Specify URI normalization algorithm #315
Comments
michaelcfanning
added
the
design-approved
|
Re #2, we need to do the remainder of the 3986 normalization for file URIs as well. For example, normalize the case of the "scheme" URI component, and of the hex representations of any percent-encoded characters. |
ghost
added
impact-non-breaking-change
2.1.0-CSD.1
ghost
self-assigned this
E-BALLOT #3 PROPOSAL
SCHEMA CHANGESNone |
ghost
added
change-draft-available
merged
ghost
mentioned this issue
|
Producers SHOULD not include .. or . path segments in a URI after forming the full URI. Before converting to a URI, paths that contain a .. or . should be normalized to a canonical absolute path using an appropriate algorithm for the operating system on which the tool ran. This is necessary as the path /d1/../f naively converted to a URI is file:///d1/../f which resolves to file:///f using RFC 3986. If /d1 is a symbolic link to the directory d2/d3 then the correct URI is file:///d2/f. If a SARIF producer cannot determine the correct canonical representation of the path for some reason such as the original file system not being available, then the producer MAY generate URIs with .. segments. For file sheme URIs, consumer must not normalize .. segments out of the path. Any paths that contain a .. segment should treat the directory formed by the segments prior to and including the .. segnent as if it were a unique directory in the file system, even if RFC 3986 normalization produces identical. |
|
Approved in e-ballot-3. Incorporated @kupsch's ".." improvement. |
TC recommendation for direct producers:
for files, you SHALL normalize to the file system's absolute path then create URIs from this
(for converters, we recommend creating a uriBaseId comprising everything to the left of the rightmost .. segment)
for other uris, follow the normalization semantics defined by 3986 (transforms double slashes to one, slash dot becomes nothing, etc).
The text was updated successfully, but these errors were encountered: