OASIS Static Analysis Results Interchange Format (SARIF) TC

 View Only
  • 1.  rule.helpLocation: string URI or fileLocation?

    Posted 05-30-2018 00:34
    I added this comment to Issue #175 (URI vs fileLocation ): The only existing properties whose value is an absolute-URI-valued string are: ·          tool.downloadUri . This is correct. ·          versionControlDetails.uri . This is correct. The properties whose values are  fileLocation  objects are: ·          result.workItemLocation  is a deterministic  fileLocation  object. It needs to change to an absolute-URI-valued string. ·          rule.helpLocation : This one is tricky. If the help files are on the machine, they're non-deterministic and we should use  fileLocation . If they're on the web, they're deterministic and we should use an absolute-URI-valued string. Ideas? All the other  fileLocation -valued properties are non-deterministic, and so are using  fileLocation appropriately. What do you think is the right answer for rule.helpLocation ?   Thanks, Larry


  • 2.  RE: [sarif] rule.helpLocation: string URI or fileLocation?

    Posted 05-30-2018 15:37
    In general, I don’t think we’re trying to accommodate tools that provide relative references to constituent tool files. The embedded SARIF rules metadata is intended to help with distributing some core content if there’s no network/internet access.   From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 29, 2018 5:31 PM To: sarif@lists.oasis-open.org Subject: [sarif] rule.helpLocation: string URI or fileLocation?   I added this comment to Issue #175 (URI vs fileLocation ): The only existing properties whose value is an absolute-URI-valued string are: ·          tool.downloadUri . This is correct. ·          versionControlDetails.uri . This is correct. The properties whose values are  fileLocation  objects are: ·          result.workItemLocation  is a deterministic  fileLocation  object. It needs to change to an absolute-URI-valued string. ·          rule.helpLocation : This one is tricky. If the help files are on the machine, they're non-deterministic and we should use  fileLocation . If they're on the web, they're deterministic and we should use an absolute-URI-valued string. Ideas? All the other  fileLocation -valued properties are non-deterministic, and so are using  fileLocation appropriately. What do you think is the right answer for rule.helpLocation ?   Thanks, Larry


  • 3.  RE: [sarif] rule.helpLocation: string URI or fileLocation?

    Posted 05-30-2018 16:16
    That makes sense. So the spec change for this issue will be: result.workItemLocation:fileLocation  ?  result.workItemUri:string rule.helpLocation:fileLocation  ?  result.helpUri:string Remove the portion of §3.3.4 (Guidance on the use of fileLocation objects) that permits deterministic URIs in   fileLocation   objects . Larry From: Michael Fanning <Michael.Fanning@microsoft.com> Sent: Wednesday, May 30, 2018 8:37 AM To: Larry Golding (Comcast) <larrygolding@comcast.net>; sarif@lists.oasis-open.org Subject: RE: [sarif] rule.helpLocation: string URI or fileLocation?   In general, I don’t think we’re trying to accommodate tools that provide relative references to constituent tool files. The embedded SARIF rules metadata is intended to help with distributing some core content if there’s no network/internet access.   From: sarif@lists.oasis-open.org < sarif@lists.oasis-open.org > On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 29, 2018 5:31 PM To: sarif@lists.oasis-open.org Subject: [sarif] rule.helpLocation: string URI or fileLocation?   I added this comment to Issue #175 (URI vs fileLocation ): The only existing properties whose value is an absolute-URI-valued string are: ·          tool.downloadUri . This is correct. ·          versionControlDetails.uri . This is correct. The properties whose values are  fileLocation  objects are: ·          result.workItemLocation  is a deterministic  fileLocation  object. It needs to change to an absolute-URI-valued string. ·          rule.helpLocation : This one is tricky. If the help files are on the machine, they're non-deterministic and we should use  fileLocation . If they're on the web, they're deterministic and we should use an absolute-URI-valued string. Ideas? All the other  fileLocation -valued properties are non-deterministic, and so are using  fileLocation appropriately. What do you think is the right answer for rule.helpLocation ?   Thanks, Larry


  • 4.  RE: [sarif] rule.helpLocation: string URI or fileLocation?

    Posted 05-31-2018 15:27
    Yes. And perhaps consider adding some warning against decomposing absolute URLs inappropriately in an attempt to reduce log file size.   From: Larry Golding (Comcast) <larrygolding@comcast.net> Sent: Wednesday, May 30, 2018 9:13 AM To: Michael Fanning <Michael.Fanning@microsoft.com>; sarif@lists.oasis-open.org Subject: RE: [sarif] rule.helpLocation: string URI or fileLocation?   That makes sense. So the spec change for this issue will be: result.workItemLocation:fileLocation  ?  result.workItemUri:string rule.helpLocation:fileLocation  ?  result.helpUri:string Remove the portion of §3.3.4 (Guidance on the use of fileLocation objects) that permits deterministic URIs in   fileLocation   objects . Larry From: Michael Fanning < Michael.Fanning@microsoft.com > Sent: Wednesday, May 30, 2018 8:37 AM To: Larry Golding (Comcast) < larrygolding@comcast.net >; sarif@lists.oasis-open.org Subject: RE: [sarif] rule.helpLocation: string URI or fileLocation?   In general, I don’t think we’re trying to accommodate tools that provide relative references to constituent tool files. The embedded SARIF rules metadata is intended to help with distributing some core content if there’s no network/internet access.   From: sarif@lists.oasis-open.org < sarif@lists.oasis-open.org > On Behalf Of Larry Golding (Comcast) Sent: Tuesday, May 29, 2018 5:31 PM To: sarif@lists.oasis-open.org Subject: [sarif] rule.helpLocation: string URI or fileLocation?   I added this comment to Issue #175 (URI vs fileLocation ): The only existing properties whose value is an absolute-URI-valued string are: ·          tool.downloadUri . This is correct. ·          versionControlDetails.uri . This is correct. The properties whose values are  fileLocation  objects are: ·          result.workItemLocation  is a deterministic  fileLocation  object. It needs to change to an absolute-URI-valued string. ·          rule.helpLocation : This one is tricky. If the help files are on the machine, they're non-deterministic and we should use  fileLocation . If they're on the web, they're deterministic and we should use an absolute-URI-valued string. Ideas? All the other  fileLocation -valued properties are non-deterministic, and so are using  fileLocation appropriately. What do you think is the right answer for rule.helpLocation ?   Thanks, Larry