You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here is a small sarif document with a whitespace rule id that would cause SARIF1010.RuleIdMustBeConsistent to erroneously claim that the ruleId property is absent:
1.sarif(17,17): error SARIF1010: runs[0].results[0]: This result contains neither of the properties 'ruleId' or 'rule.id'. The SARIF specification (§3.27.5) requires at least one of these properties to be present.
While it usually would not be desirable to have such a silly ruleId (a space), we like to stress test our static analysis framework using a fuzzer. The fuzzer is good at exercising corner cases like this. We would like to be able to validate that the resulting sarif is standard-compliant, even if it is idiotic. This is the only false positive we are currently seeing from the validator.
SARIF1010.RuleIdMustBeConsistent.cs uses string.IsNullOrWhiteSpace to determine whether a ruleId property is absent.
If SARIF1010.RuleIdMustBeConsistent is intending to enforce the SARIF standard, then I do not think string.IsNullOrWhiteSpace is the correct predicate. I rather suspect == null would be correct.
The text was updated successfully, but these errors were encountered:
Here is a small sarif document with a whitespace rule id that would cause SARIF1010.RuleIdMustBeConsistent to erroneously claim that the ruleId property is absent:
Specifically, according to the SARIF standard cited by the diagnostic (https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317643), empty string or whitespace only rule IDs are legal. Regardless of whether they are legal, the ruleId property is present.
While it usually would not be desirable to have such a silly ruleId (a space), we like to stress test our static analysis framework using a fuzzer. The fuzzer is good at exercising corner cases like this. We would like to be able to validate that the resulting sarif is standard-compliant, even if it is idiotic. This is the only false positive we are currently seeing from the validator.
SARIF1010.RuleIdMustBeConsistent.cs uses string.IsNullOrWhiteSpace to determine whether a ruleId property is absent.
sarif-sdk/src/Sarif.Multitool.Library/Rules/SARIF1010.RuleIdMustBeConsistent.cs
Line 41 in d6d8062
If SARIF1010.RuleIdMustBeConsistent is intending to enforce the SARIF standard, then I do not think string.IsNullOrWhiteSpace is the correct predicate. I rather suspect
== null
would be correct.The text was updated successfully, but these errors were encountered: