-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve look-up semantics for message strings #214
Comments
Relates to #216 |
@michaelcfanning How strong is the use case for this change? Is it strong enough to burden implementers with the additional logic? This is a file size optimization: it coalesces message strings that are used by multiple rules. Naively it doesn't seem to me that this would be common. Do you have a real-world example? (I labeled this issue |
Why should we provide a global strings table if rules can't retrieve them? This would restrict those strings to notifications only, seems an arbitrary limitation. To answer your question, this design emerged directly from existing tools. BinSkim, for example, has a subset of rules that emit a common message along the lines of: "I could not function because I could not locate a PDB for the target binary". Every Binskim rule has a shared 'not applicable' message: 'This rule did not execute because that target was observed to be a {0} binary and therefore not valid for analysis." where the format string is populated with things like '32-bit', 'pure managed MSIL', etc. |
Your second point (a tool that, under certain conditions, can emit the same string for every rule) is compelling, so I accept this change. FYI, to your first point: many objects -- not just
|
Wow. Of course. I forgot about the enormous annotation/messaging potential in the format. :) |
To say nothing of the objects that have a
|
Changed issue title. This isn't a "clarification"; it's a functional change. But I agree it's better, so, "improvement" :-) |
This is partially done. The
However, the At this point, I won't bother to add that text. Instead, I'll incorporate all of this into the unified message lookup procedure in the description of the @michaelcfanning FYI |
We don't address the possibility that a message associated with a rule might refer to a shared string that is in the resources table (rather than being embedded in a specific rule).
a message within a result or notification (which can be associated with a rule) should first examine the resources.rules table to see whether there is a rule + message id that corresponds with the data in the result/notification. if there is not, the consumer should fallback to the resources.rules table. this would be the case for referring to a globally shared string. a rule that wants to override a globally shared string would have the ability to do so using this approach.
in the event that a notification associated with a rule wanted to refer to the globally shared string for some reason, the notification could eliminate populating the rule id (if appropriate) or the tool provider would need to provide unique names between the rules strings table and the global run.resources table.
we could alternately require look-up to start with the global table, but this would have the result of requiring that there be no name collisions between message ids stored in the global table and rule-specific table (which seems like it would have the possibility of introducing issues that we can avoid by using the inside out look-up approach).
The text was updated successfully, but these errors were encountered: