From d7aa0afa7a11b08b79fce8b09309a0c8cf582dca Mon Sep 17 00:00:00 2001 From: marcandre-larochelle-bell <79320471+marcandre-larochelle-bell@users.noreply.github.com> Date: Tue, 22 Oct 2024 14:10:04 -0400 Subject: [PATCH 1/4] Update sarif-support-for-code-scanning.md Fix invalid SARIF specification, missing originalUriBaseIds from the format --- .../sarif-support-for-code-scanning.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index eb50148a57db..01e91b8c3304 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -371,6 +371,21 @@ This SARIF output file has example values to show all supported SARIF properties ] } }, + "originalUriBaseIds": { + "PROJECTROOT": { + "uri": "file:///C:/Users/Mary/code/TheProject/", + "description": { + "text": "The root directory for all project files." + } + }, + "%SRCROOT%": { + "uri": "src/", + "uriBaseId": "PROJECTROOT", + "description": { + "text": "The root of the source tree." + } + } + }, "automationDetails": { "id": "my-category/" }, From ff24af761e4fef92589da36b32ada70365f562b8 Mon Sep 17 00:00:00 2001 From: marcandre-larochelle-bell <79320471+marcandre-larochelle-bell@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:51:25 -0400 Subject: [PATCH 2/4] Update sarif-support-for-code-scanning.md --- .../sarif-support-for-code-scanning.md | 95 ++++++++++++++++--- 1 file changed, 80 insertions(+), 15 deletions(-) diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index 01e91b8c3304..cb2ff369edcd 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -313,6 +313,86 @@ This SARIF output file has example values to show the minimum required propertie } ``` +### Relative URI Guidance for SARIF Producers + +This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references. + +{% note %} + +**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references, For more information, visit the [Microsoft SARIF documentation](https://sarifweb.azurewebsites.net/). + +{% endnote %} + +```json +{ + "$schema": "https://json.schemastore.org/sarif-2.1.0.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "Tool Name", + "rules": [ + { + "id": "R01" + ... + "properties" : { + "id" : "java/unsafe-deserialization", + "kind" : "path-problem", + "name" : "...", + "problem.severity" : "error", + "security-severity" : "9.8", + } + } + ] + } + }, + "originalUriBaseIds": { + "PROJECTROOT": { + "uri": "file:///C:/Users/Mary/code/TheProject/", + "description": { + "text": "The root directory for all project files." + } + }, + "%SRCROOT%": { + "uri": "src/", + "uriBaseId": "PROJECTROOT", + "description": { + "text": "The root of the source tree." + } + } + }, + "results": [ + { + "ruleId": "R01", + "message": { + "text": "Result text. This result does not have a rule associated." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "fileURI", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 2, + "startColumn": 7, + "endColumn": 10 + } + } + } + ], + "partialFingerprints": { + "primaryLocationLineHash": "39fa2ee980eb94b0:1" + } + } + ] + } + ] +} +``` + ### Example showing all supported SARIF properties This SARIF output file has example values to show all supported SARIF properties for {% data variables.product.prodname_code_scanning %}. @@ -371,21 +451,6 @@ This SARIF output file has example values to show all supported SARIF properties ] } }, - "originalUriBaseIds": { - "PROJECTROOT": { - "uri": "file:///C:/Users/Mary/code/TheProject/", - "description": { - "text": "The root directory for all project files." - } - }, - "%SRCROOT%": { - "uri": "src/", - "uriBaseId": "PROJECTROOT", - "description": { - "text": "The root of the source tree." - } - } - }, "automationDetails": { "id": "my-category/" }, From b3a9a29bd527ff1ed9f2298c21cba32cb64c9e63 Mon Sep 17 00:00:00 2001 From: marcandre-larochelle-bell <79320471+marcandre-larochelle-bell@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:56:47 -0400 Subject: [PATCH 3/4] Removed trailing space --- .../sarif-support-for-code-scanning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index cb2ff369edcd..dbacb99e120a 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -315,7 +315,7 @@ This SARIF output file has example values to show the minimum required propertie ### Relative URI Guidance for SARIF Producers -This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references. +This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references. {% note %} From def9bf18b42edb0f026a2ef033611eddb86422ec Mon Sep 17 00:00:00 2001 From: marcandre-larochelle-bell <79320471+marcandre-larochelle-bell@users.noreply.github.com> Date: Thu, 7 Nov 2024 12:35:35 -0500 Subject: [PATCH 4/4] Update content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com> --- .../sarif-support-for-code-scanning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md index dbacb99e120a..36a443f6a73c 100644 --- a/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md +++ b/content/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md @@ -319,7 +319,7 @@ This SARIF output file has example of values for the field `originalUriBaseIds`, {% note %} -**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references, For more information, visit the [Microsoft SARIF documentation](https://sarifweb.azurewebsites.net/). +**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references. {% endnote %}