Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SARIF1015 mishandles run.originalUriBaseIds (@kupsch) #1485

Closed
harleenkohli opened this issue May 9, 2019 · 2 comments
Closed

SARIF1015 mishandles run.originalUriBaseIds (@kupsch) #1485

harleenkohli opened this issue May 9, 2019 · 2 comments
Labels
area-validation bug m156 resolved-fixed

Comments

@harleenkohli
Copy link
Contributor

Original text:
The SARIF validator (https://sarifweb.azurewebsites.net/Validation) gives a "SARIF1015: Certain URIs are required to be absolute" on PACKAGEROOT from the SARIF fragment below. I believe this should be allowed. The Sarif.Multitool validator (which I'm guessing the web site is based on) produces the same error.

The check could simply be a uri needs to be absolute if there is not a uriBaseId.

  "originalUriBaseIds": {
     "RESULTSROOT": {
       "uri": "file:///home/kupsch/results/"
     },
     "PACKAGEROOT": {
       "uri": "pkg1/",
       "uriBaseId": "BUILDROOT"
     },
     "BUILDROOT": {
       "uri": "file:///home/kupsch/build/"
     }
   },

Also the web page requires the use of the .sarif extension and does not allow files with the .sarif.json extension.
@ghost ghost self-assigned this May 13, 2019
@ghost
Copy link

ghost commented May 13, 2019

It is legal to have a relative URI even in uriBaseId is missing. The check needs to be specific to this situation: within originalUriBaseIds, the top-level URI needs to be absolute and all others need to be relative.

@ghost
Copy link

ghost commented Aug 14, 2019

We will add a new rule specific to originalUriBaseIds, and remove the originalUriBaseIds check from SARIF1015.

@ghost ghost changed the title Sarif validator issues (reported by James Kupsch) SARIF1015 mishandles run.originalUriBaseIds (@kupsch) Aug 14, 2019
@ghost ghost mentioned this issue Aug 14, 2019
Merged
@ghost ghost closed this as completed in a1e0f26 Aug 15, 2019
@ghost ghost added the resolved-fixed label Aug 15, 2019
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-validation bug m156 resolved-fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@michaelcfanning @harleenkohli