Handle problem with default values for level
Closed this issue · 2 comments
Situation
Inside specification we have:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648
IF rule (§3.27.7) is present THEN
LET theDescriptor be the reportingDescriptor object (§3.49) that it specifies. # Is there a configuration override for the level property? IF result.provenance.invocationIndex (§3.27.29, §3.48.6) is >= 0 THEN LET theInvocation be the invocation object (§3.20) that it specifies. IF theInvocation.ruleConfigurationOverrides (§3.20.5) is present AND it contains a configurationOverride object (§3.51) whose descriptor property (§3.51.2) specifies theDescriptor THEN LET theOverride be that configurationOverride object. IF theOverride.configuration.level (§3.51.3, §3.50.3) is present THEN Set level to theConfiguration.level. ELSE # There is no configuration override for level. Is there a default configuration for it? IF theDescriptor.defaultConfiguration.level (§3.49.14, §, §3.50.3) is present THEN SET level to theDescriptor.defaultConfiguration.level.
IF level has not yet been set THEN
SET level to "warning".
The problem here is, that the generated code from the official JSON schema leads in something like
Level level = Level.valueFrom("warning")
For every level.
This means, that the result and the rule will always have "warning" as default value, which is not compatible with the upper pseudo code from the specificiation.
Wanted
The sarif library for 2.1.0 shall have a correct behavior here!
Solution
open
The origin schema for sarif 2.1.0 comes from
https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json
Maybe a change of the origin schema is necessary to handle the situation - see
https://json-schema.org/understanding-json-schema/reference/conditionals.html
The mentioned schema change is necessary to have the correct behavior on generator output.
We will have both schemas inside the git repo - the customized schema will be named as the origin but wit -customized
at the end. The generator will use the customized variant.
Also we will write a Junit test inside sarif-2.1.0-generator
which will be copied to the generated gradle project "sarif-2.1.0" so it will be executed at build time. The test will check that the default behavior is like the specificiation definition at https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317648
To provide "out-of-the-box" support for the pseudo code handling an additional issue is created and must implemented: