sarif_rust 0.1.2

A comprehensive Rust library for parsing, generating, and manipulating SARIF (Static Analysis Results Interchange Format) v2.1.0 files

Documentation

Coverage
96.45%
1466 out of 1520 items documented1 out of 620 items with examples
Size
Source code size: 692.8 kB This is the summed size of all the files inside the crates.io package for this release.
Documentation size: 68.76 MB This is the summed size of all files generated by rustdoc for all configured targets
Links
Repository
crates.io
Dependencies
Versions
Owners

SARIF Rust Implementation

A comprehensive Rust library for parsing, generating, and manipulating SARIF (Static Analysis Results Interchange Format) v2.1.0 files.

Overview

This project implements a complete SARIF v2.1.0 library in Rust, providing:

Type-safe parsing and generation of SARIF files
Comprehensive validation against the SARIF specification
Ergonomic builder patterns for creating SARIF documents
High-performance streaming for large files
Zero-copy parsing where possible
Rich error handling with detailed diagnostics

Features

✅ Complete SARIF v2.1.0 Support: Full compatibility with the official specification
✅ Type Safety: Leverage Rust's type system to prevent invalid SARIF construction
✅ Performance: Optimized for handling large SARIF files efficiently
✅ Validation: Comprehensive validation with helpful error messages
✅ Builder API: Fluent interface for programmatic SARIF generation
✅ Streaming: Process large files without loading entirely into memory
✅ Extensibility: Support for custom properties and tool extensions

Quick Start

Parsing SARIF Files

use sarif_rust::SarifLog;

// Parse from file
let sarif: SarifLog = sarif_rust::from_file("results.sarif")?;

// Parse from string
let json = std::fs::read_to_string("results.sarif")?;
let sarif: SarifLog = sarif_rust::from_str(&json)?;

// Access results
for run in &sarif.runs {
    if let Some(results) = &run.results {
        for result in results {
            println!("Rule: {}, Message: {}", 
                result.rule_id.as_deref().unwrap_or("unknown"),
                result.message.text.as_deref().unwrap_or("no message")
            );
        }
    }
}

Creating SARIF Files

use sarif_rust::{SarifLogBuilder, RunBuilder, ResultBuilder, Level};

let sarif = SarifLogBuilder::new()
    .add_run(
        RunBuilder::new()
            .tool_name("my-analyzer")
            .tool_version("1.0.0")
            .add_result(
                ResultBuilder::new()
                    .rule_id("SECURITY001")
                    .message("Potential SQL injection vulnerability")
                    .level(Level::Error)
                    .location("src/database.rs", 42, 15)
                    .build()?
            )
            .build()?
    )
    .build()?;

// Serialize to JSON
let json = sarif_rust::to_string_pretty(&sarif)?;
std::fs::write("output.sarif", json)?;

Streaming Large Files

use sarif_rust::StreamingParser;
use std::fs::File;

let file = File::open("large_results.sarif")?;
let parser = StreamingParser::new(file);

for run_result in parser.parse_runs() {
    let run = run_result?;
    // Process each run individually without loading entire file
    println!("Processed run from tool: {}", run.tool.driver.name);
}

Project Structure

sarif_rust/
├── src/
│   ├── types/           # Core SARIF data structures
│   ├── builder/         # Builder pattern implementations  
│   ├── parser/          # Parsing and validation
│   └── utils/           # Utility functions
├── tests/               # Integration tests
├── docs/                # Documentation
└── examples/            # Usage examples

Documentation

Specification Analysis: Deep dive into SARIF v2.1.0 specification
Implementation Plan: Detailed technical implementation roadmap
API Documentation: Complete API reference (when published)

SARIF Specification Compliance

This library implements the complete SARIF v2.1.0 specification including:

Core Objects

SarifLog: Root container with version and runs
Run: Analysis tool execution with results and metadata
Result: Individual findings with locations and metadata
Location: Physical and logical location information
Tool: Tool and component information
Artifact: File and content references

Advanced Features

External Property Files: Large-scale analysis support
Taxonomies: Rule categorization and classification
Code Flows: Multi-step analysis paths
Threading Flows: Multi-threaded analysis support
Web Requests/Responses: Web application analysis
Fixes: Automated fix suggestions

Performance Characteristics

Operation	File Size	Performance Target
Parse	1-10 MB	< 100ms
Validate	1-10 MB	< 50ms
Serialize	1-10 MB	< 50ms
Stream Parse	100+ MB	< 500MB RAM

Development Roadmap

Phase 1: Core Types (Week 1)

Define SARIF object model
Implement core enums and types
Basic JSON serialization support

Phase 2: Validation (Week 2)

Custom validation traits
URI and cross-reference validation
Comprehensive error types

Phase 3: Builders (Week 3)

Fluent builder interfaces
Type-safe construction
Ergonomic API design

Phase 4: Advanced Features (Week 4)

Streaming parser implementation
Cross-reference indexing
Memory optimization

Phase 5: Polish (Week 5)

Comprehensive testing
Documentation and examples
Performance benchmarking

Contributing

Contributions are welcome! Please see our contribution guidelines for details on:

Code style and formatting
Testing requirements
Documentation standards
Pull request process

License

This project is licensed under either of:

Apache License, Version 2.0 (LICENSE-APACHE)
MIT License (LICENSE-MIT)

at your option.

Related Projects

SARIF Standard: Official SARIF specification and tools
Microsoft SARIF SDK: .NET implementation
sarif-python: Python SARIF library

Status: 🚧 Under Development - See Implementation Plan for current progress