Update messages and code for SARIF1004. (#1968)

microsoft · Jul 3, 2020 · 557155c · 557155c
1 parent b5c167f
commit 557155c
Show file tree

Hide file tree

Showing 6 changed files with 145 additions and 100 deletions.
diff --git a/docs/Producing effective SARIF.md b/docs/Producing effective SARIF.md
@@ -143,13 +143,17 @@ URIs must conform to [RFC 3986](https://tools.ietf.org/html/rfc3986). In additio
 
 #### Description
 
-Every URI reference in 'originalUriBaseIds' must resolve to an absolute URI, in the manner described in the SARIF specification [3.14.14](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317498). This is because the purpose of 'uriBaseIds' is to enable the resolution of relative references to absolute locations.
+When using the 'uriBaseId' property, obey the requirements in the SARIF specification [3.4.4](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317431) that enable it to fulfill its purpose of resolving relative references to absolute locations. In particular:
+
+If an 'artifactLocation' object has a 'uriBaseId' property, its 'uri' property must be a relative reference, because if 'uri' is an absolute URI then 'uriBaseId' serves no purpose.
+
+Every URI reference in 'originalUriBaseIds' must resolve to an absolute URI in the manner described in the SARIF specification [3.14.14](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317498).
 
 #### Messages
 
 ##### `UriBaseIdRequiresRelativeUri`: error
 
-{0}: The '{1}' element of 'originalUriBaseIds' has a 'uriBaseId' property '{2}', but its 'uri' property '{3}' is an absolute URI. Since the purpose of the 'uriBaseId' property is to help resolve a relative reference to an absolute URI, it is not allowed when the 'uri' property is already an absolute URI.
+{0}: This 'artifactLocation' object has a 'uriBaseId' property '{1}', but its 'uri' property '{2}' is an absolute URI. Since the purpose of 'uriBaseId' is to resolve a relative reference to an absolute URI, it is not allowed when the 'uri' property is already an absolute URI.
 
 ##### `TopLevelUriBaseIdMustBeAbsolute`: error
 

diff --git a/docs/Rule factoring.xlsx b/docs/Rule factoring.xlsx
diff --git a/src/Sarif.Multitool/Rules/RuleResources.Designer.cs b/src/Sarif.Multitool/Rules/RuleResources.Designer.cs
diff --git a/src/Sarif.Multitool/Rules/RuleResources.resx b/src/Sarif.Multitool/Rules/RuleResources.resx
@@ -148,10 +148,14 @@ If the 'invocation' object specifies both 'startTimeUtc' and 'endTimeUtc', then
 This is part of a set of authoring practices that make your rule messages more readable, understandable, and actionable. See also `SARIF2014.ProvideDynamicMessageContent` and `SARIF2015.EnquoteDynamicMessageContent`.</value>
   </data>
   <data name="SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdRequiresRelativeUri_Text" xml:space="preserve">
-    <value>{0}: {1} Placeholder_SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdRequiresRelativeUri_Text</value>
+    <value>{0}: This 'artifactLocation' object has a 'uriBaseId' property '{1}', but its 'uri' property '{2}' is an absolute URI. Since the purpose of 'uriBaseId' is to resolve a relative reference to an absolute URI, it is not allowed when the 'uri' property is already an absolute URI.</value>
   </data>
   <data name="SARIF1004_ExpressUriBaseIdsCorrectly_FullDescription_Text" xml:space="preserve">
-    <value>Placeholder_SARIF1004_ExpressUriBaseIdsCorrectly_FullDescription_Text</value>
+    <value>When using the 'uriBaseId' property, obey the requirements in the SARIF specification [3.4.4](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317431) that enable it to fulfill its purpose of resolving relative references to absolute locations. In particular:
+
+If an 'artifactLocation' object has a 'uriBaseId' property, its 'uri' property must be a relative reference, because if 'uri' is an absolute URI then 'uriBaseId' serves no purpose.
+
+Every URI reference in 'originalUriBaseIds' must resolve to an absolute URI in the manner described in the SARIF specification [3.14.14](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317498).</value>
   </data>
   <data name="SARIF1005_UriMustBeAbsolute_Error_Default_Text" xml:space="preserve">
     <value>{0}: The value of this property is required to be an absolute URI, but '{1}' is a relative URI reference.</value>

diff --git a/src/Sarif.Multitool/Rules/SARIF1004.ExpressUriBaseIdsCorrectly.cs b/src/Sarif.Multitool/Rules/SARIF1004.ExpressUriBaseIdsCorrectly.cs
@@ -17,7 +17,17 @@ public class ExpressUriBaseIdsCorrectly : SarifValidationSkimmerBase
         public override string Id => RuleId.ExpressUriBaseIdsCorrectly;
 
         /// <summary>
-        /// Placeholder_SARIF1004_ExpressUriBaseIdsCorrectly_FullDescription_Text
+        /// When using the 'uriBaseId' property, obey the requirements in the SARIF specification
+        /// [3.4.4](https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317431)
+        /// that enable it to fulfill its purpose of resolving relative references to absolute locations.
+        /// In particular:
+        ///
+        /// If an 'artifactLocation' object has a 'uriBaseId' property, its 'uri' property must be a
+        /// relative reference, because if 'uri' is an absolute URI then 'uriBaseId' serves no purpose.
+        ///
+        /// Every URI reference in 'originalUriBaseIds' must resolve to an absolute URI in the manner
+        /// described in the SARIF specification
+        /// [3.14.14] (https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html#_Toc34317498).
         /// </summary>
         public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_FullDescription_Text };
 
@@ -31,16 +41,19 @@ public class ExpressUriBaseIdsCorrectly : SarifValidationSkimmerBase
 
         public override FailureLevel DefaultLevel => FailureLevel.Error;
 
-        protected override void Analyze(ArtifactLocation fileLocation, string fileLocationPointer)
+        protected override void Analyze(ArtifactLocation artifactLocation, string artifactLocationPointer)
         {
-            // UriBaseIdRequiresRelativeUri: The 'uri' property of 'fileLocation' must be a relative uri, since 'uriBaseId' is present.
-            if (fileLocation.UriBaseId != null && fileLocation.Uri.IsAbsoluteUri)
+            if (artifactLocation.UriBaseId != null && artifactLocation.Uri.IsAbsoluteUri)
             {
-                //{0}: {1} Placeholder_SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdRequiresRelativeUri_Text
+                // {0}: This 'artifactLocation' object has a 'uriBaseId' property '{1}', but its
+                // 'uri' property '{2}' is an absolute URI. Since the purpose of 'uriBaseId' is
+                // to resolve a relative reference to an absolute URI, it is not allowed when
+                // the 'uri' property is already an absolute URI.
                 LogResult(
-                    fileLocationPointer.AtProperty(SarifPropertyName.Uri),
+                    artifactLocationPointer,
                     nameof(RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdRequiresRelativeUri_Text),
-                    fileLocation.Uri.OriginalString);
+                    artifactLocation.UriBaseId,
+                    artifactLocation.Uri.OriginalString);
             }
         }
 
@@ -80,8 +93,8 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
                     LogResult(
                         pointer,
                         nameof(RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_Error_TopLevelUriBaseIdMustBeAbsolute_Text),
-                        uriString,
-                        uriBaseId);
+                        uriBaseId,
+                        uriString);
                 }
 
                 if (!uriString.EndsWith("/"))
@@ -92,8 +105,8 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
                     LogResult(
                         pointer,
                         nameof(RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustEndWithSlash_Text),
-                        uriString,
-                        uriBaseId);
+                        uriBaseId,
+                        uriString);
                 }
 
                 if (uriString.Split('/').Any(x => x.Equals("..")))
@@ -105,8 +118,8 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
                     LogResult(
                         pointer,
                         nameof(RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainDotDotSegment_Text),
-                        uriString,
-                        uriBaseId);
+                        uriBaseId,
+                        uriString);
                 }
 
                 if (uri.IsAbsoluteUri && (!string.IsNullOrEmpty(uri.Fragment) || !string.IsNullOrEmpty(uri.Query)))
@@ -119,8 +132,8 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
                     LogResult(
                         pointer,
                         nameof(RuleResources.SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainQueryOrFragment_Text),
-                        uriString,
-                        uriBaseId);
+                        uriBaseId,
+                        uriString);
                 }
             }
         }