External property file schema contains broken $ref's #417
Labels
2.1.0-CSD.1
Will be fixed in SARIF v2.1.0 CSD.1.
bug
merged
Changes merged into provisional draft.
resolved-fixed
Comments
ghost
self-assigned this
ghost
added
bug
2.1.0-CSD.1
ghost
changed the title
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@lgolding @michaelcfanning
We tried to validate the external properties file and ran into problems.
All the '$ref' values in the sarif-external-property-file-schema.json JSON Schema file start with
This is clearly not correct. It does not exist, the file name is incorrect, and it should be relative. A better value to begin each '$ref' with would be a relative URI, so if both schemas are in the same URI directory path everything should just work:
Both JSON Schema files should probably have the version of SARIF in their names also.
The SARIF document has '$schema' values of 'http://json.schemastore.org/sarif-2.1.0' and 'http:///json.schemastore.org/sarif-external-property-file-2.1.0'. These documents do not exist. It would be better to have the official schema URI be an OASIS hosted site (unless OASIS recommends the schema store), and the final component should match the name in the spec repo currently 'sarif-schema.json' (should be 'sarif-schema-2.1.0.json' on final publication). I don't think that the spec should rely upon an external web site for the official $schema URL as it could disappear, and then there is the question of administrative control of the schema files hosted there. The schemas can on the site, but shouldn't the URL used in the spec.
If there are official schema URIs, the official OASIS URIs for SARIF schemas and the SARIF external property file schemas should be stated in the document, they are only in examples currently.
The text was updated successfully, but these errors were encountered: