Add OriginalUriBaseIds sample. #14
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| { | ||
| "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", | ||
| "version": "2.1.0", | ||
| "properties": { | ||
| "comment": "This sample demonstrates the use of originalUriBaseIds." | ||
| }, | ||
| "runs": [ | ||
| { | ||
| "tool": { | ||
| "driver": { | ||
| "name": "SarifSamples" | ||
| } | ||
| }, | ||
| "originalUriBaseIds": { | ||
|
There was a problem hiding this comment.
you don't have an example in here that resolves to an absolute URL #Resolved There was a problem hiding this comment. I added an example ( In reply to: 414814508 [](ancestors = 414814508) |
||
| "PROJECTROOT": { | ||
| "description": { | ||
| "text": "The root directory for all project files." | ||
|
There was a problem hiding this comment.
Confusing example. most windows project files have their own directory, and therefore each project file might have its own root (it does in visual studio). You might change this to SOLUTIONROOT, of which we can more reasonably expect there to be a single definition for a scan run). #Resolved There was a problem hiding this comment. Renamed to REPOROOT, and re-described, per your comment below. In reply to: 414790002 [](ancestors = 414790002) |
||
| }, | ||
| "properties": { | ||
| "comment": "The SARIF producer has chosen not to specify a URI for PROJECTROOT. See §3.14.14, NOTE 1, for an explanation." | ||
| } | ||
| }, | ||
| "SRCROOT": { | ||
| "uri": "src", | ||
|
There was a problem hiding this comment.
Is this legal? shouldn't it end in a forward slash? do we have a hole in our validator (or maybe you haven't authored unit tests for these assets that validate?) btw - if this is a bug it's in our spec as well, which i'm looking at #Resolved There was a problem hiding this comment. You're right. I've been running In reply to: 414813884 [](ancestors = 414813884) There was a problem hiding this comment. ... aaaaand I just found a bug in the trailing slash analysis. I'll file an SDK bug and push a PR. In reply to: 414824105 [](ancestors = 414824105,414813884) There was a problem hiding this comment. Filed and fixed the SDK bug, raised a PR on the SDK, added the slash here. In reply to: 414829741 [](ancestors = 414829741,414824105,414813884) |
||
| "uriBaseId": "PROJECTROOT", | ||
|
There was a problem hiding this comment.
Ah, now I understand, by project root you mean, ENLISTMENTROOT. Suggest making that change. Or perhaps use REPOROOT . Project is just too overloaded a term in MS dev tooling to provide a clear example here. To an old MS workhorse like me, that is. :P #Resolved There was a problem hiding this comment. |
||
| "description": { | ||
| "text": "The root of the source tree." | ||
| }, | ||
| "properties": { | ||
| "comment": "SRCROOT is expressed relative to PROJECTROOT." | ||
| } | ||
| } | ||
| }, | ||
| "results": [ | ||
| { | ||
| "ruleId": "SMP0001", | ||
|
There was a problem hiding this comment.
How is SMP pronounced? 'simp'? if so, unfortunate. Also 'too many zeros'. :) How about a convention of SAMPXXX for the work we do here? I know this is a bit of a departure from conventions used by tools that reasonable allocation a range of 9999 potential issues. I think the adjustment helps with readability here. i.e., I like 'SAMP001' better than 'SMP0001'. Thoughts? This is nearly entirely in the realm of opinion... #Pending There was a problem hiding this comment. I'm SMPathetic to your concern about SMP, but I don't want to model, in our entire corpus of test assets, a pattern that we don't encourage tool authors to follow. How about Whatever we decide to do, I'll do in a separate PR that fixes all the files at once. In reply to: 414792603 [](ancestors = 414792603) There was a problem hiding this comment. There's no rigid standard here. Honestly, your string of zeros compromises readability and if you are adhering to some standard tooling convention, we don't typically start indexing from 1, these lower-level ids are almost always reserved for internal error codes. CS1002 is more typical. How about TUT1001, TUT1002, etc. or TST1001, TST1002, etc. In reply to: 414849147 [](ancestors = 414849147,414792603) |
||
| "message": { | ||
| "text": "A result outside the source tree." | ||
| }, | ||
| "locations": [ | ||
| { | ||
| "physicalLocation": { | ||
| "artifactLocation": { | ||
| "uri": "README.md", | ||
| "uriBaseId": "PROJECTROOT", | ||
| "properties": { | ||
| "comment": "If PROJECTROOT is C:\\project, this file location resolves to C:\\project\\README.md" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "ruleId": "SMP0002", | ||
| "message": { | ||
| "text": "A result in a source file." | ||
|
There was a problem hiding this comment.
hm, shall we power up this sample and add a reference to a directory in addition to distinct files? is this a concern that belongs in a different sample? #Resolved There was a problem hiding this comment. |
||
| }, | ||
| "locations": [ | ||
| { | ||
| "physicalLocation": { | ||
| "artifactLocation": { | ||
| "uri": "io/kb.c", | ||
| "uriBaseId": "SRCROOT", | ||
| "properties": { | ||
| "comment": "If PROJECTROOT is C:\\project, this file location resolves to C:\\project\\src\\io\\kb.c" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "columnKind": "utf16CodeUnits" | ||
| } | ||
| ] | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
btw - original url base ids shouldn't create 'loops'. since we have a dedicated 'don't screw up original uri base ids' rule, we could add this verification to that check. #Pending
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're about to have one of our partitioning discussions. Rule SARIF1018 is about the validity of the URIs in
originalUriBaseIds: They have to end with a slash, and if there's nouriBaseId, they have to be absolute. The (good) rule you're proposing is about the structure of theuriBaseIds. I'll make it part of 1018 if you want. But do consider how you would (1) friendly-name, and (2) describe, the combined rule.In reply to: 414814948 [](ancestors = 414814948)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I filed microsoft/sarif-sdk#1864, "Analysis rule: uriBaseIds should not form loops". In the description I explicitly say that we haven't decided whether this is a separate rule or an enhancement to an existing one.
In reply to: 414865952 [](ancestors = 414865952,414814948)