Handle problem with default values for level

Question

Handle problem with default values for level

Closed this issue 2 years ago · 2 comments

Situation

Inside specification we have:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648

IF rule (§3.27.7) is present THEN

LET theDescriptor be the reportingDescriptor object (§3.49) that it specifies.

# Is there a configuration override for the level property?

IF result.provenance.invocationIndex (§3.27.29, §3.48.6) is >= 0 THEN

    LET theInvocation be the invocation object (§3.20) that it specifies.

    IF theInvocation.ruleConfigurationOverrides (§3.20.5) is present

          AND it contains a configurationOverride object (§3.51) whose

          descriptor property (§3.51.2) specifies theDescriptor THEN

        LET theOverride be that configurationOverride object.

        IF theOverride.configuration.level (§3.51.3, §3.50.3) is present THEN

          Set level to theConfiguration.level.

ELSE

    # There is no configuration override for level. Is there a default configuration for it?

    IF theDescriptor.defaultConfiguration.level (§3.49.14, §, §3.50.3) is present THEN

      SET level to theDescriptor.defaultConfiguration.level.

IF level has not yet been set THEN

SET level to "warning".

The problem here is, that the generated code from the official JSON schema leads in something like

Level level = Level.valueFrom("warning")

For every level.
This means, that the result and the rule will always have "warning" as default value, which is not compatible with the upper pseudo code from the specificiation.

Wanted

The sarif library for 2.1.0 shall have a correct behavior here!

Solution

open

Answer 1 · 2023-03-15T12:04:33.000Z

The origin schema for sarif 2.1.0 comes from
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json

Maybe a change of the origin schema is necessary to handle the situation - see
https://json-schema.org/understanding-json-schema/reference/conditionals.html

Answer 2 · 2023-03-15T12:24:55.000Z

The mentioned schema change is necessary to have the correct behavior on generator output.
We will have both schemas inside the git repo - the customized schema will be named as the origin but wit -customized at the end. The generator will use the customized variant.

Also we will write a Junit test inside sarif-2.1.0-generator which will be copied to the generated gradle project "sarif-2.1.0" so it will be executed at build time. The test will check that the default behavior is like the specificiation definition at https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648

To provide "out-of-the-box" support for the pseudo code handling an additional issue is created and must implemented:

#12