Fixing build/test errors (#2758)

* Fix vulnerable SqlClient packages

* Fix Stack test failures

* Update release record

* Fix failed tests

* Update release records

* Update the release note of Stack issue fix.

* Update release record

ReleaseHistory.md

@@ -2,6 +2,9 @@
 ## UNRELEASED
 * DEP: Remove explicit versioning for `System.Memory` and `System.Runtime.CompilerServices.Unsafe`.
 * DEP: Remove spurious references to `System.Collections.Immutable`.
+* DEP: Update `Microsoft.Data.SqlClient` reference from 2.1.2 to 2.1.7 in `WorkItems` and `Sarif.Multitool.Library` to resolve [CVE-2024-0056](https://github.com/advisories/GHSA-98g6-xh36-x2p7).
+* DEP: Update `System.Data.SqlClient` reference from 4.8.5 to 4.8.6 in `WorkItems` to resolve [CVE-2024-0056](https://github.com/advisories/GHSA-98g6-xh36-x2p7).
+* BUG: Update `Stack.Create` method to populate missing `PhysicalLocation` instances when stack frames reference relative file paths.
 * PRF: Change default `max-file-size-in-kb` parameter to 10 megabytes.
 * PRF: Add support for efficiently peeking into non-seekable streams for binary/text categorization.
 

src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj

@@ -17,7 +17,7 @@
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.10.2" />
     <PackageReference Include="Microsoft.Azure.Kusto.Data" Version="10.0.3" />
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.7" />
     <PackageReference Include="Microsoft.Json.Pointer" Version="2.1.0" />
     <PackageReference Include="Microsoft.Json.Schema" Version="2.1.0" />
     <PackageReference Include="Microsoft.Json.Schema.Validation" Version="2.1.0" />

src/Sarif/Core/Stack.cs

@@ -102,7 +102,7 @@ public static Stack Create(string stackTrace)
 
             stack.Frames = new List<StackFrame>();
 
-            var regex = new Regex(StackFrame.AT + @"([^)]+\))(" + StackFrame.IN + "([^:]+:[^:]+)" + StackFrame.LINE + " (.*))?", RegexOptions.Compiled);
+            var regex = new Regex(StackFrame.AT + @"([^)]+\))(" + StackFrame.IN + "([^:]+:?[^:]+)" + StackFrame.LINE + " (.*))?", RegexOptions.Compiled);
 
             foreach (string line in stackTrace.Split(new string[] { Environment.NewLine }, StringSplitOptions.None))
             {
@@ -130,7 +130,7 @@ public static Stack Create(string stackTrace)
                         {
                             ArtifactLocation = new ArtifactLocation
                             {
-                                Uri = new Uri(fileName)
+                                Uri = new Uri(fileName, UriKind.RelativeOrAbsolute)
                             },
                             Region = new Region
                             {

src/Sarif/Core/StackFrame.cs

@@ -102,7 +102,7 @@ public override string ToString()
 
             if (this.Location?.PhysicalLocation?.ArtifactLocation?.Uri != null)
             {
-                string fileName = this.Location.PhysicalLocation.ArtifactLocation.Uri.LocalPath;
+                string fileName = this.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString;
                 result += IN + fileName;
 
                 if (this.Location?.PhysicalLocation?.Region != null)

src/Test.UnitTests.Sarif/Core/StackTests.cs

@@ -111,5 +111,44 @@ public void Stack_CreateFromAggregatedExceptionWithInnerException()
             }
             Assert.True(caughtException);
         }
+
+        [Fact]
+        public void Stack_CreateFromStackTraceWithRelativeSourceFileLocation()
+        {
+            string stackTraceTemplate = @"   at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options)
+   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
+   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
+   at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize)
+   at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize)
+   at System.IO.File.Create(String path, Int32 bufferSize)
+   at Microsoft.CodeAnalysis.Test.UnitTests.Sarif.Core.StackTests.Stack_CreateFromExceptionWithInnerException()";
+
+            int relativePathLineNumber = 60;
+            string relativeFilePath = "/_/src/Test.UnitTests.Sarif/Core/StackTests.cs";
+            var sarifStackWithRelativeFileLocation = Stack.Create(stackTraceTemplate + $" in {relativeFilePath}:line {relativePathLineNumber}");
+
+            sarifStackWithRelativeFileLocation.Frames.Count.Should().Be(7);
+            CodeAnalysis.Sarif.StackFrame lastFrame = sarifStackWithRelativeFileLocation.Frames.Last();
+            lastFrame.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString.Should().Be(relativeFilePath);
+            lastFrame.Location.PhysicalLocation.Region.StartLine.Should().Be(relativePathLineNumber);
+            lastFrame.ToString().Should().EndWith($" in {relativeFilePath}:line {relativePathLineNumber}");
+
+            int absolutePathLineNumber = 33;
+            string absoluteFilePath = @"C:\repo\src\Test.UnitTests.Sarif\Core\StackTests.cs";
+            var sarifStackWithAbsoluteFileLocation = Stack.Create(stackTraceTemplate + $" in {absoluteFilePath}:line {absolutePathLineNumber}");
+
+            sarifStackWithAbsoluteFileLocation.Frames.Count.Should().Be(7);
+            lastFrame = sarifStackWithAbsoluteFileLocation.Frames.Last();
+            lastFrame.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString.Should().Be(absoluteFilePath);
+            lastFrame.Location.PhysicalLocation.Region.StartLine.Should().Be(absolutePathLineNumber);
+            lastFrame.ToString().Should().EndWith($" in {absoluteFilePath}:line {absolutePathLineNumber}");
+
+            var sarifStackWithoutFileLocation = Stack.Create(stackTraceTemplate);
+
+            sarifStackWithoutFileLocation.Frames.Count.Should().Be(7);
+            lastFrame = sarifStackWithoutFileLocation.Frames.Last();
+            lastFrame.Location.PhysicalLocation.Should().BeNull();
+            lastFrame.ToString().Should().EndWith("Stack_CreateFromExceptionWithInnerException()");
+        }
     }
 }

src/WorkItems/WorkItems.csproj

@@ -26,7 +26,7 @@
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.10.2" />
     <PackageReference Include="Microsoft.Azure.Kusto.Data" Version="10.0.3" />
-    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.2" />
+    <PackageReference Include="Microsoft.Data.SqlClient" Version="2.1.7" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="3.1.2" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.2" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.2" />
@@ -36,7 +36,7 @@
     <PackageReference Include="Microsoft.Json.Schema.Validation" Version="2.1.0" />
     <PackageReference Include="Microsoft.TeamFoundationServer.Client" Version="16.170.0" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.1.1" PrivateAssets="All" />
-    <PackageReference Include="System.Data.SqlClient" Version="4.8.5" />
+    <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
     <PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
 
     <!-- We have to ship pre-patch versions of NewtonSoft for VisualStudio SDK.