Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define protocol to allow embedded messages links to refer to other results #318

Closed
michaelcfanning opened this issue Jan 25, 2019 · 3 comments
Closed

Define protocol to allow embedded messages links to refer to other results #318

michaelcfanning opened this issue Jan 25, 2019 · 3 comments
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft e-ballot-3 enhancement impact-non-breaking-change merged Changes merged into provisional draft. p1 Priority 1 issue to close tc-34

Comments

@michaelcfanning
Copy link
Contributor

Producers could use this mechanism to share complex supporting information such as code flows.

The 'root' result could contain this data and have an array of related results for all its 'children'. Each child result could have a related results array that points to the parent. This is just one idea for a convention for code sharing.

The broader issue: a tool might generate a lengthy and complex code flow which raises many results, each of which requires, by spec, a different result (because they are disposed as individual items). In a different design, we could have oriented around the code flow, hanging lists of results off it.

Final note: it would be helpful for users to be able to click a link to an arbitrary result, as you can with a related location. To enable this requires that SARIF log file producers ensure that all ids across the format's various constructs are unique.
@michaelcfanning michaelcfanning added the p1 Priority 1 issue to close label Jan 25, 2019
@michaelcfanning
Copy link
Contributor Author

michaelcfanning commented Jan 25, 2019
edited

TC disposition:

We will support in-lined linkage to arbitrary other content in the SARIF file. We will define a new URI schema for this, sarif://runs/0/results/12. or you can provide a relative reference to the current result, e.g., relatedLocations/0.

@michaelcfanning michaelcfanning added the design-approved The TC approved the design and I can write the change draft label Jan 25, 2019
@michaelcfanning michaelcfanning changed the title Consider adding result.relatedResults, an array of ids to related results define protocol to allow in-lined messages links to refer to other results Jan 29, 2019
@ghost ghost added the e-ballot-3 label Mar 18, 2019
@ghost
Copy link

ghost commented Mar 28, 2019
edited by ghost

E-BALLOT #3 PROPOSAL

Allow an embedded message link to use the sarif: URI scheme to refer to arbitrary content in the SARIF log file. One important use case is to allow a reference to a related result. On the click of such a link, the viewer could highlight the selected result in the Error List window and navigate to the result's location in the source code.

Allow these links in both plain text and formatted (Markdown) messages. Plain text messages up until now have only allowed "physical location links"(e.g., "Taint was introduced [here](0).") Since we're allowing sarif scheme links now, we may as well allow all URIs in plain text message links.

EXAMPLES:

  • "There was [another result](sarif:/runs/0/results/42) found by this code flow."
  • "Find out more at the [SARIF](http://sarifweb.azurewebsites.net/) home page."

SCHEMA CHANGES

None

@ghost ghost self-assigned this Mar 28, 2019
@ghost ghost added enhancement impact-non-breaking-change 2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. tc-34 labels Mar 28, 2019
@ghost ghost changed the title define protocol to allow in-lined messages links to refer to other results Define protocol to allow embedded messages links to refer to other results Mar 28, 2019
ghost pushed a commit that referenced this issue Mar 28, 2019
Change draft + merge for #318: embedded links with sarif scheme.
4100e14
@ghost ghost added change-draft-available merged Changes merged into provisional draft. labels Mar 28, 2019
@ghost ghost removed the change-draft-available label Apr 6, 2019
@ghost
Copy link

ghost commented Apr 6, 2019

Approved in e-ballot-3.

@ghost ghost closed this as completed Apr 6, 2019
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft e-ballot-3 enhancement impact-non-breaking-change merged Changes merged into provisional draft. p1 Priority 1 issue to close tc-34
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michaelcfanning