Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

fileLocation uri property should be a URI reference #176

New issue
Copy link
New issue
Copy link
Closed
Closed
fileLocation uri property should be a URI reference#176
Copy link
Labels
CSD.1Will be fixed in CSD.1.Will be fixed in CSD.1.bugimpact-breaks-consumersimpact-breaks-producersresolved-fixed
@lcartey

Description

@lcartey
lcartey
opened on May 17, 2018
Issue body actions

The SARIF spec currently states:

A fileLocation object SHALL contain a property named uri whose value is a string containing a URI as described in [RFC3986].

However RFC 3986 states:

NOTE: Previous specifications used the terms "partial URI" and
"relative URI" to denote a relative reference to a URI. As some
readers misunderstood those terms to mean that relative URIs are a
subset of URIs rather than a method of referencing URIs, this
specification simply refers to them as relative references.

i.e. "relative URI"s are not themselves URIs. This is unfortunate, because it is common to store relative references in the fileLocation.uri property in conjunction with the uriBaseId property.

This confusion actually causes some issues for existing SARIF consumers. Currently, the SARIF schema specifies this:

        "uri": {
          "description": "A string containing a valid relative or absolute URI.",
          "type": "string",
          "format": "uri"
        },

However, "format": "uri" is a URI in the RFC 3986 sense, and does not permit scheme-less URIs such as relative references. This means a SARIF file with relative references in the URI will produce a warning when the file is validated strictly against the schema.

I noticed this because I tried loading one of our SARIF files in the Visual Studio Code SARIF extension, and it reported warnings on my relative references saying "String is not a URI: URI with a scheme is expected.". This is because VS Code correctly validates JSON files against their schemas (see here for where the VS Code JSON language service is processing the schema).

Concretely, I suggest we:

  1. Modify the wording of the spec to say:

A fileLocation object SHALL contain a property named uri whose value is a string containing a URI reference as described in [RFC3986].

  1. Replace uses of the term "relative URI" with "relative reference" or "relative URI reference".

  2. Modify the schema to use uri-reference (see http://json-schema.org/latest/json-schema-validation.html#rfc.section.7.3.5) instead of uri for the fileLocation uri property, i.e.:

        "uri": {
          "description": "A string containing a valid relative or absolute URI.",
          "type": "string",
          "format": "uri-reference"
        },

Metadata

Metadata

Assignees

No one assigned

    Labels

    CSD.1Will be fixed in CSD.1.Will be fixed in CSD.1.bugimpact-breaks-consumersimpact-breaks-producersresolved-fixed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      Morty Proxy This is a proxified and sanitized view of the page, visit original site.