-
Notifications
You must be signed in to change notification settings - Fork 87
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
SARIF1015 complained if a `uri` property in one of the `artifactLocation` objects in `run.originalUriBaseIds` was relative. But that is allowed as long as `artifactLocation.uriBaseId` is also present. The actual requirement is: 1. If `uriBaseId` is absent, then _either_ `uri` must be absolute or it must be absent. 2. If `uriBaseId` is present, the `uri` must be relative. But <span>#</span>2 is true for _all_ `artifactLocation` objects, not just those in `run.originalUriBaseIds`. Therefore, in this PR: - We remove the logic dealing with `run.originalUriBaseIds` from SARIF1015. - We introduce a new rule SARIF1018 that enforces <span>#</span>1 in `run.originalUriBaseIds`. - We file issue #1643, "New rule: If artifactLocation.uriBaseId is present, uri must be relative" to enforce <span>#</span>2 for all `artifactLocation` objects. But that is beyond the scope of this PR. Also: - DRY out the construction of the names of the validation rule test files. - Upgrade the test files for SARIF1015 (which are affected by this change) to the final SARIF version, to make it easier to reliably make the required changes in `run.originalUriBaseIds`. NOTE: #1485 also reported that the web site's validation page did not accept files with the (valid) filename extension .sarif.json. I filed microsoft/sarif-website#104 for that, and labeled it `m156` because _this_ bug is `m156`. I'll do that one next.
- Loading branch information
Larry Golding
committed
Aug 15, 2019
1 parent
1db9484
commit a1e0f26
Showing
16 changed files
with
345 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
76 changes: 76 additions & 0 deletions
76
src/Sarif.Multitool/Rules/SARIF1018.InvalidUriInOriginalUriBaseIds.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
// Copyright (c) Microsoft. All rights reserved. | ||
// Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
|
||
using System; | ||
using System.Collections.Generic; | ||
using Microsoft.Json.Pointer; | ||
|
||
namespace Microsoft.CodeAnalysis.Sarif.Multitool.Rules | ||
{ | ||
public class InvalidUriInOriginalUriBaseIds : SarifValidationSkimmerBase | ||
{ | ||
private readonly MultiformatMessageString _fullDescription = new MultiformatMessageString | ||
{ | ||
Text = RuleResources.SARIF1018_InvalidUriInOriginalUriBaseIds | ||
}; | ||
|
||
public override MultiformatMessageString FullDescription => _fullDescription; | ||
|
||
public override FailureLevel DefaultLevel => FailureLevel.Error; | ||
|
||
/// <summary> | ||
/// SARIF1018 | ||
/// </summary> | ||
public override string Id => RuleId.InvalidUriInOriginalUriBaseIds; | ||
|
||
protected override IEnumerable<string> MessageResourceNames => new string[] | ||
{ | ||
nameof(RuleResources.SARIF1018_Default) | ||
}; | ||
|
||
protected override void Analyze(Run run, string runPointer) | ||
{ | ||
if (run.OriginalUriBaseIds != null) | ||
{ | ||
string originalUriBaseIdsPointer = runPointer.AtProperty(SarifPropertyName.OriginalUriBaseIds); | ||
|
||
foreach (string key in run.OriginalUriBaseIds.Keys) | ||
{ | ||
AnalyzeOriginalUriBaseIdsEntry(run.OriginalUriBaseIds[key], originalUriBaseIdsPointer.AtProperty(key)); | ||
} | ||
} | ||
} | ||
|
||
private void AnalyzeOriginalUriBaseIdsEntry(ArtifactLocation artifactLocation, string pointer) | ||
{ | ||
// If uriBaseId is present, the uri must be relative. But this is true for _all_ | ||
// artifactLocation objects, not just the ones in run.originalUriBaseIds, so we | ||
// will not verify it here. There will be a separate validation rule to enforce | ||
// this condition. See https://github.com/microsoft/sarif-sdk/issues/1643. | ||
if (artifactLocation.UriBaseId != null) { return; } | ||
|
||
// We know that uriBaseId is absent. In this case, uri must _either_ be an absolute | ||
// URI, or it must be absent. | ||
if (artifactLocation.Uri == null) { return; } | ||
|
||
// We know that uri is present, so now we can verify that it's an absolute URI. | ||
|
||
// If it's not a well-formed URI of _any_ kind, then don't bother triggering this rule. | ||
// Rule SARIF1003, UrisMustBeValid, will catch it. | ||
// Check for well-formedness first, before attempting to create a Uri object, to | ||
// avoid having to do a try/catch. Unfortunately Uri.TryCreate will return true | ||
// even for a malformed URI string. | ||
string uriString = artifactLocation.Uri.OriginalString; | ||
if (uriString != null && Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute)) | ||
{ | ||
// Ok, it's a well-formed URI of some kind. If it's not absolute, _now_ we | ||
// can report it. | ||
Uri uri = new Uri(uriString, UriKind.RelativeOrAbsolute); | ||
if (!uri.IsAbsoluteUri) | ||
{ | ||
LogResult(pointer, nameof(RuleResources.SARIF1018_Default), uriString); | ||
} | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.