Express taxonomy relationships to rules #356

michaelcfanning · 2019-04-03T17:58:27Z

PROPOSAL

Define a new reportingDescriptorRelationship object with two members:
- target: required, the relevant related reportingDescriptorReference
- kinds, required, an array of one or more unique strings describing the relationship (consisting of one or more of canPrecede, canFollow, willPrecede, willFollow, superset, subset, equal, disjoint, relevant, incomparable, or any other value defined by the tool). The relationship is considered to have all of the specified kinds.
Remove reportingDescriptor.taxa and reportingDescriptor.optionalTaxa.
Replace these properties with reportingDescriptor.relationships, optional, an array of zero or more unique reportingDescriptorRelationship instances.
result.taxa implicitly contains those taxa specified by relationships whose kinds include equal or superset.

The text was updated successfully, but these errors were encountered:

fishoak · 2019-04-03T19:48:12Z

Here is that text I showed at the meeting earlier.

# other_categories: {'CWE:662': 'superset', 'CWE:557': 'superset'}
#
#   Categories related to this warning class.  When we say something
#   like "'CWE:123': 'superset'" this means that CWE:123 is a superset
#   of _true positives_ of the warning class.  All instances of the
#   warning class are instances of CWE:123, but not all instances of
#   CWE:123 are instances of the warning class.  A CWE can still be a
#   subset of a warning class even if that warning class has false
#   negatives in the CWE, as long as the false negatives are in the
#   spirit of what the warning class endeavors to detect.
#
#                'equal' Category is a very strong match for the warning class
#             'superset' Category is a superset of the warning class
#               'subset' Category is a subset of the warning class
#             'disjoint' Category never intersects with the warning class
#                        (rarely used)
#         'incomparable' Category intersects with the warning class, but
#                        is neither a subset nor a superset.
#           'canprecede' Warning class is somehow caused by or occurs downstream
#                        of category
#            'canfollow' Category is somehow caused by or occurs downstream
#                        of warning class
#   'canprecedeorfollow' Both of the above
#             'relevant' Category is relevant to class in a way not
#                        covered by other relationship options; this should not
#                        be hivis (for broad mapping only)

ghost self-assigned this Apr 6, 2019

ghost added change-draft-available 2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft design-improvement impact-breaks-consumers impact-breaks-producers labels Apr 6, 2019

ghost changed the title ~~Consider expressing taxonomy relationships to rules~~ Express taxonomy relationships to rules Apr 6, 2019

ghost pushed a commit that referenced this issue Apr 6, 2019

Change draft + merge for #356: taxonomy relationships to rules.

2687b65

ghost added the resolved-fixed label Apr 6, 2019

ghost closed this as completed Apr 6, 2019

ghost added merged Changes merged into provisional draft. and removed change-draft-available labels Apr 6, 2019

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Express taxonomy relationships to rules #356

Express taxonomy relationships to rules #356

michaelcfanning commented Apr 3, 2019 •

edited by ghost

Loading

fishoak commented Apr 3, 2019

Express taxonomy relationships to rules #356

Express taxonomy relationships to rules #356

Comments

michaelcfanning commented Apr 3, 2019 • edited by ghost Loading

fishoak commented Apr 3, 2019

michaelcfanning commented Apr 3, 2019 •

edited by ghost

Loading