OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [sarif] New errata bundle

On Tue, Jun 13, 2023, at 22:19, Stefan Hagen wrote:
On Tue, Jun 13, 2023, at 21:48, Yekaterina O'Neil wrote:
Not sure how important this is, but there is a misspelling in both doc files:

"determinisitc" should be "deterministic".

Also, the shorter doc file contains "changes to be included in Sarif upon approval" --  should this be "changes to be included in SARIF upon approval" instead?


-----Original Message-----
From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of David Keaton
Sent: Monday, June 12, 2023 6:04 PM
To: OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org>
Subject: [sarif] New errata bundle

      Sorry for the delay in sending out the new errata bundle.  The new version contains the fixes agreed at the last meeting.

* Moved the anyOf block addition to "region" to make valid JSON.
* Enumerate the schemas explicitly under the artifacts section and at each use.
* Put version before $schema in the examples to match the document's suggestion.

Github issue #568 and the Errata itself have also been updated to reflect those changes that were not already covered.

      It turns out that the original SARIF standard referred explicitly to each schema file when it was used.  That was lost during the transition away from github URLs.  It has now been restored, with the correct URL references.  To see all the schema URLs, you can search for "schemas/" without the quotes.


Wr.t. the changed schema file:

1. it is now valid - good
2. the four examples I already extracted from the 2.1 spec
    (to seed a possible future 2.2 spec) are valid against that schema

Maybe I find the time until our next meeting to extract more or all of our
examples to then not only provide the one off info on the validity,
but also a automated test to validate examples with less future effort.


well, I now use check-jsonschema from pypi.org (instead of some online validator ...)

I harvested https://github.com/oasis-tcs/sarif-spec/issues/589 from that.

In my experience there are always tensions between the strict schema and the
json spirit camp ... but in this case it is most probably a typo, as the key receives an array
as value (container) which we normally indicate by a key in plural form and we have such
a definition in the schema.

In addition, I have started to explore examples as:

- blocks in markdown snippets (eg. from sections 3.3.4 and 3.3.15) and then
- injecting a minimal "rectifying" snippet in place of the ellipses
- wrapping the result in a minimal valid example ("graft.json")

I will continue to see if the needed "injects" are small compared to the size
of the examples and then will eventually propose a manageable tangle/weave
like harness so that we can go both ways during future development.

All the best,

Stefan Hagen, Emmetten, Nidwalden, Switzerland.
orcid: https://orcid.org/0000-0003-4206-892X
read: https://stefan-hagen.website
write: stefan@hagen.link

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]