- BRK: Remove defunct and unsupported
kusto
command inSarif.Multitool
. - DEP: Remove dependency on
Microsoft.Azure.Kusto.Data
. - DEP: Update
Azure.Identity
reference from 1.10.2 to 1.13.1 inWorkItems
andSarif.Multitool.Library
to resolve CVE-2024-29992 and other CVEs. - DEP: Update
Azure.Core
from 1.35.0 to 1.41.1 to satisfy minimum requirement ofAzure.Identity
1.12.1 (that has no known vulnerabilities). - DEP: Update
System.Text.Encodings.Web
from 5.0.1 to 6.0.0 (required by transitive closure of dependency requirements from other updates). - DEP: Update all
Newtonsoft.Json
references from 12.0.3 to 13.0.3 to resolve CVE-2024-21907. - DEP: Update
Microsoft.Data.SqlClient
from 2.1.7 to 5.2.2 so its dependenciesMicrosoft.IdentityModel.JsonWebTokens
andSystem.IdentityModel.Tokens.Jwt
upgrade to non-vulnerable version 6.35.0 (/~https://github.com/dotnet/aspnetcore/security/advisories/GHSA-59j7-ghrg-fj52). - BUG: Resolve process hangs when a file path is provided with a wildcard, but without a
-r
(recurse) flag during the multi-threaded analysis file enumeration phase. - BUG: Fix error
ERR997.NoValidAnalysisTargets
when scanning symbolic link files. - BUG: Fix
ERR999.UnhandledEngineException: System.IO.FileNotFoundException: Could not find file
when a file name or directory path contains URL-encoded characters.
**v4.5.4 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix incorrect base class in rule ADO2012.
**v4.5.3 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Restructure shared
MessageResourceNames
collections to ensure return of correct error messages.
**v4.5.2 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Update
Skimmer
stack inMultitool.Library
to support sharedMessageResourceNames
collections between base rules and their derivatives. - BUG: Fix message strings to always assume {1} is reserved for the rule's service name.
- BUG: Clean up unused resource strings in Multitool.Library.Rules.RuleResources.resx.
**v4.5.1 Sdk | Driver | Converters | Multitool | Multitool Library
- DEP: Add explicit package references to
Sarif
andSarif.Driver
to resolve version conflict build error.System.Diagnostics.Debug
4.3.0,System.IO.FileSystem.Primitives
4.3.0,System.Text.Encoding.Extensions
4.3.0. - NEW: Expose
MultithreadedAnalyzeCommandBase.BuildDisabledSkimmersSet
, a utility function which extracts a disabled skimmer set from aTContext
.
**v4.5.0 Sdk | Driver | Converters | Multitool | Multitool Library
- DEP: Downgrade
System.Text.Encoding.CodePages
from 8.0.0 to 4.3.0 inSarif
. - DEP: Remove explicit versioning for
System.Memory
andSystem.Runtime.CompilerServices.Unsafe
. - DEP: Remove spurious references to
System.Collections.Immutable
. - DEP: Update
Microsoft.Data.SqlClient
reference from 2.1.2 to 2.1.7 inWorkItems
andSarif.Multitool.Library
to resolve CVE-2024-0056. - DEP: Update
System.Data.SqlClient
reference from 4.8.5 to 4.8.6 inWorkItems
to resolve CVE-2024-0056. - BUG: Improve
FileEncoding.IsTextualData
method for detecting binary files. - BUG: Update
Stack.Create
method to populate missingPhysicalLocation
instances when stack frames reference relative file paths. - BUG: Fix
UnsupportedOperationException
inZipArchiveArtifact
. - BUG: Fix
MultithreadedAnalyzeCommandBase
to return rich return code with the--rich-return-code
option. - NEW: Add
IsBinary
property toIEnumeratedArtifact
and implement the property inZipArchiveArtifact
. - NEW: Switch to content-based
IsBinary
categorization forZipArchiveArtifact
s. - PRF: Change default
max-file-size-in-kb
parameter to 10 megabytes. - PRF: Add support for efficiently peeking into non-seekable streams for binary/text categorization.
- NEW: Add a new
--timeout-in-seconds
parameter toAnalyzeOptionsBase
, which will override theTimeoutInMilliseconds
property inAnalyzeContextBase
. - NEW:
--post-uri
will skip sending the SARIF log to the configured endpoint if the file contains no results or fatal execution errors. - NEW: Add the following rules:
ADO1011.ReferenceFinalSchema
,
ADO1013.ProvideRequiredSarifLogProperties
,
ADO1014.ProvideRequiredRunProperties
,
ADO1015.ProvideRequiredResultProperties
,
ADO1016.ProvideRequiredLocationProperties
,
ADO1017.ProvideRequiredPhysicalLocationProperties
,
ADO1018.ProvideRequiredToolProperties
,
ADO2012.ProvideRequiredReportingDescriptorProperties
,
GH1011.ReferenceFinalSchema
,
GH1013.ProvideRequiredSarifLogProperties
,
GH1014.ProvideRequiredRunProperties
,
GH1015.ProvideRequiredResultProperties
,
GH1016.ProvideRequiredLocationProperties
,
GH1017.ProvideRequiredPhysicalLocationProperties
,
GH1018.ProvideRequiredToolProperties
,
GH2012.ProvideRequiredReportingDescriptorProperties
. - NEW: Add a new
--rule-kind
parameter toAnalyzeOptionsBase
, which specifies rule kinds to run (Sarif
,Ghas
,Ado
). Example:--rule-kind Ado;Sarif
.
- DEP: Update reference to
System.Collections.Immutable
5.0.0 forSarif
andSarif.Converters
. - BUG: Emit
WRN997.OneOrMoreFilesSkippedDueToExceedingSizeLimit
when no valid analysis targets are detected (due to exceeding size limits). - BUG: Emit
FailureLevel.Note
messages with labelinfo
(rather thanfail
) inConsoleLogger
.
**v4.4.0 Sdk | Driver | Converters | Multitool | Multitool Library
- DEP: Add reference to
System.Text.Encoding.CodePages
8.0.0 (to support Windows 1252 code pages in binary vs. text classification). - DEP: Update
Newtonsoft.Json
reference from 8.0.3 to 9.0.1 to providenet462
compatibility. - DEP: Update target framework from
net461
tonet462
inSarif
Sarif.Converters
projects (to allow for use ofSystem.Text.Encoding.CodePages
). - DEP: Explicitly add
Azure.Identity
1.10.2 inSarif.Multitool.Library
andWorkItems
to avoid the vulnerable 1.3.0 package viaMicrosoft.Azure.Kusto.Data
10.0.3 per compliance requirements. - DEP: Explicitly add
Microsoft.Data.SqlClient
2.1.2 inSarif.Multitool.Library
andWorkItems
to avoid the vulnerable 2.1.1 package viaMicrosoft.Azure.Kusto.Data
10.0.3 per compliance requirements. - DEP: Explicitly add
System.Data.SqlClient
4.8.5 inWorkItems
to avoid the vulnerable 4.2.2 package viaMicrosoft.TeamFoundationServer.Client
16.170.0 per compliance requirements. - BRK:
EnumeratedArtifact
now sniffs artifacts to distinguish between textual and binary data. TheContents
property will be null for binary files (useBytes
instead). - BRK:
MultithreadedZipArchiveArtifactProvider
now distinguishes binary vs. textual data using a hard-coded binary files extensions list. This data will be made configurable in a future change. Current extensions include.bmp
,.cer
,.der
,.dll
,.exe
,.gif
,.gz
,.iso
,.jpe
,.jpeg
,.lock
,.p12
,.pack
,.pfx
,.pkcs12
,.png
,.psd
,.rar
,.tar
,.tif
,.tiff
,.xcf
,.zip
. - NEW:
EnumeratedArtifact
now automatically detects and populates aBytes
property for binary files such as executables and certificates. - NEW:
FileEncoding.IsTextualData
utility can effectively distinguish between binary and textual data.
v4.3.7 Sdk | Driver | Converters | Multitool | Multitool Library
- DEP: Updated NewtonSoft.JSON to 8.0.3 in Sarif.Converters for .NET targets later than
netstandard2.0
. - BUG: Logging improved when work item client is called with invalid work item values.
- NEW: Add
Path.Combine
,Path.GetDirectoryName
andPath.GetFileNameWithoutExtension
toIFileSystem
.
v4.3.6 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Resolve
InvalidOperationException
processingRuleNotCalled
events. - BUG: Emit optional data arguments for
RuleNotCalled
events in auto-formatted messages. - PRF: Switch file system traversal to pre-order with producer-consumer to accelerate time to scan first artifact.
v4.3.5 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Remove processing of
/u2028
(Unicode line separator) and/u2029
(Unicode paragraph separator) fromNewLineIndex
. - BUG: Resolve
KeyNotFoundException: The given key was not present
exception when scanning content that contains Unicode line and paragraph separators (/u2028
and/u2029
) when enablingOptionallyEmittedData.RollingHashPartialFingerprints
. - BUG: Fix
Unhandled Exception: System.IO.FileNotFoundException: Could not load file or assembly 'Sarif.Multitool.Library, Version=...
when using net462 version of the Multitool. #2722
v4.3.4 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Disable certain console outputs (such as reporting of threads count) when
AnalyzeContextBase.Quiet
is set.
v4.3.3 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Update
dump-events
command to be resilient in cases where the thread id changes between artifact enumeration start/stop event pairs. - BUG: Resolve trace parsing
InvalidOperationException
by updatingdump-events
command to processPartitionInfoExtension
session event as we doPartitionInfoExtensionV2
.
v4.3.2 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Correct multitool query OR logic #2709
v4.3.1 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Improve
HdfConverter
to ensure uri data is populated and to provide location and region data property fromSourceLocation
. #2704 - BUG: Correct
run.language
regex in JSON schema. [#2708]#2708 - BUG: Improve
HdfConverter
to setprecision
andtags
as recommended by GitHub. #2712
v4.3.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Resolve
NullReferenceException
retrievingMultithreadedZipArchiveArtifactProvider.SizeInBytes
after content have been faulted in. - BUG: Improve HDF->SARIF conversion to properly map various properties (e.g.,
kind
,level
,rank
) and generally prepare the converted SARIF for ingestion to GitHub Advanced Security.
v4.2.1 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Resolve
NotSupportedException
thrown (on .NET 4.8 and earlier) on accessingDeflateStream.Length
fromMultithreadedZipArchiveArtifactProvider.SizeInBytes
property.
v4.2.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Change
ArtifactProvicer.SizeInBytes
property type fromulong
tolong
. #2675 - BRK: Update
SarifLog.Post(Uri, StreamWriter, HttpClient)
return value toHttpResponseMessage
(to make returned correlation id and error messages available). #2672 - BRK:
RuntimeConditions
now of typelong
to permit more flag values. Many literal values have changed for individual members. #2660 - BRK:
RuntimeConditions.OneOrMoreFilesSkippedDueToSize
renamed toOneOrMoreFilesSkippedDueToExceedingSizeLimits
. #2660 - BRK:
Notes.LogFileSkippedDueToSize
renamed toLogFileExceedingSizeLimitSkipped
. #2660 - BRK: Command-line argument
automationGuid
renamed toautomation-guid
. #2647 - BRK: Command-line argument
automationId
renamed toautomation-id
. #2647 - BRK: Update
AnalyzeOptionsBase
Quiet
,Recurse
,LogEnvironment
, andRichReturnCode
properties to bool? type. #2644 - BRK: Rename
Errors.LogExceptionCreatingLogFile
toErrors.LogExceptionCreatingOutputFile
to reflect its general purpose. #2643 - BRK: Add
IAnalysisContext.FileRegionsCache
property. Used for data sharing across analysis phases. #2642 - BRK: Remove
FileRegionsCache.Instance
singleton object. Analysis should always prefer context file region context instead. #2642 - BRK:
fileRegionsCache
parameter is now required for theInsertOptionalDataVisitor
. #2642 - BRK: Add
IAnalysisLogger.TargetAnalysisComplete
method. #2637 - BRK: Remove unused
quiet
parameter fromSarifLogger
. [#2639]#2639 - BRK: Remove
ComputeHashData
andAnalysisTargetToHashDataMap
properties fromSarifLogger
(in preference of newfileRegionsCache
parameter. #2639 - BRK: Eliminate proactive hashing of artifacts in
SarifLogger
constructor whenOptionallyEmittedData.Hashes
is specified. #2639 - BUG: Provider better size return values for in-memory
EnumeratedArtifact
instances. #2674 - BUG: Fixed
ERR999.UnhandledEngineException: System.InvalidOperationException: This operation is not supported for a relative URI
when running in Linux with files skipped due to zero byte size. #2664 - BUG: Properly report skipping empty files (rather than reporting file was skipped due to exceeding size limits). #2660
- BUG: Update user messages and code comments that refer to
--force
(replaced by--log ForceOverwrite
). #2656 - BUG: Handle return code 422
UnprocessableEntity
when validating that log file POST endpoint is available. #2656 - BUG: Eliminate erroneous
Posted log file successfully
message when contextPostUri
is non-null but empty. #2655 - BUG: Resolves
IOException
raised by callingFileSystem.ReadAllText
on file locked for write (but not read). #2655 - BUG: Correct
toolComponent.language
regex in JSON schema. [#2653]#2653 - BUG: Generate
IAnalysisLogger.AnalyzingTarget
callbacks fromMulthreadedAnalyzeCommandBase
. #2637 - BUG: Persist
fileRegionsCache
parameter inSarifLogger
to support retrieving hash data. #2639 - BUG: Allow override of
FailureLevels
andResultKinds
in context objects. #2639 - NEW: Add general
Notes.LogFileSkipped
notification mechanism for any skipped files. #2675 - NEW: Add 50K files to analysis channel (rather than previous value of 25k). Smooths performance analyzing many small artifacts. #2674
- NEW: Provide new ETW telemetry for runtime behavior, provider
SarifDriver
, guidc84480b4-a77f-421f-8a11-48210c1724d4
. #2668 - NEW: Provide convenience enumerator at the
SarifLog
level that iterates over all results in all runs in the log. #2660 - NEW: Provide
Notes.LogEmptyFileSkipped
helper for reporting zero-byte files skipped at scan time. #2660 - NEW: Add
MemoryStreamSarifLogger
(for in-memory SARIF generation). #2655 - NEW: Add
AnalyzeContext.VersionControlProvenance
property. #2646 - NEW: Add
DefaultTraces.ResultsSummary
property that drives naive results summary in console logger. #2643 - NEW: Prove
AnalyzeContextBase.Inline
helper. #2643 - NEW:
SarifLogger.FileRegionsCache
property added (to support sharing this instance with context and other classes). #2642 - NEW:
MultithreadedAnalyzeCommandBase.Tool
is now public to support in-memory analysis (and logging) of targets. #2639 - NEW: Add
DefaultTraces.TargetsScanned
which is used byConsoleLogger
to emit target start and stop analysis messages. #2637 - NEW: Update
FileRegionsCache
to retrieve cached newline indices and hash data viaGetNewLineIndex
andGetHashData
methods. #2639
v4.1.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK:
MultithreadedAnalyzeCommandBase
IDispose implementation now manages logging dispose. Be sure to callbase.Dispose()
in any derived type implementations. #2614 - BRK: Eliminate
MulthreadedAnalyzeCommandBase.EngineException
andIAnalysisContext.RuntimeException
properties in favor ofIAnalysisContext.RuntimeExceptions
. #2627 - BRK: Rename
LogFilePersistenceOptions
toFilePersistenceOptions
(due to its general applicability in other file persistence contexts other than output logs).#2625 - BRK: Many breaking changes in
IAnalysisContext
andAnalyzeContextBase
. #2625 - BUG: In
HDFConverter
ifcode_desc
is empty, usedesc
as the SARIFmessage
. #2632 - BUG: Store
HDFConverter
desc
in SARIF'sFullDescription
, notShortDescription
. #2634 - BUG: Eliminate creation of extremely large context region snippets (now always restricted to 512 chars). #2629
- BUG: Eliminate per-context allocations contributing to unnecessary memory use. #2625
- NEW: Rewrite
MultithreadedAnalyzeCommandBase
pipeline to allow for timeout, cancellation, and better API-driven use. #2625 - NEW: Move large amounts of scan data to the context object, to streamline pipeline and allow for XML-driven configuration. #2625
- NEW: Switch file processing to an
ArtifactProvider
model where enumerated artifacts consist of URI and optional content. #2625 - NEW: Add new
FailureLevelSet
andResultKindSet
types that are compatible with XML-based configuration. #2625 - NEW: Add
PeakWorkingSet
to--trace
command to report maximum working set value during analysis. #2619 - NEW: Add
ArtifactProvider
for simple artifact enumeration. Add single-threaded and thread-safe classes for enumerating zip archives. #2630
v4.0.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK:
SarifLogger
no longer allows providing aTool
instance. Use therun
parameter instead (and populate it with any customTool
object). #2614 - BRK:
SarifLogger
updates version details differently. #2611 - BRK: Add
ToolComponent
argument toIAnalysisLogger.Log(ReportingDescriptor, Result)
method. #2611 - BRK: Rename
--normalize-for-github
argument to--normalize-for-ghas
forconvert
command and mark--normalize-for-github
as obsolete. #2581 - BRK: Update
IAnalysisContext.LogToolNotification
method to addReportingDescriptor
parameter. This is required in order to populatedAssociatedRule
data inNotification
instances. The new method has an option value of null for theassociatedRule
parameter to maximize build compatibility. #2604 - BRK: Correct casing of
LogMissingreportingConfiguration
helper toLogMissingReportingConfiguration
. #2599 - BRK: Change type of
MaxFileSizeInKilobytes
from int to long inIAnalysisContext
and other classes. #2599 - BRK: For
Guid
properties defined in SARIF spec, updated Json schema to useuuid
, and updated C# object model to useGuid?
instead ofstring
. #2555 - BRK: Mark
AnalyzeCommandBase
as obsolete. This type will be removed in the next significant update. #2599 - BRK:
LogUnhandledEngineException
no longer has a return value (and updates theRuntimeErrors
context property directly as other helpers do). #2599 - BUG: Populate missing context region data for small, single-line scan targets. #2616
- BUG: Increase parallelism in
MultithreadedAnalyzeCommandBase
by correcting task creation. []#2618](#2618) - BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. #2599
- BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. #2600
- BUG: Another attempt to resolve 'InvalidOperationException' with message
Collection was modified; enumeration operation may not execute
inMultithreadedAnalyzeCommandBase
, raised when analyzing with the--hashes
switch. #2459. There was a previous attempt to fix this in #2447. - BUG: Resolve issue where
match-results-forward
command fails to generate VersionControlDetails data. #2487 - BUG: Remove duplicated rule definitions when executing
match-results-forward
commands for results with sub-rule ids. #2486 - BUG: Update
merge
command to properly produce runs by tool and version when passed the--merge-runs
argument. #2488 - BUG: Eliminate
IOException
andDirectoryNotFoundException
exceptions thrown bymerge
command when splitting by rule (due to invalid file characters in rule ids). #2513 - BUG: Fix classes inside NotYetAutoGenerated folder missing
virtual
keyword for public methods and properties, by regenerate and manually sync the changes. #2537 - BUG: MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. #2579
- BUG: Eliminate
NullReferenceException
when file hashing fails (due to file locked or other errors reading the file). #2596 - NEW: Provide
PluginDriver
property (AdditionalOptionsProvider
) that allows additional options to be exported (typically for command-line arguments). #2599 - NEW: Provide
LogFileSkippedDueToSize
that fires a warning notification if any file is skipped due to exceeding size threshold. #2599 - NEW: Provide overridable
ShouldEnqueue
predicate method to filter files from driver processing. #2599 - NEW: Provide overridable
ShouldComputeHashes
predicate method to prevent files from hashing. #2601 - NEW: Allow external set of
MaxFileSizeInKilobytes
, which will allow SDK users to change the value. (Default value is 1024) #2578 - NEW: Add a Github validation rule
GH1007
, which requires flattened result message so GHAS code scanning can ingest the log. #2580 - NEW: Provide mechanism to populate
SarifLogger
with aFileRegionsCache
instance. - NEW: Allow initialization of file regions cache in
InsertOptionalDataVisitor
(previously initialized exclusively fromFileRegionsCache.Instance
). - NEW: Provide 'RuleScanTime
trace and emitted timing data. Provide
ScanExecution` trace with no utilization. - NEW: Populate associated rule data in
LogToolNotification
as called fromSarifLogger
. #2604 - NEW: Add
--normalize-for-ghas
argument to therewrite
command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. #2581 - NEW: Allow per-line rolling (partial) hash computation for a file. #2605
- NEW:
SarifLogger
now supports extensions rules data when logging (by providing aToolComponent
instance to the result logging method). #2661 - NEW:
SarifLogger
provides aComputeHashData
callback to provide hash data for in-memory scan targets. #2614 - NEW: Provide
HashUtilities.ComputeHashes(Stream)
and `ComputeHashesForText(string) helpers. #2614
v3.1.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Loosen
System.Collections.Immutable
minimum version requirement to 1.5.0. #2504
v3.0.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations.
- BUG: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk, Sarif.Driver and Sarif.WorkItems requires net461.
v2.4.16 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: SARIF now requires Newtonsoft.JSON 13.0.1. Updating Newtonsoft.Json to v13.0.1, Microsoft.Json.Schema to v1.1.5, Microsoft.Json.Pointer to v1.1.5, Microsoft.Azure.Kusto.Data to v10.0.3, Microsoft.NET.Test.Sdk to v17.4.0-preview-20220707-01, Microsoft.Extensions.Logging.ApplicationInsights to v.2.20.0, Microsoft.TeamFoundationServer.Client to v.16.170.0, Microsoft.Coyote to v.1.5.8 and Microsoft.Coyote.Test to v.1.5.8 in response to Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json. #2504
- BUG: Fix false positive for
SARIF1002.UrisMustBeValid
for file URIs that omit theauthority
. #2501 - NEW: Add
max-file-size-in-kb
argument that allows filtering scan targets by file size. #2494
v2.4.15 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix
ArgumentNullException
whenPropertiesDictionary
is instantiated with a null comparer. #2482 - BUG: Fix
UnhandledEngineException
when target path does not exist for multithreaded application by validating directories as is done for singlethreaded analysis. #2461
v2.4.14 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK:
Id
property ofLocation
changed fromint
(32bit) toBigInteger
(unlimited) to fixNewtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.
#2463 - BUG: Eliminate dispose of stream and
StreamWriter
arguments passed toSarifLog.Save
helpers. This would result inObjectDisposedException
being raised on attempt to access streams after save.
v2.4.13 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK:
AnalyzeCommandBase
previously persisted all scan target artifacts to SARIF logs rather than only persisting artifacts referenced by an analysis result, when an option to persist hashes, text file or binary information was set.MultithreadedAnalyzeCommandBase
previously persisted all scan targets artifacts to SARIF logs in cases when hash insertion was eenabled rather than only persisting artifacts referenced by an analysis result. #2433 - BRK: Fix
InvalidOperationException
when using PropertiesDictionary in a multithreaded application, and remove[Serializable]
from it. Now use of BinaryFormatter on it will result inSerializationException
: TypePropertiesDictionary
is not marked as serializable. #2415 - BRK:
SarifLogger
now emits an artifacts table entry ifartifactLocation
is not null for tool configuration and tool execution notifications. #2437 - BUG: Adjust Json Serialization property order for ReportingDescriptor and skip emit empty AutomationDetails node. #2420
- BUG: Fix
ArgumentException
when--recurse
is enabled and two file target specifiers generates the same file path. #2438 - BUG: Fix 'InvalidOperationException' with message
Collection was modified; enumeration operation may not execute
inMultithreadedAnalyzeCommandBase
, which is raised when analyzing with the--hashes
switch. #2447 - BUG: Fix
Merge
command produces empty SARIF file in Linux when providing file name only without path. #2408 - BUG: Fix
NullReferenceException
when filing work item with a SARIF file which has no filable results. #2412 - BUG: Fix missing
endLine
andendColumn
properties and remove vulnerable packages for ESLint SARIF formatter. #2458 - NEW: Add
--sort-results
argument to therewrite
command to get sorted SARIF results. #2422
v2.4.12 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix number of results when filing work item. #2391
- BUG: Fix
TryIsSuppressed
logic. #2395 - NEW: Add
suppress
command to multitool. #2394 - NEW:
MultithreadCommandBase
will use cache when hashing is enabled. #2388 - NEW: Flow suppressions when baselining. #2390
v2.4.11 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix partitioning visitor log duplication. #2369
- NEW: Add
baseline
argument inAnalyzeCommandBase
classes. #2371 - NEW: Clang-Tidy converter will also accept console output log. #2373
v2.4.10 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: Add Clang-Tidy converter. #2367
v2.4.9 Sdk | Driver | Converters | Multitool | Multitool Library
v2.4.8 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix
file-work-item
baselining. #2344 - BUG: Fix
FileRegionsCache
context region construction. #2348
v2.4.7 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix
SubId
handling inCachingLogger
. #2334 - NEW: Add Hdf converter. #2340
- BUG: Fix max result ingestion from
GitHubIngestionVisitor
. #2341
v2.4.6 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: Add CWE relationship in FlawFinder converter. #2332
- NEW: Add
ResultLevelKind
which will handleFailureLevel
andResultKind
. #2331 - BUG: Fix
GitHelper
logic. #2327
v2.4.5 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix
FileRegionsCache
logic. #2309
v2.4.4 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix performance issue in
CachingLogger
. #2301 - BUG: Fix context dispose while analyzing. #2303
- BUG: Fix export json configuration. #2305
- BUG: Fix thread issues while using
Cache
. #2306
v2.4.3 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix issue when executing sarif.multitool. #2298
v2.4.2 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW:
ConstructMultilineContextSnippet
will retrieve a few character after/before to prevent entire file when the file is one line only. #2288 - NEW:
baseliner
will considerlocations
. 2290 - BUG: Fix AzureDevOps title maxLength. #2292
- NEW: Add
PerFingerprint
andPerPropertyBagProperty
splitting forfile-work-items
command. #2293 - NEW: Add
kusto
command in Sarif.Multitool. #2296
v2.4.1 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Move
transform
functionality intorewrite
and delete redundanttransform
command. #2252 - NEW: kind, level, insert, and remove options can now be added to from environment variables. #2273
- NEW:
Merge
command will de-duplicate results. #2280 - NEW:
Merge
command will merge artifacts. #2285
v2.4.0 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Entirely remove
verbose
whose fuctionality has been replaced by--level
and--kind
. #2241 - BRK: Rename
LoggingOptions
toLogFilePersistenceOptions
. #2241 - NEW:
--quiet
will now suppress all console messages except for errors. #2241 - BUG: Fix NullReference in SARIF1012 rule validation [#2254]. (#2254)
- BRK: Rename
--plug-in
to--plugin
. #2264 - NEW: Pass
--plugin
to load more binaries to analyze or export data. #2264
v2.3.18 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: Relax GH1005. #2248
v2.3.17 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Move
CommandBase
class fromMultitool.Library
assembly toDriver
. #2238 - NEW: Argument
VersionControlDetails
forOptionallyEmittedData
in a analysis command will fillVersionControlProvenance
. #2237
v2.3.16 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Rename flag
VersionControlInformation
toVersionControlDetails
fromOptionallyEmittedData
. #2222 - BUG: Fix filtering when using the command
analyze
with custom configuration. #2230 - NEW: If argument
computeFileHashes
, it will be converted toOptionallyEmittedData.Hashes
. #2231 - NEW: Ensure all command options argument properties are settable (useful for API-driven invocation). #2234
- NEW: TargetUri from context can be relative. #2235
v2.3.14 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Fix concurrency issue in when using
Cache
. #2215 - NEW:
ConsoleLogger
will print exception if that exists. #2217 - BUG: Fix
WebRequest
parameters parse that resulted in regex hang #2219
- DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 12.0.3.
- Add
PerRun
splitting strategy for log file refactoring.
v2.3.10 Sdk | Driver | Converters | Multitool | Multitool Library
- BRK: Rename package
WorkItems
toMicrosoft.WorkItems
. #2180 - BUG: Fix
export-validation-config
exception. #2181
v2.3.9 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: Multitool SARIF rewrite accepts
remove
parameter. #2160 - BRK: Remove command
export-validation-docs
and extendexport-validation-rules
command to export markdown file. #2156 - DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3). #2172
- BRK: Remove unused
run
argument from FileRegionsCache constructors. #2173 - BRK: Rename various methods in
IFileSystem
andFileSystem
classes (to consistently prefix all method names with their containing .NET static type, e.g.Directory
. #2173
v2.3.8 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: PACKAGE BRK: Upgrade from .NET Framework 4.5 to .NET Framework 4.5.2. #2135
- NEW: Multitool SARIF merge accepts
threads
parameter. #2026 - NEW: Enable GitHub SourceLink to all project #2148
v2.3.7 Sdk | Driver | Converters | Multitool | Multitool Library
- DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 11.0.2 (rather than 10.0.3)
- DEPENDENCY: SARIF TypeScript package now requires minimist 1.2.3 or later (rather than >=1.2.0)
- BUG: Fix index out of range exception when baselining #2102
- NEW: Add a setter to
GitHelper.GitExePath
. #2110 - NEW:
GitHelper
will search in %PATH% variable forgit.exe
instead of its default install location. #2107 - NEW: Add helper in
SarifLog
andRun
toApplyPolicies
. #2109 - NEW: Add a converter for FlawFinder's CSV output format. #2092
- NEW: Multitool SARIF output is now pretty-printed by default. To remove white space, specify
--minify
. #2098 - NEW: The Multitool
query
command can now evaluate properties in the result and rule property bags, for examplesarif query "properties.confidence:f > 0.95 AND rule.properties.category == 'security'"
- NEW: The validation rule
SARIF1004.ExpressUriBaseIdsCorrectly
now verifies that if anartifactLocation.uri
is a relative reference, it does not begin with a slash. #2090 - BUG: GitHub policy should not turn off any note level rules. #2089
- NEW: Add
apply-policy
command to Multitool. #2118
v2.3.6 Sdk | Driver | Converters | Multitool | Multitool Library
- BUG: Restore multitool client app package build.
- BUG: Fix ESLint additional formatter corner cases that result in invalid SARIF.
- NEW: COMMAND-LINE BRK: The analysis rules that validate a SARIF file's compatibility with GitHub Advanced Security code scanning now have rule ids that begin with
GH
rather thanSARIF
.
v2.3.5 Sdk | Driver | Converters | Multitool | Multitool Library
- NEW: COMMAND-LINE BRK: Validation rule
SARIF2005.ProvideToolProperties
now requiresinformationUri
, it allowsdottedQuadFileVersion
to satisfy the requirement that version information be present, and it is configurable. - NEW: Extract the public APIs from Sarif.Multitool into a new dependency package Sarif.Multitool.Library. Sarif.Multitool remains as a dotnet tool package.
- NEW: Validation rule
SARIF2012
now checks for the presence of a friendly name in PascalCase in thename
property, and is renamed fromProvideHelpUris
toProvideRuleProperties
. - NEW: The Multitool
rewrite
command now acceptsVersionControlInformation
as an argument to the--insert
option. This argument populatesrun.versionControlProvenance
, and it re-expresses all absolute URIs as relative references with respect to the nearest enclosing repository root, if any.
v2.3.4 Sdk | Driver | Converters | Multitool
- COMMAND-LINE BRK: Change
merge
command output directory argument name tooutput-directory
. - NEW: Add analysis rules appropriate for SARIF files that are to be uploaded to GitHub Advanced Security code scanning.
- BUG: Various Fortify FPR converter improvements (such as improve variable expansion in result messages).
- BUG: The validator no longer reports
SARIF2010.ProvideCodeSnippets
if embedded file content for the specified artifact is present. #2003
v2.3.3 Sdk | Driver | Converters | Multitool
- NEW: Improve
SarifSdkSample
application: useuriBaseIds
. - NEW: Add additional checks to SARIF analysis rule
SARIF2004.OptimizeFileSize
. - NEW: Introduce new SARIF analysis rule
SARIF2016.FileUrisShouldBeRelative
. - BUG: If you created a URI from an absolute file path (for example,
C:\test\file.c
), then it would be serialized with that exact string, which is not a valid URI. This is now fixed. #2001
v2.3.2 Sdk | Driver | Converters | Multitool
- NEW: The
Sarif.Multitool
command line verbs are now exposed programmatically. For example, thevalidate
verb is exposed through the classesValidateCommand
andValidateOptions
.
v2.3.1 Sdk | Driver | Converters | Multitool
- NEW: Revised and improved validation rules in
Sarif.Multitool
. - NEW: Properties serialization performance improved (~20% faster load when Results use Properties).
- NEW: Allow result messages to be truncated for display. #1915
- BUG: Rebase URI command now honors
--insert
and--remove
arguments for injecting or eliding optional data (such as region snippets). - BUG: Ensure all DateTimes on object model are using DateTimeConverter consistently.
- BUG: Fix DateTime roundtripping in properties collections to follow normal DateTime output format.
v2.3.0 Sdk | Driver | Converters | Multitool
- BUG:
ResultLogJsonWriter
now creates an emptyresults
array if there are no results, rather than leavingresults
asnull
. #1821 - BUG: In validation rules,
shortDescription
is now calculated byGetFirstSentence
method, fixing a bug in sentence breaking. #1887 - BUG:
WorkItemFiler
now logs correctly the details forLogMetricsForProcessedModel
method #1896 - NEW: Add validation rule
SARIF1019
, which requires every result to have at least one ofresult.ruleId
andresult.rule.id
. If both are present, they must be equal. #1880 - NEW: Add validation rule
SARIF1020
, which requires that the $schema property should be present, and must refer to the final version of the SARIF 2.1.0 schema. #1890 - NEW: Expose
Run.MergeResultsFrom(Run)
to merge Results from multiple Runs using code from result matching algorithm. - BRK: Rename
RemapIndicesVisitor
toRunMergingVisitor
and redesign to control how much merging occurs internally.
v2.2.5 Sdk | Driver | Converters | Multitool
- BUG: Fix SDK doubling Uris with certain escaped characters (ex: '-' and '_') on every Load/Save cycle (cause: dotnet/runtime#36288)
v2.2.4 Sdk | Driver | Converters | Multitool
- BUG: Validation rule SARIF1018 was not checking for a trailing slash on
uri
properties inoriginalUriBaseIds
ifuriBaseId
was present. - BUG: Build Sarif.Multitool NPM package non-trimmed to avoid more assembly load problems.
- NEW: DeferredList will cache last item returned and won't throw if same instance written. (SarifRewritingVisitor + Deferred OM usable)
v2.2.3 Sdk | Driver | Converters | Multitool
- NEW: Introduce
SarifConstants.SarifFileExtension
with value".sarif"
. - NEW: In validation rule SARIF1018, require
uri
values inoriginalUriBaseIds
to end with a slash, per the SARIF spec. - BUG: Result.GetRule will look up by RuleId if RuleIndex not present.
- BUG: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId.
- BUG: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix)
- BUG: Remove CsvHelper dependency to avoid assembly load problem in Sarif.Multitool NPM package.
v2.2.2 Sdk | Driver | Converters | Multitool
- BUG:
dotnet tool install
command for Multitool now produces a working installation rather than reporting missingSarif.Converters
binary. - BUG: Result.GetRule will look up by RuleId if RuleIndex not present.
- BUG: Baselining will properly persist Run.Tool.Driver.Rules if Results reference by RuleId.
- BUG: DeferredOM will properly load files with a BOM. (LineMappingStreamReader fix)
v2.2.1 Sdk | Driver | Converters | Multitool
- NEW: Multitool
remove
option now supportsGuids
value to removeResult.Guid
. - NEW: Significant Baselining algorithm improvements: dynamic
partialFingerprint
trust, location-specific unique what property matching, 'nearby' matching, correct omittedRegion
property handling, correctReportingDescriptor.DeprecatedIds
handling. - DEPENDENCY BRK: SARIF now requires Newtonsoft.JSON 10.0.3 (rather than 9.0.x).
v2.2.0 Sdk | Driver | Converters | Multitool
- PACKAGE BRK: Update tool directory to netstandard2.1, to reflect use of that version of .NET Core.
- NEW: Multitool
rewrite
command performance when populating regions and snippets is greatly improved. - NEW: Multitool
insert
option now supportsGuids
value to populateResult.Guid
. - API + SCHEMA BRK: Fix typo in schema: suppression.state should be suppression.status according to the spec. #1785
- BUG: Multitool
rewrite
no longer throws when it encounters an invalid value (such as -1) for a region property. - BUG: ESLint SARIF formatter no longer produces invalid SARIF when given an ESLint message with no rule id. It is treated as a
toolConfigurationNotification
. #1791 - BUG: Resolve crash on converting PREfast log files with non-null but empty help URLs.
v2.1.25 Sdk | Driver | Converters | Multitool
- NEW: The baseliner (available through the Multitool's
match-results-forward
command) now populatesresult.provenance.firstDetectionTimeUtc
so you can now track the age of each issue. #1737
v2.1.24 Sdk | Driver | Converters | Multitool
- NEW: Introduce API to partition log files by arbitrary criteria (method
SarifPartitioner.Partition
and classPartitioningVisitor
). - BUG:
Tool.CreateFromAssembly
now properly handles file versions that contain extra characters after the "dotted quad" string. #1728
v2.1.23 Sdk | Driver | Converters | Multitool
- API BRK: Remove 'Errors.LogExceptionLoadingPdb' helper (as not relevant to core SDK).
- NEW: Allow emitting non-failure tool notifications as debug/informational messages.
- NEW:
SarifLogger
now populatestool.driver
'sorganization
andproduct
properties instead of adding"Company"
and"ProductName"
totool.driver'
s property bag. #1716 - NEW: Add
closeWriterOnDispose
argument (with a default of 'true') that indicates whether SarifLogger writers are closed during its Dispose() method. Providing a value offalse
to this argument allows SarifLogger to work against a stream that can subsequently be reused (for example, to deserialize the logged content back to aSarifLog
instance). - NEW: Update PREfast converter to render optional suppression data.
- BUG: Update PREfast converter to handle paths with no trailing slash.
- BUG: Baselining now matches the first and last Result per URI as an additional pass.
v2.1.22 Sdk | Driver | Converters | Multitool
- BUG: Fix bug in validation rule
EndTimeMustNotBeBeforeStartTime
, which threw ifinvocation.startTimeUtc
was present butendTimeUtc
was absent.
v2.1.21 Sdk | Driver | Converters | Multitool
- NEW: Provide an API
SarifPartitioner.Filter
that selects results according to a predicate, and filtersrun.artifacts
to only those artifacts used by the included results.
v2.1.20 Sdk | Driver | Converters | Multitool
- NEW: Added Stream-based SarifLog.Load and Save overloads
- NEW: Enhanced property bag serialization unit testing. #1673
- BUG: Fix packaging warning NU5048 during build. #1687
- BUG: SarifLogger.Optimized could not be set from the command line. #1695
- BUG: Result Matching now omits previously Absent results.
- BUG: Result Matching properly compares results from the same RuleID when multiple Rules match the same source line.
- BUG: Result Matching works when a result moves and has the line number in the message.
- BUG: Result Matching always assigns Result.CorrelationGuid and Result.Guid.
- BUG: Null hardening in Result Matching
- BUG: Console logger now outputs file location, if available, when writing notifications.
v2.1.19 Sdk | Driver | Converters | Multitool
- Sort driver skimmers by rule id + name during analysis, in order to improve deterministic ordering of log file data.
- API BRK: Convert various public SARIF Driver framework API to prefer abstract ISet type over HashSet.
- API BRK: Remove helper method
SarifUtilities.DeserializeObject
introduced in 2.1.15 to fix. #1577 Now that an underlying bug inPropertyBagConverter
has been fixed, there is no need to work around it with this helper method.JsonConvert.DeserializeObject
works fine. - NEW: Expanding Sarif SDK query mode to support Result.Uri, string StartsWith/EndsWith/Contains.
- NEW: Adding Result.Run and a populating method, so that methods which need the Run context for a given Result have an integrated way to retrieve it.
v2.1.17 Sdk | Driver | Converters | Multitool
- API NON-BRK: emit all core object model members as 'virtual'.
- NEW: Introduce SarifConsolidator to shrink large log files. #1675
- BUG: Analysis rule SARIF1017 incorrectly rejected index-valued properties that referred to taxonomies. #1678
- BUG:
match-results-forward-command
dropped log contents and mishandledrules
array. #1684
v2.1.16 Sdk | Driver | Converters | Multitool
- BUGFIX, BRK: In the Multitool
page
command, the default for--force
wastrue
and it could not be changed. #1630 - BUG: The Multitool
match-results-forward
command failed if results included logical locations. #1656 - BUG:
SarifLogger(ReportingDescriptor rule, Result result)
failed if it tried to log a result whoseruleId
was a sub-rule; for example,rule.Id == "TEST0001"
butresult.ruleId == "TEST0001/1"
. #1668 - NEW: Implement results and notifications caching when
--hashes
is specified on the SARIF driver command line.
v2.1.15 Sdk | Driver | Converters | Multitool
- BUG: Validation rule
SARIF1015
incorrectly requiredoriginalUriBaseIds
to be contain URIs. #1485 - BUG: Persist Fortify rule metadata properties. #1490
- BUG: Multitool transform mishandled dottedQuadFileVersion. #1532
- BUG: Restore missing FxCop converter unit test. #1575
- BUG: Multitool transform mishandled date/time values in property bags. #1577
- BUG: Multitool transform could not upgrade SARIF files from the sarif-2.1.0-rtm.1 schema. #1584
- BUG: Multitool merge command produced invalid SARIF if there were 0 input files. #1592
- BUG: FortifyFpr converter produced invalid SARIF. #1593
- BUG: FxCop converter produced empty
result.message
objects. #1594 - BUG: Some Multitool commands required --force even if --inline was specified. #1642
- NEW: Add validation rule to ensure correctness of
originalUriBaseIds
entries. #1485 - NEW: Improve presentation of option validation messages from the Multitool
page
command. #1629
v2.1.14 Sdk | Driver | Converters | Multitool
- BUG: FxCop converter produced logicalLocation.index but did not produce the run.logicalLocations array. #1571
- BUG: Include Sarif.WorkItemFiling.dll in the Sarif.Multitool NuGet package. #1636
- NEW: Add validation rule to ensure that all array-index-valued properties are consistent with their respective arrays.
v2.1.13 Sdk | Driver | Converters | Multitool
- BUG: Respect the --force option in Sarif.Multitool rather than overwriting the output file. #1340
- BUG: Accept URI-valued properties whose value is the empty string. #1632
v2.1.12 Sdk | Driver | Converters | Multitool
- BUG: Improve handling of
null
values in property bags. #1581
v2.1.11 Sdk | Driver | Converters | Multitool
- BUG: Result matching should prefer the suppression info from the current run. #1600
v2.1.10 Sdk | Driver | Converters | Multitool
- BUG: Resolve a performance issue in web request parsing code. #1608
v2.1.9 Sdk | Driver | Converters | Multitool
- NEW: add --remove switch to eliminate certain properties (currently timestamps only) from log file output.
- BUG: remove verbose 'Analyzing file..' reporting for drivers.
v2.1.8 Sdk | Driver | Converters | Multitool
- BUG: Add missing
"additionalProperties": false
constraints to schema; add missing object descriptions and improve other object descriptions in schema; update schema version to -rtm.4.
v2.1.7 Sdk | Driver | Converters | Multitool
- BUG: Multitool rewrite InsertOptionalData operations fail if a result object references
run.artifacts
using theindex
property. - BUG: The
SarifCurrentToVersionOneVisitor
was not translating v2result.partialFingerprints
to v1result.toolFingerprintContribution
. #1556 - BUG: The
SarifCurrentToVersionOneVisitor
was droppingrun.id
and emitting an emptyrun.stableId
. #1557
v2.1.6 Sdk | Driver | Converters | Multitool
- BUG: Fortify FPR converter does not populate originalUriBaseIds if the source is a drive letter (e.g. C:)
- BUG: Multitool rebaseUri command throws null reference exception if results reference run.artifacts using the index property.
- BUG: Pre-release transformer does not upgrade schema uri if input version is higher than rtm.1.
v2.1.5 Sdk | Driver | Converters | Multitool
- Change schemas back to draft-04 to reenable Intellisense in the Visual Studio JSON editor.
v2.1.4 Sdk | Driver | Converters | Multitool
- BUG: Fix bugs related to parsing the query portion of a URI, and to the parsing of header strings.
- API NON-BRK: Introduce
WebRequest.TryParse
andWebResponse.TryParse
to accompany existingParse
methods.
v2.1.3 Sdk | Driver | Converters | Multitool
- Change schema uri to secure (https) instance.
- BUG: Fix tranformer bug where schema id would not be updated if no other transformation occurred.
- BUG:
ThreadFlowLocation.Kind
value is getting lost during pre-release transformation. #1502 - BUG:
Location.LogicalLocation
convenience setter mishandles null. #1514 - BUG: Upgrade schemas to latest version (remove
draft-04
from$schema
property and changeid
to$id
). This is necessary because the schemas use theuri-reference
format, which was not defined in draft-04. #1521 - API BRK: The
Init
methods in the Autogenerated SARIF object model classes are nowprotected virtual
. This enables derived classes to add additional properties without having to copy the entire code of theInit
method. - BUG: Transformation from SARIF 1.0 to 2.x throws
ArgumentOutOfRangeException
, ifresult.locations
is an empty array. #1526 - BUG: Add
Result.Level
(and removeResult.Rank
) for Fortify Converter based on MicroFocus feedback. - BUG: Invocation constructor should set
executionSuccessful
to true by default. - BUG: Contrast security converter now populates
ThreadFlowLocation.Location
. #1530 - BUG: Contrast Security converter no longer emits incomplete
Artifact
objects. #1529 - BUG: Fix crashing bugs and logic flaws in
ArtifactLocation.TryReconstructAbsoluteUri
. - NEW: Provide a SARIF converter for Visual Studio log files.
- NEW: Extend the
PrereleaseCompatibilityTransformer
to handle SARIF v1 files. - API NON-BRK: Introduce
WebRequest.Parse
andWebResponse.Parse
to parse web traffic strings into SARIFWebRequest
andWebResponse
objects. - API NON-BRK: Introduce
PropertyBagHolder.{Try}GetSerializedPropertyInfo
, a safe way of retrieving a property whose type is unknown.
v2.1.2 Sdk | Driver | Converters | Multitool
- API BRK: Change location.logicalLocation to logicalLocations array. oasis-tcs/sarif-spec#414
v2.1.1 Sdk | Driver | Converters | Multitool
- BUG: Multitool crashes on launch: Can't find CommandLine.dll. #1487
v2.1.0 Sdk | Driver | Converters | Multitool
- API NON-BRK:
PhysicalLocation.id
property is getting lost during 2.1.0 pre-release transformation. #1479 - Add support for converting TSLint logs to SARIF
- Add support for converting Pylint logs to SARIF
v2.1.0-rtm.0 Sdk | Driver | Converters) | Multitool
- API BRK: OneOf
graphTraversal.runGraphIndex
andgraphTraversal.resultGraphIndex
is required. - API NON-BRK: Add address.kind well-known values "instruction" and "data". oasis-tcs/sarif-spec#397
- API BRK: Rename
invocation.toolExecutionSuccessful
toinvocation.executionSuccessful
. oasis-tcs/sarif-spec#399 - API BRK: Add regex patterns for guid and language in schema.
- API NON-BRK: Add
run.specialLocations
in schema. oasis-tcs/sarif-spec#396 - API BRK: Improve
address
object design. oasis-tcs/sarif-spec#401
v2.1.0-beta.2 Sdk | Driver | Converters) | Multitool
- API NON-BRK: Change
request.target
type to string. oasis-tcs/sarif-spec#362 - API BRK: anyOf
physicalLocation.artifactLocation
andphysicalLocation.address
is required. oasis-tcs/sarif-spec#353 - API BRK: Rename
run.defaultFileEncoding
torun.defaultEncoding
. - API NON-BRK: Add
threadFlowLocation.taxa
. oasis-tcs/sarif-spec#381 - API BRK: anyOf
message.id
andmessage.text
is required. - API NON-BRK: Add
request.noResponseReceived
andrequest.failureReason
. oasis-tcs/sarif-spec#378 - API BRK: anyOf
externalPropertyFileReference.guid
andexternalPropertyFileReference.location
is required. - API BRK:
artifact.length
should havedefault: -1, minimum: -1
values. - API BRK: Rename
fix.changes
tofix.artifactChanges
. - API BRK: Each redaction token in an originalUriBaseId represents a unique location. oasis-tcs/sarif-spec#377
- API BRK: Rename file related enums in
artifact.roles
. - API BRK: anyOf
artifactLocation.uri
andartifactLocation.index
is required. - API BRK:
multiformatMessageString.text
is required. - API BRK:
inlineExternalProperties
array must have unique items. - API BRK:
run.externalPropertyFileReferences
, update unique flag and minItems on every item according to spec. - API BRK:
run.markdownMessageMimeType
should be removed from schema. - API BRK:
externalPropertyFileReference.itemCount
should have a minimum value of 1. - API NON-BRK: Add
toolComponent.informationUri
property. - API NON-BRK:
toolComponent.isComprehensive
default value should be false. - API BRK:
artifact.offset
minimum value allowed should be 0. - API NON-BRK: Add
directory
enum value inartifact.roles
. - API BRK:
result.suppressions
array items should be unique and default to null. - API NON-BRK: Add
suppression.guid
in schema. - API BRK:
graph.id
should be removed from schema. - API BRK:
edgeTraversal.stepOverEdgeCount
minimum should be 0. - API BRK:
threadFlowLocation.nestingLevel
minimum should be 0. - API BRK:
threadFlowLocation.importance
should default toimportant
. - API BRK:
request.index
should have default: -1, minimum: -1. - API BRK:
response.index
should have default: -1, minimum: -1. - API NON-BRK:
externalProperties.version
is not a required property if it is not root element. - API NON-BRK: Add artifact roles for configuration files. oasis-tcs/sarif-spec#372
- API NON-BRK: Add suppression.justification. oasis-tcs/sarif-spec#373
- API NON-BRK: Associate descriptor metadata with thread flow locations. oasis-tcs/sarif-spec#381
- API BRK: Move
location.physicalLocation.id
tolocation.id
. oasis-tcs/sarif-spec#375 - API BRK:
result.stacks
array should have unique items. - API BRK:
result.relatedLocations
array should have unique items. - API BRK: Separate
suppression
status
fromkind
. oasis-tcs/sarif-spec#371 - API BRK:
reportingDescriptorReference
requires anyOf (index
,guid
,id
). - API BRK: Rename
request
object and related properties towebRequest
. - API BRK: Rename
response
object and related properties towebResponse
. - API NON-BRK: Add
locationRelationship
object. oasis-tcs/sarif-spec#375 - API BRK:
externalPropertyFileReference.itemCount
can be 0 and defaults to minimum: -1, default: -1. - API BRK:
threadFlowLocation.executionOrder
can be 0 and defaults to -1, so minimum: -1, default: -1 - API BRK: Rename artifact role
traceFile
totracedFile
. - API NON-BRK: Add artifact role
debugOutputFile
. - API NON-BRK: Add
value
tothreadFlowLocation.kinds
. - API NON-BRK: Add a new value to
result.kind
:informational
. - API NON-BRK: add
address.kind
valuesfunction
andpage
. - API NON-BRK:
run.columnKind
has no default value. - API NON-BRK: In the
reportingDescriptorRelationship
object, add a propertydescription
of typemessage
, optional. - API NON-BRK: In the
locationRelationship
object, add a propertydescription
of typemessage
, optional. - API BRK:
region.byteOffset
should have default: -1, minimum: -1. - API BRK: Change
notification.physicalLocation
of typephysicalLocation
tonotification.locations
of typelocations
.
