Bugfix null reference Rule SARIF2007 (#1959)

microsoft · Jul 1, 2020 · 68dd4ee · 68dd4ee
1 parent c742435
commit 68dd4ee
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 2 deletions.
diff --git a/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs b/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System.Collections.Generic;
+using System.Linq;
 
 using Microsoft.Json.Pointer;
 
@@ -30,9 +31,10 @@ public class ExpressPathsRelativeToRepoRoot : SarifValidationSkimmerBase
 
         protected override void Analyze(Run run, string runPointer)
         {
+            this.uriBaseIds = new HashSet<string>();
+
             if (run.VersionControlProvenance != null)
             {
-                this.uriBaseIds = new HashSet<string>();
                 string versionControlProvenancePointer = runPointer.AtProperty(SarifPropertyName.VersionControlProvenance);
 
                 for (int i = 0; i < run.VersionControlProvenance.Count; i++)
@@ -55,7 +57,7 @@ protected override void Analyze(Run run, string runPointer)
 
         protected override void Analyze(Result result, string resultPointer)
         {
-            if (result.Locations != null)
+            if (result.Locations != null && this.uriBaseIds.Any())
             {
                 string locationsPointer = resultPointer.AtProperty(SarifPropertyName.Locations);
                 for (int i = 0; i < result.Locations.Count; i++)

diff --git a/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs b/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs
@@ -205,6 +205,10 @@ public void SARIF2006_UrisShouldBeReachable_Invalid()
         public void SARIF2007_ExpressPathsRelativeToRepoRoot_Valid()
             => RunTest(MakeValidTestFileName(RuleId.ExpressPathsRelativeToRepoRoot, nameof(RuleId.ExpressPathsRelativeToRepoRoot)),
                 parameter: new TestParameters(configFileName: "enable2007.configuration.xml"));
+        [Fact]
+        public void SARIF2007_ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid()
+            => RunTest("SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif",
+                parameter: new TestParameters(configFileName: "enable2007.configuration.xml"));
 
         [Fact]
         public void SARIF2007_ExpressPathsRelativeToRepoRoot_Invalid()

diff --git a/...puts/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif b/...puts/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif
@@ -0,0 +1,46 @@
+{
+  "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "SARIF Functional Testing"
+        }
+      },
+      "invocations": [
+        {
+          "toolConfigurationNotifications": [
+            {
+              "message": {
+                "text": "Rule 'SARIF2002' was explicitly disabled by the user. As result, this tool run cannot be used for compliance or other auditing processes that require a comprehensive analysis."
+              },
+              "descriptor": {
+                "id": "WRN999.RuleExplicitlyDisabled"
+              }
+            },
+            {
+              "message": {
+                "text": "Rule 'SARIF2006' was explicitly disabled by the user. As result, this tool run cannot be used for compliance or other auditing processes that require a comprehensive analysis."
+              },
+              "descriptor": {
+                "id": "WRN999.RuleExplicitlyDisabled"
+              }
+            }
+          ],
+          "executionSuccessful": true
+        }
+      ],
+      "artifacts": [
+        {
+          "location": {
+            "uri": "FunctionalTestOutput.ValidateCommand/Inputs.SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif",
+            "uriBaseId": "TEST_DIR"
+          }
+        }
+      ],
+      "results": [],
+      "columnKind": "utf16CodeUnits"
+    }
+  ]
+}
diff --git a/...puts/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif b/...puts/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif
@@ -0,0 +1,50 @@
+{
+  "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "SARIF Functional Testing",
+          "version": "1.2.3",
+          "rules": [
+            {
+              "id": "TEST1001",
+              "fullDescription": {
+                "text": "Test 1001 full description."
+              },
+              "messageStrings": {
+                "DoesExist": {
+                  "text": "'{0}': Placeholder '{1}'."
+                }
+              }
+            }
+          ]
+        }
+      },
+      "results": [
+        {
+          "ruleId": "TEST1001",
+          "message": {
+            "id": "DoesExist",
+            "arguments": [
+              "runs[0].originalUriBaseIds.SRCINVALID",
+              "SRCINVALID"
+            ]
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "project/file.cs",
+                  "uriBaseId": "SOURCE_ROOT"
+                }
+              }
+            }
+          ]
+        }
+      ],
+      "columnKind": "utf16CodeUnits"
+    }
+  ]
+}