From 7b75ca47dd87e22893f1361d761ced1d4040f1e1 Mon Sep 17 00:00:00 2001 From: "Michael C. Fanning" Date: Wed, 25 Jan 2023 16:44:47 -0800 Subject: [PATCH 1/5] Provide support for logging rules data to extensions objects. --- src/Sarif.Driver/Sdk/AggregatingLogger.cs | 4 +- src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs | 4 +- .../Sdk/MultithreadedAnalyzeCommandBase.cs | 34 ++++---- src/Sarif.Driver/Sdk/Skimmer.cs | 4 + src/Sarif/Core/ReportingDescriptor.cs | 1 - src/Sarif/Core/Tool.cs | 8 +- src/Sarif/IAnalysisLogger.cs | 2 +- src/Sarif/Writers/CacheByFileHashLogger.cs | 18 ++-- src/Sarif/Writers/CachingLogger.cs | 12 +-- src/Sarif/Writers/ConsoleLogger.cs | 2 +- src/Sarif/Writers/SarifLogger.cs | 83 ++++++++++++++++++- .../Writers/CachingLoggerTests.cs | 14 ++-- .../Writers/SarifLoggerTests.cs | 16 ++-- src/Test.Utilities.Sarif/TestMessageLogger.cs | 2 +- 14 files changed, 145 insertions(+), 59 deletions(-) diff --git a/src/Sarif.Driver/Sdk/AggregatingLogger.cs b/src/Sarif.Driver/Sdk/AggregatingLogger.cs index fd55273d8..73fc50e2e 100644 --- a/src/Sarif.Driver/Sdk/AggregatingLogger.cs +++ b/src/Sarif.Driver/Sdk/AggregatingLogger.cs @@ -53,11 +53,11 @@ public void AnalyzingTarget(IAnalysisContext context) } } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) { foreach (IAnalysisLogger logger in Loggers) { - logger.Log(rule, result); + logger.Log(rule, result, toolComponent); } } diff --git a/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs b/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs index bd8cd5036..43d8eecc9 100644 --- a/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs +++ b/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs @@ -631,7 +631,7 @@ protected virtual TContext DetermineApplicabilityAndAnalyze( if ((options.DataToInsert.ToFlags() & OptionallyEmittedData.Hashes) != 0) { - _cacheByFileHashLogger.HashToResultsMap.TryGetValue(context.Hashes.Sha256, out List> cachedResultTuples); + _cacheByFileHashLogger.HashToResultsMap.TryGetValue(context.Hashes.Sha256, out List> cachedResultTuples); _cacheByFileHashLogger.HashToNotificationsMap.TryGetValue(context.Hashes.Sha256, out List cachedNotifications); bool replayCachedData = (cachedResultTuples != null || cachedNotifications != null); @@ -642,7 +642,7 @@ protected virtual TContext DetermineApplicabilityAndAnalyze( if (cachedResultTuples != null) { - foreach (Tuple cachedResultTuple in cachedResultTuples) + foreach (Tuple cachedResultTuple in cachedResultTuples) { Result clonedResult = cachedResultTuple.Item2.DeepClone(); ReportingDescriptor cachedReportingDescriptor = cachedResultTuple.Item1; diff --git a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs index a178dfec5..0f4764c5f 100644 --- a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs +++ b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs @@ -30,7 +30,6 @@ public abstract class MultithreadedAnalyzeCommandBase : Plug internal ConsoleLogger _consoleLogger; private Run _run; - private Tool _tool; private bool _computeHashes; internal TContext _rootContext; private int _fileContextsCount; @@ -48,6 +47,8 @@ public abstract class MultithreadedAnalyzeCommandBase : Plug public static bool RaiseUnhandledExceptionInDriverCode { get; set; } + protected virtual Tool Tool { get; set; } + public virtual FileFormat ConfigurationFormat => FileFormat.Json; protected MultithreadedAnalyzeCommandBase(IFileSystem fileSystem = null) @@ -153,12 +154,16 @@ private void Analyze(TOptions analyzeOptions, AggregatingLogger logger) // the command line parser library is capable of. ValidateOptions(analyzeOptions, _rootContext); - // 5. Initialize report file, if configured. - InitializeOutputFile(analyzeOptions, _rootContext); - - // 6. Instantiate skimmers. + // 5. Instantiate skimmers. We need to do this before initializing + // the output file so that we can preconstruct the tool + // extensions data written to the SARIF file. Due to this ordering, + // we won't emit any failures or notifications in this operation + // to the log file itself: it will only appear in console output. ISet> skimmers = CreateSkimmers(analyzeOptions, _rootContext); + // 6. Initialize report file, if configured. + InitializeOutputFile(analyzeOptions, _rootContext); + // 7. Initialize configuration. This step must be done after initializing // the skimmers, as rules define their specific context objects and // so those assemblies must be loaded. @@ -328,14 +333,15 @@ private async Task LogScanResultsAsync(TContext rootContext) private static void LogCachingLogger(TContext rootContext, TContext context, bool clone = false) { var cachingLogger = (CachingLogger)context.Logger; - IDictionary> results = cachingLogger.Results; + IDictionary>> results = cachingLogger.Results; if (results?.Count > 0) { - foreach (KeyValuePair> kv in results) + foreach (KeyValuePair>> kv in results) { - foreach (Result result in kv.Value) + foreach (Tuple tuple in kv.Value) { + Result result = tuple.Item1; Result currentResult = result; if (clone) { @@ -346,7 +352,7 @@ private static void LogCachingLogger(TContext rootContext, TContext context, boo currentResult = clonedResult; } - rootContext.Logger.Log(kv.Key, currentResult); + rootContext.Logger.Log(kv.Key, currentResult, tuple.Item2); } } } @@ -641,13 +647,13 @@ protected virtual void ValidateOptions(TOptions options, TContext context) internal AggregatingLogger InitializeLogger(AnalyzeOptionsBase analyzeOptions) { - _tool = Tool.CreateFromAssemblyData(); + Tool ??= Tool.CreateFromAssemblyData(); var logger = new AggregatingLogger(); if (!analyzeOptions.Quiet) { - _consoleLogger = new ConsoleLogger(analyzeOptions.Quiet, _tool.Driver.Name, analyzeOptions.Level, analyzeOptions.Kind) { CaptureOutput = _captureConsoleOutput }; + _consoleLogger = new ConsoleLogger(analyzeOptions.Quiet, Tool.Driver.Name, analyzeOptions.Level, analyzeOptions.Kind) { CaptureOutput = _captureConsoleOutput }; logger.Loggers.Add(_consoleLogger); } @@ -740,7 +746,7 @@ protected virtual void InitializeConfiguration(TOptions options, TContext contex } } - private void InitializeOutputFile(TOptions analyzeOptions, TContext context) + public virtual void InitializeOutputFile(TOptions analyzeOptions, TContext context) { string filePath = analyzeOptions.OutputFilePath; var aggregatingLogger = (AggregatingLogger)context.Logger; @@ -773,7 +779,7 @@ private void InitializeOutputFile(TOptions analyzeOptions, TContext context) logFilePersistenceOptions, dataToInsert, dataToRemove, - tool: _tool, + tool: Tool, run: _run, analysisTargets: null, quiet: analyzeOptions.Quiet, @@ -789,7 +795,7 @@ private void InitializeOutputFile(TOptions analyzeOptions, TContext context) logFilePersistenceOptions, dataToInsert, dataToRemove, - tool: _tool, + tool: Tool, run: _run, analysisTargets: null, invocationTokensToRedact: GenerateSensitiveTokensList(), diff --git a/src/Sarif.Driver/Sdk/Skimmer.cs b/src/Sarif.Driver/Sdk/Skimmer.cs index 075ef3bde..6797c3a2f 100644 --- a/src/Sarif.Driver/Sdk/Skimmer.cs +++ b/src/Sarif.Driver/Sdk/Skimmer.cs @@ -27,6 +27,8 @@ public Skimmer() public virtual bool EnabledByDefault => true; + public virtual ReportingDescriptorReference ReportingDescriptorReference { get; set; } + public virtual ISet IncompatibleRuleIds { get; internal set; } public override IDictionary MessageStrings @@ -47,6 +49,8 @@ private Dictionary InitializeMultiformatMessag : RuleUtilities.BuildDictionary(ResourceManager, MessageResourceNames, ruleId: Id); } + public ToolComponent Extension { get; set; } + public override string Id => throw new InvalidOperationException($"The {nameof(Id)} property must be overridden in the SkimmerBase-derived class."); public override MultiformatMessageString FullDescription => throw new InvalidOperationException($"The {nameof(FullDescription)} property must be overridden in the SkimmerBase-derived class."); diff --git a/src/Sarif/Core/ReportingDescriptor.cs b/src/Sarif/Core/ReportingDescriptor.cs index a5d63f87e..d104a5077 100644 --- a/src/Sarif/Core/ReportingDescriptor.cs +++ b/src/Sarif/Core/ReportingDescriptor.cs @@ -22,7 +22,6 @@ public string Moniker return moniker; } } - public string Format(string messageId, IEnumerable arguments) { return string.Format(CultureInfo.CurrentCulture, this.MessageStrings[messageId].Text, arguments.ToArray()); diff --git a/src/Sarif/Core/Tool.cs b/src/Sarif/Core/Tool.cs index b7a546703..52166d4b1 100644 --- a/src/Sarif/Core/Tool.cs +++ b/src/Sarif/Core/Tool.cs @@ -28,10 +28,10 @@ public static Tool CreateFromAssemblyData(Assembly assembly = null, string prere string dottedQuadFileVersion = null; - FileVersionInfo fileVersion = FileVersionInfo.GetVersionInfo(assembly.Location); + var fileVersion = FileVersionInfo.GetVersionInfo(assembly.Location); if (fileVersion.FileVersion != version.ToString()) { - dottedQuadFileVersion = ParseFileVersion(fileVersion.FileVersion); + dottedQuadFileVersion = ParseFileVersion(version.ToString()); } Tool tool = new Tool @@ -40,9 +40,9 @@ public static Tool CreateFromAssemblyData(Assembly assembly = null, string prere { Name = name, FullName = name + " " + version.ToString() + (prereleaseInfo ?? ""), - Version = version.ToString(), + Version = fileVersion.FileVersion, DottedQuadFileVersion = dottedQuadFileVersion, - SemanticVersion = version.Major.ToString() + "." + version.Minor.ToString() + "." + version.Build.ToString(), + SemanticVersion = fileVersion.ProductVersion, Organization = string.IsNullOrEmpty(fileVersion.CompanyName) ? null : fileVersion.CompanyName, Product = string.IsNullOrEmpty(fileVersion.ProductName) ? null : fileVersion.ProductName, } diff --git a/src/Sarif/IAnalysisLogger.cs b/src/Sarif/IAnalysisLogger.cs index 58ec911fc..dfe7b0ee4 100644 --- a/src/Sarif/IAnalysisLogger.cs +++ b/src/Sarif/IAnalysisLogger.cs @@ -16,7 +16,7 @@ public interface IAnalysisLogger /// /// /// - void Log(ReportingDescriptor rule, Result result); + void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null); /// /// Log a notification that describes a runtime condition detected by the tool. diff --git a/src/Sarif/Writers/CacheByFileHashLogger.cs b/src/Sarif/Writers/CacheByFileHashLogger.cs index 700b48ed0..7d35c8a5d 100644 --- a/src/Sarif/Writers/CacheByFileHashLogger.cs +++ b/src/Sarif/Writers/CacheByFileHashLogger.cs @@ -21,7 +21,7 @@ public class CacheByFileHashLogger : BaseLogger, IAnalysisLogger private string currentFileHash; public Dictionary> HashToNotificationsMap { get; private set; } - public Dictionary>> HashToResultsMap { get; private set; } + public Dictionary>> HashToResultsMap { get; private set; } public CacheByFileHashLogger(IEnumerable levels, IEnumerable kinds) : base(levels, kinds) { @@ -30,7 +30,7 @@ public CacheByFileHashLogger(IEnumerable levels, IEnumerable>(); - HashToResultsMap = new Dictionary>>(); + HashToResultsMap = new Dictionary>>(); } public void AnalysisStopped(RuntimeConditions runtimeConditions) @@ -52,11 +52,11 @@ public void AnalyzingTarget(IAnalysisContext context) { cacheLoggingData = true; HashToNotificationsMap[currentFileHash] = new List(); - HashToResultsMap[currentFileHash] = new List>(); + HashToResultsMap[currentFileHash] = new List>(); } } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null) { if (!cacheLoggingData) { return; } @@ -65,16 +65,16 @@ public void Log(ReportingDescriptor rule, Result result) return; } - CacheResult(rule, result); + CacheResult(rule, result, toolComponent); } - private void CacheResult(ReportingDescriptor rule, Result result) + private void CacheResult(ReportingDescriptor rule, Result result, ToolComponent toolComponent) { - if (!HashToResultsMap.TryGetValue(currentFileHash, out List> results)) + if (!HashToResultsMap.TryGetValue(currentFileHash, out List> results)) { - results = HashToResultsMap[currentFileHash] = new List>(); + results = HashToResultsMap[currentFileHash] = new List>(); } - results.Add(new Tuple(rule, result)); + results.Add(new Tuple(rule, result, toolComponent)); } public void LogConfigurationNotification(Notification notification) diff --git a/src/Sarif/Writers/CachingLogger.cs b/src/Sarif/Writers/CachingLogger.cs index 1ad2f1b5c..e452d2826 100644 --- a/src/Sarif/Writers/CachingLogger.cs +++ b/src/Sarif/Writers/CachingLogger.cs @@ -22,7 +22,7 @@ public CachingLogger(IEnumerable levels, IEnumerable k _semaphore = new SemaphoreSlim(initialCount: 1, maxCount: 1); } - public IDictionary> Results { get; set; } + public IDictionary>> Results { get; set; } public IList ConfigurationNotifications { get; set; } @@ -49,7 +49,7 @@ public void AnalyzingTarget(IAnalysisContext context) _semaphore.Wait(); } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) { if (rule == null) { @@ -76,13 +76,13 @@ public void Log(ReportingDescriptor rule, Result result) throw new ArgumentException($"rule.Id is not equal to result.RuleId ({rule.Id} != {result.RuleId})"); } - Results ??= new Dictionary>(); + Results ??= new Dictionary>>(); - if (!Results.TryGetValue(rule, out IList results)) + if (!Results.TryGetValue(rule, out IList> results)) { - results = Results[rule] = new List(); + results = Results[rule] = new List>(); } - results.Add(result); + results.Add(new Tuple(result, toolComponent)); } public void LogConfigurationNotification(Notification notification) diff --git a/src/Sarif/Writers/ConsoleLogger.cs b/src/Sarif/Writers/ConsoleLogger.cs index 3ef6a1420..d39277199 100644 --- a/src/Sarif/Writers/ConsoleLogger.cs +++ b/src/Sarif/Writers/ConsoleLogger.cs @@ -93,7 +93,7 @@ public void AnalyzingTarget(IAnalysisContext context) context.TargetUri.GetFileName())); } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null) { if (result == null) { diff --git a/src/Sarif/Writers/SarifLogger.cs b/src/Sarif/Writers/SarifLogger.cs index de1f6bbb9..9c21b4064 100644 --- a/src/Sarif/Writers/SarifLogger.cs +++ b/src/Sarif/Writers/SarifLogger.cs @@ -98,7 +98,9 @@ public SarifLogger(TextWriter textWriter, _jsonTextWriter.CloseOutput = _closeWriterOnDispose; _issueLogJsonWriter = new ResultLogJsonWriter(_jsonTextWriter); + RuleToReportingDescriptorReferenceMap = new Dictionary(ReportingDescriptor.ValueComparer); RuleToIndexMap = new Dictionary(ReportingDescriptor.ValueComparer); + ExtensionGuidToIndexMap = new Dictionary(); if (dataToInsert.HasFlag(OptionallyEmittedData.Hashes)) { @@ -132,7 +134,19 @@ public SarifLogger(TextWriter textWriter, _issueLogJsonWriter.Initialize(_run); // Map existing Rules to ensure duplicates aren't created - if (_run.Tool.Driver?.Rules != null) + if (_run.Tool.Extensions != null) + { + RecordRules(extensionIndex: null, _run.Tool.Driver); + + for (int extensionIndex = 0; extensionIndex < _run.Tool.Extensions.Count; ++extensionIndex) + { + ToolComponent extension = _run.Tool.Extensions[extensionIndex]; + ExtensionGuidToIndexMap[extension.Guid.Value] = extensionIndex; + RecordRules(extensionIndex, extension); + } + + } + else if (_run.Tool.Driver?.Rules != null) { for (int i = 0; i < _run.Tool.Driver.Rules.Count; ++i) { @@ -141,6 +155,28 @@ public SarifLogger(TextWriter textWriter, } } + private void RecordRules(int? extensionIndex, ToolComponent toolComponent) + { + if (toolComponent.Rules == null) { return; } + + for (int ruleIndex = 0; ruleIndex < toolComponent.Rules.Count; ruleIndex++) + { + ReportingDescriptor rule = toolComponent.Rules[ruleIndex]; + RuleToReportingDescriptorReferenceMap[rule] = + new ReportingDescriptorReference + { + Id = rule.Id, + Index = ruleIndex, + ToolComponent = extensionIndex != null + ? new ToolComponentReference + { + Index = extensionIndex.Value, + } + : null, + }; + } + } + private void EnhanceRun(IEnumerable analysisTargets, OptionallyEmittedData dataToInsert, OptionallyEmittedData dataToRemove, @@ -230,7 +266,10 @@ private void EnhanceRun(IEnumerable analysisTargets, public IDictionary AnalysisTargetToHashDataMap { get; } + public IDictionary RuleToReportingDescriptorReferenceMap { get; } + public IDictionary RuleToIndexMap { get; } + public Dictionary ExtensionGuidToIndexMap { get; } public bool ComputeFileHashes => _dataToInsert.HasFlag(OptionallyEmittedData.Hashes); @@ -289,7 +328,7 @@ public void AnalysisStopped(RuntimeConditions runtimeConditions) } } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) { if (rule == null) { @@ -316,7 +355,14 @@ public void Log(ReportingDescriptor rule, Result result) return; } - result.RuleIndex = LogRule(rule); + if (toolComponent == null) + { + result.RuleIndex = LogRule(rule); + } + else + { + result.Rule = LogRule(rule, toolComponent); + } CaptureFilesInResult(result); @@ -341,6 +387,37 @@ private int LogRule(ReportingDescriptor rule) return ruleIndex; } + private ReportingDescriptorReference LogRule(ReportingDescriptor rule, ToolComponent toolComponent) + { + if (!RuleToReportingDescriptorReferenceMap.TryGetValue(rule, out ReportingDescriptorReference reference)) + { + toolComponent.Rules ??= new OrderSensitiveValueComparisonList(ReportingDescriptor.ValueComparer); + int index = toolComponent.Rules.Count; + toolComponent.Rules.Add(rule); + + if (!ExtensionGuidToIndexMap.TryGetValue(toolComponent.Guid.Value, out int extensionIndex)) + { + extensionIndex = _run.Tool.Extensions.Count; + ExtensionGuidToIndexMap[toolComponent.Guid.Value] = extensionIndex; + _run.Tool.Extensions.Add(toolComponent); + } + + reference = new ReportingDescriptorReference + { + Index = index, + Id = rule.Id, + ToolComponent = new ToolComponentReference + { + Index = extensionIndex, + } + }; + + RuleToReportingDescriptorReferenceMap[rule] = reference; + } + + return reference; + } + private void CaptureFilesInResult(Result result) { if (result.AnalysisTarget != null) diff --git a/src/Test.UnitTests.Sarif/Writers/CachingLoggerTests.cs b/src/Test.UnitTests.Sarif/Writers/CachingLoggerTests.cs index 3704a5b6b..d0e7e1537 100644 --- a/src/Test.UnitTests.Sarif/Writers/CachingLoggerTests.cs +++ b/src/Test.UnitTests.Sarif/Writers/CachingLoggerTests.cs @@ -46,24 +46,24 @@ public void CachingLogger_EmitResultsCorrectlyBasedOnRules() var logger = new CachingLogger(testAnalyzeOptions.Level, testAnalyzeOptions.Kind); - Assert.Throws(() => logger.Log(null, result01)); - Assert.Throws(() => logger.Log(rule01, null)); + Assert.Throws(() => logger.Log(null, result01, null)); + Assert.Throws(() => logger.Log(rule01, null, null)); rule01.Id = "TEST0001"; result01.RuleId = "TEST0002"; - Assert.Throws(() => logger.Log(rule01, result01)); + Assert.Throws(() => logger.Log(rule01, result01, null)); rule01.Id = "TEST0001"; result01.RuleId = "TEST0001"; // Validate simple insert - logger.Log(rule01, result01); + logger.Log(rule01, result01, null); logger.Results.Should().HaveCount(1); logger.Results.Should().ContainKey(rule01); // Updating value from a specific key - logger.Log(rule01, result01); + logger.Log(rule01, result01, null); logger.Results.Should().HaveCount(1); logger.Results.Should().ContainKey(rule01); logger.Results[rule01].Should().HaveCount(2); @@ -83,12 +83,12 @@ public void CachingLogger_ShouldEmitCorrectlyWhenResultContainsSubId() result01.RuleId = "TEST0001/001"; // Validate simple insert - logger.Log(rule01, result01); + logger.Log(rule01, result01, null); logger.Results.Should().HaveCount(1); logger.Results.Should().ContainKey(rule01); // Updating value from a specific key - logger.Log(rule01, result01); + logger.Log(rule01, result01, null); logger.Results.Should().HaveCount(1); logger.Results.Should().ContainKey(rule01); logger.Results[rule01].Should().HaveCount(2); diff --git a/src/Test.UnitTests.Sarif/Writers/SarifLoggerTests.cs b/src/Test.UnitTests.Sarif/Writers/SarifLoggerTests.cs index 34bb664b1..e98e8c093 100644 --- a/src/Test.UnitTests.Sarif/Writers/SarifLoggerTests.cs +++ b/src/Test.UnitTests.Sarif/Writers/SarifLoggerTests.cs @@ -60,7 +60,7 @@ private static void StreamOwnershipHelper(bool closeWriterOnDispose) kinds: new List { ResultKind.Fail })) { logger.Log(new ReportingDescriptor { Id = "MyId" }, - new Result { Message = new Message { Text = "My text" }, RuleId = "MyId" }); + new Result { Message = new Message { Text = "My text" }, RuleId = "MyId" }, null); } // Important. Force streamwriter to commit everything. @@ -455,7 +455,7 @@ public void SarifLogger_WritesFileContentsForAnalysisTargets() levels: new List { FailureLevel.Warning, FailureLevel.Error }, kinds: new List { ResultKind.Fail })) { - sarifLogger.Log(rule, result); + sarifLogger.Log(rule, result, null); } // The logger should have populated the artifact contents. @@ -624,7 +624,7 @@ public void SarifLogger_ScrapesFilesFromResult() } }; - sarifLogger.Log(rule, result); + sarifLogger.Log(rule, result, null); } } @@ -756,7 +756,7 @@ public void SarifLogger_AcceptsSubrulesInResultRuleId() var rule = new ReportingDescriptor { Id = "RuleId" }; var result = new Result { RuleId = "RuleId/1" }; - Action action = () => sarifLogger.Log(rule, result); + Action action = () => sarifLogger.Log(rule, result, null); action.Should().NotThrow(); } } @@ -870,7 +870,7 @@ public void SarifLogger_AcceptsOverrideOfDefaultEncoding() private void LogSimpleResult(SarifLogger sarifLogger) { ReportingDescriptor rule = new ReportingDescriptor { Id = "RuleId" }; - sarifLogger.Log(rule, CreateSimpleResult(rule)); + sarifLogger.Log(rule, CreateSimpleResult(rule), null); } private Result CreateSimpleResult(ReportingDescriptor rule) @@ -927,7 +927,7 @@ public void SarifLogger_ConsumesFileRegionsCache() OptionallyEmittedData dataToInsert = OptionallyEmittedData.ComprehensiveRegionProperties | OptionallyEmittedData.ContextRegionSnippets; var sarifLogger = new SarifLogger(writer, fileRegionsCache: fileRegionsCache, dataToInsert: dataToInsert); - sarifLogger.Log(rule, result); + sarifLogger.Log(rule, result, null); region = new Region() { StartLine = 2 }; Region expectedRegion = fileRegionsCache.PopulateTextRegionProperties(region, uri, populateSnippet: true, fileText); @@ -958,7 +958,7 @@ public void SarifLogger_ResultAndRuleIdMismatch() Message = new Message { Text = "test message" } }; - Assert.Throws(() => sarifLogger.Log(rule, result)); + Assert.Throws(() => sarifLogger.Log(rule, result, null)); } } @@ -1192,7 +1192,7 @@ private static SarifLog CreateSarifLog(List allKindLevelCombinations, Re { foreach (Result r in allKindLevelCombinations) { - sarifLogger.Log(rule, r); + sarifLogger.Log(rule, r, null); } } } diff --git a/src/Test.Utilities.Sarif/TestMessageLogger.cs b/src/Test.Utilities.Sarif/TestMessageLogger.cs index daad7fe78..af83d024f 100644 --- a/src/Test.Utilities.Sarif/TestMessageLogger.cs +++ b/src/Test.Utilities.Sarif/TestMessageLogger.cs @@ -43,7 +43,7 @@ public void AnalyzingTarget(IAnalysisContext context) { } - public void Log(ReportingDescriptor rule, Result result) + public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) { NoteTestResult(result.Kind, result.Locations.First().PhysicalLocation.ArtifactLocation.Uri.LocalPath); } From 004000e8457c8ec59e30d46313649bc911c2d208 Mon Sep 17 00:00:00 2001 From: "Michael C. Fanning" Date: Wed, 25 Jan 2023 17:27:34 -0800 Subject: [PATCH 2/5] Update release notes, fix implicit type conversions. --- src/ReleaseHistory.md | 819 +++++++++--------- src/Samples/Sarif.Sdk.Sample/Program.cs | 2 +- src/Samples/SarifTrim/Program.cs | 2 +- .../Sdk/MultithreadedAnalyzeCommandBase.cs | 4 +- src/Sarif/Writers/CachingLogger.cs | 2 +- src/Sarif/Writers/SarifLogger.cs | 2 +- 6 files changed, 412 insertions(+), 419 deletions(-) diff --git a/src/ReleaseHistory.md b/src/ReleaseHistory.md index bf14b84ac..a21b4f30f 100644 --- a/src/ReleaseHistory.md +++ b/src/ReleaseHistory.md @@ -1,429 +1,422 @@ # SARIF Package Release History (SDK, Driver, Converters, and Multitool) ## **v3.2.0** (UNRELEASED) - -* FEATURE: Allow per-line rolling (partial) hash computation for a file. [#2605](https://github.com/microsoft/sarif-sdk/pull/2605) -* BREAKING: Rename `--normalize-for-github` argument to `--normalize-for-ghas` for `convert` command and mark `--normalize-for-github` as obsolete. [#2581](https://github.com/microsoft/sarif-sdk/pull/2581) -* BREAKING: Update `IAnalysisContext.LogToolNotification` method to add `ReportingDescriptor` parameter. This is required in order to populated `AssociatedRule` data in `Notification` instances. The new method has an option value of null for the `associatedRule` parameter to maximize build compatibility. [#2604](https://github.com/microsoft/sarif-sdk/pull/2604) -* BREAKING: Correct casing of `LogMissingreportingConfiguration` helper to `LogMissingReportingConfiguration`. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* BREAKING: Change type of `MaxFileSizeInKilobytes` from int to long in `IAnalysisContext` and other classes. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* BREAKING: For `Guid` properties defined in SARIF spec, updated Json schema to use `uuid`, and updated C# object model to use `Guid?` instead of `string`. [#2555](https://github.com/microsoft/sarif-sdk/pull/2555) -* BREAKING: Mark `AnalyzeCommandBase` as obsolete. This type will be removed in the next significant update. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* BREAKING: `LogUnhandledEngineException` no longer has a return value (and updates the `RuntimeErrors` context property directly as other helpers do). [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* BUGFIX : Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* BUGFIX : Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. [#2600](https://github.com/microsoft/sarif-sdk/pull/2600) -* BUGFIX : Another attempt to resolve 'InvalidOperationException' with message `Collection was modified; enumeration operation may not execute` in `MultithreadedAnalyzeCommandBase`, raised when analyzing with the `--hashes` switch. [#2459](https://github.com/microsoft/sarif-sdk/pull/2549). There was a previous attempt to fix this in [#2447](https://github.com/microsoft/sarif-sdk/pull/2447). -* BUGFIX : Resolve issue where `match-results-forward` command fails to generate VersionControlDetails data. [#2487](https://github.com/microsoft/sarif-sdk/pull/2487) -* BUGFIX : Remove duplicated rule definitions when executing `match-results-forward` commands for results with sub-rule ids. [#2486](https://github.com/microsoft/sarif-sdk/pull/2486) -* BUGFIX : Update `merge` command to properly produce runs by tool and version when passed the `--merge-runs` argument. [#2488](https://github.com/microsoft/sarif-sdk/pull/2488) -* BUGFIX : Eliminate `IOException` and `DirectoryNotFoundException` exceptions thrown by `merge` command when splitting by rule (due to invalid file characters in rule ids). [#2513](https://github.com/microsoft/sarif-sdk/pull/2513) -* BUGFIX : Fix classes inside NotYetAutoGenerated folder missing `virtual` keyword for public methods and properties, by regenerate and manually sync the changes. [#2537](https://github.com/microsoft/sarif-sdk/pull/2537) -* BUGFIX : MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. [#2579](https://github.com/microsoft/sarif-sdk/pull/2579) -* BUGFIX : Eliminate `NullReferenceException` when file hashing fails (due to file locked or other errors reading the file). [#2596](https://github.com/microsoft/sarif-sdk/pull/2596) -* FEATURE : Provide `PluginDriver` property (`AdditionalOptionsProvider`) that allows additional options to be exported (typically for command-line arguments). [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* FEATURE : Provide `LogFileSkippedDueToSize` that fires a warning notification if any file is skipped due to exceeding size threshold. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* FEATURE : Provide overridable `ShouldEnqueue` predicate method to filter files from driver processing. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) -* FEATURE : Provide overridable `ShouldComputeHashes` predicate method to prevent files from hashing. [#2601](https://github.com/microsoft/sarif-sdk/pull/2601) -* FEATURE : Allow external set of `MaxFileSizeInKilobytes`, which will allow SDK users to change the value. (Default value is 1024) [#2578](https://github.com/microsoft/sarif-sdk/pull/2578) -* FEATURE : Add a Github validation rule `GH1007`, which requires flattened result message so GHAS code scanning can ingest the log. [#2580](https://github.com/microsoft/sarif-sdk/issues/2580) -* FEATURE : Provide mechanism to populate `SarifLogger` with a `FileRegionsCache` instance. -* FEATURE : Allow initialization of file regions cache in `InsertOptionalDataVisitor` (previously initialized exclusively from `FileRegionsCache.Instance`). -* FEATURE : Provide 'RuleScanTime` trace and emitted timing data. Provide `ScanExecution` trace with no utilization. -* FEATURE : Populate associated rule data in `LogToolNotification` as called from `SarifLogger`. [#2604](https://github.com/microsoft/sarif-sdk/pull/2604) -* FEATURE : Add `--normalize-for-ghas` argument to the `rewrite` command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. [#2581](https://github.com/microsoft/sarif-sdk/pull/2581) +* BRK: `SarifLogger` updates version details differently. [#2661](https://github.com/microsoft/sarif-sdk/pull/2611) +* BRK: Add `ToolComponent` argument to `IAnalysisLogger.Log(ReportingDescriptor, Result)` method. [#2661](https://github.com/microsoft/sarif-sdk/pull/2611) +* BRK: Rename `--normalize-for-github` argument to `--normalize-for-ghas` for `convert` command and mark `--normalize-for-github` as obsolete. [#2581](https://github.com/microsoft/sarif-sdk/pull/2581) +* BRK: Update `IAnalysisContext.LogToolNotification` method to add `ReportingDescriptor` parameter. This is required in order to populated `AssociatedRule` data in `Notification` instances. The new method has an option value of null for the `associatedRule` parameter to maximize build compatibility. [#2604](https://github.com/microsoft/sarif-sdk/pull/2604) +* BRK: Correct casing of `LogMissingreportingConfiguration` helper to `LogMissingReportingConfiguration`. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* BRK: Change type of `MaxFileSizeInKilobytes` from int to long in `IAnalysisContext` and other classes. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* BRK: For `Guid` properties defined in SARIF spec, updated Json schema to use `uuid`, and updated C# object model to use `Guid?` instead of `string`. [#2555](https://github.com/microsoft/sarif-sdk/pull/2555) +* BRK: Mark `AnalyzeCommandBase` as obsolete. This type will be removed in the next significant update. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* BRK: `LogUnhandledEngineException` no longer has a return value (and updates the `RuntimeErrors` context property directly as other helpers do). [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. [#2600](https://github.com/microsoft/sarif-sdk/pull/2600) +* BUG: Another attempt to resolve 'InvalidOperationException' with message `Collection was modified; enumeration operation may not execute` in `MultithreadedAnalyzeCommandBase`, raised when analyzing with the `--hashes` switch. [#2459](https://github.com/microsoft/sarif-sdk/pull/2549). There was a previous attempt to fix this in [#2447](https://github.com/microsoft/sarif-sdk/pull/2447). +* BUG: Resolve issue where `match-results-forward` command fails to generate VersionControlDetails data. [#2487](https://github.com/microsoft/sarif-sdk/pull/2487) +* BUG: Remove duplicated rule definitions when executing `match-results-forward` commands for results with sub-rule ids. [#2486](https://github.com/microsoft/sarif-sdk/pull/2486) +* BUG: Update `merge` command to properly produce runs by tool and version when passed the `--merge-runs` argument. [#2488](https://github.com/microsoft/sarif-sdk/pull/2488) +* BUG: Eliminate `IOException` and `DirectoryNotFoundException` exceptions thrown by `merge` command when splitting by rule (due to invalid file characters in rule ids). [#2513](https://github.com/microsoft/sarif-sdk/pull/2513) +* BUG: Fix classes inside NotYetAutoGenerated folder missing `virtual` keyword for public methods and properties, by regenerate and manually sync the changes. [#2537](https://github.com/microsoft/sarif-sdk/pull/2537) +* BUG: MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. [#2579](https://github.com/microsoft/sarif-sdk/pull/2579) +* BUG: Eliminate `NullReferenceException` when file hashing fails (due to file locked or other errors reading the file). [#2596](https://github.com/microsoft/sarif-sdk/pull/2596) +* NEW: Provide `PluginDriver` property (`AdditionalOptionsProvider`) that allows additional options to be exported (typically for command-line arguments). [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* NEW: Provide `LogFileSkippedDueToSize` that fires a warning notification if any file is skipped due to exceeding size threshold. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* NEW: Provide overridable `ShouldEnqueue` predicate method to filter files from driver processing. [#2599](https://github.com/microsoft/sarif-sdk/pull/2599) +* NEW: Provide overridable `ShouldComputeHashes` predicate method to prevent files from hashing. [#2601](https://github.com/microsoft/sarif-sdk/pull/2601) +* NEW: Allow external set of `MaxFileSizeInKilobytes`, which will allow SDK users to change the value. (Default value is 1024) [#2578](https://github.com/microsoft/sarif-sdk/pull/2578) +* NEW: Add a Github validation rule `GH1007`, which requires flattened result message so GHAS code scanning can ingest the log. [#2580](https://github.com/microsoft/sarif-sdk/issues/2580) +* NEW: Provide mechanism to populate `SarifLogger` with a `FileRegionsCache` instance. +* NEW: Allow initialization of file regions cache in `InsertOptionalDataVisitor` (previously initialized exclusively from `FileRegionsCache.Instance`). +* NEW: Provide 'RuleScanTime` trace and emitted timing data. Provide `ScanExecution` trace with no utilization. +* NEW: Populate associated rule data in `LogToolNotification` as called from `SarifLogger`. [#2604](https://github.com/microsoft/sarif-sdk/pull/2604) +* NEW: Add `--normalize-for-ghas` argument to the `rewrite` command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. [#2581](https://github.com/microsoft/sarif-sdk/pull/2581) +* NEW: Allow per-line rolling (partial) hash computation for a file. [#2605](https://github.com/microsoft/sarif-sdk/pull/2605) +* NEW: `SarifLogger` now supports extensions rules data when logging (by providing a `ToolComponent` instance to the result logging method). [#2661](https://github.com/microsoft/sarif-sdk/pull/2611) ## **v3.1.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/3.1.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/3.1.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/3.1.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/3.1.0) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/3.1.0) - -* BUGFIX: Loosen `System.Collections.Immutable` minimum version requirement to 1.5.0. [#2504](https://github.com/microsoft/sarif-sdk/pull/2533) +* BUG: Loosen `System.Collections.Immutable` minimum version requirement to 1.5.0. [#2504](https://github.com/microsoft/sarif-sdk/pull/2533) ## **v3.0.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/3.0.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/3.0.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/3.0.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/3.0.0) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/3.0.0) - -* BUGFIX: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations. -* BUGFIX: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk, Sarif.Driver and Sarif.WorkItems requires net461. +* BUG: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations. +* BUG: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk, Sarif.Driver and Sarif.WorkItems requires net461. ## **v2.4.16** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.16) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.16) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.16) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.16) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.16) - -* FEATURE: Add `max-file-size-in-kb` argument that allows filtering scan targets by file size. [#2494](https://github.com/microsoft/sarif-sdk/pull/2494) -* BUGFIX: Fix false positive for `SARIF1002.UrisMustBeValid` for file URIs that omit the `authority`. [#2501](https://github.com/microsoft/sarif-sdk/pull/2501) -* DEPENDENCY BREAKING: SARIF now requires Newtonsoft.JSON 13.0.1. Updating [Newtonsoft.Json](https://www.nuget.org/packages/Newtonsoft.Json/13.0.1) to v13.0.1, [Microsoft.Json.Schema](https://www.nuget.org/packages/Microsoft.Json.Schema) to v1.1.5, [Microsoft.Json.Pointer](https://www.nuget.org/packages/Microsoft.Json.Pointer) to v1.1.5, [Microsoft.Azure.Kusto.Data](https://www.nuget.org/packages/Microsoft.Azure.Kusto.Data) to v10.0.3, [Microsoft.NET.Test.Sdk](https://www.nuget.org/packages/Microsoft.NET.Test.Sdk/17.4.0-preview-20220707-01) to v17.4.0-preview-20220707-01, [Microsoft.Extensions.Logging.ApplicationInsights](https://www.nuget.org/packages/Microsoft.Extensions.Logging.ApplicationInsights/2.20.0) to v.2.20.0, [Microsoft.TeamFoundationServer.Client](https://www.nuget.org/packages/Microsoft.TeamFoundationServer.Client/16.170.0) to v.16.170.0, [Microsoft.Coyote](https://www.nuget.org/packages/Microsoft.Coyote) to v.1.5.8 and [Microsoft.Coyote.Test](https://www.nuget.org/packages/Microsoft.Coyote.Test) to v.1.5.8 in response to [Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json](https://github.com/advisories/GHSA-5crp-9r3c-p9vr). [#2504](https://github.com/microsoft/sarif-sdk/pull/2504) +* BRK: SARIF now requires Newtonsoft.JSON 13.0.1. Updating [Newtonsoft.Json](https://www.nuget.org/packages/Newtonsoft.Json/13.0.1) to v13.0.1, [Microsoft.Json.Schema](https://www.nuget.org/packages/Microsoft.Json.Schema) to v1.1.5, [Microsoft.Json.Pointer](https://www.nuget.org/packages/Microsoft.Json.Pointer) to v1.1.5, [Microsoft.Azure.Kusto.Data](https://www.nuget.org/packages/Microsoft.Azure.Kusto.Data) to v10.0.3, [Microsoft.NET.Test.Sdk](https://www.nuget.org/packages/Microsoft.NET.Test.Sdk/17.4.0-preview-20220707-01) to v17.4.0-preview-20220707-01, [Microsoft.Extensions.Logging.ApplicationInsights](https://www.nuget.org/packages/Microsoft.Extensions.Logging.ApplicationInsights/2.20.0) to v.2.20.0, [Microsoft.TeamFoundationServer.Client](https://www.nuget.org/packages/Microsoft.TeamFoundationServer.Client/16.170.0) to v.16.170.0, [Microsoft.Coyote](https://www.nuget.org/packages/Microsoft.Coyote) to v.1.5.8 and [Microsoft.Coyote.Test](https://www.nuget.org/packages/Microsoft.Coyote.Test) to v.1.5.8 in response to [Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json](https://github.com/advisories/GHSA-5crp-9r3c-p9vr). [#2504](https://github.com/microsoft/sarif-sdk/pull/2504) +* BUG: Fix false positive for `SARIF1002.UrisMustBeValid` for file URIs that omit the `authority`. [#2501](https://github.com/microsoft/sarif-sdk/pull/2501) +* NEW: Add `max-file-size-in-kb` argument that allows filtering scan targets by file size. [#2494](https://github.com/microsoft/sarif-sdk/pull/2494) ## **v2.4.15** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.15) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.15) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.15) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.15) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.15) - -* BUGFIX: Fix `ArgumentNullException` when `PropertiesDictionary` is instantiated with a null comparer. [#2482](https://github.com/microsoft/sarif-sdk/pull/2482) -* BUGFIX: Fix `UnhandledEngineException` when target path does not exist for multithreaded application by validating directories as is done for singlethreaded analysis. [#2461](https://github.com/microsoft/sarif-sdk/pull/2461) +* BUG: Fix `ArgumentNullException` when `PropertiesDictionary` is instantiated with a null comparer. [#2482](https://github.com/microsoft/sarif-sdk/pull/2482) +* BUG: Fix `UnhandledEngineException` when target path does not exist for multithreaded application by validating directories as is done for singlethreaded analysis. [#2461](https://github.com/microsoft/sarif-sdk/pull/2461) ## **v2.4.14** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.14) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.14) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.14) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.14) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.14) - -* BUGFIX: Eliminate dispose of stream and `StreamWriter` arguments passed to `SarifLog.Save` helpers. This would result in `ObjectDisposedException` being raised on attempt to access streams after save. -* BREAKING: `Id` property of `Location` changed from `int`(32bit) to `BigInteger`(unlimited) to fix `Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.` [#2463](https://github.com/microsoft/sarif-sdk/pull/2463) +* BRK: `Id` property of `Location` changed from `int`(32bit) to `BigInteger`(unlimited) to fix `Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.` [#2463](https://github.com/microsoft/sarif-sdk/pull/2463) +* BUG: Eliminate dispose of stream and `StreamWriter` arguments passed to `SarifLog.Save` helpers. This would result in `ObjectDisposedException` being raised on attempt to access streams after save. ## **v2.4.13** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.13) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.13) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.13) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.13) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.13) - -* BREAKING: `AnalyzeCommandBase` previously persisted all scan target artifacts to SARIF logs rather than only persisting artifacts referenced by an analysis result, when an option to persist hashes, text file or binary information was set. `MultithreadedAnalyzeCommandBase` previously persisted all scan targets artifacts to SARIF logs in cases when hash insertion was eenabled rather than only persisting artifacts referenced by an analysis result. [#2433](https://github.com/microsoft/sarif-sdk/pull/2433) -* BUGFIX: Adjust Json Serialization property order for ReportingDescriptor and skip emit empty AutomationDetails node. [#2420](https://github.com/microsoft/sarif-sdk/pull/2420) -* BREAKING: Fix `InvalidOperationException` when using PropertiesDictionary in a multithreaded application, and remove `[Serializable]` from it. Now use of BinaryFormatter on it will result in `SerializationException`: Type `PropertiesDictionary` is not marked as serializable. [#2415](https://github.com/microsoft/sarif-sdk/pull/2415) -* BREAKING: `SarifLogger` now emits an artifacts table entry if `artifactLocation` is not null for tool configuration and tool execution notifications. [#2437](https://github.com/microsoft/sarif-sdk/pull/2437) -* BUGFIX: Fix `ArgumentException` when `--recurse` is enabled and two file target specifiers generates the same file path. [#2438](https://github.com/microsoft/sarif-sdk/pull/2438) -* BUGFIX: Fix 'InvalidOperationException' with message `Collection was modified; enumeration operation may not execute` in `MultithreadedAnalyzeCommandBase`, which is raised when analyzing with the `--hashes` switch. [#2447](https://github.com/microsoft/sarif-sdk/pull/2447) -* BUGFIX: Fix `Merge` command produces empty SARIF file in Linux when providing file name only without path. [#2408](https://github.com/microsoft/sarif-sdk/pull/2408) -* FEATURE: Add `--sort-results` argument to the `rewrite` command to get sorted SARIF results. [#2422](https://github.com/microsoft/sarif-sdk/pull/2422) -* BUGFIX: Fix `NullReferenceException` when filing work item with a SARIF file which has no filable results. [#2412](https://github.com/microsoft/sarif-sdk/pull/2412) -* BUGFIX: Fix missing `endLine` and `endColumn` properties and remove vulnerable packages for ESLint SARIF formatter. [#2458](https://github.com/microsoft/sarif-sdk/pull/2458) +* BRK: `AnalyzeCommandBase` previously persisted all scan target artifacts to SARIF logs rather than only persisting artifacts referenced by an analysis result, when an option to persist hashes, text file or binary information was set. `MultithreadedAnalyzeCommandBase` previously persisted all scan targets artifacts to SARIF logs in cases when hash insertion was eenabled rather than only persisting artifacts referenced by an analysis result. [#2433](https://github.com/microsoft/sarif-sdk/pull/2433) +* BRK: Fix `InvalidOperationException` when using PropertiesDictionary in a multithreaded application, and remove `[Serializable]` from it. Now use of BinaryFormatter on it will result in `SerializationException`: Type `PropertiesDictionary` is not marked as serializable. [#2415](https://github.com/microsoft/sarif-sdk/pull/2415) +* BRK: `SarifLogger` now emits an artifacts table entry if `artifactLocation` is not null for tool configuration and tool execution notifications. [#2437](https://github.com/microsoft/sarif-sdk/pull/2437) +* BUG: Adjust Json Serialization property order for ReportingDescriptor and skip emit empty AutomationDetails node. [#2420](https://github.com/microsoft/sarif-sdk/pull/2420) +* BUG: Fix `ArgumentException` when `--recurse` is enabled and two file target specifiers generates the same file path. [#2438](https://github.com/microsoft/sarif-sdk/pull/2438) +* BUG: Fix 'InvalidOperationException' with message `Collection was modified; enumeration operation may not execute` in `MultithreadedAnalyzeCommandBase`, which is raised when analyzing with the `--hashes` switch. [#2447](https://github.com/microsoft/sarif-sdk/pull/2447) +* BUG: Fix `Merge` command produces empty SARIF file in Linux when providing file name only without path. [#2408](https://github.com/microsoft/sarif-sdk/pull/2408) +* BUG: Fix `NullReferenceException` when filing work item with a SARIF file which has no filable results. [#2412](https://github.com/microsoft/sarif-sdk/pull/2412) +* BUG: Fix missing `endLine` and `endColumn` properties and remove vulnerable packages for ESLint SARIF formatter. [#2458](https://github.com/microsoft/sarif-sdk/pull/2458) +* NEW: Add `--sort-results` argument to the `rewrite` command to get sorted SARIF results. [#2422](https://github.com/microsoft/sarif-sdk/pull/2422) ## **v2.4.12** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.12) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.12) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.12) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.12) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.12) - -* FEATURE: `MultithreadCommandBase` will use cache when hashing is enabled. [#2388](https://github.com/microsoft/sarif-sdk/pull/2388) -* FEATURE: Flow suppressions when baselining. [#2390](https://github.com/microsoft/sarif-sdk/pull/2390) -* BUGFIX: Fix number of results when filing work item. [#2391](https://github.com/microsoft/sarif-sdk/pull/2391) -* FEATURE: Add `suppress` command to multitool. [#2394](https://github.com/microsoft/sarif-sdk/pull/2394) -* BUGFIX: Fix `TryIsSuppressed` logic. [#2395](https://github.com/microsoft/sarif-sdk/pull/2395) +* BUG: Fix number of results when filing work item. [#2391](https://github.com/microsoft/sarif-sdk/pull/2391) +* BUG: Fix `TryIsSuppressed` logic. [#2395](https://github.com/microsoft/sarif-sdk/pull/2395) +* NEW: Add `suppress` command to multitool. [#2394](https://github.com/microsoft/sarif-sdk/pull/2394) +* NEW: `MultithreadCommandBase` will use cache when hashing is enabled. [#2388](https://github.com/microsoft/sarif-sdk/pull/2388) +* NEW: Flow suppressions when baselining. [#2390](https://github.com/microsoft/sarif-sdk/pull/2390) ## **v2.4.11** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.11) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.11) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.11) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.11) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.11) - -* BUGFIX: Fix partitioning visitor log duplication. [#2369](https://github.com/microsoft/sarif-sdk/pull/2369) -* FEATURE: Add `baseline` argument in `AnalyzeCommandBase` classes. [#2371](https://github.com/microsoft/sarif-sdk/pull/2371) -* FEATURE: Clang-Tidy converter will also accept console output log. [#2373](https://github.com/microsoft/sarif-sdk/pull/2373) +* BUG: Fix partitioning visitor log duplication. [#2369](https://github.com/microsoft/sarif-sdk/pull/2369) +* NEW: Add `baseline` argument in `AnalyzeCommandBase` classes. [#2371](https://github.com/microsoft/sarif-sdk/pull/2371) +* NEW: Clang-Tidy converter will also accept console output log. [#2373](https://github.com/microsoft/sarif-sdk/pull/2373) ## **v2.4.10** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.10) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.10) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.10) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.10) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.10) - -* FEATURE: Add Clang-Tidy converter. [#2367](https://github.com/microsoft/sarif-sdk/pull/2367) +* NEW: Add Clang-Tidy converter. [#2367](https://github.com/microsoft/sarif-sdk/pull/2367) ## **v2.4.9** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.9) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.9) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.9) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.9) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.9) -* FEATURE: Report inner exception details if available. [#2357](https://github.com/microsoft/sarif-sdk/pull/2357) -* FEATURE: Add support for git blame. [#2358](https://github.com/microsoft/sarif-sdk/pull/2358) +* NEW: Report inner exception details if available. [#2357](https://github.com/microsoft/sarif-sdk/pull/2357) +* NEW: Add support for git blame. [#2358](https://github.com/microsoft/sarif-sdk/pull/2358) ## **v2.4.8** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.8) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.8) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.8) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.8) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.8) -* BUGFIX: Fix `file-work-item` baselining. [#2344](https://github.com/microsoft/sarif-sdk/pull/2344) -* BUGFIX: Fix `FileRegionsCache` context region construction. [#2348](https://github.com/microsoft/sarif-sdk/pull/2348) +* BUG: Fix `file-work-item` baselining. [#2344](https://github.com/microsoft/sarif-sdk/pull/2344) +* BUG: Fix `FileRegionsCache` context region construction. [#2348](https://github.com/microsoft/sarif-sdk/pull/2348) ## **v2.4.7** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.7) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.7) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.7) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.7) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.7) -* BUGFIX: Fix `SubId` handling in `CachingLogger`. [#2334](https://github.com/microsoft/sarif-sdk/pull/2334) -* FEATURE: Add Hdf converter. [#2340](https://github.com/microsoft/sarif-sdk/pull/2340) -* BUGFIX: Fix max result ingestion from `GitHubIngestionVisitor`. [#2341](https://github.com/microsoft/sarif-sdk/pull/2341) +* BUG: Fix `SubId` handling in `CachingLogger`. [#2334](https://github.com/microsoft/sarif-sdk/pull/2334) +* NEW: Add Hdf converter. [#2340](https://github.com/microsoft/sarif-sdk/pull/2340) +* BUG: Fix max result ingestion from `GitHubIngestionVisitor`. [#2341](https://github.com/microsoft/sarif-sdk/pull/2341) ## **v2.4.6** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.6) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.6) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.6) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.6) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.6) -* FEATURE: Add CWE relationship in FlawFinder converter. [#2332](https://github.com/microsoft/sarif-sdk/pull/2332) -* FEATURE: Add `ResultLevelKind` which will handle `FailureLevel` and `ResultKind`. [#2331](https://github.com/microsoft/sarif-sdk/pull/2331) -* BUGFIX: Fix `GitHelper` logic. [#2327](https://github.com/microsoft/sarif-sdk/pull/2327) +* NEW: Add CWE relationship in FlawFinder converter. [#2332](https://github.com/microsoft/sarif-sdk/pull/2332) +* NEW: Add `ResultLevelKind` which will handle `FailureLevel` and `ResultKind`. [#2331](https://github.com/microsoft/sarif-sdk/pull/2331) +* BUG: Fix `GitHelper` logic. [#2327](https://github.com/microsoft/sarif-sdk/pull/2327) ## **v2.4.5** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.5) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.5) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.5) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.5) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.5) -* BUGFIX: Fix `FileRegionsCache` logic. [#2309](https://github.com/microsoft/sarif-sdk/pull/2309) +* BUG: Fix `FileRegionsCache` logic. [#2309](https://github.com/microsoft/sarif-sdk/pull/2309) ## **v2.4.4** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.4) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.4) -* BUGFIX: Fix performance issue in `CachingLogger`. [#2301](https://github.com/microsoft/sarif-sdk/pull/2301) -* BUGFIX: Fix context dispose while analyzing. [#2303](https://github.com/microsoft/sarif-sdk/pull/2303) -* BUGFIX: Fix export json configuration. [#2305](https://github.com/microsoft/sarif-sdk/pull/2305) -* BUGFIX: Fix thread issues while using `Cache`. [#2306](https://github.com/microsoft/sarif-sdk/pull/2306) +* BUG: Fix performance issue in `CachingLogger`. [#2301](https://github.com/microsoft/sarif-sdk/pull/2301) +* BUG: Fix context dispose while analyzing. [#2303](https://github.com/microsoft/sarif-sdk/pull/2303) +* BUG: Fix export json configuration. [#2305](https://github.com/microsoft/sarif-sdk/pull/2305) +* BUG: Fix thread issues while using `Cache`. [#2306](https://github.com/microsoft/sarif-sdk/pull/2306) ## **v2.4.3** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.3) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.3) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.3) -* BUGFIX: Fix issue when executing sarif.multitool. [#2298](https://github.com/microsoft/sarif-sdk/pull/2298) +* BUG: Fix issue when executing sarif.multitool. [#2298](https://github.com/microsoft/sarif-sdk/pull/2298) ## **v2.4.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.2) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.2) -* FEATURE: `ConstructMultilineContextSnippet` will retrieve a few character after/before to prevent entire file when the file is one line only. [#2288](https://github.com/microsoft/sarif-sdk/pull/2288) -* FEATURE: `baseliner` will consider `locations`. [2290](https://github.com/microsoft/sarif-sdk/pull/2290) -* BUGFIX: Fix AzureDevOps title maxLength. [#2292](https://github.com/microsoft/sarif-sdk/pull/2292) -* FEATURE: Add `PerFingerprint` and `PerPropertyBagProperty` splitting for `file-work-items` command. [#2293](https://github.com/microsoft/sarif-sdk/pull/2293) -* FEATURE: Add `kusto` command in Sarif.Multitool. [#2296](https://github.com/microsoft/sarif-sdk/pull/2296) +* NEW: `ConstructMultilineContextSnippet` will retrieve a few character after/before to prevent entire file when the file is one line only. [#2288](https://github.com/microsoft/sarif-sdk/pull/2288) +* NEW: `baseliner` will consider `locations`. [2290](https://github.com/microsoft/sarif-sdk/pull/2290) +* BUG: Fix AzureDevOps title maxLength. [#2292](https://github.com/microsoft/sarif-sdk/pull/2292) +* NEW: Add `PerFingerprint` and `PerPropertyBagProperty` splitting for `file-work-items` command. [#2293](https://github.com/microsoft/sarif-sdk/pull/2293) +* NEW: Add `kusto` command in Sarif.Multitool. [#2296](https://github.com/microsoft/sarif-sdk/pull/2296) ## **v2.4.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.1) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.1) -* BREAKING: Move `transform` functionality into `rewrite` and delete redundant `transform` command. [#2252](https://github.com/microsoft/sarif-sdk/pull/2252) -* FEATURE: kind, level, insert, and remove options can now be added to from environment variables. [#2273](https://github.com/microsoft/sarif-sdk/pull/2273) -* FEATURE: `Merge` command will de-duplicate results. [#2280](https://github.com/microsoft/sarif-sdk/pull/2280) -* FEATURE: `Merge` command will merge artifacts. [#2285](https://github.com/microsoft/sarif-sdk/pull/2285) +* BRK: Move `transform` functionality into `rewrite` and delete redundant `transform` command. [#2252](https://github.com/microsoft/sarif-sdk/pull/2252) +* NEW: kind, level, insert, and remove options can now be added to from environment variables. [#2273](https://github.com/microsoft/sarif-sdk/pull/2273) +* NEW: `Merge` command will de-duplicate results. [#2280](https://github.com/microsoft/sarif-sdk/pull/2280) +* NEW: `Merge` command will merge artifacts. [#2285](https://github.com/microsoft/sarif-sdk/pull/2285) ## **v2.4.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.4.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.4.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.4.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.4.0) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.4.0) -* BREAKING: Entirely remove `verbose` whose fuctionality has been replaced by `--level` and `--kind`. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) -* BREAKING: Rename `LoggingOptions` to `LogFilePersistenceOptions`. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) -* FEATURE: `--quiet` will now suppress all console messages except for errors. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) -* BUGFIX: Fix NullReference in SARIF1012 rule validation [#2254]. () -* BREAKING: Rename `--plug-in` to `--plugin`. [#2264](https://github.com/microsoft/sarif-sdk/pull/2264) -* FEATURE: Pass `--plugin` to load more binaries to analyze or export data. [#2264](https://github.com/microsoft/sarif-sdk/pull/2264) +* BRK: Entirely remove `verbose` whose fuctionality has been replaced by `--level` and `--kind`. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) +* BRK: Rename `LoggingOptions` to `LogFilePersistenceOptions`. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) +* NEW: `--quiet` will now suppress all console messages except for errors. [#2241](https://github.com/microsoft/sarif-sdk/pull/2241) +* BUG: Fix NullReference in SARIF1012 rule validation [#2254]. () +* BRK: Rename `--plug-in` to `--plugin`. [#2264](https://github.com/microsoft/sarif-sdk/pull/2264) +* NEW: Pass `--plugin` to load more binaries to analyze or export data. [#2264](https://github.com/microsoft/sarif-sdk/pull/2264) ## **v2.3.18** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.18) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.18) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.18) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.18) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.18) -* FEATURE: Relax GH1005. [#2248](https://github.com/microsoft/sarif-sdk/pull/2248) +* NEW: Relax GH1005. [#2248](https://github.com/microsoft/sarif-sdk/pull/2248) ## **v2.3.17** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.17) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.17) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.17) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.17) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.17) -* BREAKING: Move `CommandBase` class from `Multitool.Library` assembly to `Driver`. [#2238](https://github.com/microsoft/sarif-sdk/pull/2238) -* FEATURE: Argument `VersionControlDetails` for `OptionallyEmittedData` in a analysis command will fill `VersionControlProvenance`. [#2237](https://github.com/microsoft/sarif-sdk/pull/2237) +* BRK: Move `CommandBase` class from `Multitool.Library` assembly to `Driver`. [#2238](https://github.com/microsoft/sarif-sdk/pull/2238) +* NEW: Argument `VersionControlDetails` for `OptionallyEmittedData` in a analysis command will fill `VersionControlProvenance`. [#2237](https://github.com/microsoft/sarif-sdk/pull/2237) ## **v2.3.16** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.16) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.16) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.16) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.16) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.16) -* BREAKING: Rename flag `VersionControlInformation` to `VersionControlDetails` from `OptionallyEmittedData`. [#2222](https://github.com/microsoft/sarif-sdk/pull/2222) -* BUGFIX: Fix filtering when using the command `analyze` with custom configuration. [#2230](https://github.com/microsoft/sarif-sdk/pull/2230) -* FEATURE: If argument `computeFileHashes`, it will be converted to `OptionallyEmittedData.Hashes`. [#2231](https://github.com/microsoft/sarif-sdk/pull/2231) -* FEATURE: Ensure all command options argument properties are settable (useful for API-driven invocation). [#2234](https://github.com/microsoft/sarif-sdk/pull/2234) -* FEATURE: TargetUri from context can be relative. [#2235](https://github.com/microsoft/sarif-sdk/pull/2235) +* BRK: Rename flag `VersionControlInformation` to `VersionControlDetails` from `OptionallyEmittedData`. [#2222](https://github.com/microsoft/sarif-sdk/pull/2222) +* BUG: Fix filtering when using the command `analyze` with custom configuration. [#2230](https://github.com/microsoft/sarif-sdk/pull/2230) +* NEW: If argument `computeFileHashes`, it will be converted to `OptionallyEmittedData.Hashes`. [#2231](https://github.com/microsoft/sarif-sdk/pull/2231) +* NEW: Ensure all command options argument properties are settable (useful for API-driven invocation). [#2234](https://github.com/microsoft/sarif-sdk/pull/2234) +* NEW: TargetUri from context can be relative. [#2235](https://github.com/microsoft/sarif-sdk/pull/2235) ## **v2.3.14** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.14) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.14) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.14) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.14) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.14) -* BUGFIX: Fix concurrency issue in when using `Cache`. [#2215](https://github.com/microsoft/sarif-sdk/pull/2215) -* FEATURE: `ConsoleLogger` will print exception if that exists. [#2217](https://github.com/microsoft/sarif-sdk/pull/2217) -* BUGFIX: Fix `WebRequest` parameters parse that resulted in regex hang [#2219](https://github.com/microsoft/sarif-sdk/pull/2219) +* BUG: Fix concurrency issue in when using `Cache`. [#2215](https://github.com/microsoft/sarif-sdk/pull/2215) +* NEW: `ConsoleLogger` will print exception if that exists. [#2217](https://github.com/microsoft/sarif-sdk/pull/2217) +* BUG: Fix `WebRequest` parameters parse that resulted in regex hang [#2219](https://github.com/microsoft/sarif-sdk/pull/2219) ## **v2.3.11** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.11) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.11) | [Converters] -* DEPENDENCY BREAKING: SARIF now requires Newtonsoft.JSON 12.0.3. +* DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 12.0.3. * Add `PerRun` splitting strategy for log file refactoring. ## **v2.3.10** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.10) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.10) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.10) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.10) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.10) -* BREAKING: Rename package `WorkItems` to `Microsoft.WorkItems`. [#2180](https://github.com/microsoft/sarif-sdk/pull/2180) -* BUGFIX: Fix `export-validation-config` exception. [#2181](https://github.com/microsoft/sarif-sdk/pull/2181) +* BRK: Rename package `WorkItems` to `Microsoft.WorkItems`. [#2180](https://github.com/microsoft/sarif-sdk/pull/2180) +* BUG: Fix `export-validation-config` exception. [#2181](https://github.com/microsoft/sarif-sdk/pull/2181) ## **v2.3.9** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.9) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.9) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.9) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.9) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.9) -* FEATURE: Multitool SARIF rewrite accepts `remove` parameter. [#2160](https://github.com/microsoft/sarif-sdk/pull/2160) -* BREAKING: Remove command `export-validation-docs` and extend `export-validation-rules` command to export markdown file. [#2156](https://github.com/microsoft/sarif-sdk/pull/2156) -* DEPENDENCY BREAKING: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3). [#2172](https://github.com/microsoft/sarif-sdk/pull/2172) -* BREAKING: Remove unused `run` argument from FileRegionsCache constructors. [#2173](https://github.com/microsoft/sarif-sdk/pull/2173) -* BREAKING: Rename various methods in `IFileSystem` and `FileSystem` classes (to consistently prefix all method names with their containing .NET static type, e.g. `Directory`. [#2173](https://github.com/microsoft/sarif-sdk/pull/2173) +* NEW: Multitool SARIF rewrite accepts `remove` parameter. [#2160](https://github.com/microsoft/sarif-sdk/pull/2160) +* BRK: Remove command `export-validation-docs` and extend `export-validation-rules` command to export markdown file. [#2156](https://github.com/microsoft/sarif-sdk/pull/2156) +* DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3). [#2172](https://github.com/microsoft/sarif-sdk/pull/2172) +* BRK: Remove unused `run` argument from FileRegionsCache constructors. [#2173](https://github.com/microsoft/sarif-sdk/pull/2173) +* BRK: Rename various methods in `IFileSystem` and `FileSystem` classes (to consistently prefix all method names with their containing .NET static type, e.g. `Directory`. [#2173](https://github.com/microsoft/sarif-sdk/pull/2173) ## **v2.3.8** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.8) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.8) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.8) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.8) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.8) -* FEATURE: PACKAGE BREAKING: Upgrade from .NET Framework 4.5 to .NET Framework 4.5.2. [#2135](https://github.com/microsoft/sarif-sdk/pull/2135) -* FEATURE: Multitool SARIF merge accepts `threads` parameter. [#2026](https://github.com/microsoft/sarif-sdk/pull/2026) -* FEATURE: Enable GitHub SourceLink to all project [#2148](https://github.com/microsoft/sarif-sdk/pull/2148) +* NEW: PACKAGE BRK: Upgrade from .NET Framework 4.5 to .NET Framework 4.5.2. [#2135](https://github.com/microsoft/sarif-sdk/pull/2135) +* NEW: Multitool SARIF merge accepts `threads` parameter. [#2026](https://github.com/microsoft/sarif-sdk/pull/2026) +* NEW: Enable GitHub SourceLink to all project [#2148](https://github.com/microsoft/sarif-sdk/pull/2148) ## **v2.3.7** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.7) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.7) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.7) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.7) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.7) -* DEPENDENCY BREAKING: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3) +* DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3) * DEPENDENCY: SARIF TypeScript package now requires minimist 1.2.3 or later (rather than >=1.2.0) -* BUGFIX: Fix index out of range exception when baselining [#2102](https://github.com/microsoft/sarif-sdk/pull/2102) -* FEATURE: Add a setter to `GitHelper.GitExePath`. [#2110](https://github.com/microsoft/sarif-sdk/pull/2110) -* FEATURE: `GitHelper` will search in %PATH% variable for `git.exe` instead of its default install location. [#2107](https://github.com/microsoft/sarif-sdk/pull/2107) -* FEATURE: Add helper in `SarifLog` and `Run` to `ApplyPolicies`. [#2109](https://github.com/microsoft/sarif-sdk/pull/2109) -* FEATURE: Add a converter for FlawFinder's CSV output format. [#2092](https://github.com/microsoft/sarif-sdk/issues/2092) -* FEATURE: Multitool SARIF output is now pretty-printed by default. To remove white space, specify `--minify`. [#2098](https://github.com/microsoft/sarif-sdk/issues/2098) -* FEATURE: The Multitool `query` command can now evaluate properties in the result and rule property bags, for example `sarif query "properties.confidence:f > 0.95 AND rule.properties.category == 'security'"` -* FEATURE: The validation rule `SARIF1004.ExpressUriBaseIdsCorrectly` now verifies that if an `artifactLocation.uri` is a relative reference, it does not begin with a slash. [#2090](https://github.com/microsoft/sarif-sdk/issues/2090) -* BUGFIX: GitHub policy should not turn off any note level rules. [#2089](https://github.com/microsoft/sarif-sdk/issues/2089) -* FEATURE: Add `apply-policy` command to Multitool. [#2118](https://github.com/microsoft/sarif-sdk/pull/2118) +* BUG: Fix index out of range exception when baselining [#2102](https://github.com/microsoft/sarif-sdk/pull/2102) +* NEW: Add a setter to `GitHelper.GitExePath`. [#2110](https://github.com/microsoft/sarif-sdk/pull/2110) +* NEW: `GitHelper` will search in %PATH% variable for `git.exe` instead of its default install location. [#2107](https://github.com/microsoft/sarif-sdk/pull/2107) +* NEW: Add helper in `SarifLog` and `Run` to `ApplyPolicies`. [#2109](https://github.com/microsoft/sarif-sdk/pull/2109) +* NEW: Add a converter for FlawFinder's CSV output format. [#2092](https://github.com/microsoft/sarif-sdk/issues/2092) +* NEW: Multitool SARIF output is now pretty-printed by default. To remove white space, specify `--minify`. [#2098](https://github.com/microsoft/sarif-sdk/issues/2098) +* NEW: The Multitool `query` command can now evaluate properties in the result and rule property bags, for example `sarif query "properties.confidence:f > 0.95 AND rule.properties.category == 'security'"` +* NEW: The validation rule `SARIF1004.ExpressUriBaseIdsCorrectly` now verifies that if an `artifactLocation.uri` is a relative reference, it does not begin with a slash. [#2090](https://github.com/microsoft/sarif-sdk/issues/2090) +* BUG: GitHub policy should not turn off any note level rules. [#2089](https://github.com/microsoft/sarif-sdk/issues/2089) +* NEW: Add `apply-policy` command to Multitool. [#2118](https://github.com/microsoft/sarif-sdk/pull/2118) ## **v2.3.6** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.6) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.6) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.6) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.6) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.6) -* BUGFIX: Restore multitool client app package build. -* BUGFIX: Fix ESLint additional formatter corner cases that result in invalid SARIF. -* FEATURE: COMMAND-LINE BREAKING: The analysis rules that validate a SARIF file's compatibility with GitHub Advanced Security code scanning now have rule ids that begin with `GH` rather than `SARIF`. +* BUG: Restore multitool client app package build. +* BUG: Fix ESLint additional formatter corner cases that result in invalid SARIF. +* NEW: COMMAND-LINE BRK: The analysis rules that validate a SARIF file's compatibility with GitHub Advanced Security code scanning now have rule ids that begin with `GH` rather than `SARIF`. ## **v2.3.5** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.5) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.5) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.5) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.5) | [Multitool Library](https://www.nuget.org/packages/Sarif.Multitool.Library/2.3.5) -* FEATURE: COMMAND-LINE BREAKING: Validation rule `SARIF2005.ProvideToolProperties` now requires `informationUri`, it allows `dottedQuadFileVersion` to satisfy the requirement that version information be present, and it is configurable. -* FEATURE: Extract the public APIs from Sarif.Multitool into a new dependency package Sarif.Multitool.Library. Sarif.Multitool remains as a dotnet tool package. -* FEATURE: Validation rule `SARIF2012` now checks for the presence of a friendly name in PascalCase in the `name` property, and is renamed from `ProvideHelpUris` to `ProvideRuleProperties`. -* FEATURE: The Multitool `rewrite` command now accepts `VersionControlInformation` as an argument to the `--insert` option. This argument populates `run.versionControlProvenance`, and it re-expresses all absolute URIs as relative references with respect to the nearest enclosing repository root, if any. +* NEW: COMMAND-LINE BRK: Validation rule `SARIF2005.ProvideToolProperties` now requires `informationUri`, it allows `dottedQuadFileVersion` to satisfy the requirement that version information be present, and it is configurable. +* NEW: Extract the public APIs from Sarif.Multitool into a new dependency package Sarif.Multitool.Library. Sarif.Multitool remains as a dotnet tool package. +* NEW: Validation rule `SARIF2012` now checks for the presence of a friendly name in PascalCase in the `name` property, and is renamed from `ProvideHelpUris` to `ProvideRuleProperties`. +* NEW: The Multitool `rewrite` command now accepts `VersionControlInformation` as an argument to the `--insert` option. This argument populates `run.versionControlProvenance`, and it re-expresses all absolute URIs as relative references with respect to the nearest enclosing repository root, if any. ## **v2.3.4** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.4) -* COMMAND-LINE BREAKING: Change `merge` command output directory argument name to `output-directory`. -* FEATURE: Add analysis rules appropriate for SARIF files that are to be uploaded to GitHub Advanced Security code scanning. -* BUGFIX: Various Fortify FPR converter improvements (such as improve variable expansion in result messages). -* BUGFIX: The validator no longer reports `SARIF2010.ProvideCodeSnippets` if embedded file content for the specified artifact is present. [#2003](https://github.com/microsoft/sarif-sdk/issues/2003) +* COMMAND-LINE BRK: Change `merge` command output directory argument name to `output-directory`. +* NEW: Add analysis rules appropriate for SARIF files that are to be uploaded to GitHub Advanced Security code scanning. +* BUG: Various Fortify FPR converter improvements (such as improve variable expansion in result messages). +* BUG: The validator no longer reports `SARIF2010.ProvideCodeSnippets` if embedded file content for the specified artifact is present. [#2003](https://github.com/microsoft/sarif-sdk/issues/2003) ## **v2.3.3** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.3) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.3) -* FEATURE: Improve `SarifSdkSample` application: use `uriBaseIds`. -* FEATURE: Add additional checks to SARIF analysis rule `SARIF2004.OptimizeFileSize`. -* FEATURE: Introduce new SARIF analysis rule `SARIF2016.FileUrisShouldBeRelative`. -* BUGFIX: If you created a URI from an absolute file path (for example, `C:\test\file.c`), then it would be serialized with that exact string, which is not a valid URI. This is now fixed. [#2001](https://github.com/microsoft/sarif-sdk/issues/2001) +* NEW: Improve `SarifSdkSample` application: use `uriBaseIds`. +* NEW: Add additional checks to SARIF analysis rule `SARIF2004.OptimizeFileSize`. +* NEW: Introduce new SARIF analysis rule `SARIF2016.FileUrisShouldBeRelative`. +* BUG: If you created a URI from an absolute file path (for example, `C:\test\file.c`), then it would be serialized with that exact string, which is not a valid URI. This is now fixed. [#2001](https://github.com/microsoft/sarif-sdk/issues/2001) ## **v2.3.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.2) -* FEATURE: The `Sarif.Multitool` command line verbs are now exposed programmatically. For example, the `validate` verb is exposed through the classes `ValidateCommand` and `ValidateOptions`. +* NEW: The `Sarif.Multitool` command line verbs are now exposed programmatically. For example, the `validate` verb is exposed through the classes `ValidateCommand` and `ValidateOptions`. ## **v2.3.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.1) -* FEATURE: Revised and improved validation rules in `Sarif.Multitool`. -* FEATURE: Properties serialization performance improved (~20% faster load when Results use Properties). -* FEATURE: Allow result messages to be truncated for display. [#1915](https://github.com/microsoft/sarif-sdk/issues/1915) -* BUGFIX: Rebase URI command now honors `--insert` and `--remove` arguments for injecting or eliding optional data (such as region snippets). -* BUGFIX: Ensure all DateTimes on object model are using DateTimeConverter consistently. -* BUGFIX: Fix DateTime roundtripping in properties collections to follow normal DateTime output format. +* NEW: Revised and improved validation rules in `Sarif.Multitool`. +* NEW: Properties serialization performance improved (~20% faster load when Results use Properties). +* NEW: Allow result messages to be truncated for display. [#1915](https://github.com/microsoft/sarif-sdk/issues/1915) +* BUG: Rebase URI command now honors `--insert` and `--remove` arguments for injecting or eliding optional data (such as region snippets). +* BUG: Ensure all DateTimes on object model are using DateTimeConverter consistently. +* BUG: Fix DateTime roundtripping in properties collections to follow normal DateTime output format. ## **v2.3.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.3.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.3.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.3.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.3.0) -* BUGFIX: `ResultLogJsonWriter` now creates an empty `results` array if there are no results, rather than leaving `results` as `null`. [#1821](https://github.com/microsoft/sarif-sdk/issues/1821) -* BUGFIX: In validation rules, `shortDescription` is now calculated by `GetFirstSentence` method, fixing a bug in sentence breaking. [#1887](https://github.com/microsoft/sarif-sdk/issues/1887) -* BUGFIX: `WorkItemFiler` now logs correctly the details for `LogMetricsForProcessedModel` method [#1896](https://github.com/microsoft/sarif-sdk/issues/1896) -* FEATURE: Add validation rule `SARIF1019`, which requires every result to have at least one of `result.ruleId` and `result.rule.id`. If both are present, they must be equal. [#1880](https://github.com/microsoft/sarif-sdk/issues/1880) -* FEATURE: Add validation rule `SARIF1020`, which requires that the $schema property should be present, and must refer to the final version of the SARIF 2.1.0 schema. [#1890](https://github.com/microsoft/sarif-sdk/issues/1890) -* FEATURE: Expose `Run.MergeResultsFrom(Run)` to merge Results from multiple Runs using code from result matching algorithm. -* BREAKING: Rename `RemapIndicesVisitor` to `RunMergingVisitor` and redesign to control how much merging occurs internally. +* BUG: `ResultLogJsonWriter` now creates an empty `results` array if there are no results, rather than leaving `results` as `null`. [#1821](https://github.com/microsoft/sarif-sdk/issues/1821) +* BUG: In validation rules, `shortDescription` is now calculated by `GetFirstSentence` method, fixing a bug in sentence breaking. [#1887](https://github.com/microsoft/sarif-sdk/issues/1887) +* BUG: `WorkItemFiler` now logs correctly the details for `LogMetricsForProcessedModel` method [#1896](https://github.com/microsoft/sarif-sdk/issues/1896) +* NEW: Add validation rule `SARIF1019`, which requires every result to have at least one of `result.ruleId` and `result.rule.id`. If both are present, they must be equal. [#1880](https://github.com/microsoft/sarif-sdk/issues/1880) +* NEW: Add validation rule `SARIF1020`, which requires that the $schema property should be present, and must refer to the final version of the SARIF 2.1.0 schema. [#1890](https://github.com/microsoft/sarif-sdk/issues/1890) +* NEW: Expose `Run.MergeResultsFrom(Run)` to merge Results from multiple Runs using code from result matching algorithm. +* BRK: Rename `RemapIndicesVisitor` to `RunMergingVisitor` and redesign to control how much merging occurs internally. ## **v2.2.5** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.5) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.5) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.5) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.5) -* BUGFIX: Fix SDK doubling Uris with certain escaped characters (ex: '-' and '_') on every Load/Save cycle (cause: ) +* BUG: Fix SDK doubling Uris with certain escaped characters (ex: '-' and '_') on every Load/Save cycle (cause: ) ## **v2.2.4** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.4) -* BUGFIX: Validation rule SARIF1018 was not checking for a trailing slash on `uri` properties in `originalUriBaseIds` if `uriBaseId` was present. -* BUGFIX: Build Sarif.Multitool NPM package non-trimmed to avoid more assembly load problems. -* FEATURE: DeferredList will cache last item returned and won't throw if same instance written. (SarifRewritingVisitor + Deferred OM usable) +* BUG: Validation rule SARIF1018 was not checking for a trailing slash on `uri` properties in `originalUriBaseIds` if `uriBaseId` was present. +* BUG: Build Sarif.Multitool NPM package non-trimmed to avoid more assembly load problems. +* NEW: DeferredList will cache last item returned and won't throw if same instance written. (SarifRewritingVisitor + Deferred OM usable) ## **v2.2.3** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.3) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.3) -* FEATURE: Introduce `SarifConstants.SarifFileExtension` with value `".sarif"`. -* FEATURE: In validation rule SARIF1018, require `uri` values in `originalUriBaseIds` to end with a slash, per the SARIF spec. -* BUGFIX: Result.GetRule will look up by RuleId if RuleIndex not present. -* BUGFIX: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId. -* BUGFIX: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix) -* BUGFIX: Remove CsvHelper dependency to avoid assembly load problem in Sarif.Multitool NPM package. +* NEW: Introduce `SarifConstants.SarifFileExtension` with value `".sarif"`. +* NEW: In validation rule SARIF1018, require `uri` values in `originalUriBaseIds` to end with a slash, per the SARIF spec. +* BUG: Result.GetRule will look up by RuleId if RuleIndex not present. +* BUG: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId. +* BUG: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix) +* BUG: Remove CsvHelper dependency to avoid assembly load problem in Sarif.Multitool NPM package. ## **v2.2.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.2) -* BUGFIX: `dotnet tool install` command for Multitool now produces a working installation rather than reporting missing `Sarif.Converters` binary. -* BUGFIX: Result.GetRule will look up by RuleId if RuleIndex not present. -* BUGFIX: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId. -* BUGFIX: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix) +* BUG: `dotnet tool install` command for Multitool now produces a working installation rather than reporting missing `Sarif.Converters` binary. +* BUG: Result.GetRule will look up by RuleId if RuleIndex not present. +* BUG: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId. +* BUG: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix) ## **v2.2.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.1) -* FEATURE: Multitool `remove` option now supports `Guids` value to remove `Result.Guid`. -* FEATURE: Significant Baselining algorithm improvements: dynamic `partialFingerprint` trust, location-specific unique what property matching, 'nearby' matching, correct omitted `Region` property handling, correct `ReportingDescriptor.DeprecatedIds` handling. -* DEPENDENCY BREAKING: SARIF now requires Newtonsoft.JSON 10.0.3 (rather than 9.0.x). +* NEW: Multitool `remove` option now supports `Guids` value to remove `Result.Guid`. +* NEW: Significant Baselining algorithm improvements: dynamic `partialFingerprint` trust, location-specific unique what property matching, 'nearby' matching, correct omitted `Region` property handling, correct `ReportingDescriptor.DeprecatedIds` handling. +* DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 10.0.3 (rather than 9.0.x). ## **v2.2.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.2.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.2.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.2.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.2.0) -* PACKAGE BREAKING: Update tool directory to netstandard2.1, to reflect use of that version of .NET Core. -* FEATURE: Multitool `rewrite` command performance when populating regions and snippets is greatly improved. -* FEATURE: Multitool `insert` option now supports `Guids` value to populate `Result.Guid`. -* API + SCHEMA BREAKING: Fix typo in schema: suppression.state should be suppression.status according to the spec. [#1785](https://github.com/microsoft/sarif-sdk/issues/1785) -* BUGFIX: Multitool `rewrite` no longer throws when it encounters an invalid value (such as -1) for a region property. -* BUGFIX: ESLint SARIF formatter no longer produces invalid SARIF when given an ESLint message with no rule id. It is treated as a `toolConfigurationNotification`. [#1791](https://github.com/microsoft/sarif-sdk/issues/1791) -* BUGFIX: Resolve crash on converting PREfast log files with non-null but empty help URLs. +* PACKAGE BRK: Update tool directory to netstandard2.1, to reflect use of that version of .NET Core. +* NEW: Multitool `rewrite` command performance when populating regions and snippets is greatly improved. +* NEW: Multitool `insert` option now supports `Guids` value to populate `Result.Guid`. +* API + SCHEMA BRK: Fix typo in schema: suppression.state should be suppression.status according to the spec. [#1785](https://github.com/microsoft/sarif-sdk/issues/1785) +* BUG: Multitool `rewrite` no longer throws when it encounters an invalid value (such as -1) for a region property. +* BUG: ESLint SARIF formatter no longer produces invalid SARIF when given an ESLint message with no rule id. It is treated as a `toolConfigurationNotification`. [#1791](https://github.com/microsoft/sarif-sdk/issues/1791) +* BUG: Resolve crash on converting PREfast log files with non-null but empty help URLs. ## **v2.1.25** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.25) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.25) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.25) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.25) -* FEATURE: The baseliner (available through the Multitool's `match-results-forward` command) now populates `result.provenance.firstDetectionTimeUtc` so you can now track the age of each issue. [#1737](https://github.com/microsoft/sarif-sdk/issues/1737) +* NEW: The baseliner (available through the Multitool's `match-results-forward` command) now populates `result.provenance.firstDetectionTimeUtc` so you can now track the age of each issue. [#1737](https://github.com/microsoft/sarif-sdk/issues/1737) ## **v2.1.24** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.24) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.24) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.24) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.24) -* FEATURE: Introduce API to partition log files by arbitrary criteria (method `SarifPartitioner.Partition` and class `PartitioningVisitor`). -* BUGFIX: `Tool.CreateFromAssembly` now properly handles file versions that contain extra characters after the "dotted quad" string. [#1728](https://github.com/microsoft/sarif-sdk/issues/1728) +* NEW: Introduce API to partition log files by arbitrary criteria (method `SarifPartitioner.Partition` and class `PartitioningVisitor`). +* BUG: `Tool.CreateFromAssembly` now properly handles file versions that contain extra characters after the "dotted quad" string. [#1728](https://github.com/microsoft/sarif-sdk/issues/1728) ## **v2.1.23** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.23) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.23) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.23) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.23) -* API BREAKING: Remove 'Errors.LogExceptionLoadingPdb' helper (as not relevant to core SDK). -* FEATURE: Allow emitting non-failure tool notifications as debug/informational messages. -* FEATURE: `SarifLogger` now populates `tool.driver`'s `organization` and `product` properties instead of adding `"Company"` and `"ProductName"` to `tool.driver'`s property bag. [#1716](https://github.com/microsoft/sarif-sdk/issues/1716) -* FEATURE: Add `closeWriterOnDispose` argument (with a default of 'true') that indicates whether SarifLogger writers are closed during its Dispose() method. Providing a value of `false` to this argument allows SarifLogger to work against a stream that can subsequently be reused (for example, to deserialize the logged content back to a `SarifLog` instance). -* FEATURE: Update PREfast converter to render optional suppression data. -* BUGFIX: Update PREfast converter to handle paths with no trailing slash. -* BUGFIX: Baselining now matches the first and last Result per URI as an additional pass. +* API BRK: Remove 'Errors.LogExceptionLoadingPdb' helper (as not relevant to core SDK). +* NEW: Allow emitting non-failure tool notifications as debug/informational messages. +* NEW: `SarifLogger` now populates `tool.driver`'s `organization` and `product` properties instead of adding `"Company"` and `"ProductName"` to `tool.driver'`s property bag. [#1716](https://github.com/microsoft/sarif-sdk/issues/1716) +* NEW: Add `closeWriterOnDispose` argument (with a default of 'true') that indicates whether SarifLogger writers are closed during its Dispose() method. Providing a value of `false` to this argument allows SarifLogger to work against a stream that can subsequently be reused (for example, to deserialize the logged content back to a `SarifLog` instance). +* NEW: Update PREfast converter to render optional suppression data. +* BUG: Update PREfast converter to handle paths with no trailing slash. +* BUG: Baselining now matches the first and last Result per URI as an additional pass. ## **v2.1.22** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.22) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.22) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.22) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.22) -* BUGFIX: Fix bug in validation rule `EndTimeMustNotBeBeforeStartTime`, which threw if `invocation.startTimeUtc` was present but `endTimeUtc` was absent. +* BUG: Fix bug in validation rule `EndTimeMustNotBeBeforeStartTime`, which threw if `invocation.startTimeUtc` was present but `endTimeUtc` was absent. ## **v2.1.21** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.21) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.21) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.21) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.21) -* FEATURE: Provide an API `SarifPartitioner.Filter` that selects results according to a predicate, and filters `run.artifacts` to only those artifacts used by the included results. +* NEW: Provide an API `SarifPartitioner.Filter` that selects results according to a predicate, and filters `run.artifacts` to only those artifacts used by the included results. ## **v2.1.20** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.20) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.20) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.20) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.20) -* FEATURE: Added Stream-based SarifLog.Load and Save overloads -* FEATURE: Enhanced property bag serialization unit testing. [#1673](https://github.com/microsoft/sarif-sdk/issues/1673) -* BUGFIX: Fix packaging warning NU5048 during build. [#1687](https://github.com/microsoft/sarif-sdk/issues/1687) -* BUGFIX: SarifLogger.Optimized could not be set from the command line. [#1695](https://github.com/microsoft/sarif-sdk/issues/1695) -* BUGFIX: Result Matching now omits previously Absent results. -* BUGFIX: Result Matching properly compares results from the same RuleID when multiple Rules match the same source line. -* BUGFIX: Result Matching works when a result moves and has the line number in the message. -* BUGFIX: Result Matching always assigns Result.CorrelationGuid and Result.Guid. -* BUGFIX: Null hardening in Result Matching -* BUGFIX: Console logger now outputs file location, if available, when writing notifications. +* NEW: Added Stream-based SarifLog.Load and Save overloads +* NEW: Enhanced property bag serialization unit testing. [#1673](https://github.com/microsoft/sarif-sdk/issues/1673) +* BUG: Fix packaging warning NU5048 during build. [#1687](https://github.com/microsoft/sarif-sdk/issues/1687) +* BUG: SarifLogger.Optimized