microsoft · marmegh · Jul 13, 2022 · Jul 6, 2022 · Jul 11, 2022 · Jul 11, 2022
@@ -1,5 +1,9 @@
 # SARIF Package Release History (SDK, Driver, Converters, and Multitool)
 
+## Unreleased
+
+* BUGFIX: Fix false positive for `SARIF1002.UrisMustBeValid` for URIs with the format `file:/c:/location/filename.txt`. [#]()
+
 ## **v2.4.15** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.15) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.15) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.15) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.15) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.15)
 
 * BUGFIX: Fix `ArgumentNullException` when `PropertiesDictionary` is instantiated with a null comparer. [#2482](https://github.com/microsoft/sarif-sdk/pull/2482)

@@ -80,7 +80,7 @@ private void AnalyzeUri(Uri uri, string pointer)
             string uriString = uri?.OriginalString;
             if (uriString != null)
             {
-                if (!Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
+                if (!UriIsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
                 {
                     // {0}: The string '{1}' is not a valid URI reference. URIs must conform to
                     // [RFC 3986](https://tools.ietf.org/html/rfc3986).

@@ -100,7 +100,7 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
             // avoid having to do a try/catch. Unfortunately Uri.TryCreate will return true
             // even for a malformed URI string.
             string uriString = artifactLocation.Uri.OriginalString;
-            if (uriString != null && Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
+            if (uriString != null && UriIsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
             {
                 var uri = new Uri(uriString, UriKind.RelativeOrAbsolute);
 

@@ -77,7 +77,7 @@ private void AnalyzeUri(string uriString, string pointer)
             // Check for well-formedness first, before attempting to create a Uri object, to
             // avoid having to do a try/catch. Unfortunately Uri.TryCreate will return true
             // even for a malformed URI string.
-            if (uriString != null && Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
+            if (uriString != null && UriIsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
             {
                 // Ok, it's a well-formed URI of some kind. If it's not absolute, _now_ we
                 // can report it.

@@ -87,7 +87,7 @@ private void AnalyzeUri(string uriString, string pointer)
             // Check for well-formedness first, before attempting to create a Uri object, to
             // avoid having to do a try/catch. Unfortunately Uri.TryCreate will return true
             // even for a malformed URI string.
-            if (uriString != null && Uri.IsWellFormedUriString(uriString, UriKind.Absolute))
+            if (uriString != null && UriIsWellFormedUriString(uriString, UriKind.Absolute))
             {
                 // Ok, it's a well-formed absolute URI. If it's not reachable, _now_ we can report it.
                 Uri uri = new Uri(uriString, UriKind.Absolute);

@@ -246,6 +246,14 @@ internal static string JsonPointerToJavaScript(string pointerString)
             return sb.ToString();
         }
 
+        internal static bool UriIsWellFormedUriString(string uriString, UriKind uriKind)
+        {
+            bool isWellFormed = Uri.IsWellFormedUriString(uriString, uriKind);
+            bool csBug = (uriString.StartsWith("file:/") && Uri.TryCreate(uriString, uriKind, out Uri result));
+
+            return isWellFormed || csBug;
+        }
+
         private static readonly string s_javaScriptIdentifierPattern = @"^[$_\p{L}][$_\p{L}0-9]*$";
         private static readonly Regex s_javaScriptIdentifierRegex = new Regex(s_javaScriptIdentifierPattern, RegexOptions.Compiled);
 

@@ -40,6 +40,12 @@
             "uriBaseId": "SRCROOT",
             "index": 1
           }
+        },
+        {
+          "location": {
+            "uri": "file:/c:/src/file.c",
+            "index": 2
+          }
         }
       ],
       "results": [