Skip to content

Commit

Permalink
validation rule sarif1002 (part 1) (#1933)
Browse files Browse the repository at this point in the history 
* formatting changes only

* sub-rule: FileUrisMustNotIncludeDotDotSegments

* another test case output

* removing brnach comments from newly wrtiten rules.

Co-authored-by: Harleen Kaur Kohli <erferferfg>
  • Loading branch information
@harleenkohli
harleenkohli committed Jun 24, 2020
1 parent 261eb5f commit 2ad001c
Show file tree
Hide file tree
Showing 8 changed files with 158 additions and 51 deletions.
9 changes: 9 additions & 0 deletions src/Sarif.Multitool/Rules/RuleResources.Designer.cs
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions src/Sarif.Multitool/Rules/RuleResources.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,4 +239,7 @@ If 'version' is used, facilitate comparison between versions by specifying it ei
<data name="SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainQueryOrFragment_Text" xml:space="preserve">
<value>{0}: '{1}' '{2}' Placeholder: SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainQueryOrFragment_Text</value>
</data>
<data name="SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text" xml:space="preserve">
<value>{0}: '{1}' Placeholder_SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text</value>
</data>
</root>
52 changes: 34 additions & 18 deletions src/Sarif.Multitool/Rules/SARIF1002.UrisMustBeValid.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,29 @@
using System;
using System.Collections.Generic;
using System.Linq;

using Microsoft.Json.Pointer;

namespace Microsoft.CodeAnalysis.Sarif.Multitool.Rules
{
public class UrisMustBeValid : SarifValidationSkimmerBase
{
public override MultiformatMessageString FullDescription => new MultiformatMessageString
{
Text = RuleResources.SARIF1002_UrisMustBeValid_FullDescription_Text
};
/// <summary>
/// SARIF1002
/// </summary>
public override string Id => RuleId.UrisMustBeValid;

public override FailureLevel DefaultLevel => FailureLevel.Error;
/// <summary>
/// Specify a valid URI reference for every URI-valued property.
/// </summary>
public override MultiformatMessageString FullDescription => new MultiformatMessageString { Text = RuleResources.SARIF1002_UrisMustBeValid_FullDescription_Text };

public override string Id => RuleId.UrisMustBeValid;
protected override IEnumerable<string> MessageResourceNames => new string[] {
nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_UrisMustConformToRfc3986_Text),
nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text)
};

protected override IEnumerable<string> MessageResourceNames => new string[]
{
nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_UrisMustConformToRfc3986_Text)
};
public override FailureLevel DefaultLevel => FailureLevel.Error;

protected override void Analyze(SarifLog log, string logPointer)
{
Expand Down Expand Up @@ -78,16 +82,28 @@ protected override void Analyze(VersionControlDetails versionControlDetails, str

private void AnalyzeUri(Uri uri, string pointer)
{
AnalyzeUri(uri?.OriginalString, pointer);
}

private void AnalyzeUri(string uri, string pointer)
{
if (uri != null)
string uriString = uri?.OriginalString;
if (uriString != null)
{
if (!Uri.IsWellFormedUriString(uri, UriKind.RelativeOrAbsolute))
if (!Uri.IsWellFormedUriString(uriString, UriKind.RelativeOrAbsolute))
{
// {0}: The string "{1}" is not a valid URI reference.
LogResult(
pointer,
nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_UrisMustConformToRfc3986_Text),
uriString);
}

if (uri.IsAbsoluteUri && uri.IsFile)
{
LogResult(pointer, nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_UrisMustConformToRfc3986_Text), uri);
if (uriString.Split('/').Any(x => x.Equals("..")))
{
// {0}: '{1}' Placeholder_SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text
LogResult(
pointer,
nameof(RuleResources.SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text),
uriString);
}
}
}
}
Expand Down
4 changes: 0 additions & 4 deletions src/Sarif.Multitool/Rules/SARIF1004.ExpressUriBaseIdsCorrectly.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
{
var uri = new Uri(uriString, UriKind.RelativeOrAbsolute);

// TopLevelUriBaseIdMustBeAbsolute: Top level uriBaseId must be absolute.
if (artifactLocation.UriBaseId == null && !uri.IsAbsoluteUri)
{
// {0}: The URI '{1}' belonging to the '{2}' element of run.originalUriBaseIds is not an absolute URI.
Expand All @@ -83,7 +82,6 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
uriBaseId);
}

// UriBaseIdValueMustEndWithSlash: uriBaseIds must end with a slash.
if (!uriString.EndsWith("/"))
{
// {0}: The URI '{1}' belonging to the '{2}' element of run.originalUriBaseIds does not end with a slash.
Expand All @@ -94,7 +92,6 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
uriBaseId);
}

// UriBaseIdValueMustNotContainDotDotSegment: uriBaseIds must not contain `..` segment(s).
if (uriString.Split('/').Any(x => x.Equals("..")))
{
// {0}: '{1}' '{2}' Placeholder: SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainDotDotSegment_Text
Expand All @@ -105,7 +102,6 @@ private void AnalyzeOriginalUriBaseIdsEntry(string uriBaseId, ArtifactLocation a
uriBaseId);
}

// UriBaseIdValueMustNotContainQueryOrFragment: uriBaseIds must not contain any query or fragments.
if (uri.IsAbsoluteUri && (!string.IsNullOrEmpty(uri.Fragment) || !string.IsNullOrEmpty(uri.Query)))
{
// {0}: '{1}' '{2}' Placeholder: SARIF1004_ExpressUriBaseIdsCorrectly_Error_UriBaseIdValueMustNotContainQueryOrFragment_Text
Expand Down
2 changes: 0 additions & 2 deletions src/Sarif.Multitool/Rules/SARIF1008.PhysicalLocationPropertiesMustBeConsistent.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ protected override void Analyze(PhysicalLocation physicalLocation, string physic
return;
}

// ContextRegionRequiresRegion: If 'contextRegion' is present, then 'region' must also be present.
if (physicalLocation.Region == null)
{
// {0}: This 'physicalLocation' object contains a 'contextRegion' property, but it
Expand All @@ -70,7 +69,6 @@ protected override void Analyze(PhysicalLocation physicalLocation, string physic
return;
}

// ContextRegionMustBeProperSupersetOfRegion: 'contextRegion' must be a proper superset of 'region'.
if (!physicalLocation.ContextRegion.IsProperSupersetOf(physicalLocation.Region))
{
// {0}: This 'physicalLocation' object contains both a 'region' and a 'contextRegion'
Expand Down
28 changes: 28 additions & 0 deletions ...estData/Multitool/ValidateCommand/ExpectedOutputs/SARIF1002.UrisMustBeValid_Invalid.sarif
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@
"messageStrings": {
"Error_UrisMustConformToRfc3986": {
"text": "{0}: The string \"{1}\" is not a valid URI reference."
},
"Error_FileUrisMustNotIncludeDotDotSegments": {
"text": "{0}: '{1}' Placeholder_SARIF1002_UrisMustBeValid_Error_FileUrisMustNotIncludeDotDotSegments_Text"
}
},
"helpUri": "http://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html"
Expand Down Expand Up @@ -156,6 +159,31 @@
}
]
},
{
"ruleId": "SARIF1002",
"ruleIndex": 0,
"level": "error",
"message": {
"id": "Error_FileUrisMustNotIncludeDotDotSegments",
"arguments": [
"runs[0].results[1].analysisTarget.uri",
"file:///c:/src/src2/src3/../../file.c"
]
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"index": 0
},
"region": {
"startLine": 68,
"startColumn": 58
}
}
}
]
},
{
"ruleId": "SARIF1002",
"ruleIndex": 0,
Expand Down
Loading

0 comments on commit 2ad001c

Please sign in to comment.