could not be set from the command line. [#1695](https://github.com/microsoft/sarif-sdk/issues/1695) +* BUG: Result Matching now omits previously Absent results. +* BUG: Result Matching properly compares results from the same RuleID when multiple Rules match the same source line. +* BUG: Result Matching works when a result moves and has the line number in the message. +* BUG: Result Matching always assigns Result.CorrelationGuid and Result.Guid. +* BUG: Null hardening in Result Matching +* BUG: Console logger now outputs file location, if available, when writing notifications. ## **v2.1.19** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.19) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.19) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.19) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.19) * Sort driver skimmers by rule id + name during analysis, in order to improve deterministic ordering of log file data. -* API BREAKING: Convert various public SARIF Driver framework API to prefer abstract ISet type over HashSet. -* API BREAKING: Remove helper method `SarifUtilities.DeserializeObject` introduced in 2.1.15 to fix. [#1577](https://github.com/microsoft/sarif-sdk/issues/1577) +* API BRK: Convert various public SARIF Driver framework API to prefer abstract ISet type over HashSet. +* API BRK: Remove helper method `SarifUtilities.DeserializeObject` introduced in 2.1.15 to fix. [#1577](https://github.com/microsoft/sarif-sdk/issues/1577) Now that an underlying bug in `PropertyBagConverter` has been fixed, there is no need to work around it with this helper method. `JsonConvert.DeserializeObject` works fine. -* FEATURE: Expanding Sarif SDK query mode to support Result.Uri, string StartsWith/EndsWith/Contains. -* FEATURE: Adding Result.Run and a populating method, so that methods which need the Run context for a given Result have an integrated way to retrieve it. +* NEW: Expanding Sarif SDK query mode to support Result.Uri, string StartsWith/EndsWith/Contains. +* NEW: Adding Result.Run and a populating method, so that methods which need the Run context for a given Result have an integrated way to retrieve it. ## **v2.1.17** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.17) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.17) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.17) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.17) -* API NON-BREAKING: emit all core object model members as 'virtual'. -* FEATURE: Introduce SarifConsolidator to shrink large log files. [#1675](https://github.com/microsoft/sarif-sdk/issues/1675) -* BUGFIX: Analysis rule SARIF1017 incorrectly rejected index-valued properties that referred to taxonomies. [#1678](https://github.com/microsoft/sarif-sdk/issues/1678) -* BUGFIX: `match-results-forward-command` dropped log contents and mishandled `rules` array. [#1684](https://github.com/microsoft/sarif-sdk/issues/1684) +* API NON-BRK: emit all core object model members as 'virtual'. +* NEW: Introduce SarifConsolidator to shrink large log files. [#1675](https://github.com/microsoft/sarif-sdk/issues/1675) +* BUG: Analysis rule SARIF1017 incorrectly rejected index-valued properties that referred to taxonomies. [#1678](https://github.com/microsoft/sarif-sdk/issues/1678) +* BUG: `match-results-forward-command` dropped log contents and mishandled `rules` array. [#1684](https://github.com/microsoft/sarif-sdk/issues/1684) ## **v2.1.16** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.16) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.16) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.16) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.16) -* BUGFIX, BREAKING: In the Multitool `page` command, the default for `--force` was `true` and it could not be changed. [#1630](https://github.com/microsoft/sarif-sdk/issues/1630) -* BUGFIX: The Multitool `match-results-forward` command failed if results included logical locations. [#1656](https://github.com/microsoft/sarif-sdk/issues/1656) -* BUGFIX: `SarifLogger(ReportingDescriptor rule, Result result)` failed if it tried to log a result whose `ruleId` was a sub-rule; for example, `rule.Id == "TEST0001"` but `result.ruleId == "TEST0001/1"`. [#1668](https://github.com/microsoft/sarif-sdk/issues/1668) -* FEATURE: Implement results and notifications caching when `--hashes` is specified on the SARIF driver command line. +* BUGFIX, BRK: In the Multitool `page` command, the default for `--force` was `true` and it could not be changed. [#1630](https://github.com/microsoft/sarif-sdk/issues/1630) +* BUG: The Multitool `match-results-forward` command failed if results included logical locations. [#1656](https://github.com/microsoft/sarif-sdk/issues/1656) +* BUG: `SarifLogger(ReportingDescriptor rule, Result result)` failed if it tried to log a result whose `ruleId` was a sub-rule; for example, `rule.Id == "TEST0001"` but `result.ruleId == "TEST0001/1"`. [#1668](https://github.com/microsoft/sarif-sdk/issues/1668) +* NEW: Implement results and notifications caching when `--hashes` is specified on the SARIF driver command line. ## **v2.1.15** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.15) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.15) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.15) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.15) -* BUGFIX: Validation rule `SARIF1015` incorrectly required `originalUriBaseIds` to be contain URIs. [#1485](https://github.com/microsoft/sarif-sdk/issues/1485) -* BUGFIX: Persist Fortify rule metadata properties. [#1490](https://github.com/microsoft/sarif-sdk/issues/1490) -* BUGFIX: Multitool transform mishandled dottedQuadFileVersion. [#1532](https://github.com/microsoft/sarif-sdk/issues/1532) -* BUGFIX: Restore missing FxCop converter unit test. [#1575](https://github.com/microsoft/sarif-sdk/issues/1575) -* BUGFIX: Multitool transform mishandled date/time values in property bags. [#1577](https://github.com/microsoft/sarif-sdk/issues/1577) -* BUGFIX: Multitool transform could not upgrade SARIF files from the sarif-2.1.0-rtm.1 schema. [#1584](https://github.com/microsoft/sarif-sdk/issues/1584) -* BUGFIX: Multitool merge command produced invalid SARIF if there were 0 input files. [#1592](https://github.com/microsoft/sarif-sdk/issues/1592) -* BUGFIX: FortifyFpr converter produced invalid SARIF. [#1593](https://github.com/microsoft/sarif-sdk/issues/1593) -* BUGFIX: FxCop converter produced empty `result.message` objects. [#1594](https://github.com/microsoft/sarif-sdk/issues/1594) -* BUGFIX: Some Multitool commands required --force even if --inline was specified. [#1642](https://github.com/microsoft/sarif-sdk/issues/1642) -* FEATURE: Add validation rule to ensure correctness of `originalUriBaseIds` entries. [#1485](https://github.com/microsoft/sarif-sdk/issues/1485) -* FEATURE: Improve presentation of option validation messages from the Multitool `page` command. [#1629](https://github.com/microsoft/sarif-sdk/issues/1629) +* BUG: Validation rule `SARIF1015` incorrectly required `originalUriBaseIds` to be contain URIs. [#1485](https://github.com/microsoft/sarif-sdk/issues/1485) +* BUG: Persist Fortify rule metadata properties. [#1490](https://github.com/microsoft/sarif-sdk/issues/1490) +* BUG: Multitool transform mishandled dottedQuadFileVersion. [#1532](https://github.com/microsoft/sarif-sdk/issues/1532) +* BUG: Restore missing FxCop converter unit test. [#1575](https://github.com/microsoft/sarif-sdk/issues/1575) +* BUG: Multitool transform mishandled date/time values in property bags. [#1577](https://github.com/microsoft/sarif-sdk/issues/1577) +* BUG: Multitool transform could not upgrade SARIF files from the sarif-2.1.0-rtm.1 schema. [#1584](https://github.com/microsoft/sarif-sdk/issues/1584) +* BUG: Multitool merge command produced invalid SARIF if there were 0 input files. [#1592](https://github.com/microsoft/sarif-sdk/issues/1592) +* BUG: FortifyFpr converter produced invalid SARIF. [#1593](https://github.com/microsoft/sarif-sdk/issues/1593) +* BUG: FxCop converter produced empty `result.message` objects. [#1594](https://github.com/microsoft/sarif-sdk/issues/1594) +* BUG: Some Multitool commands required --force even if --inline was specified. [#1642](https://github.com/microsoft/sarif-sdk/issues/1642) +* NEW: Add validation rule to ensure correctness of `originalUriBaseIds` entries. [#1485](https://github.com/microsoft/sarif-sdk/issues/1485) +* NEW: Improve presentation of option validation messages from the Multitool `page` command. [#1629](https://github.com/microsoft/sarif-sdk/issues/1629) ## **v2.1.14** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.14) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.14) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.14) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.14) -* BUGFIX: FxCop converter produced logicalLocation.index but did not produce the run.logicalLocations array. [#1571](https://github.com/microsoft/sarif-sdk/issues/1571) -* BUGFIX: Include Sarif.WorkItemFiling.dll in the Sarif.Multitool NuGet package. [#1636](https://github.com/microsoft/sarif-sdk/issues/1636) -* FEATURE: Add validation rule to ensure that all array-index-valued properties are consistent with their respective arrays. +* BUG: FxCop converter produced logicalLocation.index but did not produce the run.logicalLocations array. [#1571](https://github.com/microsoft/sarif-sdk/issues/1571) +* BUG: Include Sarif.WorkItemFiling.dll in the Sarif.Multitool NuGet package. [#1636](https://github.com/microsoft/sarif-sdk/issues/1636) +* NEW: Add validation rule to ensure that all array-index-valued properties are consistent with their respective arrays. ## **v2.1.13** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.13) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.13) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.13) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.13) -* BUGFIX: Respect the --force option in Sarif.Multitool rather than overwriting the output file. [#1340](https://github.com/microsoft/sarif-sdk/issues/1340) -* BUGFIX: Accept URI-valued properties whose value is the empty string. [#1632](https://github.com/microsoft/sarif-sdk/issues/1632) +* BUG: Respect the --force option in Sarif.Multitool rather than overwriting the output file. [#1340](https://github.com/microsoft/sarif-sdk/issues/1340) +* BUG: Accept URI-valued properties whose value is the empty string. [#1632](https://github.com/microsoft/sarif-sdk/issues/1632) ## **v2.1.12** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.12) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.12) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.12) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.12) -* BUGFIX: Improve handling of `null` values in property bags. [#1581](https://github.com/microsoft/sarif-sdk/issues/1581) +* BUG: Improve handling of `null` values in property bags. [#1581](https://github.com/microsoft/sarif-sdk/issues/1581) ## **v2.1.11** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.11) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.11) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.11) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.11) -* BUGFIX: Result matching should prefer the suppression info from the current run. [#1600](https://github.com/microsoft/sarif-sdk/issues/1600) +* BUG: Result matching should prefer the suppression info from the current run. [#1600](https://github.com/microsoft/sarif-sdk/issues/1600) ## **v2.1.10** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.10) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.10) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.10) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.10) -* BUGFIX: Resolve a performance issue in web request parsing code. +* BUG: Resolve a performance issue in web request parsing code. ## **v2.1.9** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.9) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.9) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.9) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.9) -* FEATURE: add --remove switch to eliminate certain properties (currently timestamps only) from log file output. -* BUGFIX: remove verbose 'Analyzing file..' reporting for drivers. +* NEW: add --remove switch to eliminate certain properties (currently timestamps only) from log file output. +* BUG: remove verbose 'Analyzing file..' reporting for drivers. ## **v2.1.8** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.8) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.8) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.8) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.8) -* BUGFIX: Add missing `"additionalProperties": false` constraints to schema; add missing object descriptions and improve other object descriptions in schema; update schema version to -rtm.4. +* BUG: Add missing `"additionalProperties": false` constraints to schema; add missing object descriptions and improve other object descriptions in schema; update schema version to -rtm.4. ## **v2.1.7** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.7) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.7) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.7) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.7) -* BUGFIX: Multitool rewrite InsertOptionalData operations fail if a result object references `run.artifacts` using the `index` property. -* BUGFIX: The `SarifCurrentToVersionOneVisitor` was not translating v2 `result.partialFingerprints` to v1 `result.toolFingerprintContribution`. [#1556](https://github.com/microsoft/sarif-sdk/issues/1556) -* BUGFIX: The `SarifCurrentToVersionOneVisitor` was dropping `run.id` and emitting an empty `run.stableId`. [#1557](https://github.com/microsoft/sarif-sdk/issues/1557) +* BUG: Multitool rewrite InsertOptionalData operations fail if a result object references `run.artifacts` using the `index` property. +* BUG: The `SarifCurrentToVersionOneVisitor` was not translating v2 `result.partialFingerprints` to v1 `result.toolFingerprintContribution`. [#1556](https://github.com/microsoft/sarif-sdk/issues/1556) +* BUG: The `SarifCurrentToVersionOneVisitor` was dropping `run.id` and emitting an empty `run.stableId`. [#1557](https://github.com/microsoft/sarif-sdk/issues/1557) ## **v2.1.6** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.6) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.6) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.6) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.6) -* BUGFIX: Fortify FPR converter does not populate originalUriBaseIds if the source is a drive letter (e.g. C:) -* BUGFIX: Multitool rebaseUri command throws null reference exception if results reference run.artifacts using the index property. -* BUGFIX: Pre-release transformer does not upgrade schema uri if input version is higher than rtm.1. +* BUG: Fortify FPR converter does not populate originalUriBaseIds if the source is a drive letter (e.g. C:) +* BUG: Multitool rebaseUri command throws null reference exception if results reference run.artifacts using the index property. +* BUG: Pre-release transformer does not upgrade schema uri if input version is higher than rtm.1. ## **v2.1.5** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.5) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.5) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.5) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.5) @@ -431,235 +424,235 @@ Now that an underlying bug in `PropertyBagConverter` has been fixed, there is no ## **v2.1.4** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.4) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.4) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.4) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.4) -* BUGFIX: Fix bugs related to parsing the query portion of a URI, and to the parsing of header strings. -* API NON-BREAKING: Introduce `WebRequest.TryParse` and `WebResponse.TryParse` to accompany existing `Parse` methods. +* BUG: Fix bugs related to parsing the query portion of a URI, and to the parsing of header strings. +* API NON-BRK: Introduce `WebRequest.TryParse` and `WebResponse.TryParse` to accompany existing `Parse` methods. ## **v2.1.3** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.3) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.3) * Change schema uri to secure (https) instance. -* BUGFIX: Fix tranformer bug where schema id would not be updated if no other transformation occurred. -* BUGFIX: `ThreadFlowLocation.Kind` value is getting lost during pre-release transformation. [#1502](https://github.com/microsoft/sarif-sdk/issues/1502) -* BUGFIX: `Location.LogicalLocation` convenience setter mishandles null. [#1514](https://github.com/microsoft/sarif-sdk/issues/1514) -* BUGFIX: Upgrade schemas to latest version (remove `draft-04` from `$schema` property and change `id` to `$id`). This is necessary because the schemas use the `uri-reference` format, which was not defined in draft-04. [#1521](https://github.com/microsoft/sarif-sdk/issues/1521) -* API BREAKING: The `Init` methods in the Autogenerated SARIF object model classes are now `protected virtual`. This enables derived classes to add additional properties without having to copy the entire code of the `Init` method. -* BUGFIX: Transformation from SARIF 1.0 to 2.x throws `ArgumentOutOfRangeException`, if `result.locations` is an empty array. [#1526](https://github.com/microsoft/sarif-sdk/issues/1526) -* BUGFIX: Add `Result.Level` (and remove `Result.Rank`) for Fortify Converter based on MicroFocus feedback. -* BUGFIX: Invocation constructor should set `executionSuccessful` to true by default. -* BUGFIX: Contrast security converter now populates `ThreadFlowLocation.Location`. [#1530](https://github.com/microsoft/sarif-sdk/issues/1530) -* BUGFIX: Contrast Security converter no longer emits incomplete `Artifact` objects. [#1529](https://github.com/microsoft/sarif-sdk/issues/1529) -* BUGFIX: Fix crashing bugs and logic flaws in `ArtifactLocation.TryReconstructAbsoluteUri`. -* FEATURE: Provide a SARIF converter for Visual Studio log files. -* FEATURE: Extend the `PrereleaseCompatibilityTransformer` to handle SARIF v1 files. -* API NON-BREAKING: Introduce `WebRequest.Parse` and `WebResponse.Parse` to parse web traffic strings into SARIF `WebRequest` and `WebResponse` objects. -* API NON-BREAKING: Introduce `PropertyBagHolder.{Try}GetSerializedPropertyInfo`, a safe way of retrieving a property whose type is unknown. +* BUG: Fix tranformer bug where schema id would not be updated if no other transformation occurred. +* BUG: `ThreadFlowLocation.Kind` value is getting lost during pre-release transformation. [#1502](https://github.com/microsoft/sarif-sdk/issues/1502) +* BUG: `Location.LogicalLocation` convenience setter mishandles null. [#1514](https://github.com/microsoft/sarif-sdk/issues/1514) +* BUG: Upgrade schemas to latest version (remove `draft-04` from `$schema` property and change `id` to `$id`). This is necessary because the schemas use the `uri-reference` format, which was not defined in draft-04. [#1521](https://github.com/microsoft/sarif-sdk/issues/1521) +* API BRK: The `Init` methods in the Autogenerated SARIF object model classes are now `protected virtual`. This enables derived classes to add additional properties without having to copy the entire code of the `Init` method. +* BUG: Transformation from SARIF 1.0 to 2.x throws `ArgumentOutOfRangeException`, if `result.locations` is an empty array. [#1526](https://github.com/microsoft/sarif-sdk/issues/1526) +* BUG: Add `Result.Level` (and remove `Result.Rank`) for Fortify Converter based on MicroFocus feedback. +* BUG: Invocation constructor should set `executionSuccessful` to true by default. +* BUG: Contrast security converter now populates `ThreadFlowLocation.Location`. [#1530](https://github.com/microsoft/sarif-sdk/issues/1530) +* BUG: Contrast Security converter no longer emits incomplete `Artifact` objects. [#1529](https://github.com/microsoft/sarif-sdk/issues/1529) +* BUG: Fix crashing bugs and logic flaws in `ArtifactLocation.TryReconstructAbsoluteUri`. +* NEW: Provide a SARIF converter for Visual Studio log files. +* NEW: Extend the `PrereleaseCompatibilityTransformer` to handle SARIF v1 files. +* API NON-BRK: Introduce `WebRequest.Parse` and `WebResponse.Parse` to parse web traffic strings into SARIF `WebRequest` and `WebResponse` objects. +* API NON-BRK: Introduce `PropertyBagHolder.{Try}GetSerializedPropertyInfo`, a safe way of retrieving a property whose type is unknown. ## **v2.1.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.2) -* API BREAKING: Change location.logicalLocation to logicalLocations array. [oasis-tcs/sarif-spec#414](https://github.com/oasis-tcs/sarif-spec/issues/414) +* API BRK: Change location.logicalLocation to logicalLocations array. [oasis-tcs/sarif-spec#414](https://github.com/oasis-tcs/sarif-spec/issues/414) ## **v2.1.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.1) -* BUGFIX: Multitool crashes on launch: Can't find CommandLine.dll. [#1487](https://github.com/microsoft/sarif-sdk/issues/1487) +* BUG: Multitool crashes on launch: Can't find CommandLine.dll. [#1487](https://github.com/microsoft/sarif-sdk/issues/1487) ## **v2.1.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.0) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.0) -* API NON-BREAKING: `PhysicalLocation.id` property is getting lost during 2.1.0 pre-release transformation. [#1479](https://github.com/microsoft/sarif-sdk/issues/1479) +* API NON-BRK: `PhysicalLocation.id` property is getting lost during 2.1.0 pre-release transformation. [#1479](https://github.com/microsoft/sarif-sdk/issues/1479) * Add support for converting TSLint logs to SARIF * Add support for converting Pylint logs to SARIF ## **v2.1.0-rtm.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.0-rtm.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.0-rtm.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.0-rtm.0)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.0-rtm.0) -* API BREAKING: OneOf `graphTraversal.runGraphIndex` and `graphTraversal.resultGraphIndex` is required. -* API NON-BREAKING: Add address.kind well-known values "instruction" and "data". [oasis-tcs/sarif-spec#397](https://github.com/oasis-tcs/sarif-spec/issues/397) -* API BREAKING: Rename `invocation.toolExecutionSuccessful` to `invocation.executionSuccessful`. [oasis-tcs/sarif-spec#399](https://github.com/oasis-tcs/sarif-spec/issues/399) -* API BREAKING: Add regex patterns for guid and language in schema. -* API NON-BREAKING: Add `run.specialLocations` in schema. [oasis-tcs/sarif-spec#396](https://github.com/oasis-tcs/sarif-spec/issues/396) -* API BREAKING: Improve `address` object design. [oasis-tcs/sarif-spec#401](https://github.com/oasis-tcs/sarif-spec/issues/401) +* API BRK: OneOf `graphTraversal.runGraphIndex` and `graphTraversal.resultGraphIndex` is required. +* API NON-BRK: Add address.kind well-known values "instruction" and "data". [oasis-tcs/sarif-spec#397](https://github.com/oasis-tcs/sarif-spec/issues/397) +* API BRK: Rename `invocation.toolExecutionSuccessful` to `invocation.executionSuccessful`. [oasis-tcs/sarif-spec#399](https://github.com/oasis-tcs/sarif-spec/issues/399) +* API BRK: Add regex patterns for guid and language in schema. +* API NON-BRK: Add `run.specialLocations` in schema. [oasis-tcs/sarif-spec#396](https://github.com/oasis-tcs/sarif-spec/issues/396) +* API BRK: Improve `address` object design. [oasis-tcs/sarif-spec#401](https://github.com/oasis-tcs/sarif-spec/issues/401) ## **v2.1.0-beta.