Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ruleId hierarchical string is incompatible with Semmle rule ids #365

Closed
lcartey opened this issue Apr 10, 2019 · 1 comment
Closed

ruleId hierarchical string is incompatible with Semmle rule ids #365

lcartey opened this issue Apr 10, 2019 · 1 comment
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-improvement impact-non-breaking-change merged Changes merged into provisional draft. resolved-fixed

Comments

@lcartey
Copy link

lcartey commented Apr 10, 2019

The ruleId (3.25.5) property of result says:

Depending on the circumstances, a result object either SHALL, MAY, or SHALL NOT contain a property named ruleId whose value is a hierarchical string (§3.5.5) whose first component is the stable, opaque identifier of the rule that was evaluated to produce the result.

The "first component" part is incompatible with Semmle ids, which are of the form e.g. cpp/path-injection. By treating the first component as the identifier of the rule, we would consider the rule id to be "cpp", which is incorrect.

Perhaps we can change the description to specify that the ruleId should be a hierarchical prefix of the id of the associated reporting descriptor?

This also relates to #364.

Apologies, I tried to bring this up in the TC where we discussed this, but I don't think I was very clear on my concerns.
@ghost
Copy link

ghost commented Apr 14, 2019

Thanks, your explanation is clear. I fixed this simply by changing "... whose first component is the stable identifier..." to "whose leading components specify the stable identifier...". Surprisingly (to me), the rest of the text just works with that change.

@ghost ghost self-assigned this Apr 14, 2019
@ghost ghost added 2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-improvement impact-non-breaking-change labels Apr 14, 2019
ghost pushed a commit that referenced this issue Apr 14, 2019
Change draft + merge for #364/#365: Luke rule id-related issues
7d9bb7f
@ghost ghost added the resolved-fixed label Apr 14, 2019
@ghost ghost closed this as completed Apr 14, 2019
@ghost ghost added the merged Changes merged into provisional draft. label Apr 25, 2019
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-improvement impact-non-breaking-change merged Changes merged into provisional draft. resolved-fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lcartey