Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Users/sclouvau/bsoa master merge #2133

Merged
merged 82 commits into from
Oct 27, 2020

Conversation

ScottLouvau
Copy link
Collaborator

Catching the primary BSOA branch up to SARIF SDK master as of 10/26/2020.

michaelcfanning and others added 30 commits June 24, 2020 06:35
* Add data insert/removal to rebase uri command.

* Update release notes for rebase uri command.

* Remove console message.
* first draft for Rule Request template.

* updated - merged with Larry's version.

* deletin original

* reviews++

* removing stuff that "hits in the face" :D

Co-authored-by: Harleen Kaur Kohli <erferferfg>
* first draft

* improving comments and wordsmithing

* updates after Principles conversation this morning.

* reviews++

* typo :O

* another typo :)

* reviews++

Co-authored-by: Harleen Kaur Kohli <erferferfg>
* Create 'SARIF Validation Rule Authoring Principles' doc.

* Add periods to sentences; complete incomplete principle.

* Rewrite after discussion with Michael and team.

* Fix typos.

* Fix a typo.

* First half of rule factoring: existing rules.

* Correct description of rule number ranges.

* Fix a typo.

* Finish first draft.

* Add missing separator.

* Wordsmith a heading.

* Changes per HK review.

* Finish HK review.

* Incomplete 'Contributing a rule' doc, derived from BinSkim.

* Start rule factoring spreadsheet.

* Finish first cut at rule factoring spreadsheet.

* Fix typos.

* Update rules spreadsheet per MF review.

* Update rules spreadsheet; add Rule Messages doc.

* Finish strings for 2009; add 'Message status' column.

* Incorporate Introduction.

* Update Rule Messages with Introduction.

* Remove redundant file; rename real one.

* Message refinements.

* Rename 'Producing' doc and tweak intro.

* Author messages for SARIF2002.UseMessageArguments.

* Author messages for SARIF1012.MessagePropertiesMustBeConsistent.
* Serialization consistency fixes.
  - Ensure DateTimeConverter used for all DateTime properties.
  - Reimplement SerializedPropertyInfoConverter to copy tokens rather than loading to JToken and serializing again.
  - Make PropertyBagConverter use SerializedPropertyInfoConverter for values.

* Reset build.props to next logical version.

* Updated OM based on CodeGenHints.

* Release notes update
* Fix #1915: Allow result message to be truncated

* Address PR feedback; update release history.

* Restore accidentally deleted Autogenerated files.

* Restore erroneously deleted const.

* Add comments for "horizontal ellipsis".
* Upgrade netcoreapp from Multitool

update

* adding system.runtime
* Remove extra version header from release history.

* Increase a test timeout.

* Increase timeout on a test that fails on one of the VMs.

Co-authored-by: Larry Golding <lgolding@comcast.net>
* Chmod for Darwin.

* Chmod for Linux.

* Fix.
* Users/hakohli/validation rules defaultmsgs (#1917)

* remove stale rule references - 1006 and 1009

* house keeping changes for 1001

* more cleanup- remove fulldecsription private field

* updates after decisions on resx naming

* sarif file rule name should be shorter

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* sarif validation rules 1002 1006 2001 (#1918)

* changing rule ids only

* updating rule names and message ids

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Validation rules: 1005 1008 1009 1010 (#1920)

* rules 1011 2008 (split from original) (#1921)

* rule id changed and tested

* changing rule name and tested

* description resx id updated

* resx updated and test cases regened

* final changes after splitting the rule in two.

* reviews++

* fix one thing

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* rule 1007 (combine) (#1922)

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* validation rule 1004 (#1923)

* renaming ruleid and tested

* rulename changed and tested

* description resx changed

* merged test cases into one rule

* cleanup and reordering

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Adding rule SARIF2005.ProvideHelpfulToolInformation (#1926)

* Adding ContextRegionMustBeProperSupersetOfRegion to SARIF1008. (#1925)

* Fix test break to due failure to pre-merge. (#1928)

* validation rule sarif1004 (#1930)

* changing file contents to follow conventions

* validation rule 1004

* reviews++

* tiny thing ;)

* another tiny thing!

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Add rules spreadsheet and document. (#1931)

* Provide messages for SARIF1005. (#1934)

* validation rule sarif1002 (part 1) (#1933)

* formatting changes only

* sub-rule: FileUrisMustNotIncludeDotDotSegments

* another test case output

* removing brnach comments from newly wrtiten rules.

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Adding rule SARIF2001.AuthorHighQualityMessages (#1929)

* sarif1007 subrule: RegionStartPropertyMustBePresent (#1935)

* changing file formatting per convention

* adding sub-rule: RegionStartPropertyMustBePresent

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Update rules factoring spreadsheet. (#1936)

* Update version-related comment in rules spreadsheet. (#1937)

* Update coding status on spreadsheet.

* Adding Rule SARIF2009

Adding tests

* Update rule status spreadsheet.

* code review - 1

* code review - 2

* code review - 3

* code review - 4

* code review - 5

* code review - 6

* Standardize and add messages to SARIF1001.

* Provide messages for SARIF1002 (except for the RFC 8089 message).

* Provide messages for SARIF1007.

* Rename SARIF2005 to ProvideToolProperties.

* Adding rule SARIF2004.OptimizeFileSize: EliminateLocationOnlyArtifacts (#1939)

* Provide messages for SARIF2001; update code to populate arguments.

* Provide message strings for SARIF1006.

* Move a rule description message to the right place.

* Standardize and provide messages for SARIF1009.

* Add description for SARIF1009.

* Reformat SARIF1005, update spreadsheet. (#1940)

* Author "Principles" section. (#1941)

* More about tool information.

* Copy edits to "Principles" section.

* More spreadsheet updates.

* More spreadsheet updates.

* More spreadsheet updates.

* More spreadsheet updates.

* More spreadsheet updates.

* adding placeholders for all resource strings and rule ids. (#1943)

* adding placeholders for all resource strings and rule ids.

* remove unneeded using refernece

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Adding rule SARIF1012 (#1944)

* More spreadsheet updates.

* Adding Rule SARIF2006 (#1942)

* Adding rule SARIF2002 (#1946)

* More spreadsheet updates, a little document work.

* Adding Rule SARIF2003 (#1947)

* More spreadsheet updates and document work.

* Adding Rule SARIF2011 (#1948)

* split rule sarif2001 into multiple (#1945)

* rename original rule - tested

* copies of the same rule created

* added test cases

* cleaned up resx strings

* pushing changes so far - 2 test cases fail

* expected outputs

* fixes for test cases

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* More spreadsheet updates and document work.

* Adding Rule SARIF2012 (#1949)

* More spreadsheet updates and document work.

* Add rule SARIF2004.OptimizeFileSize.EliminateIdOnlyRules (#1950)

* sub-rule added

* reviews answered and merge from latest faetures branch

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* More spreadsheet updates and document work.

* More spreadsheet updates and document work.

* More spreadsheet updates and document work.

* Adding rule SARIF2013 (#1951)

* More spreadsheet updates and document work.

* Updating Rule SARIF2009 and SARIF2014 (#1954)

* Update spreadsheet.

* sarif validation rule 2010 - provide code snippets (#1953)

* rule + test cases

* reviews++

* remove blank line

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Updating rules based on the guidelines (#1955)

* More spreadsheet updates and document work.

* Update spreadsheet.

* Document: "high quality" => "effective" everywhere.

* Document: Split up "enriched SARIF" rule.

* Author messages for SARIF2008.ProvideSchema.

* Remove obsolete "uriBaseId conventions" text.

* Rule description for SARIF2007.ExpressPathsRelativeToRepoRoot

* Fix ExpressUriBaseIdsCorrectly messages.

* Fix doc errors; update spreadsheet.

* user msgs verified for 1006 to 1010 (#1957)

* user messages updated for 1006 to 1010

* adding period back for 1008 description

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Adding Rule SARIF2007 (#1958)

* Bugfix null reference Rule SARIF2007 (#1959)

* Update spreadsheet: last rule written!

* Introduce SARIF1003 in spreadsheet.

* user msgs verified for 1001 to 1005 (#1956)

* usewr msgs verified for 1001 to 1005

* changing implementation for one sub-rule

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Fix missing cross-ref in doc.

* Remove backticks from plain text message.

