Support semanticVersion and dottedQuadFileVersion fields in SARIF files

[Copilot]

Pull Request

Description

CodeQL SARIF files report versions using semanticVersion rather than version, causing tools to display "Unknown" for the version. SARIF 2.1.0 spec defines three version fields in the driver object.

Implementation

• Extracted version parsing into ExtractToolVersion method
• Implements field priority: version → semanticVersion → dottedQuadFileVersion
• Falls back to next field when current field is empty/whitespace
• Returns "Unknown" only when all fields are absent

Example

{
  "tool": {
    "driver": {
      "name": "CodeQL",
      "semanticVersion": "2.15.0"
    }
  }
}

Before: Tool: CodeQL Unknown
After: Tool: CodeQL 2.15.0

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code quality improvement

Related Issues

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All tests pass: dotnet test --configuration Release
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

Please run the following checks before submitting:

• Spell checker passes: cspell "**/*.{md,cs}"
• Markdown linter passes: markdownlint "**/*.md"
• YAML linter passes: yamllint '**/*.{yml,yaml}'

Testing

• Added unit tests for new functionality
• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated README.md (if applicable)
• Updated ARCHITECTURE.md (if applicable)
• Added code examples for new features (if applicable)
• Updated requirements.yaml (if applicable)

Additional Notes

Added 7 unit tests covering:

• Individual version field extraction
• Priority handling when multiple fields present
• Empty field fallback behavior

Tests validate against existing SARIF-003 requirement for tool information extraction.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature]: Tool Version Parsing</issue_title>
<issue_description>### Problem Statement

CodeQL SARIF files don't have the tool version reported

Proposed Solution

CodeQL SARIF files report their version using the semanticVersion field, which doesn't appear to be processed.

SarifMark should work with SARIF files that use either the "version" or "semanticVersion", or possibly even the "dottedQuadFileVersion" field. I'm guessing the "version" field should preferentially be used so it gets the native version of the tool, but should fall back to the other version fields if necessary.

Alternatives Considered

No response

Usage Examples

Benefits

Improved version detection.

Priority

Low - Nice to have

Willingness to Contribute

Yes, I can submit a pull request

Additional Context

No response

Checklist

• I have searched existing issues to ensure this is not a duplicate
• I have provided a clear description of the feature
• I have explained why this feature would be useful</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature]: Tool Version Parsing #34

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.