From ca631b3b14156ee8adebfe7f73454b5382e606ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Thu, 20 Nov 2025 17:13:40 +0100 Subject: [PATCH 1/4] Fixed #14032 (SARIF: version should be the first property) --- lib/sarifreport.cpp | 3 +-- test/testsarifreport.cpp | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/sarifreport.cpp b/lib/sarifreport.cpp index 4dadc3d5d71..c1c3a8387ec 100644 --- a/lib/sarifreport.cpp +++ b/lib/sarifreport.cpp @@ -180,11 +180,10 @@ std::string SarifReport::serialize(std::string productName) const version.erase(version.find(' '), std::string::npos); picojson::object doc; - doc["version"] = picojson::value("2.1.0"); doc["$schema"] = picojson::value("https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json"); doc["runs"] = serializeRuns(productName, version); - return picojson::value(doc).serialize(true); + return "{\n \"version\": \"2.1.0\"," + picojson::value(doc).serialize(true).substr(1); } std::string SarifReport::sarifSeverity(const ErrorMessage& errmsg) diff --git a/test/testsarifreport.cpp b/test/testsarifreport.cpp index 76fe64fe20f..9f00612a932 100644 --- a/test/testsarifreport.cpp +++ b/test/testsarifreport.cpp @@ -98,6 +98,10 @@ class TestSarifReport : public TestFixture ASSERT_EQUALS("2.1.0", root.at("version").get()); ASSERT(root.at("$schema").get().find("sarif-schema-2.1.0") != std::string::npos); + // From SARIF specification (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790730): + // Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first. + ASSERT_EQUALS("{\n \"version\": \"2.1.0\"", sarif.substr(0,22)); + const picojson::array& runs = root.at("runs").get(); ASSERT_EQUALS(1U, runs.size()); From 1296115792342c3309fe53eb85742eb25c6d95cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Thu, 20 Nov 2025 18:43:26 +0100 Subject: [PATCH 2/4] comment --- lib/sarifreport.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/sarifreport.cpp b/lib/sarifreport.cpp index c1c3a8387ec..6ce8ef88523 100644 --- a/lib/sarifreport.cpp +++ b/lib/sarifreport.cpp @@ -183,6 +183,10 @@ std::string SarifReport::serialize(std::string productName) const doc["$schema"] = picojson::value("https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json"); doc["runs"] = serializeRuns(productName, version); + // Insert "version" property at the start. + // From SARIF specification (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790730): + // Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first. + return "{\n \"version\": \"2.1.0\"," + picojson::value(doc).serialize(true).substr(1); } From d57cc3ea02c904fd0a7d6906ba674b2d4e5deb4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Fri, 21 Nov 2025 14:04:55 +0100 Subject: [PATCH 3/4] config --- lib/sarifreport.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/sarifreport.cpp b/lib/sarifreport.cpp index 6ce8ef88523..dfc35009c49 100644 --- a/lib/sarifreport.cpp +++ b/lib/sarifreport.cpp @@ -25,6 +25,9 @@ #include #include +static const char sarifVersion[] = "2.1.0"; +static const char sarifSchema[] = "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json"; + void SarifReport::addFinding(ErrorMessage msg) { mFindings.push_back(std::move(msg)); @@ -180,14 +183,14 @@ std::string SarifReport::serialize(std::string productName) const version.erase(version.find(' '), std::string::npos); picojson::object doc; - doc["$schema"] = picojson::value("https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json"); + doc["$schema"] = picojson::value(sarifSchema); doc["runs"] = serializeRuns(productName, version); // Insert "version" property at the start. // From SARIF specification (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790730): // Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first. - return "{\n \"version\": \"2.1.0\"," + picojson::value(doc).serialize(true).substr(1); + return "{\n \"version\": \"" + sarifVersion + "\"," + picojson::value(doc).serialize(true).substr(1); } std::string SarifReport::sarifSeverity(const ErrorMessage& errmsg) From b9ac31a4dc2a3e1619ea6b0f87252ca6313e718f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Fri, 21 Nov 2025 15:28:07 +0100 Subject: [PATCH 4/4] fix --- lib/sarifreport.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/sarifreport.cpp b/lib/sarifreport.cpp index dfc35009c49..fc4ff90df72 100644 --- a/lib/sarifreport.cpp +++ b/lib/sarifreport.cpp @@ -190,7 +190,7 @@ std::string SarifReport::serialize(std::string productName) const // From SARIF specification (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790730): // Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first. - return "{\n \"version\": \"" + sarifVersion + "\"," + picojson::value(doc).serialize(true).substr(1); + return "{\n \"version\": \"" + std::string(sarifVersion) + "\"," + picojson::value(doc).serialize(true).substr(1); } std::string SarifReport::sarifSeverity(const ErrorMessage& errmsg)