* user messages for rules 1011, 1012, 2001, 2002. (#1960)

* user messages for rules 1011, 1012, 2001, 2002.

* fixing wrong message

* fixed updated string and merge from features

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Fix 2005 messages.

* user msgs verified for 2005 2008 2009 (#1961)

* user msgs verified for 2005, 2008, 2009

* 2005 msgs updated

* proof read 2008 & 2009

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Doc update for 2005/8/9.

* user msgs verified for 2014 & 2015 (#1965)

* user msgs verified for 2014 & 2015

* proof read 2014 and 2015

Co-authored-by: Harleen Kaur Kohli <erferferfg>

* Doc update for 2014/15.

* Restoring original functionality for sub rule: UriBaseIdRequiresRelativeUri (#1967)

Authored-by: Harleen Kaur Kohli

* Spreadsheet update for 1004.

* Update messages and code for SARIF1004. (#1968)

* Fix bug in 1012. (#1969)

* Provide messages for SARIF2003.ProvideVersionControlProvenance. (#1970)

* Provide messages for SARIF2004.OptimizeFileSize. (#1973)

* Provide messages for SARIF2006.MessagesShouldBeReachable. (#1974)

* Provide messages for SARIF2007.ExpressLocationsRelativeToRepoRoot. (#1975)

* Provide messages for SARIF1012.ProvideHelpUris. (#1976)

* Provide messages for SARIF2013.ProvideEmbeddedFileContent. (#1977)

* Fix broken functional test due to typo in message. (#1978)

* Provide messages for SARIF2010.ProvideCodeSnippets. (#1979)

* Provide messages for SARIF2011.ProvideContextRegion. (#1980)

* Remove overactive assertion. (#1981)

* Fix empty 2005 message (wrong argument order to LogResult). (#1982)

* Update release history and bump minor version number. (#1983)

* Update version

Co-authored-by: Harleen Kaur Kohli <hakohli@microsoft.com>
Co-authored-by: Eddy Nakamura <eddynaka@gmail.com>
Co-authored-by: Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>
Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
Co-authored-by: Michael Fanning <mikefan@microsoft.com>
* marking perf test to be ignored due to its flakiness.

* Update skip description.:

Co-authored-by: Harleen Kaur Kohli <erferferfg>
Co-authored-by: Michael Fanning <mikefan@microsoft.com>
Co-authored-by: Larry Golding <lgolding@comcast.net>
Bumps [lodash](/~https://github.com/lodash/lodash) from 4.17.14 to 4.17.19.
- [Release notes](/~https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.14...4.17.19)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Updating SARIF2004

* code review - 1

* code review - 2

* code review - 3

* Adding Extension and tests

* Updating tests and sarif files

* adding more cases to unit test

* code review - 4

* code review - 5

* updating order

* updating texts

* updating texts
Co-authored-by: Larry Golding <lgolding@comcast.net>
* Adding rule SARIF2016

* updating tests
* Modify sample to use uriBaseIds.

* Add TryReconstructAbsoluteUri unit test for missing trailing slash.

* Shorten and move comment.

* Introduce string constants.

* Add SarifLogger tests for run enhancement.

* Add a period.

* Test population of artifact contents in presence of uriBaseId.

* Add tests for GetEncodingFromName.

* Remove renamed-and-mostly-changed file.

* Fix file-scheme-related bug in UriConverter.

* Test for analysis targets with encoding and contents.

* DRY out "file" scheme constant.

* Mentioned fix for #2001 in release history.

* Remove extra blank line.

* Fix typo in comment.

* Fix another typo.

* Add version control provenance; change to REPO_ROOT.

* Visit results to provide region snippets.

* Clean up InsertOptionalDataVisitorTests

* Add unit test for visiting individual result.

* Add rule help URIs to test data.

Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
Co-authored-by: Larry Golding <lgolding@comcast.net>
* Fix Sarif.Multitool duplicate files in nupkg issue!

* Update SarifTrim to match new Newtonsoft reference version.

* Fix SarifLogger NullRefException when Results don't have a RuleId set.

* FortifyFprConverter: More efficient code when ContextRegions excluded.
Co-authored-by: Harleen Kaur Kohli <erferferfg>
* FortifyFpr converter improvements.

* Fix typo in file.

* Code changes to convrter

* Add DSP ingestion visitor.

* Files to demonstrate Fortify DSP progress.

* Update script to auto-gen drive letter based on script path.

* Update replacement logic.

* Update tests based on foritfy fopr converter and page command improvements.

* Remove test files for now.

* Delete test files.:
…l tests. (#2013)

* Don't disable rules in the default configuration file.

* Eliminate config files.

* Finish refactoring.

* Fix #2009: Don't break tests when new rules are introduced.

Co-authored-by: Larry Golding <lgolding@comcast.net>
…2019)

* Checking artifacts before snippet

* code review - 1

* code review - 1

* code review - 2

* Code review - 2

* code review - 3

* code review - 3
Co-authored-by: Larry Golding <lgolding@comcast.net>
* Bump version; update release history.

* Add GitHub DSP policy file.

* Fix broken functional test.

* Add user-facing strings for SARIF2017.

* Define rule id for SARIF2017.

* Introduce SARIF2017.LocationsMustHaveRequiredProperties.

* Add "valid" functional test for SARIF2017.LocationsMustHaveRequiredProperties.

* Add "invalid" functional test for SARIF2017.LocationsMustHaveRequiredProperties.

* Cover case where result.locations is empty.

* Move location property bags up to expose JPointer bug.

* Introduce Skimmer.EnabledByDefault

* Skimmer: Populate DefaultConfiguration so it appears in rule metadata.

* Don't execute default-disabled rules unless the configuration enables them.

* Add first rule to policy file; add file to solution.

* Add DSP XML config file.

* Remove associated tool GUID from SARIF config file.

* Update solution file for renamed policy file.

* Adjust line numbers to fix test broken by JPointer bug.

* Update a comment.

* Rename misnamed resource strings.

* Implement SARIF2018.InlineThreadFlowLocations.

* Implement SARIF2019.RegionsMustProvideRequiredProperties.

* Update policy files for SARIF2019.

* Implement SARIF2020.ReviewArraysThatExceedConfigurableDefaults.

* Fix broken formatted messages; improve messages.

* Fix naming errors in policy files and a bug in SARIF2019.

* Implement SARIF2021.LocationsMustBeRelativeUrisOrFilePaths.

* Implement SARIF2022.ProvideCheckoutPath.

* SARIF2017 now covers related locations.

* SARIF2017: Add tests for relatedLocations.

* SARIF2017: Really add relatedLocations logic this time.

* Rename "policy" files to "config".

* Protect SARIF1004 against a null ref.

* Correct user-facing strings for SARIF2019 to match DSP behavior.

* Improve user-facing strings for SARIF2021.

* Avoid null ref in SARIF2022.

* Implement SARIF2023.RelatedLocationsMustProvideRequiredProperties.

* Update test for changed message.

* Fix typo in summary comment.

* Refactor SARIF2021 to prepare for related locations.

* Apply SARIF2021 to related locations.

Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Larry Golding <lgolding@comcast.net>
LogId is more descriptive and easier to understand.
* Add GitInformation helper.

* Add unit test for ArtifactLocation.ToLocation.

* Add VersionControlInformation to OptionallyEmittedData.

* Add comment explaining path replacement.

* DRY out calculation of repo root.

* Compensate for varying repo root.

* Compensate for enlistment root's artifact.

* PR feedback.

Co-authored-by: Larry Golding <lgolding@comcast.net>
Larry Golding and others added 28 commits October 5, 2020 15:59
…tions) (#2086)

* Remove GH1007.ProvideRequiredRelatedLocationProperties.

* Rename file GitHubDspIngestionVisitor.cs to GitHubIngestionVisitor.cs (class already has correct name).

* Don't insert placedholder related locations message.

* Remove obsolete test.

* Don't remove invocations.

Co-authored-by: Larry Golding <lgolding@comcast.net>
* Fixing index out of range in baseliner

* Adding resultmatching test to validate before/after change

* Addressing michael's comments
* Adding setter to GitExePath

* adding tests and change to changelog
* Checking PATH environment variable

* creating file searcher helper, adding tests

* code review & update in changelog

* updating error comment

* fixing tests
)

* Fix #2089: GitHub policy should not turn off any note level rules

* Elevate two rules and (correctly) disable one.

