid#2886)

* Sharethrough: Support multiformat bid request impression (prebid#2866)

* Triplelift Bid Adapter: Adding GPP Support (prebid#2887)

* YahooAdvertising rebranding to Yahoo Ads. (prebid#2872)


Co-authored-by: oath-jac <[email protected]>

* IX: MultiImp Implementation (prebid#2779)


Co-authored-by: Chris Corbo <[email protected]>
Co-authored-by: Oronno Mamun <[email protected]>

* Exchange unit test fix (prebid#2868)

* Semgrep rules for adapters (prebid#2833)

* IX: Remove glog statement (prebid#2909)

* Activities framework (prebid#2844)

* PWBID: Update Default Endpoint (prebid#2903)

* script to run semgrep tests against adapter PRs (prebid#2907)

authored by @onkarvhanumante

* semgrep rule to detect undesirable package imports in adapter code (prebid#2911)

* update package-import message (prebid#2913)

authored by @onkarvhanumante

* Bump google.golang.org/grpc from 1.46.2 to 1.53.0 (prebid#2905)

---------

Co-authored-by: Brian Sardo <[email protected]>
Co-authored-by: Timothy Ace <[email protected]>
Co-authored-by: Timothy M. Ace <[email protected]>
Co-authored-by: balintvargha <[email protected]>
Co-authored-by: Balint Vargha <[email protected]>
Co-authored-by: Jason Piros <[email protected]>
Co-authored-by: ccorbo <[email protected]>
Co-authored-by: Chris Corbo <[email protected]>
Co-authored-by: Ankush <[email protected]>
Co-authored-by: Giovanni Sollazzo <[email protected]>
Co-authored-by: AndreaC <[email protected]>
Co-authored-by: Andrea Tumbarello <[email protected]>
Co-authored-by: darkstar <[email protected]>
Co-authored-by: Jozef Bartek <[email protected]>
Co-authored-by: Max Dupuis <[email protected]>
Co-authored-by: Patrick Loughrey <[email protected]>
Co-authored-by: radubarbos <[email protected]>
Co-authored-by: oath-jac <[email protected]>
Co-authored-by: Oronno Mamun <[email protected]>
Co-authored-by: Veronika Solovei <[email protected]>
Co-authored-by: Onkar Hanumante <[email protected]>
Co-authored-by: Stephen Johnston <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gargcreation1992 gargcreation1992 gargcreation1992 approved these changes

@Sonali-More-Xandr Sonali-More-Xandr Sonali-More-Xandr left review comments

Assignees

@gargcreation1992 gargcreation1992

@Sonali-More-Xandr Sonali-More-Xandr

Labels
do not port
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@onkarvhanumante @gargcreation1992 @Sonali-More-Xandr