Draft: fix: update parsing of code-climate output to support 'positions'

James H.requested to merge
gitlab-community/components/code-quality-oss/codequality-os-scanners-integration:bugfix/jhomer-hscl-parse-ansible-lint-location-correctly into main

What does this MR do and why?

fix: update parsing of code-climate output to support 'positions'

Fixes issue with ansible-lint generated code-climate output where the output contains positions information in the location section, e.g.

[
    {
        "type": "issue",
        "check_name": "name[casing]",
        "categories": [
            "idiom"
        ],
        "url": "https://ansible.readthedocs.io/projects/lint/rules/name/",
        "severity": "major",
        "description": "All names should start with an uppercase letter.",
        "fingerprint": "099a0684f38a79caf7a15c3326b6b56fa3d0d79d5194a46d770e012488d1d02e",
        "location": {
            "path": "roles/test_role/tasks/main.yml",
            "positions": {
                "begin": {
                    "line": 2,
                    "column": 9
                }
            }
        },
        "content": {
            "body": "Task/Handler: test for linting"
        }
    }
]

It also maintains support for output that does not include the position data.

[
    {
        "type": "issue",
        "check_name": "risky-file-permissions",
        "categories": [
            "unpredictability"
        ],
        "url": "https://ansible.readthedocs.io/projects/lint/rules/risky-file-permissions/",
        "severity": "major",
        "description": "File permissions unset or incorrect.",
        "fingerprint": "4a02cf02f19add85763176a140f5e7c3fd20153d5b67f88f6218fe65bf0c4248",
        "location": {
            "path": "roles/test_role/tasks/main.yml",
            "lines": {
                "begin": 6
            }
        },
        "content": {
            "body": "Task/Handler: touch"
        }
    }
]

This will fix issue: #43

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

N/A but would like to show before (failing pipeline) / after (passing pipeline) but

  • I think this needs the test data updating to reproduce the data seen above
  • Being able to run the pipeline. I have an open discord thread on this Hi I'm looking to contribute more changes.
  • I think that the tests might also need convert_to_sast setting to generate the output and run validation against the output

How to set up and validate locally

See #43 for details on how to include a test that

Merge request reports