sarif-tutorials icon indicating copy to clipboard operation
sarif-tutorials copied to clipboard
verified publisher icon microsoft

Provide a comprehensive set of samples for use as documentation and as test assets

Open ghost opened this issue 5 years ago • 0 comments

This is a tracking item that will contain a comprehensive list of the samples we want to provide, with check boxes to mark those that are finished.

  • [x] Code flows: Demonstrate codeFlows with features such as location messages and importance.
  • [ ] Code flows as "event sequences" (call stack per location).
  • [x] Stacks
  • [x] Rule metadata: Demonstrate rule metadata and its linkage with results.
  • [x] Embedded text content
  • [x] Embedded binary content
  • [ ] Snippets, with text, binary, and rendered properties.
  • [x] Region and context region: Including snippets in both properties.
  • [ ] Region variants: line/column, charOffset/charLength, byteOffset/byteLength, combinations.
  • [x] originalUriBaseIds: including chaining, descriptions, and top-level element with no uri.
  • [ ] Complex Markdown in messages.
  • [ ] external property files: including dictionary-valued external properties, array-valued external properties, and array-valued properties split across multiple files.
  • [ ] internalExternalProperties
  • [ ] taxonomies
  • [ ] translations
  • [ ] Tool plug-ins: Including rule metadata lookup in plug-ins via toolComponentReference.
  • [ ] Policies: Showing override of defaultConfiguration.
  • [x] suppressed results, including use of suppression status to show review progress.
  • [x] baselines: Showing all of unchanged, updated, absent, and new results.
  • [ ] logicalLocations: Including run.logicalLocations, parenting, fully qualified names, and references through index in a result.
  • [ ] Integer index links: Including references to related locations, codeFlow locations, and stack locations, and showing links in both Markdown and plain-text messages.
  • [ ] Fixes: Using the HTML attribute quoting example.
  • [ ] Redaction of sensitive properties: Exhaustive set.
  • [ ] "Arguments-only" messges.
  • [ ] Multiple runs in a single log file.
  • [ ] Run with no results, but with toolConfigurationNotifications and toolExecutionNotifications (including exceptions), with all different failure levels.
  • [ ] Non-failure results, e.g., "pass" and "informational" (exhaustive).
  • [ ] Addresses
  • [ ] Attachments: both file- and run-level.
  • [ ] Web requests and responses.
  • [ ] Decorated name.
  • [ ] Version control details
  • [ ] Run automation details
  • [ ] Graphs: Result-level and run-level.
  • [ ] Comprehensive result (including codeFlow) driven entirely by logical locations.

ghost avatar Apr 17 '20 22:04 ghost