Bot releases are visible (Hide)

sarif-sdk - v4.5.4 Latest Release

Published by EasyRhinoMSFT 8 months ago

**v4.5.4 Sdk | Driver | Converters | Multitool | Multitool Library

BUG: Fix incorrect base class in rule ADO2012.

sarif-sdk - v4.5.3

Published by EasyRhinoMSFT 8 months ago

**v4.5.3 Sdk | Driver | Converters | Multitool | Multitool Library

BUG: Restructure shared MessageResourceNames collections to ensure return of correct error messages.

sarif-sdk - v4.5.2

Published by EasyRhinoMSFT 8 months ago

**v4.5.2 Sdk | Driver | Converters | Multitool | Multitool Library

BUG: Update Skimmer stack in Multitool.Library to support shared MessageResourceNames collections between base rules and their derivatives.
BUG: Fix message strings to always assume {1} is reserved for the rule's service name.
BUG: Clean up unused resource strings in Multitool.Library.Rules.RuleResources.resx.

sarif-sdk - v4.5.1

Published by EasyRhinoMSFT 8 months ago

**v4.5.1 Sdk | Driver | Converters | Multitool | Multitool Library

DEP: Add explicit package references to Sarif and Sarif.Driver to resolve version conflict build error.
System.Diagnostics.Debug 4.3.0,
System.IO.FileSystem.Primitives 4.3.0,
System.Text.Encoding.Extensions 4.3.0.

sarif-sdk - v4.5.0

Published by shaopeng-gh 8 months ago

**v4.5.0 Sdk | Driver | Converters | Multitool | Multitool Library

DEP: Downgrade System.Text.Encoding.CodePages from 8.0.0 to 4.3.0 in Sarif.
DEP: Remove explicit versioning for System.Memory and System.Runtime.CompilerServices.Unsafe.
DEP: Remove spurious references to System.Collections.Immutable.
DEP: Update Microsoft.Data.SqlClient reference from 2.1.2 to 2.1.7 in WorkItems and Sarif.Multitool.Library to resolve CVE-2024-0056.
DEP: Update System.Data.SqlClient reference from 4.8.5 to 4.8.6 in WorkItems to resolve CVE-2024-0056.
BUG: Improve FileEncoding.IsTextualData method for detecting binary files.
BUG: Update Stack.Create method to populate missing PhysicalLocation instances when stack frames reference relative file paths.
BUG: Fix UnsupportedOperationException in ZipArchiveArtifact.
BUG: Fix MultithreadedAnalyzeCommandBase to return rich return code with the --rich-return-code option.
NEW: Add IsBinary property to IEnumeratedArtifact and implement the property in ZipArchiveArtifact.
NEW: Switch to content-based IsBinary categorization for ZipArchiveArtifacts.
PRF: Change default max-file-size-in-kb parameter to 10 megabytes.
PRF: Add support for efficiently peeking into non-seekable streams for binary/text categorization.
NEW: Add a new --timeout-in-seconds parameter to AnalyzeOptionsBase, which will override the TimeoutInMilliseconds property in AnalyzeContextBase.
NEW: --post-uri will skip sending the SARIF log to the configured endpoint if the file contains no results or fatal execution errors.
NEW: Add the following rules:
ADO1011.ReferenceFinalSchema,
ADO1013.ProvideRequiredSarifLogProperties,
ADO1014.ProvideRequiredRunProperties,
ADO1015.ProvideRequiredResultProperties,
ADO1016.ProvideRequiredLocationProperties,
ADO1017.ProvideRequiredPhysicalLocationProperties,
ADO1018.ProvideRequiredToolProperties,
ADO2012.ProvideRequiredReportingDescriptorProperties,
GH1011.ReferenceFinalSchema,
GH1013.ProvideRequiredSarifLogProperties,
GH1014.ProvideRequiredRunProperties,
GH1015.ProvideRequiredResultProperties,
GH1016.ProvideRequiredLocationProperties,
GH1017.ProvideRequiredPhysicalLocationProperties,
GH1018.ProvideRequiredToolProperties,
GH2012.ProvideRequiredReportingDescriptorProperties.
NEW: Add a new --rule-kind parameter to AnalyzeOptionsBase, which specifies rule kinds to run (Sarif, Ghas, Ado). Example: --rule-kind Ado;Sarif.

sarif-sdk - v4.2.1

Published by HulonJenkins over 1 year ago

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

v4.2.1 Sdk | Driver | Converters | Multitool | Multitool Library

BUG: Resolve NotSupportedException thrown (on .NET 4.8 and earlier) on accessing DeflateStream.Length from MultithreadedZipArchiveArtifactProvider.SizeInBytes property.

sarif-sdk - v4.0.0

Published by shaopeng-gh over 1 year ago

v4.0.0 Sdk | Driver | Converters | Multitool | Multitool Library

BRK: SarifLogger no longer allows providing a Tool instance. Use the run parameter instead (and populate it with any custom Tool object). #2614
BRK: SarifLogger updates version details differently. #2611
BRK: Add ToolComponent argument to IAnalysisLogger.Log(ReportingDescriptor, Result) method. #2611
BRK: Rename --normalize-for-github argument to --normalize-for-ghas for convert command and mark --normalize-for-github as obsolete. #2581
BRK: Update IAnalysisContext.LogToolNotification method to add ReportingDescriptor parameter. This is required in order to populated AssociatedRule data in Notification instances. The new method has an option value of null for the associatedRule parameter to maximize build compatibility. #2604
BRK: Correct casing of LogMissingreportingConfiguration helper to LogMissingReportingConfiguration. #2599
BRK: Change type of MaxFileSizeInKilobytes from int to long in IAnalysisContext and other classes. #2599
BRK: For Guid properties defined in SARIF spec, updated Json schema to use uuid, and updated C# object model to use Guid? instead of string. #2555
BRK: Mark AnalyzeCommandBase as obsolete. This type will be removed in the next significant update. #2599
BRK: LogUnhandledEngineException no longer has a return value (and updates the RuntimeErrors context property directly as other helpers do). #2599
BUG: Populate missing context region data for small, single-line scan targets. #2616
BUG: Increase parallelism in MultithreadedAnalyzeCommandBase by correcting task creation. []#2618](https://github.com/microsoft/sarif-sdk/pull/2618)
BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. #2599
BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. #2600
BUG: Another attempt to resolve 'InvalidOperationException' with message Collection was modified; enumeration operation may not execute in MultithreadedAnalyzeCommandBase, raised when analyzing with the --hashes switch. #2459. There was a previous attempt to fix this in #2447.
BUG: Resolve issue where match-results-forward command fails to generate VersionControlDetails data. #2487
BUG: Remove duplicated rule definitions when executing match-results-forward commands for results with sub-rule ids. #2486
BUG: Update merge command to properly produce runs by tool and version when passed the --merge-runs argument. #2488
BUG: Eliminate IOException and DirectoryNotFoundException exceptions thrown by merge command when splitting by rule (due to invalid file characters in rule ids). #2513
BUG: Fix classes inside NotYetAutoGenerated folder missing virtual keyword for public methods and properties, by regenerate and manually sync the changes. #2537
BUG: MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. #2579
BUG: Eliminate NullReferenceException when file hashing fails (due to file locked or other errors reading the file). #2596
NEW: Provide PluginDriver property (AdditionalOptionsProvider) that allows additional options to be exported (typically for command-line arguments). #2599
NEW: Provide LogFileSkippedDueToSize that fires a warning notification if any file is skipped due to exceeding size threshold. #2599
NEW: Provide overridable ShouldEnqueue predicate method to filter files from driver processing. #2599
NEW: Provide overridable ShouldComputeHashes predicate method to prevent files from hashing. #2601
NEW: Allow external set of MaxFileSizeInKilobytes, which will allow SDK users to change the value. (Default value is 1024) #2578
NEW: Add a Github validation rule GH1007, which requires flattened result message so GHAS code scanning can ingest the log. #2580
NEW: Provide mechanism to populate SarifLogger with a FileRegionsCache instance.
NEW: Allow initialization of file regions cache in InsertOptionalDataVisitor (previously initialized exclusively from FileRegionsCache.Instance).
NEW: Provide 'RuleScanTimetrace and emitted timing data. ProvideScanExecution` trace with no utilization.
NEW: Populate associated rule data in LogToolNotification as called from SarifLogger. #2604
NEW: Add --normalize-for-ghas argument to the rewrite command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. #2581
NEW: Allow per-line rolling (partial) hash computation for a file. #2605
NEW: SarifLogger now supports extensions rules data when logging (by providing a ToolComponent instance to the result logging method). #2661
NEW: SarifLogger provides a ComputeHashData callback to provide hash data for in-memory scan targets. #2614
NEW: Provide HashUtilities.ComputeHashes(Stream) and `ComputeHashesForText(string) helpers. #2614

sarif-sdk - v3.1.0

Published by eddynaka about 2 years ago

v3.1.0 Sdk | Driver | Converters | Multitool | Multitool Library

BUGFIX: Loosen System.Collections.Immutable minimum version requirement to 1.5.0. #2504

sarif-sdk - v3.1.0-beta1

Published by eddynaka about 2 years ago

v3.1.0-beta1 Sdk | Driver | Converters | Multitool | Multitool Library

DEPENDENCY BREAKING: SARIF.SDK now requires System.Collections.Immutable 1.5.0. #2504

sarif-sdk - v3.0.0

Published by eddynaka about 2 years ago

v3.0.0 Sdk | Driver | Converters | Multitool | Multitool Library

BUGFIX: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations.
BUGFIX: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk, Sarif.Driver and Sarif.WorkItems requires net461.
BUGFIX: Set default stack limit in Newtonsoft.JSON utilization (if JsonConvert.Defaults is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.

sarif-sdk - v3.0.0-beta1

Published by marmegh about 2 years ago

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

3.0.0-beta1 Sdk | Driver | Converters | Multitool | Multitool Library

BUGFIX: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations.
BUGFIX: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk now supports net45 forward. Sarif.Driver and Sarif.WorkItems requires net461 due to other dependencies.
BUGFIX: Set default stack limit in Newtonsoft.JSON utilization (if JsonConvert.Defaults is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.

sarif-sdk - v2.4.16

Published by marmegh about 2 years ago

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

v2.4.16 Sdk | Driver | Converters | Multitool | Multitool Library

sarif-sdk - v2.4.15

Published by eddynaka over 2 years ago

v2.4.15 Sdk | Driver | Converters | Multitool | Multitool Library

BUGFIX: Fix ArgumentNullException when PropertiesDictionary is instantiated with a null comparer. #2482
BUGFIX: Fix UnhandledEngineException when target path does not exist for multithreaded application by validating directories as is done for singlethreaded analysis. #2461

sarif-sdk - v2.4.14

Published by eddynaka over 2 years ago

v2.4.14 Sdk | Driver | Converters | Multitool | Multitool Library

BUGFIX: Eliminate dispose of stream and StreamWriter arguments passed to SarifLog.Save helpers. This would result in ObjectDisposedException being raised on attempt to access streams after save.
BREAKING: Id property of Location changed from int(32bit) to BigInteger(unlimited) to fix Newtonsoft.Json.JsonReaderException: JSON integer XXXXX is too large or small for an Int32. #2463

sarif-sdk - v2.4.13

Published by eddynaka over 2 years ago

v2.4.13 Sdk | Driver | Converters | Multitool | Multitool Library

BREAKING: AnalyzeCommandBase previously persisted all scan target artifacts to SARIF logs rather than only persisting artifacts referenced by an analysis result, when an option to persist hashes, text file or binary information was set. MultithreadedAnalyzeCommandBase previously persisted all scan targets artifacts to SARIF logs in cases when hash insertion was eenabled rather than only persisting artifacts referenced by an analysis result. #2433
BUGFIX: Adjust Json Serialization field order for ReportingDescriptor and skip emit empty AutomationDetails node. #2420
BREAKING: Fix InvalidOperationException when using PropertiesDictionary in a multithreaded application, and remove [Serializable] from it. Now use of BinaryFormatter on it will result in SerializationException: Type PropertiesDictionary is not marked as serializable. #2415
BREAKING: SarifLogger now emits an artifacts table entry if artifactLocation is not null for tool configuration and tool execution notifications. #2437
BUGFIX: Fix ArgumentException when --recurse is enabled and two file target specifiers generates the same file path. #2438
BUGFIX: Fix 'InvalidOperationException' with message Collection was modified; enumeration operation may not execute in MultithreadedAnalyzeCommandBase, which is raised when analyzing with the --hashes switch. #2447
BUGFIX: Fix Merge command produces empty SARIF file in Linux when providing file name only without path. #2408
FEATURE: Add --sort-results argument to the rewrite command to get sorted SARIF results. #2422
BUGFIX: Fix NullReferenceException when filing work item with a SARIF file which has no filable results. #2412
BUGFIX: Fix missing endLine and endColumn properties and remove vulnerable packages for ESLint SARIF formatter. #2458