v2.1.0-beta.1 Sdk | Driver | Converters) | Multitool)
- API BRK: Change
request.uri
torequest.target
. oasis-tcs/sarif-spec#362
v2.1.0-beta.0 Sdk | Driver | Converters) | Multitool)
- API BRK: All SARIF state dictionaries now contains multiformat strings as values. oasis-tcs/sarif-spec#361
- API NON-BRK: Define
request
andresponse
objects. oasis-tcs/sarif-spec#362
v2.0.0-csd.2.beta.2019.04-03.3 Sdk | Driver | Converters) | Multitool)
- API BRK: Rename
reportingDescriptor.descriptor
toreportingDescriptor.target
. oasis-tcs/sarif-spec#356 - API NON-BRK: Remove
canPrecedeOrFollow
from relationship kind list. oasis-tcs/sarif-spec#356
v2.0.0-csd.2.beta.2019.04-03.2 Sdk | Driver | Converters) | Multitool)
- API NON-BRK: Add
module
toaddress.kind
. oasis-tcs/sarif-spec#353 - API BRK:
address.baseAddress
&address.offset
to int. oasis-tcs/sarif-spec#353 - API BRK: Update how reporting descriptors describe their taxonomic relationships. oasis-tcs/sarif-spec#356
- API NON-BRK: Add
initialState
andimmutableState
properties to thread flow object. AddimmutableState
tographTraversal
object. oasis-tcs/sarif-spec#168
v2.0.0-csd.2.beta.2019.04-03.1 Sdk | Driver | Converters) | Multitool)
- API BRK: Rename
message.messageId
property tomessage.id
. oasis-tcs/sarif-spec#352
v2.0.0-csd.2.beta.2019.04-03.0 Sdk | Driver | Converters) | Multitool)
- API NON-BRK: Introduce new localization mechanism (post ballot changes). oasis-tcs/sarif-spec#338
- API BRK: Add
address
property to alocation
object (post ballot changes). oasis-tcs/sarif-spec#302 - API NON-BRK: Define result
taxonomies
. oasis-tcs/sarif-spec#314 - API NON-BRK: Define a
reportingDescriptorReference
object. oasis-tcs/sarif-spec#324 - API BRK: Change
run.graphs
andresult.graphs
from objects to arrays. oasis-tcs/sarif-spec#326 - API BRK: External property file related renames (post ballot changes). oasis-tcs/sarif-spec#335
- API NON-BRK: Allow toolComponents to be externalized. oasis-tcs/sarif-spec#337
- API BRK: Rename all
instanceGuid
properties toguid
. oasis-tcs/sarif-spec#341 - API NON-BRK: Add
reportingDescriptor.deprecatedNames
anddeprecatedGuids
to matchdeprecatedIds
property. oasis-tcs/sarif-spec#346 - API NON-BRK: Add
referencedOnCommandLine
as a role. oasis-tcs/sarif-spec#347 - API NON-BRK: Rename
reportingConfigurationOverride
toconfigurationOverride
. oasis-tcs/sarif-spec#350
v2.0.0-csd.2.beta.2019.02-20 Sdk | Driver | Converters) | Multitool)
- COMMAND-LINE BRK: Rename
--sarif-version
to--sarif-output-version
. Remove duplicative tranform--target-version
command-line argument. - COMMAND-LINE NON-BRK: add
--inline
option to multitoolrebaseuri
verb, to write output directly into input files. - API NON-BRK: Add additional properties to
toolComponent
. oasis-tcs/sarif-spec#336 - API NON-BRK: Provide a caching mechanism for duplicated code flow data. oasis-tcs/sarif-spec#320
- API NON-BRK: Add
inlineExternalPropertyFiles
at the log level. oasis-tcs/sarif-spec#321 - API NON-BRK: Update logical location kinds to accommodate XML and JSON paths. oasis-tcs/sarif-spec#291
- API NON-BRK: Define result taxonomies. oasis-tcs/sarif-spec#314
- API BRK: Remove
invocation.attachments
, now replaced byrun.tool.extensions
. oasis-tcs/sarif-spec#327 - API NON-BRK: Introduce new localization mechanism. oasis-tcs/sarif-spec#338
- API BRK: Remove
tool.language
and localization support. oasis-tcs/sarif-spec#325 - API NON-BRK: Add additional properties to toolComponent. oasis-tcs/sarif-spec#336
- API BRK: Rename
invocation.toolNotifications
andinvocation.configurationNotifications
totoolExecutionNotifications
andtoolConfigurationNotifications
. oasis-tcs/sarif-spec#330 - API BRK: Add address property to a location object (and other nodes). oasis-tcs/sarif-spec#302
- API BRK: External property file related renames. oasis-tcs/sarif-spec#335
v2.0.0-csd.2.beta.2019.01-24.1 Sdk | Driver | Converters) | Multitool)
- BUG:
region.charOffset
default value should be -1 (invalid value) rather than 0. Fixes an issue whereregion.charLength
is > 0 butregion.charOffset
is absent (because its value of 0 was incorrectly elided due to being the default value).
v2.0.0-csd.2.beta.2019.01-24 Sdk | Driver | Converters) | Multitool)
- BUG: SDK compatibility update for sample apps.
- BUG: Add Sarif.Multitool.exe.config file to multitool package to resolve "Could not load file or assembly
Newtonsoft.Json, Version=9.0.0.0
" exception on using validate command. - API BRK: rename baselineState
existing
value tounchanged
. Add new baselineState valueupdated
. oasis-tcs/sarif-spec#312 - API BRK: unify result and notification failure levels (
note
,warning
,error
). Break out result evaluation state intoresult.kind
property with valuespass
,fail
,open
,review
,notApplicable
. oasis-tcs/sarif-spec#317 - API BRK: remove IRule entirely, in favor of utilizing ReportingDescriptor base class.
- API BRK: define
toolComponent
object to persist tool data. Thetool.driver
component documents the standard driver metadata.tool.extensions
is an array oftoolComponent
instances that describe extensions to the core analyzer. This change also deletestool.sarifLoggerVersion
(from the newly createdtoolComponent
object) due to its lack of utility. Addsresult.extensionIndex
to allow results to be associated with a plug-in.toolComponent
also added as a new file role. oasis-tcs/sarif-spec#179 - API BRK: Remove
run.resources
object. Renamerule
object toreportingDescriptor
. Move rule and notification reportingDescriptor objects totool.notificationDescriptors
andtool.ruleDescriptors
.resources.messageStrings
now located attoolComponent.globalMessageStrings
.rule.configuration
property now namedreportingDescriptor.defaultConfiguration
.reportingConfiguration.defaultLevel
andreportingConfiguration.defaultRank
simplified toreportingConfiguration.level
andreportingConfiguration.rank
. Actual runtime reportingConfiguration persisted to new array of reportingConfiguration objects atinvocation.reportingConfiguration
. oasis-tcs/sarif-spec#311 - API BRK:
run.richTextMessageMimeType
renamed torun.markdownMessageMimeType
.message.richText
renamed tomessage.markdown
.message.richMessageId
deleted. CreatemultiformatMessageString
object, that holds plain text and markdown message format strings.reportingDescriptor.messageStrings
is now a dictionary of these objects, keyed by message id.reporting.Descriptor.richMessageStrings
dictionary is deleted. oasis-tcs/sarif-spec#319 - API BRK:
threadflowLocation.kind
is nowthreadflowLocation.kinds
, an array of strings that categorize the thread flow location. oasis-tcs/sarif-spec#202 - API BRK:
file
renamed toartifact
.fileLocation
renamed toartifactLocation
.run.files
renamed torun.artifacts
. oasis-tcs/sarif-spec#309
v2.0.0-csd.2.beta.2019-01-09 Sdk | Driver | Converters | Multitool
- BUG: Result matching improvements in properties persistence.
- NEW: Fortify FPR converter improvements.
- API NON-BRK: Remove uniqueness requirement from
result.locations
. - API NON-BRK: Add
run.newlineSequences
to schema. oasis-tcs/sarif-spec#169 - API NON-BRK: Add
rule.deprecatedIds
to schema. oasis-tcs/sarif-spec#293 - API NON-BRK: Add
versionControlDetails.mappedTo
. oasis-tcs/sarif-spec#248 - API NON-BRK: Add result.rank
. Add
ruleConfiguration.defaultRank`. - API NON-BRK: Add
file.sourceLocation
andregion.sourceLanguage
to guide in snippet colorization.run.defaultSourceLanguage
provides a default value. oasis-tcs/sarif-spec#286 - API NON-BRK: default values for
result.rank
andruleConfiguration.defaultRank
is now -1.0 (from 0.0). oasis-tcs/sarif-spec#303 - API BRK: Remove
run.architecture
oasis-tcs/sarif-spec#262 - API BRK:
result.message
is now a required property oasis-tcs/sarif-spec#283 - API BRK: Rename
tool.fileVersion
totool.dottedQuadFileVersion
oasis-tcs/sarif-spec#274 - API BRK: Remove
open
from valid rule default configuration levels. The transformer remaps this value tonote
. oasis-tcs/sarif-spec#288 - API BRK:
run.columnKind
default value is nowunicodeCodePoints
. The transformer will injectutf16CodeUnits
, however, when this property is absent, as this value is a more appropriate default for the Windows platform. #1160 - API BRK: Make
run.logicalLocations
an array, not a dictionary. Add result.logicalLocationIndex to point to associated logical location. - API BRK:
run.externalFiles
renamed torun.externalPropertyFiles
, which is not a bundle of external property file objects. NOTE: no transformation will be provided for legacy versions of the external property files API. - API BRK: rework
result.provenance
object, including moving result.conversionProvenance toresult.provenance.conversionSources
. NOTE: no transformation currently exists for this update. - API BRK: Make
run.files
an array, not a dictionary. Add fileLocation.fileIndex to point to a file object associated with the location withinrun.files
. - API BRK: Make
resources.rules
an array, not a dictionary. Add result.ruleIndex to point to a rule object associated with the result withinresources.rules
. - API BRK:
run.logicalLocations
now requires unique array elements. oasis-tcs/sarif-spec#304
v2.0.0-csd.2.beta.2018-10-10.2 Sdk | Driver | Converters | Multitool
- BUG: Don`t emit v2 analysisTarget if there is no v1 resultFile.
- BUILD: Bring NuGet publishing scripts into conformance with new Microsoft requirements.
v2.0.0-csd.2.beta.2018-10-10.1 Sdk | Driver | Converters | Multitool
- BUG: Persist region information associated with analysis target
v2.0.0-csd.2.beta.2018-10-10 Sdk | Driver | Converters | Multitool
- NEW:Add --sarif-version command to driver (to transform SARIF output to v1 format)
- BUG: Drop erroneous persistence of redaction tokens as files objects.
- API NON-BRK: Add
result.occurrenceCount
(denotes # of occurrences of an identical results within an analysisRun) - API NON-BRK: Add
run.externalFiles
object to schema. Sync generally to OASIS TC schema. - API BRK:
originalUriBaseIds
is now a dictionary of file locations, not strings. - API BRK: Suffix
invocation.startTime
,invocation.endTime
,file.lastModifiedTime
andnotification.time
with Utc (startTimeUtc
,endTimeUtc
, etc.). - API BRK:
threadflowLocation.timestamp
renamed toexecutionTimeUtc
. - API BRK:
versionControlDetails.timestamp
renamed toasOfTimeUtc
. - API BRK:
versionControlDetails.uri
renamed torepositoryUri
. - API BRK:
versionControlDetails.tag
renamed torevisionTag
- API BRK:
exception.message
type converted from string to message object. - API BRK:
file.hashes
is now a string/string dictionary, not an array ofhash
objects (the type for which is deleted) - API BRK:
run.instanceGuid
,run.correlationGuid
,run.logicalId
,run.description
combined into newrunAutomationDetails
object instance defined atrun.id
. - API BRK:
run.automationLogicalId
subsumed byrun.aggregateIds
, an array ofrunAutomationDetails
objects. - API BRK: Remove
threadFlowLocation.step
- API BRK:
invocation.workingDirectory
is now a FileLocation object (and not a URI expressed as a string)
v2.0.0-csd.1.0.2 Sdk | Driver | Converters | Multitool
- BUG: In result matching algorithm, an empty or null previous log no longer causes a NullReferenceException.
- BUG: In result matching algorithm, duplicate data is no longer incorrectly detected across files. Also: changed a "NotImplementedException" to the correct "InvalidOperationException".
v2.0.0-csd.1.0.1 Sdk | Driver | Converters | Multitool
- API BREAKING CHANGE: Fix weakly typed CreateNotification calls and make API more strongly typed
- API BREAKING CHANGE: Rename OptionallyEmittedData.ContextCodeSnippets to ContextRegionSnippets
- API BREAKING CHANGE: Eliminate result.ruleMessageId (in favor of result.message.messageId)
v2.0.0-csd.1 Sdk | Driver | Converters | Multitool
- Convert object model to conform to SARIF v2 CSD.1 draft specification
- Distinguish textual vs. binary file persistence in rewrite option (and allow for both in multitool rewrite verb)
- NOTE: the change above introduces a command-line breaking change. --persist-file-contents is now renamed to --insert
- Add ComprehensiveRegionProperties, RegionSnippets and ContextCodeSnippets as possible qualifier to --insert option
- Provide SARIF v1.0 object model and v1 <-> v2 transformation API
v1.7.5 Sdk | Driver | Converters | Multitool
- Disabling skimmers text fix
- Fix a serialization bug with strings in a PropertyBag (not correctly escaped after a reserializing the data structure).
- Multitool improvements--added "rebaseUri" and "absoluteUri" tasks, which will either make the URIs in a SARIF log relative to some base URI, or take base URIs stored in SARIF and make the URIs absolute again.
- Added a "processing pipeline" model to the SARIF SDK in order to allow easy chaining of operations on SARIF logs (like making all URIs relative/absolute).
v1.7.4 Sdk | Driver | Converters | Multitool
- Platform Specific Tooling Text Fix
- Skimmers can now be disabled via the configuration file
- The Driver will now pull configuration from a default location to allow for easier re-packaging of tools with custom configurations
v1.7.3 Sdk | Driver | Converters | Multitool
- Make SupportedPlatform a first class concept for skimmers
- Rename --pretty argument to --pretty-print
v1.7.2 Sdk | Driver | Converters | Multitool
- Update Multitool nuget package build
- Enable "pretty print" .sarif formatting via --pretty argument
- Code sign 3rd party dependency assemblies (CommandLineParser, CsvHelper, Newtonsoft.Json)
- Remove -beta flag from Driver and Multitool packages
v1.7.1 Sdk | Driver | Converters | Multitool
- Update nuget package build
v1.7.0 Sdk | Driver | Converters | Multitool
- Security and accessibility clean-up
- TSLint converter fixes
- Provide .NET core version
- VSIX improvements (including auto-expansion of file contents persisted to SARIF logs)
- Enable persistence of base64-encoded file contents via SarifLogger.
- Rename AnalyzeOptions.ComputeTargetsHash to ComputeFileHashes
- Fix bug in Semmle conversion (crash on embedded file:// scheme links)
- Enable converter plugins
- Adjust RuntimeConditions enum so that
command line parse
error is 0x1.
- Resolved crash deserializing empty property bags
- Track RuntimeConditions.OneOrMoreWarnings|ErrorsFired in RuleUtilities.BuildResult
- Update default AnalyzeCommandBase behavior to utilize rich return code, if specified.
- Expose EntryPointUtilities helpers as public
- Add EntryPointUtilities class that provides response file injection assistance
- Rich return code support
- Control invocation property logging
- Add JSON settings persistence
- Populate context objects from configuration file argument
- Loosen requirement to explicitly provide --config argument for default configuration
- Convert Semmle embedded links to related locations
- Add File/Open of Semmle CSV to VS add-ing
- Eliminate redundant output of notifications
- Update FileSpecifier to resolve patternts such as File* properly
- Preliminary Semmle converter
- Further refinements to output on analysis completion.
- Provide better reporting for non-fatal messages.
- Add
configuration
member to rule objects
- Update schema for
annotations
object required properties
- Resolve crash generating
not applicable
messages
- Add
annotations
member to annotatedCodeLocation object. - Rename annotatedCodeLocation
variables
member tostate
- Rename annotatedCodeLocation
parameters
member tovalues
- API BREAKING CHANGE: RuleUtilities.BuildResult no longer automatically prepends the target file path to the list of FormattedRuleMessage.Arguments array in the Result object being built.
- Add static helper method
AnalyzeCommandBase.LogToolNotification
.
- Add
--quiet
option to suppress console output.
- API BREAKING change: rename PropertyBagDictionary to PropertiesDictionary
- Add
functionReturn
to annotatedCodeLocation.kind - Remove
source
,sink
andsanitizer
from annotatedCodeLocation.kind - Add
taint
enum to annotatedCodeLocation with valuessource
,sink
andsanitizer
- Add
parameters
andvariables
members to annotatedCodeLocation - Rename annotatedCodeLocation.callee member to
target
- Rename annotatedCodeLocation.calleeKey member to
targetKey
- Ship checked in CommandLine.dll in order to allow this
beta
NuGet component to ship in Driver non-beta release
- API BREAKING change on SarifLogger to explicitly specify hash computation for all files
- SarifLogger now automatically persists file data for all URIs through format
- Add run.stableId, a consistent run-over-run log identifier
- Add annotatedCodeLocation.callee and annotatedCodeLocation.calleeKey for annotation call sites
- Add invocation.responseFiles to capture response file contents
- Drop .NET framework dependency to 4.5 (from 4.5.1)
- NOTE: NON-BETA RELEASE
- Add a converter for Static Driver Verifier trace files
- Add SuppressedExternally to SuppressionStates enum
- Permit annotatedCodeLocation.id to be a numeric value (in addition to a string)
- Rename
codeSnippet
tosnippet
- Remove requirement to specify
description
on code fixes - Add
architecture
back torun
object
- Add suppressionStates enum (with a single current value, indicating
suppressedInSource
) - Add
id
andcorrelationId
as arguments to ResultLogJsonWriter.Initialize. Logid
is populated with a generated guid by default. - Add
sarifLoggerVersion
that identifies the SDK logger version used to produce a log file. - Provide serialization of arbitrary JSON content to
properties
members. - Move
tags
into properties (but provide top-level Tags member for setting/retrieving this data) - Add annotatedCodeLocation.kind enum (with values such as
branch
,declaration
, et al.) - Update all converters to Sarif beta.5
- Add optional
id
to each result, to allow correlation with external data, annotations, work items, etc. - Add flag to configure file hash computation to FileData.Create helper
- Add
uriBaseId
conceptual base URI to all format URI properties (to allow all URIs to be relative) - Add
analysisTargetUri
to run object, for cases where a single target is associated with a run - Add
threadId
to notification, annotatedCodeLocation and stackFrame. - Rework files and logicalLocations dictionary to store discrete items (with parent keys), not arrays
- Add logicalLocationKey and fullyQualifiedLogicalLocationName to annotatedCodeLocation
- Add
id
andessential
properties to annotatedCodeLocation - Rename
toolFingerprint
totoolFingerprintContribution
- Add baselineId. Rename
correlationId
toautomationId
- Add
physicalLocation
property to notification
- Persist mime-type for files in SarifLogger
- Remove stack persistence for configuration notification exceptions
- Reclassify
could not parse target
as a configuration notification - Fix diffing visitor to diff using value type semantics rather than by reference equality
- Rename Microsoft.CodeAnalysis.Sarif.Sdk namespace to Microsoft.CodeAnalysis.Sarif
- Rename Microsoft.CodeAnalysis.Sarif.Driver namespace to Microsoft.CodeAnalysis.Driver
- Eliminate some tool version details. Add SarifLogger version as tool property
- Moved SarifLogger and its dependencies from driver to SDK package
- Include this file and JSON schema in packages