diff --git a/ReleaseHistory.md b/ReleaseHistory.md index 9032d3332..62a441457 100644 --- a/ReleaseHistory.md +++ b/ReleaseHistory.md @@ -2,6 +2,9 @@ ## UNRELEASED * DEP: Remove explicit versioning for `System.Memory` and `System.Runtime.CompilerServices.Unsafe`. * DEP: Remove spurious references to `System.Collections.Immutable`. +* DEP: Update `Microsoft.Data.SqlClient` reference from 2.1.2 to 2.1.7 in `WorkItems` and `Sarif.Multitool.Library` to resolve [CVE-2024-0056](https://github.com/advisories/GHSA-98g6-xh36-x2p7). +* DEP: Update `System.Data.SqlClient` reference from 4.8.5 to 4.8.6 in `WorkItems` to resolve [CVE-2024-0056](https://github.com/advisories/GHSA-98g6-xh36-x2p7). +* BUG: Update `Stack.Create` method to populate missing `PhysicalLocation` instances when stack frames reference relative file paths. * PRF: Change default `max-file-size-in-kb` parameter to 10 megabytes. * PRF: Add support for efficiently peeking into non-seekable streams for binary/text categorization. diff --git a/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj b/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj index 069b25e7d..532b60acf 100644 --- a/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj +++ b/src/Sarif.Multitool.Library/Sarif.Multitool.Library.csproj @@ -17,7 +17,7 @@ - + diff --git a/src/Sarif/Core/Stack.cs b/src/Sarif/Core/Stack.cs index f2d6aedde..900af4b55 100644 --- a/src/Sarif/Core/Stack.cs +++ b/src/Sarif/Core/Stack.cs @@ -102,7 +102,7 @@ public static Stack Create(string stackTrace) stack.Frames = new List(); - var regex = new Regex(StackFrame.AT + @"([^)]+\))(" + StackFrame.IN + "([^:]+:[^:]+)" + StackFrame.LINE + " (.*))?", RegexOptions.Compiled); + var regex = new Regex(StackFrame.AT + @"([^)]+\))(" + StackFrame.IN + "([^:]+:?[^:]+)" + StackFrame.LINE + " (.*))?", RegexOptions.Compiled); foreach (string line in stackTrace.Split(new string[] { Environment.NewLine }, StringSplitOptions.None)) { @@ -130,7 +130,7 @@ public static Stack Create(string stackTrace) { ArtifactLocation = new ArtifactLocation { - Uri = new Uri(fileName) + Uri = new Uri(fileName, UriKind.RelativeOrAbsolute) }, Region = new Region { diff --git a/src/Sarif/Core/StackFrame.cs b/src/Sarif/Core/StackFrame.cs index b55f7667b..bd728daea 100644 --- a/src/Sarif/Core/StackFrame.cs +++ b/src/Sarif/Core/StackFrame.cs @@ -102,7 +102,7 @@ public override string ToString() if (this.Location?.PhysicalLocation?.ArtifactLocation?.Uri != null) { - string fileName = this.Location.PhysicalLocation.ArtifactLocation.Uri.LocalPath; + string fileName = this.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString; result += IN + fileName; if (this.Location?.PhysicalLocation?.Region != null) diff --git a/src/Test.UnitTests.Sarif/Core/StackTests.cs b/src/Test.UnitTests.Sarif/Core/StackTests.cs index e4c48e25b..4be57fbd4 100644 --- a/src/Test.UnitTests.Sarif/Core/StackTests.cs +++ b/src/Test.UnitTests.Sarif/Core/StackTests.cs @@ -111,5 +111,44 @@ public void Stack_CreateFromAggregatedExceptionWithInnerException() } Assert.True(caughtException); } + + [Fact] + public void Stack_CreateFromStackTraceWithRelativeSourceFileLocation() + { + string stackTraceTemplate = @" at Microsoft.Win32.SafeHandles.SafeFileHandle.CreateFile(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options) + at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) + at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) + at System.IO.Strategies.FileStreamHelpers.ChooseStrategyCore(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize) + at System.IO.Strategies.FileStreamHelpers.ChooseStrategy(FileStream fileStream, String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, Int64 preallocationSize) + at System.IO.File.Create(String path, Int32 bufferSize) + at Microsoft.CodeAnalysis.Test.UnitTests.Sarif.Core.StackTests.Stack_CreateFromExceptionWithInnerException()"; + + int relativePathLineNumber = 60; + string relativeFilePath = "/_/src/Test.UnitTests.Sarif/Core/StackTests.cs"; + var sarifStackWithRelativeFileLocation = Stack.Create(stackTraceTemplate + $" in {relativeFilePath}:line {relativePathLineNumber}"); + + sarifStackWithRelativeFileLocation.Frames.Count.Should().Be(7); + CodeAnalysis.Sarif.StackFrame lastFrame = sarifStackWithRelativeFileLocation.Frames.Last(); + lastFrame.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString.Should().Be(relativeFilePath); + lastFrame.Location.PhysicalLocation.Region.StartLine.Should().Be(relativePathLineNumber); + lastFrame.ToString().Should().EndWith($" in {relativeFilePath}:line {relativePathLineNumber}"); + + int absolutePathLineNumber = 33; + string absoluteFilePath = @"C:\repo\src\Test.UnitTests.Sarif\Core\StackTests.cs"; + var sarifStackWithAbsoluteFileLocation = Stack.Create(stackTraceTemplate + $" in {absoluteFilePath}:line {absolutePathLineNumber}"); + + sarifStackWithAbsoluteFileLocation.Frames.Count.Should().Be(7); + lastFrame = sarifStackWithAbsoluteFileLocation.Frames.Last(); + lastFrame.Location.PhysicalLocation.ArtifactLocation.Uri.OriginalString.Should().Be(absoluteFilePath); + lastFrame.Location.PhysicalLocation.Region.StartLine.Should().Be(absolutePathLineNumber); + lastFrame.ToString().Should().EndWith($" in {absoluteFilePath}:line {absolutePathLineNumber}"); + + var sarifStackWithoutFileLocation = Stack.Create(stackTraceTemplate); + + sarifStackWithoutFileLocation.Frames.Count.Should().Be(7); + lastFrame = sarifStackWithoutFileLocation.Frames.Last(); + lastFrame.Location.PhysicalLocation.Should().BeNull(); + lastFrame.ToString().Should().EndWith("Stack_CreateFromExceptionWithInnerException()"); + } } } diff --git a/src/WorkItems/WorkItems.csproj b/src/WorkItems/WorkItems.csproj index 9398f442e..ba7461325 100644 --- a/src/WorkItems/WorkItems.csproj +++ b/src/WorkItems/WorkItems.csproj @@ -26,7 +26,7 @@ - + @@ -36,7 +36,7 @@ - +