New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow invocation.executableLocation to be relative #221
Comments
Having a fileLocation object is useful here just like it for other uses of fileLocation objects: it makes normalization a bit simpler as it puts the installation directory in a variable, it can hide information like the user account if a tool is installed in the user's home directory, and it can reduce duplicate prefixes if running the assessment requires invoking multiple executables from the tool's installation directory. Having a file location would also allow an entry in the file object list where things like a checksum could be supplied. Can a URI-formatted string be in the files array? As far as it being required to be absolute, I don't see whey the executableLocation should be any different from other file locations; Ideally it would be, but this should be the case with all file locations. |
The distinction here is whether something must exclusively refer to an absolute URI. These are expressed as URIs, the remainder are expressed as file locations. I honestly can't recall why I was so convinced this property s/be expressed strictly as an absolute URL. A set of analysis tools might, after all, be checked in to version control. I am willing to convert this one to file location, sounds like Jim agrees. |
@michaelcfanning @kupsch The reason we insisted that this one be an absolute URI was that we wanted the log to record the actual location of the tool that was executed (there might be more than one on the execution path). We can certainly change our minds, but that was the reasoning that led to this requirement. Whether or not it needs to be absolute, the next question is whether to represent it as a URI-formatted string or as a Jim, I think that was a confusion on your part. You specify the location of a file with a For example, if Example 1: Specify absolute
Example 2: Specify absolute
If Example 3: Specify relative
Example 4: Specify relative
|
Having said all that: the scenario where tools are checked in to the tree, and so might appear anywhere on disk, argues for a |
Having been convinced by Jim's argument, I changed the title of this issue to "Don't require invocation.executableLocation to be absolute." @michaelcfanning This is a non-breaking change, but since I have it in front of me and it's a tiny change, I'll take care of it now (for the sake of a quick-and-easy reduction in our issue count). |
This change updates the schema with the following issues approved at TC <span>#</span>23 on 2018-09-12, and makes the required code and test changes: - oasis-tcs/sarif-spec#174: Add result.occurrenceCount. - oasis-tcs/sarif-spec#233: Make rule.id optional. - oasis-tcs/sarif-spec#237: Make result.graphs and run.graphs dictionaries. Also: - Update code and tests for oasis-tcs/sarif-spec#221: Allow invocation.executableLocation to be relative. There was no schema change here, but running `Update-Expected.ps1` revealed that we hadn't made the necessary changes to the validator.
This is AFAIK the only
fileLocation
object in the spec whoseuri
property is required to be an absolute URI. Why didn't we just defineinvocation.executableLocation
as a URI-formatted string?Recall that we settled on an approach where we used
fileLocation
objects for things that there might be "many" of (to reduce file size) and URIs for things that there were "few" of (to reduce format complexity). I think we made the wrong choice here -- either that, or I failed to find this one when we settled on that approach.I found this problem while implementing a SARIF validation rule that ensures that those URIs that are required to be absolute, actually are.
@michaelcfanning @kupsch
The text was updated successfully, but these errors were encountered: