Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Location relationships #375

Closed
ghost opened this issue Apr 14, 2019 · 3 comments
Closed

Location relationships #375

ghost opened this issue Apr 14, 2019 · 3 comments
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft enhancement impact-non-breaking-change merged Changes merged into provisional draft. resolved-fixed

Comments

@ghost
Copy link

ghost commented Apr 14, 2019

@kupsch wrote:

A related location should say what is related to with a relatedTo property that is a URI (a sarif scheme URI relative to theResult). This is necessary as a tool may produce a relatedLocation that has its own related location, for instance, an error in foo.h may have a related location to say it was included from bar.h which was included in baz.c. Also since there may also be multiple locations, they may each have unique related locations.
@ghost ghost added the enhancement label Apr 14, 2019
@michaelcfanning
Copy link
Contributor

michaelcfanning commented Apr 17, 2019
edited by ghost
Loading

TC proposal: [Per Microsoft feedback: revised per the comment below]

Move location.physicalLocation.id to location.id
Add location.relatedTo an integer, >= 0 (the scope of which is constrained to a current result)
Add location.relationshipKinds, an array of string identifiers

Some well-known kinds. There are only two, due to lateness of arrival. Drive a SARIF list discussion to see whether we can build out the relevant topics of interest here (if not the exact set of terms).

includes, isIncludedBy

@ghost
Copy link
Author

ghost commented Apr 17, 2019
edited by ghost
Loading

SARIF example (as presented at TC #35)

"results": [
  {
    "locations": [
      {
        "id": 0,
        "physicalLocation": {
          "artifactLocation": {
            "uri": "f.h"
          }
        }
      }
    ],

    "relatedLocations": [
      {
        "id": 1,
        "physicalLocation": {
          "artifactLocation": {
            "uri": "g.h"
          },
        },
        "relatedTo": 0,
        "relationshipKinds": [ "includes" ]
      },
      {
        "id": 2
        "physicalLocation": {
          "artifactLocation": {
            "uri": "g.c"
          },
        },
        "relatedTo": 1,
        "relationshipKinds": [ "includes" ]
      }
    ]
  }
]

@ghost ghost self-assigned this Apr 17, 2019
@ghost ghost added 2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft impact-non-breaking-change to-be-written labels Apr 17, 2019
@ghost
Copy link
Author

ghost commented Apr 21, 2019
edited by ghost
Loading

REVISED PROPOSAL per Microsoft feedback.

This proposal is consistent with the original, but has the virtue of being consistent with the "reporting descriptor relationships" design.

  • Define a locationRelationship object with the following properties:

    • target of type integer, required, minValue: 0.
    • kinds of type string[], optional, unique, with well-known values "includes", "isIncludedBy", and "relevant", default: [ "relevant" ].

  • In the location object:

    • Add a property id of type integer, optional, minValue: -1, default: -1 (moved from physicalLocation).
    • Add a property relationships of type locationRelationship[], optional, unique, default: [].

  • In the physicalLocation object:

    • Remove the id property (moved to location).

REVISED SARIF SAMPLE

"results": [
  {
    "locations": [
      {
        "id": 0,
        "physicalLocation": {
          "artifactLocation": {
            "uri": "f.h"
          }
        },
        "relationships": [
          {
            "target": 1,
            "kinds": [ "isIncludedBy" ]
          }
        ]
      }
    ],

    "relatedLocations": [
      {
        "id": 1,
        "physicalLocation": {
          "artifactLocation": {
            "uri": "g.h"
          },
        },
        "relationships": [
          {
            "target": 0,
            "kinds": [ "includes" ]
          },
          {
            "target": 2,
            "kinds": [ "isIncludedBy" ]
          }
        ]
      },
      {
        "id": 2
        "physicalLocation": {
          "artifactLocation": {
            "uri": "g.c"
          },
        },
        "relationships": [
          {
            "target": 1,
            "kinds": [ "includes" ]
          }
        ]
      }
    ]
  }
]

ghost pushed a commit that referenced this issue Apr 21, 2019
Change draft + merge for #375: location relationships.
a57514f
@ghost ghost added merged Changes merged into provisional draft. resolved-fixed and removed to-be-written labels Apr 21, 2019
@ghost ghost closed this as completed Apr 21, 2019
@ghost ghost removed the schema-todo label Apr 25, 2019
@harleenkohli harleenkohli mentioned this issue May 7, 2019
Closed
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.1.0-CSD.1 Will be fixed in SARIF v2.1.0 CSD.1. design-approved The TC approved the design and I can write the change draft enhancement impact-non-breaking-change merged Changes merged into provisional draft. resolved-fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michaelcfanning