Provide messages for SARIF1012.ProvideHelpUris. (#1976)

microsoft · Jul 4, 2020 · 2812147 · 2812147
1 parent 506cf67
commit 2812147
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 9 deletions.
diff --git a/docs/Producing effective SARIF.md b/docs/Producing effective SARIF.md
@@ -518,8 +518,12 @@ for example, 'CS2001' for a diagnostic from the Roslyn C# compiler. For uniformi
 
 #### Description
 
+For each rule, provide a URI where users can find detailed information about the rule. This information should include a detailed description of the invalid pattern, an explanation of why the pattern is poor practice (particularly in contexts such as security or accessibility where driving considerations might not be readily apparent), guidance for resolving the problem (including describing circumstances in which ignoring the problem altogether might be appropriate), examples of invalid and valid patterns, and special considerations (such as noting when a violation should never be ignored or suppressed, noting when a violation could cause downstream tool noise, and noting when a rule can be configured in some way to refine or alter the analysis).
+
 ##### `Default`: note
 
+{0}: The rule '{1}' does not provide a help URI. Providing a URI where users can find detailed information about the rule helps users to understand the result and how they can best address it.
+
 ---
 
 ### Rule `SARIF2013.ProvideEmbeddedFileContent`

diff --git a/docs/Rule factoring.xlsx b/docs/Rule factoring.xlsx
diff --git a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
diff --git a/src/Sarif.Multitool/Rules/RuleResources.resx b/src/Sarif.Multitool/Rules/RuleResources.resx
@@ -349,10 +349,10 @@ This is part of a set of authoring practices that make your rule messages more r
     <value>{0}: In rule '{1}', the message with id '{2}' includes dynamic content that is not enclosed in single quotes. Enquoting dynamic content makes it easier to spot, and single quotes give a less cluttered appearance.</value>
   </data>
   <data name="SARIF2012_ProvideHelpUris_FullDescription_Text" xml:space="preserve">
-    <value>Placeholder</value>
+    <value>For each rule, provide a URI where users can find detailed information about the rule. This information should include a detailed description of the invalid pattern, an explanation of why the pattern is poor practice (particularly in contexts such as security or accessibility where driving considerations might not be readily apparent), guidance for resolving the problem (including describing circumstances in which ignoring the problem altogether might be appropriate), examples of invalid and valid patterns, and special considerations (such as noting when a violation should never be ignored or suppressed, noting when a violation could cause downstream tool noise, and noting when a rule can be configured in some way to refine or alter the analysis).</value>
   </data>
   <data name="SARIF2012_ProvideHelpUris_Note_Default_Text" xml:space="preserve">
-    <value>{0}: Placeholder '{1}'</value>
+    <value>{0}: The rule '{1}' does not provide a help URI. Providing a URI where users can find detailed information about the rule helps users to understand the result and how they can best address it.</value>
   </data>
   <data name="SARIF2013_ProvideEmbeddedFileContent_FullDescription_Text" xml:space="preserve">
     <value>Placeholder</value>

diff --git a/src/Sarif.Multitool/Rules/SARIF2012.ProvideHelpUris.cs b/src/Sarif.Multitool/Rules/SARIF2012.ProvideHelpUris.cs
@@ -15,7 +15,15 @@ public class ProvideHelpUris : SarifValidationSkimmerBase
         public override string Id => RuleId.ProvideHelpUris;
 
         /// <summary>
-        /// Placeholder
+        /// For each rule, provide a URI where users can find detailed information about the rule.
+        /// This information should include a detailed description of the invalid pattern, an
+        /// explanation of why the pattern is poor practice (particularly in contexts such as
+        /// security or accessibility where driving considerations might not be readily apparent),
+        /// guidance for resolving the problem (including describing circumstances in which ignoring
+        /// the problem altogether might be appropriate), examples of invalid and valid patterns,
+        /// and special considerations (such as noting when a violation should never be ignored or
+        /// suppressed, noting when a violation could cause downstream tool noise, and noting when
+        /// a rule can be configured in some way to refine or alter the analysis).
         /// </summary>
         public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF2012_ProvideHelpUris_FullDescription_Text };
 
@@ -57,7 +65,9 @@ private void AnalyzeReportingDescriptor(ReportingDescriptor reportingDescriptor,
                     ruleMoniker += $".{reportingDescriptor.Name}";
                 }
 
-                // {0}: Placeholder '{1}'
+                // {0}: The rule '{1}' does not provide a help URI. Providing a URI where users can
+                // find detailed information about the rule helps users to understand the result and
+                // how they can best address it.
                 LogResult(
                     reportingDescriptorPointer,
                     nameof(RuleResources.SARIF2012_ProvideHelpUris_Note_Default_Text),

diff --git a/...estData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2012.ProvideHelpUris_Invalid.sarif b/...estData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2012.ProvideHelpUris_Invalid.sarif
@@ -11,14 +11,14 @@
               "id": "SARIF2012",
               "name": "ProvideHelpUris",
               "shortDescription": {
-                "text": "Placeholder."
+                "text": "For each rule, provide a URI where users can find detailed information about the rule."
               },
               "fullDescription": {
-                "text": "Placeholder"
+                "text": "For each rule, provide a URI where users can find detailed information about the rule. This information should include a detailed description of the invalid pattern, an explanation of why the pattern is poor practice (particularly in contexts such as security or accessibility where driving considerations might not be readily apparent), guidance for resolving the problem (including describing circumstances in which ignoring the problem altogether might be appropriate), examples of invalid and valid patterns, and special considerations (such as noting when a violation should never be ignored or suppressed, noting when a violation could cause downstream tool noise, and noting when a rule can be configured in some way to refine or alter the analysis)."
               },
               "messageStrings": {
                 "Note_Default": {
-                  "text": "{0}: Placeholder '{1}'"
+                  "text": "{0}: The rule '{1}' does not provide a help URI. Providing a URI where users can find detailed information about the rule helps users to understand the result and how they can best address it."
                 }
               },
               "helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"