Hmmm. I see that I had previously decided not to take this change. In the heat of editing this afternoon, I did make this change – it seemed at the time an obvious bug that needed fixing. David, please let me know whether to revert this change in the draft I just pushed. Larry From:
sarif@lists.oasis-open.org <
sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Myriad Consulting Inc) Sent: Friday, June 14, 2019 5:38 PM To: OASIS SARIF TC Discussion List <
sarif@lists.oasis-open.org> Subject: [sarif] New TC comment: Issue #429, missing constraint Importance: High I noticed and filed Issue #429 , “Missing constraint: result.ruleId == result.rule.id”: The spec correctly says that if result.ruleIndex and result.rule.index are both present, they must be equal. But it does not say that if result.ruleId and result.rule.id are both present, they must be equal. It should say that. I was sure I’d said that, but I just can’t find it in §3.27.5, result.ruleId property. It would be a substantive change to add this constraint. I propose not to take this change (and trigger another comment period). It’s not like somebody’s likely to create a SARIF file that looks like this: results: [ { ruleId: CS0001, rule: { id: CS0002 }, ... It’s just that we should have explicitly prohibited it. Larry