sarif message

Subject: RE: [sarif] Proposed design for screenshots: #137

I should have mentioned that the ability to annotate file regions in an attachment (attachment.annotations) is also new as part of this proposal. I’d been thinking about that one for so long that I forgot it was new 😊.


Sent: Monday, April 23, 2018 11:10 AM
Subject: [sarif] Proposed design for screenshots: #137
TL;DR: We propose to support screenshots – and in fact, any type of image – by  adding an array of rectangle objects to the attachment object, and allowing any rectangle to have an associated message. This allows you to attach any image and annotate areas of interest in it.


Credit where it’s due: This is Michael’s proposal, simpler than what I originally suggested.


Using the same notation I’ve used in the past, the proposal is:




  top:integer, left:integer, bottom:integer, right:integer

Since the ability to annotate an area is now part of attachment, there’s no need to define a screenshot object, and there’s no need to define a special screenshot “role” in file.roles.


Note the difference between attachment.annotations and attachment.rectangles: attachment.annotations allows you to associate a message with a region of a file; attachment.rectangles allows you to associate a message with an area in an image.