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.0-beta.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.0-beta.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.0-beta.2)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.0-beta.2) -* API NON-BREAKING: Change `request.target` type to string. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) -* API BREAKING: anyOf `physicalLocation.artifactLocation` and `physicalLocation.address` is required. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) -* API BREAKING: Rename `run.defaultFileEncoding` to `run.defaultEncoding`. -* API NON-BREAKING: Add `threadFlowLocation.taxa`. [oasis-tcs/sarif-spec#381](https://github.com/oasis-tcs/sarif-spec/issues/381) -* API BREAKING: anyOf `message.id` and `message.text` is required. -* API NON-BREAKING: Add `request.noResponseReceived` and `request.failureReason`. [oasis-tcs/sarif-spec#378](https://github.com/oasis-tcs/sarif-spec/issues/378) -* API BREAKING: anyOf `externalPropertyFileReference.guid` and `externalPropertyFileReference.location` is required. -* API BREAKING: `artifact.length` should have `default: -1, minimum: -1` values. -* API BREAKING: Rename `fix.changes` to `fix.artifactChanges`. -* API BREAKING: Each redaction token in an originalUriBaseId represents a unique location. [oasis-tcs/sarif-spec#377](https://github.com/oasis-tcs/sarif-spec/issues/377) -* API BREAKING: Rename file related enums in `artifact.roles`. -* API BREAKING: anyOf `artifactLocation.uri` and `artifactLocation.index` is required. -* API BREAKING: `multiformatMessageString.text` is required. -* API BREAKING: `inlineExternalProperties` array must have unique items. -* API BREAKING: `run.externalPropertyFileReferences`, update unique flag and minItems on every item according to spec. -* API BREAKING: `run.markdownMessageMimeType` should be removed from schema. -* API BREAKING: `externalPropertyFileReference.itemCount` should have a minimum value of 1. -* API NON-BREAKING: Add `toolComponent.informationUri` property. -* API NON-BREAKING: `toolComponent.isComprehensive` default value should be false. -* API BREAKING: `artifact.offset` minimum value allowed should be 0. -* API NON-BREAKING: Add `directory` enum value in `artifact.roles`. -* API BREAKING: `result.suppressions` array items should be unique and default to null. -* API NON-BREAKING: Add `suppression.guid` in schema. -* API BREAKING: `graph.id` should be removed from schema. -* API BREAKING: `edgeTraversal.stepOverEdgeCount` minimum should be 0. -* API BREAKING: `threadFlowLocation.nestingLevel` minimum should be 0. -* API BREAKING: `threadFlowLocation.importance` should default to `important`. -* API BREAKING: `request.index` should have default: -1, minimum: -1. -* API BREAKING: `response.index` should have default: -1, minimum: -1. -* API NON-BREAKING: `externalProperties.version` is not a required property if it is not root element. -* API NON-BREAKING: Add artifact roles for configuration files. [oasis-tcs/sarif-spec#372](https://github.com/oasis-tcs/sarif-spec/issues/372) -* API NON-BREAKING: Add suppression.justification. [oasis-tcs/sarif-spec#373](https://github.com/oasis-tcs/sarif-spec/issues/373) -* API NON-BREAKING: Associate descriptor metadata with thread flow locations. [oasis-tcs/sarif-spec#381](https://github.com/oasis-tcs/sarif-spec/issues/381) -* API BREAKING: Move `location.physicalLocation.id` to `location.id`. [oasis-tcs/sarif-spec#375](https://github.com/oasis-tcs/sarif-spec/issues/375) -* API BREAKING: `result.stacks` array should have unique items. -* API BREAKING: `result.relatedLocations` array should have unique items. -* API BREAKING: Separate `suppression` `status` from `kind`. [oasis-tcs/sarif-spec#371](https://github.com/oasis-tcs/sarif-spec/issues/371) -* API BREAKING: `reportingDescriptorReference` requires anyOf (`index`, `guid`, `id`). -* API BREAKING: Rename `request` object and related properties to `webRequest`. -* API BREAKING: Rename `response` object and related properties to `webResponse`. -* API NON-BREAKING: Add `locationRelationship` object. [oasis-tcs/sarif-spec#375](https://github.com/oasis-tcs/sarif-spec/issues/375) -* API BREAKING: `externalPropertyFileReference.itemCount` can be 0 and defaults to minimum: -1, default: -1. -* API BREAKING: `threadFlowLocation.executionOrder` can be 0 and defaults to -1, so minimum: -1, default: -1 -* API BREAKING: Rename artifact role `traceFile` to `tracedFile`. -* API NON-BREAKING: Add artifact role `debugOutputFile`. -* API NON-BREAKING: Add `value` to `threadFlowLocation.kinds`. -* API NON-BREAKING: Add a new value to `result.kind`: `informational`. -* API NON-BREAKING: add `address.kind`values `function` and `page`. -* API NON-BREAKING: `run.columnKind` has no default value. -* API NON-BREAKING: In the `reportingDescriptorRelationship` object, add a property `description` of type `message`, optional. -* API NON-BREAKING: In the `locationRelationship` object, add a property `description` of type `message`, optional. -* API BREAKING: `region.byteOffset` should have default: -1, minimum: -1. -* API BREAKING: Change `notification.physicalLocation` of type `physicalLocation` to `notification.locations` of type `locations`. +* API NON-BRK: Change `request.target` type to string. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) +* API BRK: anyOf `physicalLocation.artifactLocation` and `physicalLocation.address` is required. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) +* API BRK: Rename `run.defaultFileEncoding` to `run.defaultEncoding`. +* API NON-BRK: Add `threadFlowLocation.taxa`. [oasis-tcs/sarif-spec#381](https://github.com/oasis-tcs/sarif-spec/issues/381) +* API BRK: anyOf `message.id` and `message.text` is required. +* API NON-BRK: Add `request.noResponseReceived` and `request.failureReason`. [oasis-tcs/sarif-spec#378](https://github.com/oasis-tcs/sarif-spec/issues/378) +* API BRK: anyOf `externalPropertyFileReference.guid` and `externalPropertyFileReference.location` is required. +* API BRK: `artifact.length` should have `default: -1, minimum: -1` values. +* API BRK: Rename `fix.changes` to `fix.artifactChanges`. +* API BRK: Each redaction token in an originalUriBaseId represents a unique location. [oasis-tcs/sarif-spec#377](https://github.com/oasis-tcs/sarif-spec/issues/377) +* API BRK: Rename file related enums in `artifact.roles`. +* API BRK: anyOf `artifactLocation.uri` and `artifactLocation.index` is required. +* API BRK: `multiformatMessageString.text` is required. +* API BRK: `inlineExternalProperties` array must have unique items. +* API BRK: `run.externalPropertyFileReferences`, update unique flag and minItems on every item according to spec. +* API BRK: `run.markdownMessageMimeType` should be removed from schema. +* API BRK: `externalPropertyFileReference.itemCount` should have a minimum value of 1. +* API NON-BRK: Add `toolComponent.informationUri` property. +* API NON-BRK: `toolComponent.isComprehensive` default value should be false. +* API BRK: `artifact.offset` minimum value allowed should be 0. +* API NON-BRK: Add `directory` enum value in `artifact.roles`. +* API BRK: `result.suppressions` array items should be unique and default to null. +* API NON-BRK: Add `suppression.guid` in schema. +* API BRK: `graph.id` should be removed from schema. +* API BRK: `edgeTraversal.stepOverEdgeCount` minimum should be 0. +* API BRK: `threadFlowLocation.nestingLevel` minimum should be 0. +* API BRK: `threadFlowLocation.importance` should default to `important`. +* API BRK: `request.index` should have default: -1, minimum: -1. +* API BRK: `response.index` should have default: -1, minimum: -1. +* API NON-BRK: `externalProperties.version` is not a required property if it is not root element. +* API NON-BRK: Add artifact roles for configuration files. [oasis-tcs/sarif-spec#372](https://github.com/oasis-tcs/sarif-spec/issues/372) +* API NON-BRK: Add suppression.justification. [oasis-tcs/sarif-spec#373](https://github.com/oasis-tcs/sarif-spec/issues/373) +* API NON-BRK: Associate descriptor metadata with thread flow locations. [oasis-tcs/sarif-spec#381](https://github.com/oasis-tcs/sarif-spec/issues/381) +* API BRK: Move `location.physicalLocation.id` to `location.id`. [oasis-tcs/sarif-spec#375](https://github.com/oasis-tcs/sarif-spec/issues/375) +* API BRK: `result.stacks` array should have unique items. +* API BRK: `result.relatedLocations` array should have unique items. +* API BRK: Separate `suppression` `status` from `kind`. [oasis-tcs/sarif-spec#371](https://github.com/oasis-tcs/sarif-spec/issues/371) +* API BRK: `reportingDescriptorReference` requires anyOf (`index`, `guid`, `id`). +* API BRK: Rename `request` object and related properties to `webRequest`. +* API BRK: Rename `response` object and related properties to `webResponse`. +* API NON-BRK: Add `locationRelationship` object. [oasis-tcs/sarif-spec#375](https://github.com/oasis-tcs/sarif-spec/issues/375) +* API BRK: `externalPropertyFileReference.itemCount` can be 0 and defaults to minimum: -1, default: -1. +* API BRK: `threadFlowLocation.executionOrder` can be 0 and defaults to -1, so minimum: -1, default: -1 +* API BRK: Rename artifact role `traceFile` to `tracedFile`. +* API NON-BRK: Add artifact role `debugOutputFile`. +* API NON-BRK: Add `value` to `threadFlowLocation.kinds`. +* API NON-BRK: Add a new value to `result.kind`: `informational`. +* API NON-BRK: add `address.kind`values `function` and `page`. +* API NON-BRK: `run.columnKind` has no default value. +* API NON-BRK: In the `reportingDescriptorRelationship` object, add a property `description` of type `message`, optional. +* API NON-BRK: In the `locationRelationship` object, add a property `description` of type `message`, optional. +* API BRK: `region.byteOffset` should have default: -1, minimum: -1. +* API BRK: Change `notification.physicalLocation` of type `physicalLocation` to `notification.locations` of type `locations`. ## **v2.1.0-beta.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.0-beta.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.0-beta.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.0-beta.1)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.0-beta.1)) -* API BREAKING: Change `request.uri` to `request.target`. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) +* API BRK: Change `request.uri` to `request.target`. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) ## **v2.1.0-beta.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.1.0-beta.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.1.0-beta.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.1.0-beta.0)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.1.0-beta.0)) -* API BREAKING: All SARIF state dictionaries now contains multiformat strings as values. [oasis-tcs/sarif-spec#361](https://github.com/oasis-tcs/sarif-spec/issues/361) -* API NON-BREAKING: Define `request` and `response` objects. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) +* API BRK: All SARIF state dictionaries now contains multiformat strings as values. [oasis-tcs/sarif-spec#361](https://github.com/oasis-tcs/sarif-spec/issues/361) +* API NON-BRK: Define `request` and `response` objects. [oasis-tcs/sarif-spec#362](https://github.com/oasis-tcs/sarif-spec/issues/362) ## **v2.0.0-csd.2.beta.2019.04-03.3** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.04-03.3) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.04-03.3) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.04-03.3)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.04-03.3)) -* API BREAKING: Rename `reportingDescriptor.descriptor` to `reportingDescriptor.target`. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) -* API NON-BREAKING: Remove `canPrecedeOrFollow` from relationship kind list. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) +* API BRK: Rename `reportingDescriptor.descriptor` to `reportingDescriptor.target`. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) +* API NON-BRK: Remove `canPrecedeOrFollow` from relationship kind list. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) ## **v2.0.0-csd.2.beta.2019.04-03.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.04-03.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.04-03.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.04-03.2)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.04-03.2)) -* API NON-BREAKING: Add `module` to `address.kind`. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) -* API BREAKING: `address.baseAddress` & `address.offset` to int. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) -* API BREAKING: Update how reporting descriptors describe their taxonomic relationships. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) -* API NON-BREAKING: Add `initialState` and `immutableState` properties to thread flow object. Add `immutableState` to `graphTraversal` object. [oasis-tcs/sarif-spec#168](https://github.com/oasis-tcs/sarif-spec/issues/168) +* API NON-BRK: Add `module` to `address.kind`. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) +* API BRK: `address.baseAddress` & `address.offset` to int. [oasis-tcs/sarif-spec#353](https://github.com/oasis-tcs/sarif-spec/issues/353) +* API BRK: Update how reporting descriptors describe their taxonomic relationships. [oasis-tcs/sarif-spec#356](https://github.com/oasis-tcs/sarif-spec/issues/356) +* API NON-BRK: Add `initialState` and `immutableState` properties to thread flow object. Add `immutableState` to `graphTraversal` object. [oasis-tcs/sarif-spec#168](https://github.com/oasis-tcs/sarif-spec/issues/168) ## **v2.0.0-csd.2.beta.2019.04-03.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.04-03.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.04-03.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.04-03.1)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.04-03.1)) -* API BREAKING: Rename `message.messageId` property to `message.id`. +* API BRK: Rename `message.messageId` property to `message.id`. ## **v2.0.0-csd.2.beta.2019.04-03.0** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.04-03.0) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.04-03.0) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.04-03.0)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.04-03.0)) -* API NON-BREAKING: Introduce new localization mechanism (post ballot changes). [oasis-tcs/sarif-spec#338](https://github.com/oasis-tcs/sarif-spec/issues/338) -* API BREAKING: Add `address` property to a `location` object (post ballot changes). [oasis-tcs/sarif-spec#302](https://github.com/oasis-tcs/sarif-spec/issues/302) -* API NON-BREAKING: Define result `taxonomies`. [oasis-tcs/sarif-spec#314](https://github.com/oasis-tcs/sarif-spec/issues/314) -* API NON-BREAKING: Define a `reportingDescriptorReference` object. [oasis-tcs/sarif-spec#324](https://github.com/oasis-tcs/sarif-spec/issues/324) -* API BREAKING: Change `run.graphs` and `result.graphs` from objects to arrays. [oasis-tcs/sarif-spec#326](https://github.com/oasis-tcs/sarif-spec/issues/326) -* API BREAKING: External property file related renames (post ballot changes). [oasis-tcs/sarif-spec#335](https://github.com/oasis-tcs/sarif-spec/issues/335) -* API NON-BREAKING: Allow toolComponents to be externalized. [oasis-tcs/sarif-spec#337](https://github.com/oasis-tcs/sarif-spec/issues/337) -* API BREAKING: Rename all `instanceGuid` properties to `guid`. [oasis-tcs/sarif-spec#341](https://github.com/oasis-tcs/sarif-spec/issues/341) -* API NON-BREAKING: Add `reportingDescriptor.deprecatedNames` and `deprecatedGuids` to match `deprecatedIds` property. [oasis-tcs/sarif-spec#346](https://github.com/oasis-tcs/sarif-spec/issues/346) -* API NON-BREAKING: Add `referencedOnCommandLine` as a role. [oasis-tcs/sarif-spec#347](https://github.com/oasis-tcs/sarif-spec/issues/347) -* API NON-BREAKING: Rename `reportingConfigurationOverride` to `configurationOverride`. [oasis-tcs/sarif-spec#350](https://github.com/oasis-tcs/sarif-spec/issues/350) +* API NON-BRK: Introduce new localization mechanism (post ballot changes). [oasis-tcs/sarif-spec#338](https://github.com/oasis-tcs/sarif-spec/issues/338) +* API BRK: Add `address` property to a `location` object (post ballot changes). [oasis-tcs/sarif-spec#302](https://github.com/oasis-tcs/sarif-spec/issues/302) +* API NON-BRK: Define result `taxonomies`. [oasis-tcs/sarif-spec#314](https://github.com/oasis-tcs/sarif-spec/issues/314) +* API NON-BRK: Define a `reportingDescriptorReference` object. [oasis-tcs/sarif-spec#324](https://github.com/oasis-tcs/sarif-spec/issues/324) +* API BRK: Change `run.graphs` and `result.graphs` from objects to arrays. [oasis-tcs/sarif-spec#326](https://github.com/oasis-tcs/sarif-spec/issues/326) +* API BRK: External property file related renames (post ballot changes). [oasis-tcs/sarif-spec#335](https://github.com/oasis-tcs/sarif-spec/issues/335) +* API NON-BRK: Allow toolComponents to be externalized. [oasis-tcs/sarif-spec#337](https://github.com/oasis-tcs/sarif-spec/issues/337) +* API BRK: Rename all `instanceGuid` properties to `guid`. [oasis-tcs/sarif-spec#341](https://github.com/oasis-tcs/sarif-spec/issues/341) +* API NON-BRK: Add `reportingDescriptor.deprecatedNames` and `deprecatedGuids` to match `deprecatedIds` property. [oasis-tcs/sarif-spec#346](https://github.com/oasis-tcs/sarif-spec/issues/346) +* API NON-BRK: Add `referencedOnCommandLine` as a role. [oasis-tcs/sarif-spec#347](https://github.com/oasis-tcs/sarif-spec/issues/347) +* API NON-BRK: Rename `reportingConfigurationOverride` to `configurationOverride`. [oasis-tcs/sarif-spec#350](https://github.com/oasis-tcs/sarif-spec/issues/350) ## **v2.0.0-csd.2.beta.2019.02-20** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.02-20) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.02-20) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.02-20)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.02-20)) -* COMMAND-LINE BREAKING: Rename `--sarif-version` to `--sarif-output-version`. Remove duplicative tranform `--target-version` command-line argument. -* COMMAND-LINE NON-BREAKING: add `--inline` option to multitool `rebaseuri` verb, to write output directly into input files. -* API NON-BREAKING: Add additional properties to `toolComponent`. [oasis-tcs/sarif-spec#336](https://github.com/oasis-tcs/sarif-spec/issues/336) -* API NON-BREAKING: Provide a caching mechanism for duplicated code flow data. [oasis-tcs/sarif-spec#320](https://github.com/oasis-tcs/sarif-spec/issues/320) -* API NON-BREAKING: Add `inlineExternalPropertyFiles` at the log level. [oasis-tcs/sarif-spec#321](https://github.com/oasis-tcs/sarif-spec/issues/321) -* API NON-BREAKING: Update logical location kinds to accommodate XML and JSON paths. [oasis-tcs/sarif-spec#291](https://github.com/oasis-tcs/sarif-spec/issues/291) -* API NON-BREAKING: Define result taxonomies. [oasis-tcs/sarif-spec#314](https://github.com/oasis-tcs/sarif-spec/issues/314) -* API BREAKING: Remove `invocation.attachments`, now replaced by `run.tool.extensions`. [oasis-tcs/sarif-spec#327](https://github.com/oasis-tcs/sarif-spec/issues/327) -* API NON-BREAKING: Introduce new localization mechanism. [oasis-tcs/sarif-spec#338](https://github.com/oasis-tcs/sarif-spec/issues/338) -* API BREAKING: Remove `tool.language` and localization support. [oasis-tcs/sarif-spec#325](https://github.com/oasis-tcs/sarif-spec/issues/325) -* API NON-BREAKING: Add additional properties to toolComponent. [oasis-tcs/sarif-spec#336](https://github.com/oasis-tcs/sarif-spec/issues/336) -* API BREAKING: Rename `invocation.toolNotifications` and `invocation.configurationNotifications` to `toolExecutionNotifications` and `toolConfigurationNotifications`. [oasis-tcs/sarif-spec#330](https://github.com/oasis-tcs/sarif-spec/issues/330) -* API BREAKING: Add address property to a location object (and other nodes). [oasis-tcs/sarif-spec#302](https://github.com/oasis-tcs/sarif-spec/issues/302) -* API BREAKING: External property file related renames. [oasis-tcs/sarif-spec#335](https://github.com/oasis-tcs/sarif-spec/issues/335) +* COMMAND-LINE BRK: Rename `--sarif-version` to `--sarif-output-version`. Remove duplicative tranform `--target-version` command-line argument. +* COMMAND-LINE NON-BRK: add `--inline` option to multitool `rebaseuri` verb, to write output directly into input files. +* API NON-BRK: Add additional properties to `toolComponent`. [oasis-tcs/sarif-spec#336](https://github.com/oasis-tcs/sarif-spec/issues/336) +* API NON-BRK: Provide a caching mechanism for duplicated code flow data. [oasis-tcs/sarif-spec#320](https://github.com/oasis-tcs/sarif-spec/issues/320) +* API NON-BRK: Add `inlineExternalPropertyFiles` at the log level. [oasis-tcs/sarif-spec#321](https://github.com/oasis-tcs/sarif-spec/issues/321) +* API NON-BRK: Update logical location kinds to accommodate XML and JSON paths. [oasis-tcs/sarif-spec#291](https://github.com/oasis-tcs/sarif-spec/issues/291) +* API NON-BRK: Define result taxonomies. [oasis-tcs/sarif-spec#314](https://github.com/oasis-tcs/sarif-spec/issues/314) +* API BRK: Remove `invocation.attachments`, now replaced by `run.tool.extensions`. [oasis-tcs/sarif-spec#327](https://github.com/oasis-tcs/sarif-spec/issues/327) +* API NON-BRK: Introduce new localization mechanism. [oasis-tcs/sarif-spec#338](https://github.com/oasis-tcs/sarif-spec/issues/338) +* API BRK: Remove `tool.language` and localization support. [oasis-tcs/sarif-spec#325](https://github.com/oasis-tcs/sarif-spec/issues/325) +* API NON-BRK: Add additional properties to toolComponent. [oasis-tcs/sarif-spec#336](https://github.com/oasis-tcs/sarif-spec/issues/336) +* API BRK: Rename `invocation.toolNotifications` and `invocation.configurationNotifications` to `toolExecutionNotifications` and `toolConfigurationNotifications`. [oasis-tcs/sarif-spec#330](https://github.com/oasis-tcs/sarif-spec/issues/330) +* API BRK: Add address property to a location object (and other nodes). [oasis-tcs/sarif-spec#302](https://github.com/oasis-tcs/sarif-spec/issues/302) +* API BRK: External property file related renames. [oasis-tcs/sarif-spec#335](https://github.com/oasis-tcs/sarif-spec/issues/335) ## **v2.0.0-csd.2.beta.2019.01-24.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.01-24.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.01-24.