OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: comments on draft with no action


Larry,

There are a few additional comments that were not listed in issue #366. 
I just want to make sure that these were not missed (one of them is in 
issue #375), but I do not see tickets or comments for the others.

There should have been changes or comments in the docx I uploaded earlier.

Jim




------------------------------------------------------------
p.38 3.11.3 Plain text messages
I think the language about sentences should removed:

1) many of the existing tools in the SWAMP do not produce messages that 
are complete sentences, so this is hard to enforce for converters
2) I think there are languages that do not have sentences, and
3) programmatically defining a sentence is hard for english language 
messages:  'The question is "How is Mr. X!?"' ends on the double quote 
character.
4) in general this algorithm needs to handle different languages which 
is likely difficult.

A better solution would be to have an abbrText and abbrMarkdown type of 
messages for single line, short (for some definition of short such as 50 
characters).  If not present display the first number of character 
followed by an elipse that fit the display area.
----

------------------------------------------------------------
p.57 3.15.2 location property
No need to to restrict uriBaseId usage.  Change "its uri property SHALL 
be an absolute URI using the sarif scheme (Â3.10.3), and its uriBaseId 
property SHALL be absent." -> "the resolved URI SHALL be an absolute URI 
using the sarif scheme (Â3.10.3)."
----

------------------------------------------------------------
p.66 3.18.6 name property
It would be nice to have an optional abbrName property that is the tool 
name restricted to 15 characters for use by viewers and reports.  This 
allows a narrow column that can display the tool's name.  I have seen 
viewers where the default column name for the tool and rule is too 
narrow (by default usually) to display this information.
----

------------------------------------------------------------
p.67 3.18.15 product property
How does product relate to name and fullName?
----

------------------------------------------------------------
p.68 3.18.18 fullDescription property
Remove first sentence paragraph and use shortDescription as sentence is 
ill-defined.
----

------------------------------------------------------------
p.103 3.25.14 fingerprints property
Why the restriction "A direct SARIF producer SHOULD NOT populate".  It 
seems like a direct produce MAY produce these fingerprints, and very 
well produce better fingerprints than other mechanisms.
----

------------------------------------------------------------
p.105 3.25.20 relatedLocations (Issue #375)
A related location should say what is related to with a relatedTo 
property that is a URI (a sarif scheme uri relative to thisResult) this 
is necessary as a tool may produce a relatedLocation that has its own 
related location for instance error an error in foo.h may have a related 
location to say it was included from bar.h which was included in baz.c. 
Also since there may also be multiple locations, they may each have 
unique related locations.
----

------------------------------------------------------------
p.146 3.44.3 id property
For viewers, it would be really useful to have a short (20-30) character 
human readable id (abbrName property) that can be used to display in 
columnar tables or UI sidebars that can be localized and is not 
necessarily stable.

Id's are not supposed to be generated by converters, but result 
management system is supposed to use them for comparison.
----

------------------------------------------------------------
p.149 3.44.10 fullDescription
Remove discussion about first sentence.  Require shortDescription instead.
----


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]