New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Specify URI normalization algorithm #315
Comments
Re #2, we need to do the remainder of the 3986 normalization for file URIs as well. For example, normalize the case of the "scheme" URI component, and of the hex representations of any percent-encoded characters. |
E-BALLOT #3 PROPOSAL
SCHEMA CHANGESNone |
Producers SHOULD not include .. or . path segments in a URI after forming the full URI. Before converting to a URI, paths that contain a .. or . should be normalized to a canonical absolute path using an appropriate algorithm for the operating system on which the tool ran. This is necessary as the path /d1/../f naively converted to a URI is file:///d1/../f which resolves to file:///f using RFC 3986. If /d1 is a symbolic link to the directory d2/d3 then the correct URI is file:///d2/f. If a SARIF producer cannot determine the correct canonical representation of the path for some reason such as the original file system not being available, then the producer MAY generate URIs with .. segments. For file sheme URIs, consumer must not normalize .. segments out of the path. Any paths that contain a .. segment should treat the directory formed by the segments prior to and including the .. segnent as if it were a unique directory in the file system, even if RFC 3986 normalization produces identical. |
Approved in e-ballot-3. Incorporated @kupsch's ".." improvement. |
TC recommendation for direct producers:
for files, you SHALL normalize to the file system's absolute path then create URIs from this
(for converters, we recommend creating a uriBaseId comprising everything to the left of the rightmost .. segment)
for other uris, follow the normalization semantics defined by 3986 (transforms double slashes to one, slash dot becomes nothing, etc).
The text was updated successfully, but these errors were encountered: