Misc: Add script creating DCA source suites from MRVA #19232
Conversation
The script takes the URL of a MRVA exported Gist and uses it to produce a source suite compatible with DCA. At present, you have to manually specify the language on the commandline, using the `--language` parameter. Also supports `--min` and `--max` parameters if you want to limit the sources to ones with a bounded number of alerts.
There was a problem hiding this comment.
Pull Request Overview
This PR adds a Python script to convert a MRVA-exported GitHub Gist into a DCA-compatible source suite, with support for specifying the analysis language and filtering by alert count.
- Introduces
mrva-to-dca-source-suite.pyto clone a MRVA Gist, parse its summary, and generate a YAML source suite - Adds command-line arguments
--language,--min, and--max - Implements parsing for repo alert counts and SHA extraction to populate the suite
Comments suppressed due to low confidence (3)
misc/scripts/mrva-to-dca-source-suite.py:6
- The import
defaultdictis never used in this script. Please remove it to avoid unused imports.
from collections import defaultdict
misc/scripts/mrva-to-dca-source-suite.py:56
- [nitpick] The variable name
dis ambiguous. Consider renaming it toalert_countsor a more descriptive name.
d = {}
misc/scripts/mrva-to-dca-source-suite.py:108
- The filtering logic for
filtered_alerts(min/max bounds) isn't covered by existing tests; please add unit tests validating boundary conditions.
filtered_alerts = {
|
|
||
| help_text = """ | ||
| To use this script, pass the URL of a GitHub Gist as an argument. The Gist should contain the | ||
| exported MarkDown output of a MRVA run. |
There was a problem hiding this comment.
The term "MarkDown" should be capitalized as "Markdown" for consistency with common usage.
| exported MarkDown output of a MRVA run. | |
| exported Markdown output of a MRVA run. |
Copilot uses AI. Check for mistakes.
| repo_alerts = get_repo_alert_counts(repo_dir) | ||
| repo_nwo_shas = get_repo_nwo_shas(repo_dir) | ||
|
|
||
| min_count = args.min if args.min else min(repo_alerts.values()) |
There was a problem hiding this comment.
Using if args.min treats 0 as unset. Use if args.min is not None to correctly handle a --min 0 argument.
| min_count = args.min if args.min else min(repo_alerts.values()) | |
| min_count = args.min if args.min is not None else min(repo_alerts.values()) |
Copilot uses AI. Check for mistakes.
| repo_nwo_shas = get_repo_nwo_shas(repo_dir) | ||
|
|
||
| min_count = args.min if args.min else min(repo_alerts.values()) | ||
| max_count = args.max if args.max else max(repo_alerts.values()) |
There was a problem hiding this comment.
Using if args.max treats 0 as unset. Use if args.max is not None to correctly handle a --max 0 argument.
| max_count = args.max if args.max else max(repo_alerts.values()) | |
| max_count = args.max if args.max is not None else max(repo_alerts.values()) |
Copilot uses AI. Check for mistakes.
The script takes the URL of a MRVA exported Gist and uses it to produce a source suite compatible with DCA.
At present, you have to manually specify the language on the commandline, using the
--languageparameter.Also supports
--minand--maxparameters if you want to limit the sources to ones with a bounded number of alerts.