Merge pull request #8 from advanced-security/fix-typeshed-and-token

Fix typeshed and token

Author: aegilops

action.yml

@@ -164,8 +164,11 @@ runs:
           if [[ "${install_typeshed_linters[*]}" =~ (^|[^[:alpha:]])${INPUTS_LINTER}([^[:alpha:]]|$) ]]; then
             echo "::debug::Installing typeshed for ${INPUTS_LINTER}"
             # clone from GitHub
-            gh repo clone python/typeshed -- --depth 1 --branch "${INPUTS_TYPESHED_VERSION}" "${GITHUB_WORKSPACE}/typeshed" || ( echo "::error::typeshed failed to install for Python ${INPUTS_PYTHON_VERSION}" && exit 1 )
-            EXTRA_LINTER_SCRIPT_FLAGS+=" --typeshed-path=${GITHUB_WORKSPACE}/typeshed"
+            (
+              cd ${RUNNER_TEMP}
+              gh repo clone python/typeshed -- --depth 1 --branch "${INPUTS_TYPESHED_VERSION}" || ( echo "::error::typeshed failed to install for Python ${INPUTS_PYTHON_VERSION}" && exit 1 )
+            )
+            EXTRA_LINTER_SCRIPT_FLAGS+=" --typeshed-path=${RUNNER_TEMP}/typeshed"
           fi
 
           # run linter
@@ -197,9 +200,17 @@ runs:
         INPUTS_FIXIT_VERSION: ${{ inputs.fixit-version }}
         INPUTS_PYRE_VERSION: ${{ inputs.pyre-version }}
         INPUTS_TYPESHED_VERSION: ${{ inputs.typeshed-version }}
+        GH_TOKEN: ${{ github.token }}
       shell: bash
     - name: Upload SARIF
       if: ${{ hashFiles(inputs.output) != '' }}
       uses: github/codeql-action/upload-sarif@v2
       with:
         sarif_file: ${{ inputs.output }}
+    - name: Upload SARIF as debug artefact
+      if: ${{ always() && runner.debug == '1' && hashFiles(inputs.output) != '' }}
+      uses: actions/upload-artifact@v3
+      with:
+        name: ${{ inputs.output }}
+        path: ${{ inputs.output }}
+

python_lint.py

@@ -55,7 +55,7 @@ def make_sarif_run(tool_name: str) -> dict:
     return sarif_run
 
 
-def flake8_linter(target: Path, *args) -> None:
+def flake8_linter(target: Path, *_args) -> None:
     """Run the flake8 linter.
 
     In contrast to the other linters, flake8 has plugin architecture.
@@ -155,7 +155,7 @@ def ruff_format_sarif(results: List[Dict[str, Any]], target: Path) -> dict:
     return sarif_run
 
 
-def ruff_linter(target: Path, *args) -> Optional[dict]:
+def ruff_linter(target: Path, *_args) -> Optional[dict]:
     """Run the ruff linter."""
     try:
         # pylint: disable=import-outside-toplevel
@@ -257,7 +257,7 @@ def pylint_format_sarif(results: List[Dict[str, Any]], target: Path) -> dict:
     return sarif_run
 
 
-def pylint_linter(target: Path, *args) -> Optional[dict]:
+def pylint_linter(target: Path, *_args) -> Optional[dict]:
     """Run the pylint linter."""
     process = run(
         ["pylint", "--output-format=json", "--recursive=y", target.absolute().as_posix()],
@@ -680,7 +680,7 @@ def fixit_format_sarif(results: str, target: Path) -> dict:
     return sarif_run
 
 
-def fixit_linter(target: Path) -> Optional[dict]:
+def fixit_linter(target: Path, *_args) -> Optional[dict]:
     """Run the fixit linter, from Meta."""
     process = run(["fixit", "lint", target.absolute().as_posix()], capture_output=True, check=False)
 
@@ -712,6 +712,31 @@ def make_paths_relative_to_target(runs: List[dict], target: Path) -> None:
                     )
 
 
+def fix_sarif_locations(runs: List[dict]) -> None:
+    """Fix the SARIF locations.
+    
+    Normalise values less than 1 to 1, e.g. -1 or 0.
+    
+    Convert strings to ints.
+
+    For anything that can't be converted to an int, set it to 1.
+    """
+    for sarif_run in runs:
+        for result in sarif_run["results"]:
+            for location in result["locations"]:
+                region = location["physicalLocation"]["region"]
+                for key in ("startLine", "endLine", "startColumn", "endColumn"):
+                    if key in region:
+                        try:
+                            region[key] = int(region[key])
+                        except ValueError:
+                            LOG.error("Unable to convert %s to int", region[key])
+                            region[key] = 1
+                            continue
+                        if region[key] < 1:
+                            region[key] = 1
+
+
 LINTERS = {
     "pylint": pylint_linter,
     "ruff": ruff_linter,
@@ -751,7 +776,7 @@ def main() -> None:
     sarif_runs: List[dict] = []
 
     target = Path(args.target).resolve().absolute()
-    typeshed_path = Path(args.typeshed_path).resolve().absolute()
+    typeshed_path = Path(args.typeshed_path).resolve().absolute() if args.typeshed_path is not None else None
 
     for linter in args.linter:
         LOG.debug("Running %s", linter)