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.01-24.1)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.01-24.1)) -* BUGFIX: `region.charOffset` default value should be -1 (invalid value) rather than 0. Fixes an issue where `region.charLength` is > 0 but `region.charOffset` is absent (because its value of 0 was incorrectly elided due to being the default value). +* BUG: `region.charOffset` default value should be -1 (invalid value) rather than 0. Fixes an issue where `region.charLength` is > 0 but `region.charOffset` is absent (because its value of 0 was incorrectly elided due to being the default value). ## **v2.0.0-csd.2.beta.2019.01-24** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019.01-24) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019.01-24) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019.01-24)) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019.01-24)) -* BUGFIX: SDK compatibility update for sample apps. -* BUGFIX: Add Sarif.Multitool.exe.config file to multitool package to resolve "Could not load file or assembly `Newtonsoft.Json, Version=9.0.0.0`" exception on using validate command. -* API BREAKING: rename baselineState `existing` value to `unchanged`. Add new baselineState value `updated`. [oasis-tcs/sarif-spec#312](https://github.com/oasis-tcs/sarif-spec/issues/312) -* API BREAKING: unify result and notification failure levels (`note`, `warning`, `error`). Break out result evaluation state into `result.kind` property with values `pass`, `fail`, `open`, `review`, `notApplicable`. [oasis-tcs/sarif-spec#317](https://github.com/oasis-tcs/sarif-spec/issues/317) -* API BREAKING: remove IRule entirely, in favor of utilizing ReportingDescriptor base class. -* API BREAKING: define `toolComponent` object to persist tool data. The `tool.driver` component documents the standard driver metadata. `tool.extensions` is an array of `toolComponent` instances that describe extensions to the core analyzer. This change also deletes `tool.sarifLoggerVersion` (from the newly created `toolComponent` object) due to its lack of utility. Adds `result.extensionIndex` to allow results to be associated with a plug-in. `toolComponent` also added as a new file role. [oasis-tcs/sarif-spec#179](https://github.com/oasis-tcs/sarif-spec/issues/179) -* API BREAKING: Remove `run.resources` object. Rename `rule` object to `reportingDescriptor`. Move rule and notification reportingDescriptor objects to `tool.notificationDescriptors` and `tool.ruleDescriptors`. `resources.messageStrings` now located at `toolComponent.globalMessageStrings`. `rule.configuration` property now named `reportingDescriptor.defaultConfiguration`. `reportingConfiguration.defaultLevel` and `reportingConfiguration.defaultRank` simplified to `reportingConfiguration.level` and `reportingConfiguration.rank`. Actual runtime reportingConfiguration persisted to new array of reportingConfiguration objects at `invocation.reportingConfiguration`. [oasis-tcs/sarif-spec#311](https://github.com/oasis-tcs/sarif-spec/issues/311) -* API BREAKING: `run.richTextMessageMimeType` renamed to `run.markdownMessageMimeType`. `message.richText` renamed to `message.markdown`. `message.richMessageId` deleted. Create `multiformatMessageString` object, that holds plain text and markdown message format strings. `reportingDescriptor.messageStrings` is now a dictionary of these objects, keyed by message id. `reporting.Descriptor.richMessageStrings` dictionary is deleted. [oasis-tcs/sarif-spec#319](https://github.com/oasis-tcs/sarif-spec/issues/319) -* API BREAKING: `threadflowLocation.kind` is now `threadflowLocation.kinds`, an array of strings that categorize the thread flow location. [oasis-tcs/sarif-spec#202](https://github.com/oasis-tcs/sarif-spec/issues/202) -* API BREAKING: `file` renamed to `artifact`. `fileLocation` renamed to `artifactLocation`. `run.files` renamed to `run.artifacts`. [oasis-tcs/sarif-spec#309](https://github.com/oasis-tcs/sarif-spec/issues/309) +* BUG: SDK compatibility update for sample apps. +* BUG: Add Sarif.Multitool.exe.config file to multitool package to resolve "Could not load file or assembly `Newtonsoft.Json, Version=9.0.0.0`" exception on using validate command. +* API BRK: rename baselineState `existing` value to `unchanged`. Add new baselineState value `updated`. [oasis-tcs/sarif-spec#312](https://github.com/oasis-tcs/sarif-spec/issues/312) +* API BRK: unify result and notification failure levels (`note`, `warning`, `error`). Break out result evaluation state into `result.kind` property with values `pass`, `fail`, `open`, `review`, `notApplicable`. [oasis-tcs/sarif-spec#317](https://github.com/oasis-tcs/sarif-spec/issues/317) +* API BRK: remove IRule entirely, in favor of utilizing ReportingDescriptor base class. +* API BRK: define `toolComponent` object to persist tool data. The `tool.driver` component documents the standard driver metadata. `tool.extensions` is an array of `toolComponent` instances that describe extensions to the core analyzer. This change also deletes `tool.sarifLoggerVersion` (from the newly created `toolComponent` object) due to its lack of utility. Adds `result.extensionIndex` to allow results to be associated with a plug-in. `toolComponent` also added as a new file role. [oasis-tcs/sarif-spec#179](https://github.com/oasis-tcs/sarif-spec/issues/179) +* API BRK: Remove `run.resources` object. Rename `rule` object to `reportingDescriptor`. Move rule and notification reportingDescriptor objects to `tool.notificationDescriptors` and `tool.ruleDescriptors`. `resources.messageStrings` now located at `toolComponent.globalMessageStrings`. `rule.configuration` property now named `reportingDescriptor.defaultConfiguration`. `reportingConfiguration.defaultLevel` and `reportingConfiguration.defaultRank` simplified to `reportingConfiguration.level` and `reportingConfiguration.rank`. Actual runtime reportingConfiguration persisted to new array of reportingConfiguration objects at `invocation.reportingConfiguration`. [oasis-tcs/sarif-spec#311](https://github.com/oasis-tcs/sarif-spec/issues/311) +* API BRK: `run.richTextMessageMimeType` renamed to `run.markdownMessageMimeType`. `message.richText` renamed to `message.markdown`. `message.richMessageId` deleted. Create `multiformatMessageString` object, that holds plain text and markdown message format strings. `reportingDescriptor.messageStrings` is now a dictionary of these objects, keyed by message id. `reporting.Descriptor.richMessageStrings` dictionary is deleted. [oasis-tcs/sarif-spec#319](https://github.com/oasis-tcs/sarif-spec/issues/319) +* API BRK: `threadflowLocation.kind` is now `threadflowLocation.kinds`, an array of strings that categorize the thread flow location. [oasis-tcs/sarif-spec#202](https://github.com/oasis-tcs/sarif-spec/issues/202) +* API BRK: `file` renamed to `artifact`. `fileLocation` renamed to `artifactLocation`. `run.files` renamed to `run.artifacts`. [oasis-tcs/sarif-spec#309](https://github.com/oasis-tcs/sarif-spec/issues/309) ## **v2.0.0-csd.2.beta.2019-01-09** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2019-01-09) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2019-01-09) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2019-01-09) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2019-01-09) -* BUGFIX: Result matching improvements in properties persistence. -* FEATURE: Fortify FPR converter improvements. -* API NON-BREAKING: Remove uniqueness requirement from `result.locations`. -* API NON-BREAKING: Add `run.newlineSequences` to schema. [oasis-tcs/sarif-spec#169](https://github.com/oasis-tcs/sarif-spec/issues/169) -* API NON-BREAKING: Add `rule.deprecatedIds` to schema. [oasis-tcs/sarif-spec#293](https://github.com/oasis-tcs/sarif-spec/issues/293) -* API NON-BREAKING: Add `versionControlDetails.mappedTo`. [oasis-tcs/sarif-spec#248](https://github.com/oasis-tcs/sarif-spec/issues/248) -* API NON-BREAKING: Add result.rank`. Add`ruleConfiguration.defaultRank`. -* API NON-BREAKING: Add `file.sourceLocation` and `region.sourceLanguage` to guide in snippet colorization. `run.defaultSourceLanguage` provides a default value. [oasis-tcs/sarif-spec#286](https://github.com/oasis-tcs/sarif-spec/issues/286) -* API NON-BREAKING: default values for `result.rank` and `ruleConfiguration.defaultRank` is now -1.0 (from 0.0). [oasis-tcs/sarif-spec#303](https://github.com/oasis-tcs/sarif-spec/issues/303) -* API BREAKING: Remove `run.architecture` [oasis-tcs/sarif-spec#262](https://github.com/oasis-tcs/sarif-spec/issues/262) -* API BREAKING: `result.message` is now a required property [oasis-tcs/sarif-spec#283](https://github.com/oasis-tcs/sarif-spec/issues/283) -* API BREAKING: Rename `tool.fileVersion` to `tool.dottedQuadFileVersion` [oasis-tcs/sarif-spec#274](https://github.com/oasis-tcs/sarif-spec/issues/274) -* API BREAKING: Remove `open` from valid rule default configuration levels. The transformer remaps this value to `note`. [oasis-tcs/sarif-spec#288](https://github.com/oasis-tcs/sarif-spec/issues/288) -* API BREAKING: `run.columnKind` default value is now `unicodeCodePoints`. The transformer will inject `utf16CodeUnits`, however, when this property is absent, as this value is a more appropriate default for the Windows platform. [#1160](https://github.com/Microsoft/sarif-sdk/pull/1160) -* API BREAKING: Make `run.logicalLocations` an array, not a dictionary. Add result.logicalLocationIndex to point to associated logical location. -* API BREAKING: `run.externalFiles` renamed to `run.externalPropertyFiles`, which is not a bundle of external property file objects. NOTE: no transformation will be provided for legacy versions of the external property files API. -* API BREAKING: rework `result.provenance` object, including moving result.conversionProvenance to `result.provenance.conversionSources`. NOTE: no transformation currently exists for this update. -* API BREAKING: Make `run.files` an array, not a dictionary. Add fileLocation.fileIndex to point to a file object associated with the location within `run.files`. -* API BREAKING: Make `resources.rules` an array, not a dictionary. Add result.ruleIndex to point to a rule object associated with the result within `resources.rules`. -* API BREAKING: `run.logicalLocations` now requires unique array elements. [oasis-tcs/sarif-spec#304](https://github.com/oasis-tcs/sarif-spec/issues/304) +* BUG: Result matching improvements in properties persistence. +* NEW: Fortify FPR converter improvements. +* API NON-BRK: Remove uniqueness requirement from `result.locations`. +* API NON-BRK: Add `run.newlineSequences` to schema. [oasis-tcs/sarif-spec#169](https://github.com/oasis-tcs/sarif-spec/issues/169) +* API NON-BRK: Add `rule.deprecatedIds` to schema. [oasis-tcs/sarif-spec#293](https://github.com/oasis-tcs/sarif-spec/issues/293) +* API NON-BRK: Add `versionControlDetails.mappedTo`. [oasis-tcs/sarif-spec#248](https://github.com/oasis-tcs/sarif-spec/issues/248) +* API NON-BRK: Add result.rank`. Add`ruleConfiguration.defaultRank`. +* API NON-BRK: Add `file.sourceLocation` and `region.sourceLanguage` to guide in snippet colorization. `run.defaultSourceLanguage` provides a default value. [oasis-tcs/sarif-spec#286](https://github.com/oasis-tcs/sarif-spec/issues/286) +* API NON-BRK: default values for `result.rank` and `ruleConfiguration.defaultRank` is now -1.0 (from 0.0). [oasis-tcs/sarif-spec#303](https://github.com/oasis-tcs/sarif-spec/issues/303) +* API BRK: Remove `run.architecture` [oasis-tcs/sarif-spec#262](https://github.com/oasis-tcs/sarif-spec/issues/262) +* API BRK: `result.message` is now a required property [oasis-tcs/sarif-spec#283](https://github.com/oasis-tcs/sarif-spec/issues/283) +* API BRK: Rename `tool.fileVersion` to `tool.dottedQuadFileVersion` [oasis-tcs/sarif-spec#274](https://github.com/oasis-tcs/sarif-spec/issues/274) +* API BRK: Remove `open` from valid rule default configuration levels. The transformer remaps this value to `note`. [oasis-tcs/sarif-spec#288](https://github.com/oasis-tcs/sarif-spec/issues/288) +* API BRK: `run.columnKind` default value is now `unicodeCodePoints`. The transformer will inject `utf16CodeUnits`, however, when this property is absent, as this value is a more appropriate default for the Windows platform. [#1160](https://github.com/Microsoft/sarif-sdk/pull/1160) +* API BRK: Make `run.logicalLocations` an array, not a dictionary. Add result.logicalLocationIndex to point to associated logical location. +* API BRK: `run.externalFiles` renamed to `run.externalPropertyFiles`, which is not a bundle of external property file objects. NOTE: no transformation will be provided for legacy versions of the external property files API. +* API BRK: rework `result.provenance` object, including moving result.conversionProvenance to `result.provenance.conversionSources`. NOTE: no transformation currently exists for this update. +* API BRK: Make `run.files` an array, not a dictionary. Add fileLocation.fileIndex to point to a file object associated with the location within `run.files`. +* API BRK: Make `resources.rules` an array, not a dictionary. Add result.ruleIndex to point to a rule object associated with the result within `resources.rules`. +* API BRK: `run.logicalLocations` now requires unique array elements. [oasis-tcs/sarif-spec#304](https://github.com/oasis-tcs/sarif-spec/issues/304) ## **v2.0.0-csd.2.beta.2018-10-10.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2018-10-10.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2018-10-10.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2018-10-10.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2018-10-10.2) -* BUGFIX: Don`t emit v2 analysisTarget if there is no v1 resultFile. +* BUG: Don`t emit v2 analysisTarget if there is no v1 resultFile. * BUILD: Bring NuGet publishing scripts into conformance with new Microsoft requirements. ## **v2.0.0-csd.2.beta.2018-10-10.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2018-10-10.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2018-10-10.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2018-10-10.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2018-10-10.1) -* BUGFIX: Persist region information associated with analysis target +* BUG: Persist region information associated with analysis target ## **v2.0.0-csd.2.beta.2018-10-10** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.2.beta.2018-10-10) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.2.beta.2018-10-10) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.2.beta.2018-10-10) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.2.beta.2018-10-10) -* FEATURE:Add --sarif-version command to driver (to transform SARIF output to v1 format) -* BUGFIX: Drop erroneous persistence of redaction tokens as files objects. -* API NON-BREAKING: Add `result.occurrenceCount` (denotes # of occurrences of an identical results within an analysisRun) -* API NON-BREAKING: Add `run.externalFiles` object to schema. Sync generally to OASIS TC schema. -* API BREAKING: `originalUriBaseIds` is now a dictionary of file locations, not strings. -* API BREAKING: Suffix `invocation.startTime`, `invocation.endTime`, `file.lastModifiedTime` and `notification.time` with Utc (`startTimeUtc`, `endTimeUtc`, etc.). -* API BREAKING: `threadflowLocation.timestamp` renamed to `executionTimeUtc`. -* API BREAKING: `versionControlDetails.timestamp` renamed to `asOfTimeUtc`. -* API BREAKING: `versionControlDetails.uri` renamed to `repositoryUri`. -* API BREAKING: `versionControlDetails.tag` renamed to `revisionTag` -* API BREAKING: `exception.message` type converted from string to message object. -* API BREAKING: `file.hashes` is now a string/string dictionary, not an array of `hash` objects (the type for which is deleted) -* API BREAKING: `run.instanceGuid`, `run.correlationGuid`, `run.logicalId`, `run.description` combined into new `runAutomationDetails` object instance defined at `run.id`. -* API BREAKING: `run.automationLogicalId` subsumed by `run.aggregateIds`, an array of `runAutomationDetails` objects. -* API BREAKING: Remove `threadFlowLocation.step` -* API BREAKING: `invocation.workingDirectory` is now a FileLocation object (and not a URI expressed as a string) +* NEW:Add --sarif-version command to driver (to transform SARIF output to v1 format) +* BUG: Drop erroneous persistence of redaction tokens as files objects. +* API NON-BRK: Add `result.occurrenceCount` (denotes # of occurrences of an identical results within an analysisRun) +* API NON-BRK: Add `run.externalFiles` object to schema. Sync generally to OASIS TC schema. +* API BRK: `originalUriBaseIds` is now a dictionary of file locations, not strings. +* API BRK: Suffix `invocation.startTime`, `invocation.endTime`, `file.lastModifiedTime` and `notification.time` with Utc (`startTimeUtc`, `endTimeUtc`, etc.). +* API BRK: `threadflowLocation.timestamp` renamed to `executionTimeUtc`. +* API BRK: `versionControlDetails.timestamp` renamed to `asOfTimeUtc`. +* API BRK: `versionControlDetails.uri` renamed to `repositoryUri`. +* API BRK: `versionControlDetails.tag` renamed to `revisionTag` +* API BRK: `exception.message` type converted from string to message object. +* API BRK: `file.hashes` is now a string/string dictionary, not an array of `hash` objects (the type for which is deleted) +* API BRK: `run.instanceGuid`, `run.correlationGuid`, `run.logicalId`, `run.description` combined into new `runAutomationDetails` object instance defined at `run.id`. +* API BRK: `run.automationLogicalId` subsumed by `run.aggregateIds`, an array of `runAutomationDetails` objects. +* API BRK: Remove `threadFlowLocation.step` +* API BRK: `invocation.workingDirectory` is now a FileLocation object (and not a URI expressed as a string) ## **v2.0.0-csd.1.0.2** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.1.0.2) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.1.0.2) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.1.0.2) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.1.0.2) -* BUGFIX: In result matching algorithm, an empty or null previous log no longer causes a NullReferenceException. -* BUGFIX: In result matching algorithm, duplicate data is no longer incorrectly detected across files. Also: changed a "NotImplementedException" to the correct "InvalidOperationException". +* BUG: In result matching algorithm, an empty or null previous log no longer causes a NullReferenceException. +* BUG: In result matching algorithm, duplicate data is no longer incorrectly detected across files. Also: changed a "NotImplementedException" to the correct "InvalidOperationException". ## **v2.0.0-csd.1.0.1** [Sdk](https://www.nuget.org/packages/Sarif.Sdk/2.0.0-csd.1.0.1) | [Driver](https://www.nuget.org/packages/Sarif.Driver/2.0.0-csd.1.0.1) | [Converters](https://www.nuget.org/packages/Sarif.Converters/2.0.0-csd.1.0.1) | [Multitool](https://www.nuget.org/packages/Sarif.Multitool/2.0.0-csd.1.0.1) diff --git a/src/Samples/Sarif.Sdk.Sample/Program.cs b/src/Samples/Sarif.Sdk.Sample/Program.cs index 9761c9202..18d331a1e 100644 --- a/src/Samples/Sarif.Sdk.Sample/Program.cs +++ b/src/Samples/Sarif.Sdk.Sample/Program.cs @@ -351,7 +351,7 @@ private static void SerializeSarifResult(string filePath, int numResult, bool us region, fixes[i])) { - sarifLogger.Log(rule, result); + sarifLogger.Log(rule, result, toolComponent: null); } } } diff --git a/src/Samples/SarifTrim/Program.cs b/src/Samples/SarifTrim/Program.cs index cc7c828e8..adf769a63 100644 --- a/src/Samples/SarifTrim/Program.cs +++ b/src/Samples/SarifTrim/Program.cs @@ -58,7 +58,7 @@ private static void Main(string[] args) foreach (Result result in run.Results) { consolidator.Trim(result); - logger.Log(result.GetRule(run), result); + logger.Log(result.GetRule(run), result, toolComponent: null); } } diff --git a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs index bc4608dd3..2f31d6d73 100644 --- a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs +++ b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs @@ -333,11 +333,11 @@ private async Task LogScanResultsAsync(TContext rootContext) private static void LogCachingLogger(TContext rootContext, TContext context, bool clone = false) { var cachingLogger = (CachingLogger)context.Logger; - IDictionary>> results = cachingLogger.Results; + IDictionary>> results = cachingLogger.Results; if (results?.Count > 0) { - foreach (KeyValuePair>> kv in results) + foreach (KeyValuePair>> kv in results) { foreach (Tuple tuple in kv.Value) { diff --git a/src/Sarif/Writers/CachingLogger.cs b/src/Sarif/Writers/CachingLogger.cs index e452d2826..a85bc15d5 100644 --- a/src/Sarif/Writers/CachingLogger.cs +++ b/src/Sarif/Writers/CachingLogger.cs @@ -78,7 +78,7 @@ public void Log(ReportingDescriptor rule, Result result, ToolComponent toolCompo Results ??= new Dictionary>>(); - if (!Results.TryGetValue(rule, out IList> results)) + if (!Results.TryGetValue(rule, out IList> results)) { results = Results[rule] = new List>(); } diff --git a/src/Sarif/Writers/SarifLogger.cs b/src/Sarif/Writers/SarifLogger.cs index 9c21b4064..b741be227 100644 --- a/src/Sarif/Writers/SarifLogger.cs +++ b/src/Sarif/Writers/SarifLogger.cs @@ -168,7 +168,7 @@ private void RecordRules(int? extensionIndex, ToolComponent toolComponent) Id = rule.Id, Index = ruleIndex, ToolComponent = extensionIndex != null - ? new ToolComponentReference + ? new ToolComponentReference { Index = extensionIndex.Value, } From 4fb556f2ae62edd989201fb171c3acbf36d928d5 Mon Sep 17 00:00:00 2001 From: "Michael C. Fanning" Date: Wed, 25 Jan 2023 17:40:39 -0800 Subject: [PATCH 3/5] Review changes. --- src/Sarif/Core/ReportingDescriptor.cs | 1 + src/Sarif/Writers/SarifLogger.cs | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Sarif/Core/ReportingDescriptor.cs b/src/Sarif/Core/ReportingDescriptor.cs index d104a5077..a5d63f87e 100644 --- a/src/Sarif/Core/ReportingDescriptor.cs +++ b/src/Sarif/Core/ReportingDescriptor.cs @@ -22,6 +22,7 @@ public string Moniker return moniker; } } + public string Format(string messageId, IEnumerable arguments) { return string.Format(CultureInfo.CurrentCulture, this.MessageStrings[messageId].Text, arguments.ToArray()); diff --git a/src/Sarif/Writers/SarifLogger.cs b/src/Sarif/Writers/SarifLogger.cs index b741be227..f72b55b84 100644 --- a/src/Sarif/Writers/SarifLogger.cs +++ b/src/Sarif/Writers/SarifLogger.cs @@ -269,6 +269,7 @@ private void EnhanceRun(IEnumerable analysisTargets, public IDictionary RuleToReportingDescriptorReferenceMap { get; } public IDictionary RuleToIndexMap { get; } + public Dictionary ExtensionGuidToIndexMap { get; } public bool ComputeFileHashes => _dataToInsert.HasFlag(OptionallyEmittedData.Hashes); From 6f6bdac4defdc6f71f737e08b99c1ea1b6d3f49a Mon Sep 17 00:00:00 2001 From: "Michael C. Fanning" Date: Thu, 26 Jan 2023 09:30:25 -0800 Subject: [PATCH 4/5] Upates based on further testing. --- src/Sarif/Core/Tool.cs | 11 +++++++---- src/Sarif/Writers/SarifLogger.cs | 17 ++++++++++++----- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/Sarif/Core/Tool.cs b/src/Sarif/Core/Tool.cs index 52166d4b1..aeca94e09 100644 --- a/src/Sarif/Core/Tool.cs +++ b/src/Sarif/Core/Tool.cs @@ -14,25 +14,28 @@ namespace Microsoft.CodeAnalysis.Sarif /// public partial class Tool { + public static Assembly DefaultAssembly { get; set; } + // This regex does not anchor to the end of the string ("$") because FileVersionInfo // can contain additional information, for example: "2.1.3.25 built by: MY-MACHINE". private const string DottedQuadFileVersionPattern = @"^\d+(\.