Adding Rule SARIF2009 #1938
Adding Rule SARIF2009 #1938
Conversation
Adding tests
| // and 'BINROOT' for the root of the directory containing build output (if your project places all build output in a common directory). | ||
| LogResult( | ||
| originalUriBaseIdsPointer.AtProperty(originalUriBaseId.Key), | ||
| nameof(RuleResources.SARIF2001_AuthorHighQualityMessages_Warning_IncludeDynamicContent_Text), |
There was a problem hiding this comment.
SARIF2001_AuthorHighQualityMessages_Warning_IncludeDynamicContent_Text [](start = 45, length = 70)
resource name is wrong? #Closed
There was a problem hiding this comment.
| // Using a conventional format for the rule id provides a more uniform experience across tools. | ||
| LogResult( | ||
| reportingDescriptorPointer.AtProperty(SarifPropertyName.Id), | ||
| nameof(RuleResources.SARIF2001_AuthorHighQualityMessages_Warning_IncludeDynamicContent_Text), |
There was a problem hiding this comment.
SARIF2001_AuthorHighQualityMessages_Warning_IncludeDynamicContent_Text [](start = 41, length = 70)
resource name wrong? #Closed
There was a problem hiding this comment.
| nameof(RuleResources.SARIF2009_UseConventionalSymbolicNames_Warning_UseConventionalUriBaseIdNames_Text) | ||
| }; | ||
|
|
||
| public override FailureLevel DefaultLevel => FailureLevel.Warning; |
There was a problem hiding this comment.
Warning [](start = 66, length = 7)
Default level probably too high for this rule governing name conventions #Closed
There was a problem hiding this comment.
| /// <summary> | ||
| /// SARIF2009 | ||
| /// </summary> | ||
| public override string Id => RuleId.UseConventionalSymbolicNames; |
There was a problem hiding this comment.
UseConventionalSymbolicNames [](start = 44, length = 28)
We should drop this rule to a note and change the name to 'ConsiderUsingConventionalNames'. 'Symbolic' isn't buying us much as an adjective (and symbol is a highly used term in analysis itself, so it's a little confusing. We can use 'Consider' for rules that truly are for nice-to-have conventions, as this one is. #Resolved
There was a problem hiding this comment.
|
|
||
| public override FailureLevel DefaultLevel => FailureLevel.Warning; | ||
|
|
||
| private static readonly string[] s_conventionalSymbols = new string[] { "REPOROOT", "SRCROOT", "TESTROOT", "BINROOT" }; |
There was a problem hiding this comment.
REPOROOT [](start = 81, length = 8)
Why are we using these terms? Is there precedent in existing tools? I don't see the component governance coinage, which is SCANROOT. Why does testroot exist? Why do we permit two locations for source roots, effectively? In short, @lgolding, maybe puzzle on this a bit more.
| /// Many tools follow a conventional format for the 'reportingDescriptor.id' property: a short string identifying the tool concatenated with a numeric rule number, | ||
| /// for example, 'CS2001' for a diagnostic from the Roslyn C# compiler. For uniformity of experience across tools, we recommend this format. | ||
| /// | ||
| /// Many tool use similar names for 'uriBaseId' symbols.We suggest 'REPOROOT' for the root of a repository, 'SRCROOT' for the root of the directory containing all source code, 'TESTROOT' for the root of the directory containing all test code(if your repository is organized in that way), and 'BINROOT' for the root of the directory containing build output(if your project places all build output in a common directory). |
There was a problem hiding this comment.
the [](start = 130, length = 3)
this comment line is too long and has spacing issues. #Closed
There was a problem hiding this comment.
There was a problem hiding this comment.
Better! My rule of thumb for this is to establish the right hand line length, typically from the first line. In your case, is is on line 23, the line ending in 'property:'. Then, I make sure and run all possible text up to this column. Basically attempt to right justify as far as possible. Following my convention, your comment could be more compact. The term 'for' at the beginning of line 25, for example, could be placed at the end of line 24 without exceeding the established line length. Make sense?
In reply to: 445569155 [](ancestors = 445569155,445553061)
There was a problem hiding this comment.
just updated! i think it is more justified and almost all lines are following the same length. Let me know what do you think!
In reply to: 445574287 [](ancestors = 445574287,445569155,445553061)
| { | ||
| // {0}: The 'originalUriBaseIds' symbol '{1}' is not one of the conventional symbols. | ||
| // We suggest 'REPOROOT' for the root of a repository, 'SRCROOT' for the root of the directory containing all source code, | ||
| // 'TESTROOT' for the root of the directory containing all test code (if your repository is organized in that way), |
There was a problem hiding this comment.
the lines of this comment are too long and need to be truncated. #Closed
There was a problem hiding this comment.
There was a problem hiding this comment.
Improved! My rule of thumb, though, is that there should never be complete words that are to the right margin of the shortest preceding line. On line 100, for example, 'directory' should have been dropped to the next line (as it is entirely right of the margin established on line 99 by 'symbols.' It is fine for a word to 'poke' past the end of the margin, as long as it starts before that rightmost margin. Make sense? Sorry to nit-pick so much on the comments, but rules source code is authored once and truly read many many times as people use a tool, are confused by results, want to understand more, etc. Analysis rules like this also are effectively a set of guidelines encoded in C#. At some point, these rules might be reauthored in another analysis environment.
