microsoft/sarif-sdk

GH1017 providing erroneous advice

3flex opened this issue · 0 comments

3flex commented

Using the online validator at https://sarifweb.azurewebsites.net/Validation (and apologies if this repo isn't being used in the backend of that tool, but I can't find anything else in Microsoft's GitHub org) I see GH1017 reported for the example below.

The report in the online validator says:

Provide the 'region' property, along with the appropriate region properties. This property is required by the GitHub Advanced Security service. Provide the 'artifactLocation' property. This property is required by the GitHub Advanced Security service.

However, region and artifactLocation are both provided as shown, so this should not be reported for this sample, unless there's something I've missed?

Possibly related to #2822

{
  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json",
  "version": "2.1.0",
  "runs": [
    {
      "results": [
        {
          "level": "error",
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "TestFile.kt",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 3,
                  "endLine": 2,
                  "startColumn": 1,
                  "startLine": 1
                }
              }
            }
          ],
          "message": {
            "text": "TestMessage"
          },
          "ruleId": "detekt.RuleSet1.TestSmellA/id"
        },
        {
          "level": "warning",
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "TestFile.kt",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 5,
                  "endLine": 3,
                  "startColumn": 5,
                  "startLine": 3
                }
              }
            }
          ],
          "message": {
            "text": "TestMessage"
          },
          "ruleId": "detekt.RuleSet2.TestSmellB/id"
        },
        {
          "level": "note",
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "TestFile.kt",
                  "uriBaseId": "%SRCROOT%"
                },
                "region": {
                  "endColumn": 1,
                  "endLine": 3,
                  "startColumn": 1,
                  "startLine": 2
                }
              }
            }
          ],
          "message": {
            "text": "TestMessage"
          },
          "ruleId": "detekt.RuleSet2.TestSmellC/id"
        }
      ],
      "tool": {
        "driver": {
          "downloadUri": "https://github.com/detekt/detekt/releases/download/v1.16.0/detekt",
          "fullName": "detekt",
          "guid": "022ca8c2-f6a2-4c95-b107-bb72c43263f3",
          "informationUri": "https://detekt.dev",
          "language": "en",
          "name": "detekt",
          "organization": "detekt",
          "rules": [
            {
              "defaultConfiguration": {
                "level": "error"
              },
              "helpUri": "https://detekt.dev/test.html#testrule",
              "id": "detekt.test.TestRule",
              "name": "TestRule",
              "shortDescription": {
                "text": ""
              }
            }
          ],
          "semanticVersion": "1.16.0",
          "version": "1.16.0"
        }
      }
    }
  ]
}