You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Id: SARIF2004 -- The proposal is to add additional checks to this existing rule.
Name: OptimizeFileSize
Level: warning
Description: Add the following paragraph to the existing rule description:
In addition to the avoiding unnecessary arrays, there are other ways to optimize the size of SARIF log files.
Prefer the result object properties 'ruleId' and 'ruleIndex' to the nested object-valued property 'result.rule', unless the rule comes from a tool component other than the driver (in which case only 'result.rule' can accurately point to the metadata for the rule). The 'ruleId' and 'ruleIndex' properties are shorter and just as clear.
Do not specify the result object's 'analysisTarget' property unless it differs from the result location. The canonical scenario for using 'result.analysisTarget' is a C/C++ language analyzer that is instructed to analyze example.c, and detects a result in the included file example.h. In this case, 'analysisTarget' is example.c, and the result location is in example.h.
User-facing strings:
AvoidDuplicativeAnalysisTarget: {0}: The 'analysisTarget' property '{1}' is unnecessary because it is the same as the result location. Remove the 'analysisTarget' property.
AvoidDuplicativeResultRuleInformation: {0}: This result specifies both 'result.ruleId' and 'result.rule'. Prefer 'result.ruleId' because it is shorter and just as clear.
PreferRuleId: {0}: This result uses the 'rule' property to specify the rule metadata, but the 'ruleId' property suffices because the rule is defined by 'tool.driver'. Prefer 'result.ruleId' because it is shorter and just as clear.
How to resolve
If the relevant rule is defined by tool.driver, then use result.ruleId and result.ruleIndex instead of the nested object result.rule, because the top-level properties make the log file smaller and are just as clear.
Links/Additional Information
See the SARIF spec §3.27.13, "analysisTarget property" for an explanation of when analysisTarget is needed.
See the SARIF spec §3.27.7, "rule property" for guidance on the use of ruleId, ruleIndex, and rule.
The text was updated successfully, but these errors were encountered:
ghost
added
Rule metadata
Id:
SARIF2004-- The proposal is to add additional checks to this existing rule.Name:
OptimizeFileSizeLevel:
warningDescription: Add the following paragraph to the existing rule description:
In addition to the avoiding unnecessary arrays, there are other ways to optimize the size of SARIF log files.
Prefer the result object properties 'ruleId' and 'ruleIndex' to the nested object-valued property 'result.rule', unless the rule comes from a tool component other than the driver (in which case only 'result.rule' can accurately point to the metadata for the rule). The 'ruleId' and 'ruleIndex' properties are shorter and just as clear.
Do not specify the result object's 'analysisTarget' property unless it differs from the result location. The canonical scenario for using 'result.analysisTarget' is a C/C++ language analyzer that is instructed to analyze example.c, and detects a result in the included file example.h. In this case, 'analysisTarget' is example.c, and the result location is in example.h.
User-facing strings:
AvoidDuplicativeAnalysisTarget: {0}: The 'analysisTarget' property '{1}' is unnecessary because it is the same as the result location. Remove the 'analysisTarget' property.AvoidDuplicativeResultRuleInformation: {0}: This result specifies both 'result.ruleId' and 'result.rule'. Prefer 'result.ruleId' because it is shorter and just as clear.PreferRuleId: {0}: This result uses the 'rule' property to specify the rule metadata, but the 'ruleId' property suffices because the rule is defined by 'tool.driver'. Prefer 'result.ruleId' because it is shorter and just as clear.How to resolve
If the relevant rule is defined by tool.driver, then use
result.ruleIdandresult.ruleIndexinstead of the nested objectresult.rule, because the top-level properties make the log file smaller and are just as clear.Links/Additional Information
See the SARIF spec §3.27.13, "analysisTarget property" for an explanation of when
analysisTargetis needed.See the SARIF spec §3.27.7, "rule property" for guidance on the use of
ruleId,ruleIndex, andrule.The text was updated successfully, but these errors were encountered: