OASIS Static Analysis Results Interchange Format (SARIF) TC

Change draft for #194 and #202: Improvements to threadFlowLocation

  • 1.  Change draft for #194 and #202: Improvements to threadFlowLocation

    Posted 09-24-2018 22:48
    I pushed a change draft that covers Issue #194 : “Did we break code flows in v2?” and Issue #202 : “Restore threadFlowLocation.kind.” #202 is a subset of #194.   Documents/ChangeDrafts/Active/sarif-v2.0-issues-194-202-threadFlowLocation-changes.docx   The changes are as follows: Restore threadFlowLocation.kind . Make kind an array of unique strings rather than a single string. Include kind values for exceptions ( "try" , "throw" , "catch" , "rethrow" , and "finally" ) and for “tainted data” analysis ( "source" , "sanitizer" , and "sink" ). Allow arbitrary kind values if none of the defined values is appropriate. Clarify that viewers should not use kind to determine indentation; they should only use indentLevel for that. Do not require kind values to occur as matched pairs (for example, matching "call" with "callReturn" ). Call out the intended use of kind to guide display (for example, with icons).   We will move its adoption at TC #24 on Wednesday September 26 th .   Thanks, Larry