[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments on draft with no action
Larry, There are a few additional comments that were not listed in issue #366. I just want to make sure that these were not missed (one of them is in issue #375), but I do not see tickets or comments for the others. There should have been changes or comments in the docx I uploaded earlier. Jim ------------------------------------------------------------ p.38 3.11.3 Plain text messages I think the language about sentences should removed: 1) many of the existing tools in the SWAMP do not produce messages that are complete sentences, so this is hard to enforce for converters 2) I think there are languages that do not have sentences, and 3) programmatically defining a sentence is hard for english language messages: 'The question is "How is Mr. X!?"' ends on the double quote character. 4) in general this algorithm needs to handle different languages which is likely difficult. A better solution would be to have an abbrText and abbrMarkdown type of messages for single line, short (for some definition of short such as 50 characters). If not present display the first number of character followed by an elipse that fit the display area. ---- ------------------------------------------------------------ p.57 3.15.2 location property No need to to restrict uriBaseId usage. Change "its uri property SHALL be an absolute URI using the sarif scheme (Â3.10.3), and its uriBaseId property SHALL be absent." -> "the resolved URI SHALL be an absolute URI using the sarif scheme (Â3.10.3)." ---- ------------------------------------------------------------ p.66 3.18.6 name property It would be nice to have an optional abbrName property that is the tool name restricted to 15 characters for use by viewers and reports. This allows a narrow column that can display the tool's name. I have seen viewers where the default column name for the tool and rule is too narrow (by default usually) to display this information. ---- ------------------------------------------------------------ p.67 3.18.15 product property How does product relate to name and fullName? ---- ------------------------------------------------------------ p.68 3.18.18 fullDescription property Remove first sentence paragraph and use shortDescription as sentence is ill-defined. ---- ------------------------------------------------------------ p.103 3.25.14 fingerprints property Why the restriction "A direct SARIF producer SHOULD NOT populate". It seems like a direct produce MAY produce these fingerprints, and very well produce better fingerprints than other mechanisms. ---- ------------------------------------------------------------ p.105 3.25.20 relatedLocations (Issue #375) A related location should say what is related to with a relatedTo property that is a URI (a sarif scheme uri relative to thisResult) this is necessary as a tool may produce a relatedLocation that has its own related location for instance error an error in foo.h may have a related location to say it was included from bar.h which was included in baz.c. Also since there may also be multiple locations, they may each have unique related locations. ---- ------------------------------------------------------------ p.146 3.44.3 id property For viewers, it would be really useful to have a short (20-30) character human readable id (abbrName property) that can be used to display in columnar tables or UI sidebars that can be localized and is not necessarily stable. Id's are not supposed to be generated by converters, but result management system is supposed to use them for comparison. ---- ------------------------------------------------------------ p.149 3.44.10 fullDescription Remove discussion about first sentence. Require shortDescription instead. ----
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]