Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix false positives for 'SARIF1002.UrisMustBeValid' due to Uri.IsWellFormedUriString bug #2501

Merged
merged 8 commits into from
Jul 13, 2022
Merged

Fix false positives for 'SARIF1002.UrisMustBeValid' due to Uri.IsWellFormedUriString bug #2501

merged 8 commits into from
Jul 13, 2022

Conversation

marmegh
Copy link
Contributor

@marmegh marmegh commented Jul 6, 2022

Uri.IsWellFormedUriString returns false for some valid URIs. This is resulting in some tools rejecting valid SARIF results files that conform to requirements but not all recommendations.

This fix implements a IsWellFormedUri method as part of the SarifValidationSkimmerBase class and replaces all Uri.IsWellFormedUriString() api calls with this method.

eddynaka
eddynaka reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SarifValidationSkimmerBase.cs Outdated
@@ -246,6 +246,18 @@ internal static string JsonPointerToJavaScript(string pointerString)
return sb.ToString();
}

internal static bool UriIsWellFormedUriString(string uriString, UriKind uriKind)
Copy link
Collaborator

@eddynaka eddynaka Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UriIsWellFormedUriString

create a unit test that checks for the previous behavior and the new behavior.

This would guarantee that even if we remove the E2E tests, we would still be able to validate it. #Pending

EasyRhinoMSFT
EasyRhinoMSFT reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SarifValidationSkimmerBase.cs Outdated
@@ -246,6 +246,18 @@ internal static string JsonPointerToJavaScript(string pointerString)
return sb.ToString();
}

internal static bool UriIsWellFormedUriString(string uriString, UriKind uriKind)
Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT Jul 11, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest naming IsWellFormedUriString per C# style guidelines #Closed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@marmegh marmegh marked this pull request as ready for review July 11, 2022 18:17
@marmegh marmegh requested a review from michaelcfanning as a code owner July 11, 2022 18:17
michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/ReleaseHistory.md Outdated
@@ -3,6 +3,7 @@
## Unreleased

* FEATURE: Add `max-file-size-in-kb` argument that allows filtering scan targets by file size. [#2494](https://github.com/microsoft/sarif-sdk/pull/2494)
* BUGFIX: Fix false positive for `SARIF1002.UrisMustBeValid` for URIs with the format `file:/c:/location/filename.txt`. [#]()
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

format

'for file URIs that omit the 'authority' #Pending

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SARIF1002.UrisMustBeValid.cs Outdated
@@ -80,7 +80,7 @@ private void AnalyzeUri(Uri uri, string pointer)
string uriString = uri?.OriginalString;
if (uriString != null)
{
if (!Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
if (!UriIsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UriIsWellFormedUriString

IsWellFormedUriString (add a great summary XML comment).

UriIsWellFormedHelper

ReplacementUriIsWellFormed... #Pending

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SarifValidationSkimmerBase.cs Outdated
internal static bool UriIsWellFormedUriString(string uriString, UriKind uriKind)
{
bool isWellFormed = Uri.IsWellFormedUriString(uriString, uriKind);
bool csBug = (uriString.StartsWith("file:/") && Uri.TryCreate(uriString, uriKind, out Uri result));
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

csBug

subjectToWellknownClrBug?

add a nice comment?
#Pending

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SARIF1002.UrisMustBeValid.cs
@@ -80,7 +80,7 @@ private void AnalyzeUri(Uri uri, string pointer)
string uriString = uri?.OriginalString;
if (uriString != null)
{
if (!Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
if (!UriIsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
{
// {0}: The string '{1}' is not a valid URI reference. URIs must conform to
// [RFC 3986](https://tools.ietf.org/html/rfc3986).
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put this information in the helper.
#Pending

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Sarif.Multitool.Library/Rules/SarifValidationSkimmerBase.cs Outdated
internal static bool UriIsWellFormedUriString(string uriString, UriKind uriKind)
{
bool isWellFormed = Uri.IsWellFormedUriString(uriString, uriKind);
bool csBug = (uriString.StartsWith("file:/") && Uri.TryCreate(uriString, uriKind, out Uri result));
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

StartsWith

this should be OrdinalIgnoreCase #Pending

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Test.UnitTests.Sarif.Multitool.Library/Rules/SarifValidationSkimmerBaseTests.cs
{
expectedIsWellFormedUri = true,
uriKind = UriKind.Absolute,
uriString = "file:///c:/Code/sarif-sdk/src/"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

file

add tests with upper case!

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/Test.UnitTests.Sarif.Multitool.Library/Rules/SarifValidationSkimmerBaseTests.cs
{
expectedIsWellFormedUri = true,
uriKind = UriKind.RelativeOrAbsolute,
uriString = "file:///c:/Code/sarif-sdk/src/"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

file

test the network path case?

michaelcfanning
michaelcfanning reviewed Jul 11, 2022
View reviewed changes
src/ReleaseHistory.md Outdated
@@ -3,6 +3,7 @@
## Unreleased

* FEATURE: Add `max-file-size-in-kb` argument that allows filtering scan targets by file size. [#2494](https://github.com/microsoft/sarif-sdk/pull/2494)
* BUGFIX: Fix false positive for `SARIF1002.UrisMustBeValid` for URIs with the format `file:/c:/location/filename.txt`. [#]()
Copy link
Member

@michaelcfanning michaelcfanning Jul 11, 2022
edited by marmegh
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#

? #Pending

michaelcfanning
michaelcfanning approved these changes Jul 11, 2022
View reviewed changes
Copy link
Member

@michaelcfanning michaelcfanning left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

EasyRhinoMSFT
EasyRhinoMSFT approved these changes Jul 12, 2022
View reviewed changes
Copy link
Collaborator

@EasyRhinoMSFT EasyRhinoMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@marmegh marmegh merged commit 64a4211 into main Jul 13, 2022
@marmegh marmegh deleted the users/marmegh/validatorFix branch July 13, 2022 21:36
@marmegh marmegh mentioned this pull request Jul 21, 2022
Merged
@marmegh marmegh mentioned this pull request Aug 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eddynaka eddynaka eddynaka left review comments

@michaelcfanning michaelcfanning michaelcfanning approved these changes

@EasyRhinoMSFT EasyRhinoMSFT EasyRhinoMSFT approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marmegh @michaelcfanning @eddynaka @EasyRhinoMSFT