In reply to: 445569283 [](ancestors = 445569283,445553388)
There was a problem hiding this comment.
i will keep your guidelines in mind! Thanks for sharing and reviewing. just updated!
In reply to: 445585630 [](ancestors = 445585630,445569283,445553388)
There was a problem hiding this comment.
+1 on Michael's formatting guidelines.
In reply to: 445591404 [](ancestors = 445591404,445585630,445569283,445553388)
|
Has anyone run this rule yet against test SARIF in the repo? #Resolved |
|
Hi @michaelcfanning , i have ran yesterday. I will double check. Thanks for reviewing. Checking everything right now. In reply to: 649538563 [](ancestors = 649538563) |
|
Just ran again and i got some questions. So, i changed the error level from warning to note. With that, the output sarif isn't showing anymore. Is that expected? In reply to: 649540515 [](ancestors = 649540515,649538563) |
|
Thanks, Eddy! By the way, this is very nice work. My questions here are mostly along whether this rule is something reasonable to put on users. :S We will sort that out, though. 'note' levels require passing a --verbose flag on the command-line (not actually sure whether the validation rules support this yet). In reply to: 649551076 [](ancestors = 649551076,649540515,649538563) |
|
Thank you for reviewing! i will update those tests that are failing. Later we can check it out how can we validate the output In reply to: 649552588 [](ancestors = 649552588,649551076,649540515,649538563) |
| "uri": "project", | ||
| "description": { | ||
| "text": "This artifactLocation has no uriBaseId, so its uri, if present, must be absolute. But it isn't. It also doesn't end with a slash." | ||
| } | ||
| }, | ||
| "SOURCE_ROOT": { | ||
| "SRCROOT": { | ||
| "uri": "src", | ||
| "uriBaseId": "PROJECT_ROOT", |
There was a problem hiding this comment.
"PROJECT_ROOT [](start = 23, length = 13)
PROJECT_ROOT was renamed, yes? #Resolved
There was a problem hiding this comment.
since your first comment about the terms, i will rollback to source_root and wait for larry's comment, ok?
In reply to: 445586890 [](ancestors = 445586890)
There was a problem hiding this comment.
It's fine to bring this change into conformance with Larry's original proposal. To be consistent, we would rename this to 'REPOROOT' am I correct?
In reply to: 445589112 [](ancestors = 445589112,445586890)
There was a problem hiding this comment.
yes, it would. i will check with him, because, we have many keys that would alert in this scenario and if that is expected.
In reply to: 445594014 [](ancestors = 445594014,445589112,445586890)
There was a problem hiding this comment.
I rollback to the initial version and enabled the verbose by passing true as parameter. What do you think?
In reply to: 445595450 [](ancestors = 445595450,445594014,445589112,445586890)
| // uniform experience across tools. | ||
| LogResult( | ||
| reportingDescriptorPointer.AtProperty(SarifPropertyName.Id), | ||
| nameof(RuleResources.SARIF2009_UseConventionalSymbolicNames_Warning_UseConventionalRuleIds_Text), |
There was a problem hiding this comment.
Warning [](start = 80, length = 7)
But now it needs to be "Note" instead of "Warning". This is why I don't agree with encoding the level in the resource name. #Resolved
There was a problem hiding this comment.
|
Just updated again. Added true as parameter and used that to enable the verbose option. In reply to: 649561880 [](ancestors = 649561880,649552588,649551076,649540515,649538563) |
| LogResult( | ||
| reportingDescriptorPointer.AtProperty(SarifPropertyName.Id), | ||
| nameof(RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalRuleIds_Text), | ||
| reportingDescriptor.Name); |
There was a problem hiding this comment.
Name [](start = 40, length = 4)
The message should mention the id, not the name. #Resolved
| @@ -10,18 +10,18 @@ | |||
| } | |||
| }, | |||
| "originalUriBaseIds": { | |||
| "PROJECT_ROOT": { | |||
| "REPOROOT": { | |||
There was a problem hiding this comment.
REPOROOT [](start = 9, length = 8)
For now, let's use these:
- The old
PROJECT_ROOTbecomesREPO_ROOT(still contains an underscore). - The old
SOURCE_ROOTis unchanged (do not change it toSRCROOT). - You're right,
RULES_ROOTis not in our current set. Changing toTEST_ROOTin this test file is fine -- but do use the underscore. #Resolved
| "description": { | ||
| "text": "This artifactLocation has neither a uri nor a uriBaseId. This is fine." | ||
| } | ||
| }, | ||
| "RULES_ROOT": { | ||
| "TESTROOT": { | ||
| "uri": "file:///C:/rules/", |
There was a problem hiding this comment.
rules [](start = 29, length = 5)
Let's change rules to tests here for consistency with the key TEST_ROOT. #Resolved
No description provided.