.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)
OTHER License
Bot releases are visible (Hide)
Published by EasyRhinoMSFT 8 months ago
Published by EasyRhinoMSFT 8 months ago
Published by EasyRhinoMSFT 8 months ago
Sarif
and Sarif.Driver
to resolve version conflict build error.System.Diagnostics.Debug
4.3.0,System.IO.FileSystem.Primitives
4.3.0,System.Text.Encoding.Extensions
4.3.0.Published by shaopeng-gh 8 months ago
System.Text.Encoding.CodePages
from 8.0.0 to 4.3.0 in Sarif
.System.Memory
and System.Runtime.CompilerServices.Unsafe
.System.Collections.Immutable
.Microsoft.Data.SqlClient
reference from 2.1.2 to 2.1.7 in WorkItems
and Sarif.Multitool.Library
to resolve CVE-2024-0056.System.Data.SqlClient
reference from 4.8.5 to 4.8.6 in WorkItems
to resolve CVE-2024-0056.FileEncoding.IsTextualData
method for detecting binary files.Stack.Create
method to populate missing PhysicalLocation
instances when stack frames reference relative file paths.UnsupportedOperationException
in ZipArchiveArtifact
.MultithreadedAnalyzeCommandBase
to return rich return code with the --rich-return-code
option.IsBinary
property to IEnumeratedArtifact
and implement the property in ZipArchiveArtifact
.IsBinary
categorization for ZipArchiveArtifact
s.max-file-size-in-kb
parameter to 10 megabytes.--timeout-in-seconds
parameter to AnalyzeOptionsBase
, which will override the TimeoutInMilliseconds
property in AnalyzeContextBase
.--post-uri
will skip sending the SARIF log to the configured endpoint if the file contains no results or fatal execution errors.ADO1011.ReferenceFinalSchema
,ADO1013.ProvideRequiredSarifLogProperties
,ADO1014.ProvideRequiredRunProperties
,ADO1015.ProvideRequiredResultProperties
,ADO1016.ProvideRequiredLocationProperties
,ADO1017.ProvideRequiredPhysicalLocationProperties
,ADO1018.ProvideRequiredToolProperties
,ADO2012.ProvideRequiredReportingDescriptorProperties
,GH1011.ReferenceFinalSchema
,GH1013.ProvideRequiredSarifLogProperties
,GH1014.ProvideRequiredRunProperties
,GH1015.ProvideRequiredResultProperties
,GH1016.ProvideRequiredLocationProperties
,GH1017.ProvideRequiredPhysicalLocationProperties
,GH1018.ProvideRequiredToolProperties
,GH2012.ProvideRequiredReportingDescriptorProperties
.--rule-kind
parameter to AnalyzeOptionsBase
, which specifies rule kinds to run (Sarif
, Ghas
, Ado
). Example: --rule-kind Ado;Sarif
.Published by HulonJenkins over 1 year ago
NotSupportedException
thrown (on .NET 4.8 and earlier) on accessing DeflateStream.Length
from MultithreadedZipArchiveArtifactProvider.SizeInBytes
property.Published by shaopeng-gh over 1 year ago
SarifLogger
no longer allows providing a Tool
instance. Use the run
parameter instead (and populate it with any custom Tool
object). #2614
SarifLogger
updates version details differently. #2611
ToolComponent
argument to IAnalysisLogger.Log(ReportingDescriptor, Result)
method. #2611
--normalize-for-github
argument to --normalize-for-ghas
for convert
command and mark --normalize-for-github
as obsolete. #2581
IAnalysisContext.LogToolNotification
method to add ReportingDescriptor
parameter. This is required in order to populated AssociatedRule
data in Notification
instances. The new method has an option value of null for the associatedRule
parameter to maximize build compatibility. #2604
LogMissingreportingConfiguration
helper to LogMissingReportingConfiguration
. #2599
MaxFileSizeInKilobytes
from int to long in IAnalysisContext
and other classes. #2599
Guid
properties defined in SARIF spec, updated Json schema to use uuid
, and updated C# object model to use Guid?
instead of string
. #2555
AnalyzeCommandBase
as obsolete. This type will be removed in the next significant update. #2599
LogUnhandledEngineException
no longer has a return value (and updates the RuntimeErrors
context property directly as other helpers do). #2599
MultithreadedAnalyzeCommandBase
by correcting task creation. []#2618](https://github.com/microsoft/sarif-sdk/pull/2618)Collection was modified; enumeration operation may not execute
in MultithreadedAnalyzeCommandBase
, raised when analyzing with the --hashes
switch. #2459. There was a previous attempt to fix this in #2447.match-results-forward
command fails to generate VersionControlDetails data. #2487
match-results-forward
commands for results with sub-rule ids. #2486
merge
command to properly produce runs by tool and version when passed the --merge-runs
argument. #2488
IOException
and DirectoryNotFoundException
exceptions thrown by merge
command when splitting by rule (due to invalid file characters in rule ids). #2513
virtual
keyword for public methods and properties, by regenerate and manually sync the changes. #2537
NullReferenceException
when file hashing fails (due to file locked or other errors reading the file). #2596
PluginDriver
property (AdditionalOptionsProvider
) that allows additional options to be exported (typically for command-line arguments). #2599
LogFileSkippedDueToSize
that fires a warning notification if any file is skipped due to exceeding size threshold. #2599
ShouldEnqueue
predicate method to filter files from driver processing. #2599
ShouldComputeHashes
predicate method to prevent files from hashing. #2601
MaxFileSizeInKilobytes
, which will allow SDK users to change the value. (Default value is 1024) #2578
GH1007
, which requires flattened result message so GHAS code scanning can ingest the log. #2580
SarifLogger
with a FileRegionsCache
instance.InsertOptionalDataVisitor
(previously initialized exclusively from FileRegionsCache.Instance
).trace and emitted timing data. Provide
ScanExecution` trace with no utilization.LogToolNotification
as called from SarifLogger
. #2604
--normalize-for-ghas
argument to the rewrite
command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. #2581
SarifLogger
now supports extensions rules data when logging (by providing a ToolComponent
instance to the result logging method). #2661
SarifLogger
provides a ComputeHashData
callback to provide hash data for in-memory scan targets. #2614
HashUtilities.ComputeHashes(Stream)
and `ComputeHashesForText(string) helpers. #2614
Published by eddynaka about 2 years ago
System.Collections.Immutable
minimum version requirement to 1.5.0. #2504
Published by eddynaka about 2 years ago
System.Collections.Immutable
1.5.0. #2504
Published by eddynaka about 2 years ago
JsonConvert.Defaults
is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.Published by marmegh about 2 years ago
JsonConvert.Defaults
is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.Published by marmegh about 2 years ago
Published by eddynaka over 2 years ago
Published by eddynaka over 2 years ago
StreamWriter
arguments passed to SarifLog.Save
helpers. This would result in ObjectDisposedException
being raised on attempt to access streams after save.Id
property of Location
changed from int
(32bit) to BigInteger
(unlimited) to fix Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32.
#2463
Published by eddynaka over 2 years ago
AnalyzeCommandBase
previously persisted all scan target artifacts to SARIF logs rather than only persisting artifacts referenced by an analysis result, when an option to persist hashes, text file or binary information was set. MultithreadedAnalyzeCommandBase
previously persisted all scan targets artifacts to SARIF logs in cases when hash insertion was eenabled rather than only persisting artifacts referenced by an analysis result. #2433
InvalidOperationException
when using PropertiesDictionary in a multithreaded application, and remove [Serializable]
from it. Now use of BinaryFormatter on it will result in SerializationException
: Type PropertiesDictionary
is not marked as serializable. #2415
SarifLogger
now emits an artifacts table entry if artifactLocation
is not null for tool configuration and tool execution notifications. #2437
ArgumentException
when --recurse
is enabled and two file target specifiers generates the same file path. #2438
Collection was modified; enumeration operation may not execute
in MultithreadedAnalyzeCommandBase
, which is raised when analyzing with the --hashes
switch. #2447
Merge
command produces empty SARIF file in Linux when providing file name only without path. #2408
--sort-results
argument to the rewrite
command to get sorted SARIF results. #2422
NullReferenceException
when filing work item with a SARIF file which has no filable results. #2412
endLine
and endColumn
properties and remove vulnerable packages for ESLint SARIF formatter. #2458
Published by eddynaka about 3 years ago
Published by eddynaka about 3 years ago
Published by eddynaka about 3 years ago
Published by eddynaka over 3 years ago
Published by eddynaka over 3 years ago