diff --git a/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs b/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs index 1eaf5de5d..c884d5201 100644 --- a/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs +++ b/src/Sarif.Multitool/Rules/SARIF2007.ExpressPathsRelativeToRepoRoot.cs @@ -2,6 +2,7 @@ // Licensed under the MIT license. See LICENSE file in the project root for full license information. using System.Collections.Generic; +using System.Linq; using Microsoft.Json.Pointer; @@ -30,9 +31,10 @@ public class ExpressPathsRelativeToRepoRoot : SarifValidationSkimmerBase protected override void Analyze(Run run, string runPointer) { + this.uriBaseIds = new HashSet(); + if (run.VersionControlProvenance != null) { - this.uriBaseIds = new HashSet(); string versionControlProvenancePointer = runPointer.AtProperty(SarifPropertyName.VersionControlProvenance); for (int i = 0; i < run.VersionControlProvenance.Count; i++) @@ -55,7 +57,7 @@ protected override void Analyze(Run run, string runPointer) protected override void Analyze(Result result, string resultPointer) { - if (result.Locations != null) + if (result.Locations != null && this.uriBaseIds.Any()) { string locationsPointer = resultPointer.AtProperty(SarifPropertyName.Locations); for (int i = 0; i < result.Locations.Count; i++) diff --git a/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs b/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs index ab8349b3f..6ef804b1a 100644 --- a/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs +++ b/src/Test.FunctionalTests.Sarif/Multitool/ValidateCommandTests.cs @@ -205,6 +205,10 @@ public void SARIF2006_UrisShouldBeReachable_Invalid() public void SARIF2007_ExpressPathsRelativeToRepoRoot_Valid() => RunTest(MakeValidTestFileName(RuleId.ExpressPathsRelativeToRepoRoot, nameof(RuleId.ExpressPathsRelativeToRepoRoot)), parameter: new TestParameters(configFileName: "enable2007.configuration.xml")); + [Fact] + public void SARIF2007_ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid() + => RunTest("SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif", + parameter: new TestParameters(configFileName: "enable2007.configuration.xml")); [Fact] public void SARIF2007_ExpressPathsRelativeToRepoRoot_Invalid() diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif new file mode 100644 index 000000000..160930102 --- /dev/null +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif @@ -0,0 +1,46 @@ +{ + "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "SARIF Functional Testing" + } + }, + "invocations": [ + { + "toolConfigurationNotifications": [ + { + "message": { + "text": "Rule 'SARIF2002' was explicitly disabled by the user. As result, this tool run cannot be used for compliance or other auditing processes that require a comprehensive analysis." + }, + "descriptor": { + "id": "WRN999.RuleExplicitlyDisabled" + } + }, + { + "message": { + "text": "Rule 'SARIF2006' was explicitly disabled by the user. As result, this tool run cannot be used for compliance or other auditing processes that require a comprehensive analysis." + }, + "descriptor": { + "id": "WRN999.RuleExplicitlyDisabled" + } + } + ], + "executionSuccessful": true + } + ], + "artifacts": [ + { + "location": { + "uri": "FunctionalTestOutput.ValidateCommand/Inputs.SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif", + "uriBaseId": "TEST_DIR" + } + } + ], + "results": [], + "columnKind": "utf16CodeUnits" + } + ] +} \ No newline at end of file diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/Inputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/Inputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif new file mode 100644 index 000000000..f0dbbfcc7 --- /dev/null +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/Inputs/SARIF2007.ExpressPathsRelativeToRepoRoot_WithoutVersionControlProvenance_Valid.sarif @@ -0,0 +1,50 @@ +{ + "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "SARIF Functional Testing", + "version": "1.2.3", + "rules": [ + { + "id": "TEST1001", + "fullDescription": { + "text": "Test 1001 full description." + }, + "messageStrings": { + "DoesExist": { + "text": "'{0}': Placeholder '{1}'." + } + } + } + ] + } + }, + "results": [ + { + "ruleId": "TEST1001", + "message": { + "id": "DoesExist", + "arguments": [ + "runs[0].originalUriBaseIds.SRCINVALID", + "SRCINVALID" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "project/file.cs", + "uriBaseId": "SOURCE_ROOT" + } + } + } + ] + } + ], + "columnKind": "utf16CodeUnits" + } + ] +} \ No newline at end of file