Updating Rule SARIF2009 and SARIF2014

src/Sarif.Multitool/Rules/RuleResources.resx

@@ -259,9 +259,6 @@ Many tool use similar names for 'uriBaseId' symbols. We suggest 'REPOROOT' for t
   <data name="SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalRuleIds_Text" xml:space="preserve">
     <value>{0}: The 'id' property of the rule '{1}' does not follow the recommended format: a short string identifying the tool concatenated with a numeric rule number, for example, `CS2001`. Using a conventional format for the rule id provides a more uniform experience across tools.</value>
   </data>
-  <data name="SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalUriBaseIdNames_Text" xml:space="preserve">
-    <value>{0}: The 'originalUriBaseIds' symbol '{1}' is not one of the conventional symbols. We suggest 'REPOROOT' for the root of a repository, 'SRCROOT' for the root of the directory containing all source code, 'TESTROOT' for the root of the directory containing all test code (if your repository is organized in that way), and 'BINROOT' for the root of the directory containing build output (if your project places all build output in a common directory).</value>
-  </data>
   <data name="SARIF1007_RegionPropertiesMustBeConsistent_Error_RegionStartPropertyMustBePresent_Text" xml:space="preserve">
     <value>{0}: This 'region' object does not specify 'startLine', 'charOffset', or 'byteOffset'. As a result, it is impossible to determine whether this 'region' object describes a line/column text region, a character offset/length text region, or a binary region.</value>
   </data>
@@ -326,7 +323,7 @@ Many tool use similar names for 'uriBaseId' symbols. We suggest 'REPOROOT' for t
     <value>Including "dynamic content" (information that varies among results from the same rule) makes your messages more specific. It avoids the "wall of bugs" phenomenon, where hundreds of occurrences of the same message appear unapproachable.</value>
   </data>
   <data name="SARIF2014_ProvideDynamicMessageContent_Note_Default_Text" xml:space="preserve">
-    <value>{0}: In rule '{1}', the message with id '{2}' does not include any dynamic content. Dynamic content makes your messages more specific and avoids the "wall of bugs" phenomenon.</value>
+    <value>{0}: In rule '{1}', the '{2}' property of the message with id '{3}' does not include any dynamic content. Dynamic content makes your messages more specific and avoids the "wall of bugs" phenomenon.</value>
   </data>
   <data name="SARIF2015_EnquoteDynamicMessageContent_FullDescription_Text" xml:space="preserve">
     <value>Placing dynamic content in quotes sets it off from the static text, making it easier to spot. It's especially helpful when the dynamic content is a string that might contain spaces, and most especially when the string might be empty (and so would be invisible if it weren't for the quotes). We recommend single quotes for a less cluttered appearance, even though English usage would require double quotes.</value>

src/Sarif.Multitool/Rules/SARIF2009.ConsiderConventionalIdentifierValues.cs

@@ -34,23 +34,13 @@ public class ConsiderConventionalIdentifierValues : SarifValidationSkimmerBase
         public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_FullDescription_Text };
 
         protected override IEnumerable<string> MessageResourceNames => new string[] {
-            nameof(RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalRuleIds_Text),
-            nameof(RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalUriBaseIdNames_Text)
+            nameof(RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalRuleIds_Text)
         };
 
         public override FailureLevel DefaultLevel => FailureLevel.Note;
 
-        private static readonly string[] s_conventionalSymbols = new string[] { "REPOROOT", "SRCROOT", "TESTROOT", "BINROOT" };
         private static readonly Regex s_conventionalIdRegex = new Regex(@"^[A-Z]{1,5}[0-9]{1,4}$", RegexOptions.Compiled | RegexOptions.CultureInvariant);
 
-        protected override void Analyze(Run run, string runPointer)
-        {
-            if (run.OriginalUriBaseIds != null)
-            {
-                AnalyzeOriginalUriBaseIds(run.OriginalUriBaseIds, runPointer.AtProperty(SarifPropertyName.OriginalUriBaseIds));
-            }
-        }
-
         protected override void Analyze(Tool tool, string toolPointer)
         {
             if (tool.Driver != null)
@@ -90,25 +80,5 @@ private void AnalyzeReportingDescriptor(ReportingDescriptor reportingDescriptor,
                     reportingDescriptor.Id);
             }
         }
-
-        private void AnalyzeOriginalUriBaseIds(IDictionary<string, ArtifactLocation> originalUriBaseIds, string originalUriBaseIdsPointer)
-        {
-            foreach (KeyValuePair<string, ArtifactLocation> originalUriBaseId in originalUriBaseIds)
-            {
-                if (!s_conventionalSymbols.Contains(originalUriBaseId.Key))
-                {
-                    // {0}: The 'originalUriBaseIds' symbol '{1}' is not one of the conventional symbols. 
-                    // We suggest 'REPOROOT' for the root of a repository, 'SRCROOT' for the root of the
-                    // directory containing all source code, 'TESTROOT' for the root of the directory
-                    // containing all test code (if your repository is organized in that way), and 'BINROOT'
-                    // for the root of the directory containing build output (if your project places all
-                    // build output in a common directory).
-                    LogResult(
-                        originalUriBaseIdsPointer.AtProperty(originalUriBaseId.Key),
-                        nameof(RuleResources.SARIF2009_ConsiderConventionalIdentifierValues_Note_UseConventionalUriBaseIdNames_Text),
-                        originalUriBaseId.Key);
-                }
-            }
-        }
     }
 }

src/Sarif.Multitool/Rules/SARIF2014.ProvideDynamicMessageContent.cs

@@ -58,29 +58,31 @@ private void AnalyzeReportingDescriptor(ReportingDescriptor rule, string reporti
                 string messageStringsPointer = reportingDescriptorPointer.AtProperty(SarifPropertyName.MessageStrings);
                 foreach (KeyValuePair<string, MultiformatMessageString> message in rule.MessageStrings)
                 {
-                    AnalyzeMessageString(rule.Id, message.Value.Text, message.Key, messageStringsPointer.AtProperty(message.Key));
+                    AnalyzeString(rule.Id, message.Value.Text, message.Key, messageStringsPointer.AtProperty(message.Key), SarifPropertyName.Text);
+                    AnalyzeString(rule.Id, message.Value.Markdown, message.Key, messageStringsPointer.AtProperty(message.Key), SarifPropertyName.Markdown);
                 }
             }
         }
 
-        private void AnalyzeMessageString(string ruleId, string messageString, string messageKey, string messagePointer)
+        private void AnalyzeString(string ruleId, string messageString, string messageKey, string messagePointer, string propertyName)
         {
             if (string.IsNullOrEmpty(messageString))
             {
                 return;
             }
 
-            string textPointer = messagePointer.AtProperty(SarifPropertyName.Text);
+            string pointer = messagePointer.AtProperty(propertyName);
 
             if (!s_dynamicContentRegex.IsMatch(messageString))
             {
-                // {0}: In rule '{1}', the message with id '{2}' does not include any dynamic content.
-                // Dynamic content makes your messages more specific and avoids the "wall of bugs"
-                // phenomenon.
+                // {0}: In rule '{1}', the '{2}' property of the message with id '{3}' does not include
+                // any dynamic content. Dynamic content makes your messages more specific and avoids the
+                // "wall of bugs" phenomenon.
                 LogResult(
-                    textPointer,
+                    pointer,
                     nameof(RuleResources.SARIF2014_ProvideDynamicMessageContent_Note_Default_Text),
                     ruleId,
+                    propertyName,
                     messageKey);
             }
         }

src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2009.ConsiderConventionalIdentifierValues_Invalid.sarif

@@ -19,9 +19,6 @@
               "messageStrings": {
                 "Note_UseConventionalRuleIds": {
                   "text": "{0}: The 'id' property of the rule '{1}' does not follow the recommended format: a short string identifying the tool concatenated with a numeric rule number, for example, `CS2001`. Using a conventional format for the rule id provides a more uniform experience across tools."
-                },
-                "Note_UseConventionalUriBaseIdNames": {
-                  "text": "{0}: The 'originalUriBaseIds' symbol '{1}' is not one of the conventional symbols. We suggest 'REPOROOT' for the root of a repository, 'SRCROOT' for the root of the directory containing all source code, 'TESTROOT' for the root of the directory containing all test code (if your repository is organized in that way), and 'BINROOT' for the root of the directory containing build output (if your project places all build output in a common directory)."
                 }
               },
               "helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"
@@ -61,31 +58,6 @@
         }
       ],
       "results": [
-        {
-          "ruleId": "SARIF2009",
-          "ruleIndex": 0,
-          "level": "note",
-          "message": {
-            "id": "Note_UseConventionalUriBaseIdNames",
-            "arguments": [
-              "runs[0].originalUriBaseIds.SRCINVALID",
-              "SRCINVALID"
-            ]
-          },
-          "locations": [
-            {
-              "physicalLocation": {
-                "artifactLocation": {
-                  "index": 0
-                },
-                "region": {
-                  "startLine": 26,
-                  "startColumn": 23
-                }
-              }
-            }
-          ]
-        },
         {
           "ruleId": "SARIF2009",
           "ruleIndex": 0,

src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2014.ProvideDynamicMessageContent_Invalid.sarif

@@ -18,7 +18,7 @@
               },
               "messageStrings": {
                 "Note_Default": {
-                  "text": "{0}: In rule '{1}', the message with id '{2}' does not include any dynamic content. Dynamic content makes your messages more specific and avoids the \"wall of bugs\" phenomenon."
+                  "text": "{0}: In rule '{1}', the '{2}' property of the message with id '{3}' does not include any dynamic content. Dynamic content makes your messages more specific and avoids the \"wall of bugs\" phenomenon."
                 }
               },
               "helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"
@@ -67,6 +67,7 @@
             "arguments": [
               "runs[0].tool.driver.rules[0].messageStrings.NoPlaceholders.text",
               "TST0001",
+              "text",
               "NoPlaceholders"
             ]
           },