OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  logical locations to array

    Posted 05-17-2019 17:35
    Hello, TC,   Twice in the last two weeks, we’ve received two request internally at Microsoft to provide multiple logical locations for a result. Here’s a clear example of why this is useful: an internal accessibility checker is reporting results against a rendered HTML page. It is helpful in their scenario to provide a logical location that is the CSS selector for the problematic item (because this tends to be where the fix is applied) as well as the XHTML xpath to the target item (which they have found is more useful for result matching).   A second team independently raised this suggestion for a second project (that analyzes JSON data).   We have a narrow window to update the spec (today, basically). Would people be open to converting `location.logicalLocation` (a single logical location) to `location.logicalLocations` (an array of them)?   So far, we have only accepted editorial and bug fix changes, as well as one small improvement Jim suggested (adding new roles) that is entirely non-breaking. This change is breaking. It can easily be rendered as non-breaking in the C# SDK (we just need to add a helper for location.logicalLocation that retrieves the 0 th element of location.logicalLocations). And so I’m willing to take it.   Just wanted to take everyone’s pulse on this.   Michael


  • 2.  Re: [sarif] logical locations to array

    Posted 05-21-2019 13:37
    TC: I got the notice of the new ballot this morning, and I notice that the version is now 2.1 whereas I had expected to see 2.0. Is this version number bump something that we are compelled to do? Does it mean that when we are done it will remain 2.1, so there will never be an official 2.0? Thanks, -Paul On 5/17/2019 1:34 PM, Michael Fanning wrote: Hello, TC,   Twice in the last two weeks, we’ve received two request internally at Microsoft to provide multiple logical locations for a result. Here’s a clear example of why this is useful: an internal accessibility checker is reporting results against a rendered HTML page. It is helpful in their scenario to provide a logical location that is the CSS selector for the problematic item (because this tends to be where the fix is applied) as well as the XHTML xpath to the target item (which they have found is more useful for result matching).   A second team independently raised this suggestion for a second project (that analyzes JSON data).   We have a narrow window to update the spec (today, basically). Would people be open to converting `location.logicalLocation` (a single logical location) to `location.logicalLocations` (an array of them)?   So far, we have only accepted editorial and bug fix changes, as well as one small improvement Jim suggested (adding new roles) that is entirely non-breaking. This change is breaking. It can easily be rendered as non-breaking in the C# SDK (we just need to add a helper for location.logicalLocation that retrieves the 0 th element of location.logicalLocations). And so I’m willing to take it.   Just wanted to take everyone’s pulse on this.   Michael -- Paul Anderson, VP of Engineering, GrammaTech, Inc. 531 Esty St., Ithaca, NY 14850 Tel: +1 607 273-7340 x118; http://www.grammatech.com


  • 3.  Re: [sarif] logical locations to array

    Posted 05-21-2019 23:40
    On 5/21/19 6:37 AM, Paul Anderson wrote: I got the notice of the new ballot this morning, and I notice that the version is now 2.1 whereas I had expected to see 2.0. Is this version number bump something that we are compelled to do? Does it mean that when we are done it will remain 2.1, so there will never be an official 2.0? The issue was that some organizations had been supporting a 2.0 internally that was tracking earlier versions of the document, so 2.1 provides an upgrade path without requiring them to give up their earlier investment. So yes, the first public version will be 2.1. David