\d+){3}"; private static readonly Regex dottedQuadFileVersionRegex = new Regex(DottedQuadFileVersionPattern, RegexOptions.Compiled | RegexOptions.CultureInvariant); - public static Tool CreateFromAssemblyData(Assembly assembly = null, string prereleaseInfo = null) + public static Tool CreateFromAssemblyData(Assembly assembly = null, + string prereleaseInfo = null) { - assembly = assembly ?? Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly(); + assembly ??= DefaultAssembly ?? Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly(); string name = Path.GetFileNameWithoutExtension(assembly.Location); Version version = assembly.GetName().Version; string dottedQuadFileVersion = null; - var fileVersion = FileVersionInfo.GetVersionInfo(assembly.Location); + FileVersionInfo fileVersion = FileVersionInfo.GetVersionInfo(assembly.Location); if (fileVersion.FileVersion != version.ToString()) { dottedQuadFileVersion = ParseFileVersion(version.ToString()); - } + } Tool tool = new Tool { diff --git a/src/Sarif/Writers/SarifLogger.cs b/src/Sarif/Writers/SarifLogger.cs index f72b55b84..dd42a7e3c 100644 --- a/src/Sarif/Writers/SarifLogger.cs +++ b/src/Sarif/Writers/SarifLogger.cs @@ -396,21 +396,28 @@ private ReportingDescriptorReference LogRule(ReportingDescriptor rule, ToolCompo int index = toolComponent.Rules.Count; toolComponent.Rules.Add(rule); - if (!ExtensionGuidToIndexMap.TryGetValue(toolComponent.Guid.Value, out int extensionIndex)) + + ToolComponentReference toolComponentReference = null; + + if (toolComponent != _run.Tool.Driver && + !ExtensionGuidToIndexMap.TryGetValue(toolComponent.Guid.Value, out int extensionIndex)) { + _run.Tool.Extensions ??= new List(); extensionIndex = _run.Tool.Extensions.Count; ExtensionGuidToIndexMap[toolComponent.Guid.Value] = extensionIndex; _run.Tool.Extensions.Add(toolComponent); + + toolComponentReference = new ToolComponentReference + { + Index = extensionIndex, + }; } reference = new ReportingDescriptorReference { Index = index, Id = rule.Id, - ToolComponent = new ToolComponentReference - { - Index = extensionIndex, - } + ToolComponent = toolComponentReference, }; RuleToReportingDescriptorReferenceMap[rule] = reference; From 709ba1858ce6acea1c67741a23994563e52b1e0c Mon Sep 17 00:00:00 2001 From: "Michael C. Fanning" Date: Fri, 27 Jan 2023 08:52:41 -0800 Subject: [PATCH 5/5] Further updates to provide rules metadata in extensions area. --- src/Samples/Sarif.Sdk.Sample/Program.cs | 2 +- src/Samples/SarifTrim/Program.cs | 2 +- src/Sarif.Driver/Sdk/AggregatingLogger.cs | 4 +- src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs | 6 +-- .../Sdk/MultithreadedAnalyzeCommandBase.cs | 6 +-- src/Sarif.Driver/Sdk/Skimmer.cs | 2 +- src/Sarif/Core/Result.cs | 7 +++ src/Sarif/Core/Tool.cs | 16 +++---- src/Sarif/FileSystem.cs | 13 ++++++ src/Sarif/IAnalysisLogger.cs | 2 +- src/Sarif/IFileSystem.cs | 9 ++++ src/Sarif/Writers/CacheByFileHashLogger.cs | 18 ++++---- src/Sarif/Writers/CachingLogger.cs | 12 ++--- src/Sarif/Writers/ConsoleLogger.cs | 2 +- src/Sarif/Writers/SarifLogger.cs | 44 +++++++------------ ...esMustBeConsistentWithArrays_Invalid.sarif | 26 +++++------ ...F1010.RuleIdMustBeConsistent_Invalid.sarif | 26 ----------- .../SARIF2004.OptimizeFileSize_Invalid.sarif | 25 +---------- src/Test.Utilities.Sarif/TestMessageLogger.cs | 2 +- 19 files changed, 95 insertions(+), 129 deletions(-) diff --git a/src/Samples/Sarif.Sdk.Sample/Program.cs b/src/Samples/Sarif.Sdk.Sample/Program.cs index 18d331a1e..3f20b8f7f 100644 --- a/src/Samples/Sarif.Sdk.Sample/Program.cs +++ b/src/Samples/Sarif.Sdk.Sample/Program.cs @@ -351,7 +351,7 @@ private static void SerializeSarifResult(string filePath, int numResult, bool us region, fixes[i])) { - sarifLogger.Log(rule, result, toolComponent: null); + sarifLogger.Log(rule, result, extensionIndex: null); } } } diff --git a/src/Samples/SarifTrim/Program.cs b/src/Samples/SarifTrim/Program.cs index adf769a63..7c56ef038 100644 --- a/src/Samples/SarifTrim/Program.cs +++ b/src/Samples/SarifTrim/Program.cs @@ -58,7 +58,7 @@ private static void Main(string[] args) foreach (Result result in run.Results) { consolidator.Trim(result); - logger.Log(result.GetRule(run), result, toolComponent: null); + logger.Log(result.GetRule(run), result, extensionIndex: null); } } diff --git a/src/Sarif.Driver/Sdk/AggregatingLogger.cs b/src/Sarif.Driver/Sdk/AggregatingLogger.cs index 73fc50e2e..672863883 100644 --- a/src/Sarif.Driver/Sdk/AggregatingLogger.cs +++ b/src/Sarif.Driver/Sdk/AggregatingLogger.cs @@ -53,11 +53,11 @@ public void AnalyzingTarget(IAnalysisContext context) } } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex) { foreach (IAnalysisLogger logger in Loggers) { - logger.Log(rule, result, toolComponent); + logger.Log(rule, result, extensionIndex); } } diff --git a/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs b/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs index 43d8eecc9..85712f776 100644 --- a/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs +++ b/src/Sarif.Driver/Sdk/AnalyzeCommandBase.cs @@ -631,7 +631,7 @@ protected virtual TContext DetermineApplicabilityAndAnalyze( if ((options.DataToInsert.ToFlags() & OptionallyEmittedData.Hashes) != 0) { - _cacheByFileHashLogger.HashToResultsMap.TryGetValue(context.Hashes.Sha256, out List> cachedResultTuples); + _cacheByFileHashLogger.HashToResultsMap.TryGetValue(context.Hashes.Sha256, out List> cachedResultTuples); _cacheByFileHashLogger.HashToNotificationsMap.TryGetValue(context.Hashes.Sha256, out List cachedNotifications); bool replayCachedData = (cachedResultTuples != null || cachedNotifications != null); @@ -642,13 +642,13 @@ protected virtual TContext DetermineApplicabilityAndAnalyze( if (cachedResultTuples != null) { - foreach (Tuple cachedResultTuple in cachedResultTuples) + foreach (Tuple cachedResultTuple in cachedResultTuples) { Result clonedResult = cachedResultTuple.Item2.DeepClone(); ReportingDescriptor cachedReportingDescriptor = cachedResultTuple.Item1; UpdateLocationsAndMessageWithCurrentUri(clonedResult.Locations, clonedResult.Message, context.TargetUri); - context.Logger.Log(cachedReportingDescriptor, clonedResult); + context.Logger.Log(cachedReportingDescriptor, clonedResult, cachedResultTuple.Item3); } } diff --git a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs index 2f31d6d73..efdb5e64d 100644 --- a/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs +++ b/src/Sarif.Driver/Sdk/MultithreadedAnalyzeCommandBase.cs @@ -333,13 +333,13 @@ private async Task LogScanResultsAsync(TContext rootContext) private static void LogCachingLogger(TContext rootContext, TContext context, bool clone = false) { var cachingLogger = (CachingLogger)context.Logger; - IDictionary>> results = cachingLogger.Results; + IDictionary>> results = cachingLogger.Results; if (results?.Count > 0) { - foreach (KeyValuePair>> kv in results) + foreach (KeyValuePair>> kv in results) { - foreach (Tuple tuple in kv.Value) + foreach (Tuple tuple in kv.Value) { Result result = tuple.Item1; Result currentResult = result; diff --git a/src/Sarif.Driver/Sdk/Skimmer.cs b/src/Sarif.Driver/Sdk/Skimmer.cs index 6797c3a2f..8060d74df 100644 --- a/src/Sarif.Driver/Sdk/Skimmer.cs +++ b/src/Sarif.Driver/Sdk/Skimmer.cs @@ -49,7 +49,7 @@ private Dictionary InitializeMultiformatMessag : RuleUtilities.BuildDictionary(ResourceManager, MessageResourceNames, ruleId: Id); } - public ToolComponent Extension { get; set; } + public int ExtensionIndex { get; set; } public override string Id => throw new InvalidOperationException($"The {nameof(Id)} property must be overridden in the SkimmerBase-derived class."); diff --git a/src/Sarif/Core/Result.cs b/src/Sarif/Core/Result.cs index 88c7f4882..d5fc52058 100644 --- a/src/Sarif/Core/Result.cs +++ b/src/Sarif/Core/Result.cs @@ -17,6 +17,13 @@ public partial class Result /// public Run Run { get; set; } + public bool ShouldSerializeRuleId() + { + return + this.Rule == null || string.IsNullOrEmpty(this.Rule.Id); + } + + public bool ShouldSerializeWorkItemUris() { return this.WorkItemUris != null && this.WorkItemUris.Any((s) => s != null); diff --git a/src/Sarif/Core/Tool.cs b/src/Sarif/Core/Tool.cs index aeca94e09..940c0bf1f 100644 --- a/src/Sarif/Core/Tool.cs +++ b/src/Sarif/Core/Tool.cs @@ -14,8 +14,6 @@ namespace Microsoft.CodeAnalysis.Sarif /// public partial class Tool { - public static Assembly DefaultAssembly { get; set; } - // This regex does not anchor to the end of the string ("$") because FileVersionInfo // can contain additional information, for example: "2.1.3.25 built by: MY-MACHINE". private const string DottedQuadFileVersionPattern = @"^\d+(\.\d+){3}"; @@ -23,29 +21,31 @@ public partial class Tool private static readonly Regex dottedQuadFileVersionRegex = new Regex(DottedQuadFileVersionPattern, RegexOptions.Compiled | RegexOptions.CultureInvariant); public static Tool CreateFromAssemblyData(Assembly assembly = null, - string prereleaseInfo = null) + bool omitSemanticVersion = false, + IFileSystem fileSystem = null) { - assembly ??= DefaultAssembly ?? Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly(); + fileSystem ??= FileSystem.Instance; + assembly ??= Assembly.GetEntryAssembly() ?? Assembly.GetExecutingAssembly(); string name = Path.GetFileNameWithoutExtension(assembly.Location); Version version = assembly.GetName().Version; string dottedQuadFileVersion = null; - FileVersionInfo fileVersion = FileVersionInfo.GetVersionInfo(assembly.Location); + FileVersionInfo fileVersion = fileSystem.FileVersionInfoGetVersionInfo(assembly.Location); if (fileVersion.FileVersion != version.ToString()) { dottedQuadFileVersion = ParseFileVersion(version.ToString()); - } + } Tool tool = new Tool { Driver = new ToolComponent { Name = name, - FullName = name + " " + version.ToString() + (prereleaseInfo ?? ""), + FullName = name + " " + version.ToString(), Version = fileVersion.FileVersion, DottedQuadFileVersion = dottedQuadFileVersion, - SemanticVersion = fileVersion.ProductVersion, + SemanticVersion = omitSemanticVersion ? null : fileVersion.ProductVersion, Organization = string.IsNullOrEmpty(fileVersion.CompanyName) ? null : fileVersion.CompanyName, Product = string.IsNullOrEmpty(fileVersion.ProductName) ? null : fileVersion.ProductName, } diff --git a/src/Sarif/FileSystem.cs b/src/Sarif/FileSystem.cs index 87faf3caa..3599a04b4 100644 --- a/src/Sarif/FileSystem.cs +++ b/src/Sarif/FileSystem.cs @@ -3,6 +3,7 @@ using System; using System.Collections.Generic; +using System.Diagnostics; using System.IO; using System.Reflection; using System.Text; @@ -398,5 +399,17 @@ public long FileInfoLength(string path) FileInfo fileInfo = new FileInfo(path); return fileInfo.Length; } + + /// + /// Returns a representing the version information associated with the specified file. + /// + /// The fully qualified path and name of the file to retrieve the version information for. + /// A containing information about the file. If the file did not + /// contain version information, the FileVersionInfo contains only the name of the file requested. + public FileVersionInfo FileVersionInfoGetVersionInfo(string fileName) + { + FileVersionInfo fileVersionInfo = FileVersionInfo.GetVersionInfo(fileName); + return fileVersionInfo; + } } } diff --git a/src/Sarif/IAnalysisLogger.cs b/src/Sarif/IAnalysisLogger.cs index dfe7b0ee4..e7ac4ae71 100644 --- a/src/Sarif/IAnalysisLogger.cs +++ b/src/Sarif/IAnalysisLogger.cs @@ -16,7 +16,7 @@ public interface IAnalysisLogger /// /// /// - void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null); + void Log(ReportingDescriptor rule, Result result, int? extensionIndex = null); /// /// Log a notification that describes a runtime condition detected by the tool. diff --git a/src/Sarif/IFileSystem.cs b/src/Sarif/IFileSystem.cs index 14c92990e..d70442786 100644 --- a/src/Sarif/IFileSystem.cs +++ b/src/Sarif/IFileSystem.cs @@ -3,6 +3,7 @@ using System; using System.Collections.Generic; +using System.Diagnostics; using System.IO; using System.Reflection; using System.Text; @@ -321,5 +322,13 @@ public interface IFileSystem /// A long representing the size of the file in bytes. /// long FileInfoLength(string path); + + /// + /// Returns a representing the version information associated with the specified file. + /// + /// The fully qualified path and name of the file to retrieve the version information for. + /// A containing information about the file. If the file did not + /// contain version information, the FileVersionInfo contains only the name of the file requested. + FileVersionInfo FileVersionInfoGetVersionInfo(string fileName); } } diff --git a/src/Sarif/Writers/CacheByFileHashLogger.cs b/src/Sarif/Writers/CacheByFileHashLogger.cs index 7d35c8a5d..44250752f 100644 --- a/src/Sarif/Writers/CacheByFileHashLogger.cs +++ b/src/Sarif/Writers/CacheByFileHashLogger.cs @@ -21,7 +21,7 @@ public class CacheByFileHashLogger : BaseLogger, IAnalysisLogger private string currentFileHash; public Dictionary> HashToNotificationsMap { get; private set; } - public Dictionary>> HashToResultsMap { get; private set; } + public Dictionary>> HashToResultsMap { get; private set; } public CacheByFileHashLogger(IEnumerable levels, IEnumerable kinds) : base(levels, kinds) { @@ -30,7 +30,7 @@ public CacheByFileHashLogger(IEnumerable levels, IEnumerable>(); - HashToResultsMap = new Dictionary>>(); + HashToResultsMap = new Dictionary>>(); } public void AnalysisStopped(RuntimeConditions runtimeConditions) @@ -52,11 +52,11 @@ public void AnalyzingTarget(IAnalysisContext context) { cacheLoggingData = true; HashToNotificationsMap[currentFileHash] = new List(); - HashToResultsMap[currentFileHash] = new List>(); + HashToResultsMap[currentFileHash] = new List>(); } } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex = null) { if (!cacheLoggingData) { return; } @@ -65,16 +65,16 @@ public void Log(ReportingDescriptor rule, Result result, ToolComponent toolCompo return; } - CacheResult(rule, result, toolComponent); + CacheResult(rule, result, extensionIndex); } - private void CacheResult(ReportingDescriptor rule, Result result, ToolComponent toolComponent) + private void CacheResult(ReportingDescriptor rule, Result result, int? extensionIndex) { - if (!HashToResultsMap.TryGetValue(currentFileHash, out List> results)) + if (!HashToResultsMap.TryGetValue(currentFileHash, out List> results)) { - results = HashToResultsMap[currentFileHash] = new List>(); + results = HashToResultsMap[currentFileHash] = new List>(); } - results.Add(new Tuple(rule, result, toolComponent)); + results.Add(new Tuple(rule, result, extensionIndex)); } public void LogConfigurationNotification(Notification notification) diff --git a/src/Sarif/Writers/CachingLogger.cs b/src/Sarif/Writers/CachingLogger.cs index a85bc15d5..345ce262b 100644 --- a/src/Sarif/Writers/CachingLogger.cs +++ b/src/Sarif/Writers/CachingLogger.cs @@ -22,7 +22,7 @@ public CachingLogger(IEnumerable levels, IEnumerable k _semaphore = new SemaphoreSlim(initialCount: 1, maxCount: 1); } - public IDictionary>> Results { get; set; } + public IDictionary>> Results { get; set; } public IList ConfigurationNotifications { get; set; } @@ -49,7 +49,7 @@ public void AnalyzingTarget(IAnalysisContext context) _semaphore.Wait(); } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex) { if (rule == null) { @@ -76,13 +76,13 @@ public void Log(ReportingDescriptor rule, Result result, ToolComponent toolCompo throw new ArgumentException($"rule.Id is not equal to result.RuleId ({rule.Id} != {result.RuleId})"); } - Results ??= new Dictionary>>(); + Results ??= new Dictionary>>(); - if (!Results.TryGetValue(rule, out IList> results)) + if (!Results.TryGetValue(rule, out IList> results)) { - results = Results[rule] = new List>(); + results = Results[rule] = new List>(); } - results.Add(new Tuple(result, toolComponent)); + results.Add(new Tuple(result, extensionIndex)); } public void LogConfigurationNotification(Notification notification) diff --git a/src/Sarif/Writers/ConsoleLogger.cs b/src/Sarif/Writers/ConsoleLogger.cs index d39277199..767530550 100644 --- a/src/Sarif/Writers/ConsoleLogger.cs +++ b/src/Sarif/Writers/ConsoleLogger.cs @@ -93,7 +93,7 @@ public void AnalyzingTarget(IAnalysisContext context) context.TargetUri.GetFileName())); } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent = null) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex = null) { if (result == null) { diff --git a/src/Sarif/Writers/SarifLogger.cs b/src/Sarif/Writers/SarifLogger.cs index dd42a7e3c..822dfb6fb 100644 --- a/src/Sarif/Writers/SarifLogger.cs +++ b/src/Sarif/Writers/SarifLogger.cs @@ -126,7 +126,7 @@ public SarifLogger(TextWriter textWriter, defaultFileEncoding, AnalysisTargetToHashDataMap); - tool = tool ?? Tool.CreateFromAssemblyData(); + tool ??= Tool.CreateFromAssemblyData(); _run.Tool = tool; _dataToInsert = dataToInsert; @@ -269,7 +269,7 @@ private void EnhanceRun(IEnumerable analysisTargets, public IDictionary RuleToReportingDescriptorReferenceMap { get; } public IDictionary RuleToIndexMap { get; } - + public Dictionary ExtensionGuidToIndexMap { get; } public bool ComputeFileHashes => _dataToInsert.HasFlag(OptionallyEmittedData.Hashes); @@ -329,7 +329,7 @@ public void AnalysisStopped(RuntimeConditions runtimeConditions) } } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex) { if (rule == null) { @@ -356,13 +356,13 @@ public void Log(ReportingDescriptor rule, Result result, ToolComponent toolCompo return; } - if (toolComponent == null) + if (extensionIndex == null) { result.RuleIndex = LogRule(rule); } else { - result.Rule = LogRule(rule, toolComponent); + result.Rule = LogRule(rule, extensionIndex.Value); } CaptureFilesInResult(result); @@ -388,39 +388,25 @@ private int LogRule(ReportingDescriptor rule) return ruleIndex; } - private ReportingDescriptorReference LogRule(ReportingDescriptor rule, ToolComponent toolComponent) + private ReportingDescriptorReference LogRule(ReportingDescriptor rule, int extensionIndex) { + ToolComponent toolComponent = _run.Tool.Extensions[extensionIndex]; + if (!RuleToReportingDescriptorReferenceMap.TryGetValue(rule, out ReportingDescriptorReference reference)) { toolComponent.Rules ??= new OrderSensitiveValueComparisonList(ReportingDescriptor.ValueComparer); - int index = toolComponent.Rules.Count; + int ruleIndex = toolComponent.Rules.Count; toolComponent.Rules.Add(rule); - - ToolComponentReference toolComponentReference = null; - - if (toolComponent != _run.Tool.Driver && - !ExtensionGuidToIndexMap.TryGetValue(toolComponent.Guid.Value, out int extensionIndex)) + reference = RuleToReportingDescriptorReferenceMap[rule] = new ReportingDescriptorReference { - _run.Tool.Extensions ??= new List(); - extensionIndex = _run.Tool.Extensions.Count; - ExtensionGuidToIndexMap[toolComponent.Guid.Value] = extensionIndex; - _run.Tool.Extensions.Add(toolComponent); - - toolComponentReference = new ToolComponentReference - { - Index = extensionIndex, - }; - } - - reference = new ReportingDescriptorReference - { - Index = index, Id = rule.Id, - ToolComponent = toolComponentReference, + Index = ruleIndex, + ToolComponent = new ToolComponentReference + { + Index = extensionIndex + }, }; - - RuleToReportingDescriptorReferenceMap[rule] = reference; } return reference; diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1009.IndexPropertiesMustBeConsistentWithArrays_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1009.IndexPropertiesMustBeConsistentWithArrays_Invalid.sarif index 94cbcfdc1..efa37c76a 100644 --- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1009.IndexPropertiesMustBeConsistentWithArrays_Invalid.sarif +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1009.IndexPropertiesMustBeConsistentWithArrays_Invalid.sarif @@ -94,7 +94,7 @@ "index": 0 }, "region": { - "startLine": 151, + "startLine": 150, "startColumn": 28 } } @@ -123,7 +123,7 @@ "index": 0 }, "region": { - "startLine": 154, + "startLine": 153, "startColumn": 37 } } @@ -151,7 +151,7 @@ "index": 0 }, "region": { - "startLine": 159, + "startLine": 158, "startColumn": 17 } } @@ -179,7 +179,7 @@ "index": 0 }, "region": { - "startLine": 159, + "startLine": 158, "startColumn": 17 } } @@ -207,7 +207,7 @@ "index": 0 }, "region": { - "startLine": 171, + "startLine": 170, "startColumn": 21 } } @@ -235,7 +235,7 @@ "index": 0 }, "region": { - "startLine": 178, + "startLine": 177, "startColumn": 37 } } @@ -263,7 +263,7 @@ "index": 0 }, "region": { - "startLine": 181, + "startLine": 180, "startColumn": 38 } } @@ -292,7 +292,7 @@ "index": 0 }, "region": { - "startLine": 206, + "startLine": 205, "startColumn": 25 } } @@ -321,7 +321,7 @@ "index": 0 }, "region": { - "startLine": 197, + "startLine": 196, "startColumn": 13 } } @@ -349,7 +349,7 @@ "index": 0 }, "region": { - "startLine": 201, + "startLine": 200, "startColumn": 13 } } @@ -377,7 +377,7 @@ "index": 0 }, "region": { - "startLine": 214, + "startLine": 213, "startColumn": 25 } } @@ -405,7 +405,7 @@ "index": 0 }, "region": { - "startLine": 217, + "startLine": 216, "startColumn": 26 } } @@ -434,7 +434,7 @@ "index": 0 }, "region": { - "startLine": 248, + "startLine": 247, "startColumn": 9 } } diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1010.RuleIdMustBeConsistent_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1010.RuleIdMustBeConsistent_Invalid.sarif index ea2a69419..54d26a179 100644 --- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1010.RuleIdMustBeConsistent_Invalid.sarif +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1010.RuleIdMustBeConsistent_Invalid.sarif @@ -66,32 +66,6 @@ } } ] - }, - { - "ruleId": "SARIF1010", - "ruleIndex": 0, - "level": "error", - "message": { - "id": "Error_ResultRuleIdMustBeConsistent", - "arguments": [ - "runs[0].results[1]", - "TST0001", - "TST0002" - ] - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "index": 0 - }, - "region": { - "startLine": 18, - "startColumn": 9 - } - } - } - ] } ], "columnKind": "utf16CodeUnits" diff --git a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif index f179df071..90b4c92fa 100644 --- a/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif +++ b/src/Test.FunctionalTests.Sarif/TestData/Multitool/ValidateCommand/ExpectedOutputs/SARIF2004.OptimizeFileSize_Invalid.sarif @@ -142,29 +142,6 @@ } ] }, - { - "ruleId": "SARIF2004", - "ruleIndex": 0, - "message": { - "id": "Warning_AvoidDuplicativeResultRuleInformation", - "arguments": [ - "runs[0].results[3]" - ] - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "index": 0 - }, - "region": { - "startLine": 81, - "startColumn": 9 - } - } - } - ] - }, { "ruleId": "SARIF2004", "ruleIndex": 0, @@ -181,7 +158,7 @@ "index": 0 }, "region": { - "startLine": 94, + "startLine": 93, "startColumn": 9 } } diff --git a/src/Test.Utilities.Sarif/TestMessageLogger.cs b/src/Test.Utilities.Sarif/TestMessageLogger.cs index af83d024f..60b3f316b 100644 --- a/src/Test.Utilities.Sarif/TestMessageLogger.cs +++ b/src/Test.Utilities.Sarif/TestMessageLogger.cs @@ -43,7 +43,7 @@ public void AnalyzingTarget(IAnalysisContext context) { } - public void Log(ReportingDescriptor rule, Result result, ToolComponent toolComponent) + public void Log(ReportingDescriptor rule, Result result, int? extensionIndex) { NoteTestResult(result.Kind, result.Locations.First().PhysicalLocation.ArtifactLocation.Uri.LocalPath); }