* Update release history.

Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
* Generalize and harden docs exporter

merge

* code review - 1

* code review - 2

Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
…cation URIs (#2095)

* Fix #2090: Validator should warn of leading / in relative artifact location URIs

* Update release history.

* Remove unnecessary "== true".

Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
* Fix #2098: Make pretty-print the default output format

Introduce a new command line option `--minify`. If neither `--minify` nor `--pretty-print` is specified, `--pretty-print` is set to true. If both `--minify` and `--pretty-print` is specified, parameter validation fails.

* Minor cleanups.

* Fix up root namespace in a test project.

* Introduce fit-for-purpose error message.

* DRY out options validation.

* Avoid writing a file just to verify command line options.

* Remove unused static field.

* Update release history.

Co-authored-by: Larry Golding <lgolding@comcast.net>
…perty bags (#2065)

* Introduce a test file for property bag queries.

* Support string-valued result properties.

* Support string-valued rule properties.

* Clarify property bag query syntax and restore ability to recognize invalid property names.

* Compare property bag properties case-insensitively.

* Handle integer-valued properties.

* Update version number and release history.

* Handle float properties.

* Generalize exception messages.

* Separate property bag tests.

* DRY out test setup into a fixture.

* Restore erroneously edited comment.

* Simplify query syntax by inferring whether string or numeric comparison was desired.

* Fix up test project file.

* Remove unnecessary else.

* Case-sensitive property name comparison with minimal code change.

* Simplify code.

* Bump version, correct release history.

Co-authored-by: Larry Golding <lgolding@comcast.net>
Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
* Compute and Apply policies

* adding tests + reorganization

* michael's code review - 1

* adding parameter names and renamings

* Policies won't be static, because it can lead to errors

* updating changelog

Co-authored-by: Michael C. Fanning <michael.fanning@microsoft.com>
* Simplifying tests and adding fix in changelog

* Renaming parameters and changing to show literals

* fixing test

Co-authored-by: Michael Fanning <mikefan@microsoft.com>
* Creating FileSystem singleton

* Larry's code review - 1

* Larry's code review - 2

* updating last filesystem
* Implementing GetFormatting helper + fixes

* from method to property

* changing from "" to string.empty
* Adding command policy to multitool

* updating changelog

* Larry's code review - 1

* fixing ordering
* Fixing xml when that doesn't contain location

* Larry's code review - 1

* removing unused resource

* Revert "removing unused resource"

This reverts commit 4bbd4d1.

* Larry's code review - 2

* fixing tests

* adding comment why we need this condition

* fixing issue with parser

* updating tests

* checking capacity in AddLocationToResult method
* Fixing linux tests

* fixing FileSpecifierTests

* fixing files

* replacng \r\n for environment.newline
* Enforcing file normalization

* enforcing header

* reverting

* enforcing file normalization

* ignoring cs15xx for autogenerated files

* removing editorconfig from autogerated folder

* applying format
updating script to execute every time

using windows environment

updating path
* Reversion to 2.3.8.

* fixing grouping + end of line in versionConstants file

Co-authored-by: Eddy Nakamura <eddynaka@gmail.com>
Co-authored-by: Eddy Nakamura <ednakamu@microsoft.com>
* Improve FileRegionsCache testability

* updating release history

* Revert "updating release history"

This reverts commit 0d79902.
 ** Had to fix Skimmer descendants to use new design (constructor arguments, not overridden properties.
 BSOA can't "see" overridden properties, because the base setter never gets called, so they won't roundtrip correctly to the BSOA format.
 DefaultConfiguration needs to be initialized.
 Pass additional arguments down to Skimmer.BuildRule().
… roundtripped version after PrereleaseTransformer.

Newtonsoft seems to usually put "originalUriBaseIds" in the same order as the Run class declarations (and the schema from which it was generated) but not in this particular case.
@ScottLouvau ScottLouvau merged commit 6831eb3 into users/sclouvau/BSOA Oct 27, 2020
@ScottLouvau ScottLouvau deleted the users/sclouvau/BSOA-Master-Merge branch October 27, 2020 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants