OASIS Static Analysis Results Interchange Format (SARIF) TC

New TC comment: Issue #429, missing constraint

  • 1.  New TC comment: Issue #429, missing constraint

    Posted 06-15-2019 00:38
    I noticed and filed Issue #429 , “Missing constraint: result.ruleId == result.rule.id”:   The spec correctly says that if  result.ruleIndex  and  result.rule.index  are both present, they must be equal. But it does  not  say that if  result.ruleId  and  result.rule.id  are both present, they must be equal. It  should  say that.   I was sure I’d said that, but I just can’t find it in §3.27.5, result.ruleId property.   It would be a substantive change to add this constraint. I propose not to take this change (and trigger another comment period). It’s not like somebody’s likely to create a SARIF file that looks like this:   results: [   {     ruleId: CS0001,     rule: {      id: CS0002     },     ...   It’s just that we should have explicitly prohibited it.   Larry