initial commit (#1)

.envrc

@@ -0,0 +1 @@
+use flake

.github/workflows/ci.yml

@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [opened, synchronize]
+  push:
+    tags:
+      - '*'
+    branches:    
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+  cancel-in-progress: true
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+        ocaml-compiler:
+          - 4.14.0
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - run: |
+          sudo apt-get update
+
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Use OCaml Compiler Version ${{ matrix.ocaml-compiler }}
+        uses: ocaml/setup-ocaml@v2
+        with:
+          ocaml-compiler: ${{ matrix.ocaml-compiler }}
+
+      - run: opam install . --deps-only
+
+      - run: opam exec -- dune build
+
+      - run: opam exec -- dune runtest

.gitignore

@@ -26,4 +26,4 @@ setup.log
 *.install
 
 # Local OPAM switch
-_opam/
+_opam/

CHANGES

@@ -0,0 +1,3 @@
+## 0.1.0 (2024-01-08)
+
+* Initial release

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 Geoffrey Borough
+Copyright (c) 2023 Geoffrey Borough
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+SOFTWARE.

Makefile

@@ -0,0 +1,20 @@
+INSTALL_ARGS := $(if $(PREFIX),--prefix $(PREFIX),)
+
+default:
+	dune build
+
+test:
+	dune runtest
+
+install:
+	dune install $(INSTALL_ARGS)
+
+uninstall:
+	dune uninstall $(INSTALL_ARGS)
+
+reinstall: uninstall install
+
+clean:
+	dune clean
+
+.PHONY: default test install uninstall reinstall clean

README.md

@@ -1,2 +1,63 @@
-# sarif
-Static Analysis Results Interchange Format (SARIF) For OCaml
+# SARIF(v2.1.0)
+
+Reference implementation of the Static Analysis Results Interchange Format (SARIF) For OCaml, currently supporting version 2.1.0(latest)
+
+This library uses atdgen to generate ocaml types therefore familiarity with its naming and conversion convention is highly recommended
+
+## User Manual
+
+### Module organisation
+
+The core type of sarif is: Sarif_v_2_1_0_t.sarif_json_schema
+
+Sarif_v_2_1_0_t -> Generated ocaml types for all sarif objects and properties
+
+Sarif_v_2_1_0_j -> Generated json helper functions for all relevant ocaml types
+
+Sarif_v_2_1_0_v -> Generated validation functions for all relevant ocaml types
+
+Sarif_v_2_1_0_util -> Utility functions which the validation functions rely on
+
+### Parsing example
+
+Assume that a well-formed sarif json file "example.sarif" and we'd like to parse and print
+
+```ocaml
+open Core
+open Sarif
+
+let sarif_json = In_channel.read_all "example.sarif" in
+let parsed_core_type = Sarif_v_2_1_0_j.sarif_json_schema_of_string sarif_json in
+let core_type_string = Sarif_v_2_1_0_j.string_of_sarif_json_schema parsed_core_type in
+print_endline core_type_string
+```
+
+### Validation example
+
+Assume that a malformed sarif json file "malformed.sarif" and we suspect the "runs" field is invalid
+
+```ocaml
+open Core
+open Sarif
+
+let sarif_json = In_channel.read_all "malformed.sarif" in
+let parsed_core_type = Sarif_v_2_1_0_j.sarif_json_schema_of_string sarif_json in
+let run = Sarif_v_2_1_0_j.string_of_run @@ List.hd_exn @@ parsed_core_type.runs in
+let parsed_run = Sarif_v_2_1_0_j.run_of_string run in
+let res = Sarif_v_2_1_0_util.validate_run parsed_run in
+if res then print_endline "valid" else print_endline "invalid"
+```
+
+Or to validate payload via directly constructing the types with Sarif_v_2_1_0_t, we can use validation functions present in Sarif_v_2_1_0_v. Please refer to atdgen validation example(https://github.com/ahrefs/atd/tree/master/doc/atdgen-tutorial-data/validate)
+
+## License
+
+This project is licensed under the [MIT license].
+
+[MIT license]: https://github.com/gborough/sarif/blob/main/LICENSE
+
+## Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted
+for inclusion in safemoney by you, shall be licensed as MIT, without any additional
+terms or conditions.

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, please email the maintainers at `[email protected]`. Please do not create a Github issue
+for security vulnerabilities.
+
+If you can, please include the following details:
+* An MCVE (minimum complete verifiable example) – this is a short code snippet which demonstrates the error in the 
+the simplest possible (or just a simple) way.
+* Which versions the vulnerability is present in
+* What effects the vulnerability has and how serious the vulnerability is

dune-project

@@ -0,0 +1,28 @@
+(lang dune 2.9)
+
+(name sarif)
+
+(generate_opam_files true)
+
+(source
+ (github gborough/sarif))
+
+(authors "Geoffrey Borough")
+
+(maintainers "[email protected]")
+
+(license MIT)
+
+(homepage "https://github.com/gborough/sarif")
+
+(bug_reports "https://github.com/gborough/sarif/issues")
+
+(documentation "https://gborough.github.io/sarif/sarif")
+
+(package
+ (name sarif)
+ (synopsis "Static Analysis Results Interchange Format (SARIF) Version 2.1.0")
+ (description "Static Analysis Results Interchange Format (SARIF) Version 2.1.0")
+ (depends (ocaml (>= 4.14.0)) dune core re2 atdgen-runtime timedesc ppx_jane ppx_deriving yojson uri)
+ (tags
+  (sarif)))

flake.nix

@@ -0,0 +1,26 @@
+{
+  inputs = {
+    opam-nix.url = "github:tweag/opam-nix";
+    flake-utils.url = "github:numtide/flake-utils";
+    nixpkgs.follows = "opam-nix/nixpkgs";
+  };
+  outputs = { self, flake-utils, opam-nix, nixpkgs }@inputs:
+    let package = "safemoney";
+    in flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        on = opam-nix.lib.${system};
+        devPackagesQuery = {
+          ocaml-lsp-server = "*";
+        };
+        query = devPackagesQuery // {
+          ocaml-base-compiler = "4.14.0";
+        };
+        scope =
+          on.buildOpamProject { } package ./. query;
+      in {
+        legacyPackages = scope;
+
+        packages.default = self.legacyPackages.${system}.${package};
+      });
+}

lib/dune

@@ -0,0 +1,23 @@
+(library
+ (public_name sarif)
+ (name sarif)
+ (libraries core timedesc yojson atdgen-runtime re2 uri)
+ (preprocess (pps ppx_deriving.show ppx_deriving.ord ppx_deriving.eq))
+ (flags     :standard -w -30))
+
+(include_subdirs unqualified)
+
+; (rule
+; (targets sarif_v_2_1_0_t.ml sarif_v_2_1_0_t.mli)
+; (deps    sarif_v_2_1_0.atd)
+; (action  (run atdgen -t %{deps})))
+
+; (rule
+; (targets sarif_v_2_1_0_j.ml sarif_v_2_1_0_j.mli)
+; (deps    sarif_v_2_1_0.atd)
+; (action  (run atdgen -j -j-std %{deps})))
+
+; (rule
+; (targets sarif_v_2_1_0_v.ml sarif_v_2_1_0_v.mli)
+; (deps    sarif_v_2_1_0.atd)
+; (action  (run atdgen -v %{deps})))