-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUGFIX: Adjust Json Serialization field order for ReportingDescriptor and skip emit empty AutomationDetails node #2420
Conversation
{ | ||
AutomationDetails = new RunAutomationDetails | ||
_run.AutomationDetails = new RunAutomationDetails |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
public virtual MultiformatMessageString Help { get; set; } | ||
|
||
/// <summary> | ||
/// An array of objects that describe relationships between this reporting descriptor and others. | ||
/// </summary> | ||
[DataMember(Name = "relationships", IsRequired = false, EmitDefaultValue = false)] | ||
[JsonProperty(DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)] | ||
[DataMember(Name = "relationships", IsRequired = false, EmitDefaultValue = false, Order = 13)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"name": "This isn't pascal case", | ||
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html" | ||
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html", | ||
"name": "This isn't pascal case" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
test case logic is, read this json input into c# object, and write the object back to json, and then do analyze on it.
when we write the c# object back to json, with the order currently set, helpUri is before name, so the sarif be will differnt than the input file. so the analyze result on top of that will have the line number +1 from 21 to 22.
To make test more readable I changed this input to be the same order so when we see the error is line 22 we can understand which line it is pointing to. Let me know your thoughts.
@@ -41,87 +41,88 @@ public SarifNodeKind SarifNodeKind | |||
/// <summary> | |||
/// A stable, opaque identifier for the report. | |||
/// </summary> | |||
[DataMember(Name = "id", IsRequired = false, EmitDefaultValue = false)] | |||
[DataMember(Name = "id", IsRequired = false, EmitDefaultValue = false, Order = 1)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how I get the current order:
I use the version before issue, and then temp change code set all fields always written even it is null, so that I can get the full list of the ordering, and then use the same ordering.
fyi it was like below:
{
"id": "BA2001",
"fullDescription": {
"text": "64-bit images should"
},
"helpUri": "https://gith",
"help": {
"text": "64-bit ima"
},
"messageStrings": {
"Pass": {
"text": "'{0}' is"
},
"Error": {
"text": "'{0}' is"
},
"NotApplicable_InvalidMetadata": {
"text": "'{0}' was"
}
},
"shortDescription": null,
"name": "LoadImageAboveFourGigabyteAddress",
"deprecatedIds": null,
"guid": null,
"deprecatedGuids": null,
"deprecatedNames": null,
"defaultConfiguration": {},
"relationships": null,
"properties": {
"equivalentBinScopeRuleReadableName": "FourGbCheck"
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for being so thorough here with your explanation. I found this super helpful.
We really have two identical files in two different folders? I don't expect this to be changed this go around, but I'm curious Michael/Eddy: was there a reason for the repetition here? |
@@ -41,87 +41,88 @@ public SarifNodeKind SarifNodeKind | |||
/// <summary> | |||
/// A stable, opaque identifier for the report. | |||
/// </summary> | |||
[DataMember(Name = "id", IsRequired = false, EmitDefaultValue = false)] | |||
[DataMember(Name = "id", IsRequired = false, EmitDefaultValue = false, Order = 1)] | |||
public virtual string Id { get; set; } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if this is covered in oru standard yet; but we probably want to consider if we're explicitly setting an order whether we want that to be how we sort files like this or if we want to do alphabetical, etc. #Closed
src/ReleaseHistory.md
Outdated
@@ -2,6 +2,7 @@ | |||
|
|||
## Unreleased | |||
|
|||
* BUGFIX: Revert Json Serialization field order change and skip emit empty AutomationDetails node. [#2420](/~https://github.com/microsoft/sarif-sdk/pull/2420) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was under the impression that the order change reversion was just until the other PR is approved and then we'll settle on a final order and consolidate the two changes.
Would this be better described accordingly:
"Standardizing Json Serialization field order and..."? #Resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would consider this to be my only blocking comment at the moment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree, let me change to word like "Adjust" instead of Standardizing I fear people think it is a whole solution standardizing by looking the title
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated the title.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! Looks like you've addressed Mary's comment, so I'm going to assume approval there and merge. :) Mary, if you see a retroactive adjustment you'd like, of course we can do that next.
add my input: In reply to: 1007846306 |
Your question reminds me of I think I should add a note for not yet auto generated comment in code. Added. In reply to: 1007856536 |
if (_run.ShouldSerializeAutomationDetails()) | ||
{ | ||
Serialize(_run.AutomationDetails, "automationDetails"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you create a test using resultlogjsonwriter and verify if it will emit or not. #Resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, check if the other run properties are using the shouldSerialize pattern and if yes, we should add the same logic as this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- for this one, before this PR, the test we already have
"AnalyzeCommandBase_ShouldEmitAutomationDetailsWhenIdOrGuidExists()"
is already going this path and use the resultlogjsonwriter and verify if it is correctly emitted, (can F5 to step though)
the problem was just there is no case for validate the opposite situation when it should not emit,
so I added cases for null to loop in it, and change the test method name to a generic name reflect it tests both cases.
- agree, I just go though all fields in the run.cs those have shouldSerialize, and made the same change, updated the PR. the new ones I added are:
ShouldSerializeArtifacts
ShouldSerializeInvocations
ShouldSerializeLogicalLocations
… add the same logic as this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description:
when working on fix microsoft/binskim#533
we encounter 2 more issues
related to changeset Baseline tools binskim#344
location: file BA2006.BuildWithSecureTools.cs line 104
related to changeset Enable automation details for command base #2407
location: file Run.cs line 223
Fix:
and the benefit is when we fix the order in field attribute, now both single thread and multi thread will generate json file with same order. before fix, it is currently generating different order.
whatever code we write in ShouldSerializeXField() will only get invoked if we use default direct whole object Serialization. Those code we use Json Writer to manually write Field by Field will not invoke it, we should use the same logic.