@microsoft/sarif-multitool-darwin 4.6.5 → 5.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Sarif.Converters.pdb +0 -0
- package/Sarif.Driver.pdb +0 -0
- package/Sarif.Multitool +0 -0
- package/Sarif.Multitool.Library.pdb +0 -0
- package/Sarif.Multitool.Library.xml +609 -70
- package/Sarif.Multitool.pdb +0 -0
- package/Sarif.WorkItems.pdb +0 -0
- package/Sarif.pdb +0 -0
- package/Sarif.xml +612 -1
- package/WorkItems.pdb +0 -0
- package/package.json +1 -1
|
@@ -4,6 +4,403 @@
|
|
|
4
4
|
<name>Sarif.Multitool.Library</name>
|
|
5
5
|
</assembly>
|
|
6
6
|
<members>
|
|
7
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddInvocationCommand">
|
|
8
|
+
<summary>
|
|
9
|
+
Implements <c>multitool add-invocation</c>: appends a fully-formed SARIF invocation
|
|
10
|
+
JSON to <c><output>.wip.jsonl</c>.
|
|
11
|
+
</summary>
|
|
12
|
+
<remarks>
|
|
13
|
+
<para>The verb performs no schema validation on the invocation payload beyond "must be
|
|
14
|
+
a JSON object" — SARIF §3.20 makes every field on <c>Invocation</c> optional, and AI
|
|
15
|
+
producers vary widely in which fields they have meaningful values for (a daemon may
|
|
16
|
+
know its <c>startTimeUtc</c> but not its <c>exitCode</c>; a one-shot scanner may know
|
|
17
|
+
both). Full-log validation belongs in <c>emit-finalize --validate</c>, not at receipt.</para>
|
|
18
|
+
<para>Invocations are replayed in event order to <c>run.invocations[]</c>. Subsequent
|
|
19
|
+
<c>execution-notification</c> and <c>configuration-notification</c> events attach to
|
|
20
|
+
the most recent invocation, so emitting a fresh invocation event MAY be used to start
|
|
21
|
+
a new notification group within the same scan.</para>
|
|
22
|
+
</remarks>
|
|
23
|
+
</member>
|
|
24
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddInvocationOptions">
|
|
25
|
+
<summary>
|
|
26
|
+
Options for <c>add-invocation</c>, which appends a fully-formed SARIF <c>invocation</c>
|
|
27
|
+
object to a staged event log (<c><output>.wip.jsonl</c>) created by
|
|
28
|
+
<c>emit-init-run</c>.
|
|
29
|
+
</summary>
|
|
30
|
+
<remarks>
|
|
31
|
+
The invocation is supplied as a JSON document (file via <c>--input</c> or piped on
|
|
32
|
+
stdin). <see cref="!:SarifEventReplayer"/> strips any <c>invocations</c> array carried on
|
|
33
|
+
the run header — invocations must arrive as their own events — so this verb is the
|
|
34
|
+
only path a producer has to populate <c>run.invocations[]</c>. Subsequent
|
|
35
|
+
<c>add-notification</c> events attach to the most recent invocation in event order,
|
|
36
|
+
so producers MAY append additional invocations to start a new notification group
|
|
37
|
+
(e.g., to model a re-run within the same scan).
|
|
38
|
+
</remarks>
|
|
39
|
+
</member>
|
|
40
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddNotificationCommand">
|
|
41
|
+
<summary>
|
|
42
|
+
Implements <c>multitool add-notification</c>: appends a fully-formed SARIF notification
|
|
43
|
+
JSON to <c><output>.wip.jsonl</c>.
|
|
44
|
+
</summary>
|
|
45
|
+
<remarks>
|
|
46
|
+
<para>Unlike <see cref="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddResultCommand"/>, this verb does not enforce the AI ruleId
|
|
47
|
+
convention on the notification's <c>associatedRule.id</c> — that field references a
|
|
48
|
+
descriptor in <c>tool.driver.rules</c>, which uses the base taxonomy id (e.g.,
|
|
49
|
+
<c>CWE-79</c>) per SARIF §3.49.3, not the result-side hierarchical form.</para>
|
|
50
|
+
<para>Notifications without a <c>timeUtc</c> stamp are auto-stamped at replay time
|
|
51
|
+
(<see cref="T:Microsoft.CodeAnalysis.Sarif.Emit.SarifEventReplayer"/>), so producers can omit that field without firing
|
|
52
|
+
AI2019 at validate time.</para>
|
|
53
|
+
</remarks>
|
|
54
|
+
</member>
|
|
55
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddNotificationOptions">
|
|
56
|
+
<summary>
|
|
57
|
+
Options for <c>add-notification</c>, which appends a fully-formed SARIF <c>notification</c>
|
|
58
|
+
object to a staged event log (<c><output>.wip.jsonl</c>) created by
|
|
59
|
+
<c>emit-init-run</c>.
|
|
60
|
+
</summary>
|
|
61
|
+
<remarks>
|
|
62
|
+
The notification is supplied as a JSON document (file via <c>--input</c> or piped on
|
|
63
|
+
stdin). AI producers are expected to emit notifications with potentially very rich data
|
|
64
|
+
— associated rule references, full exception trees, descriptive markdown messages,
|
|
65
|
+
per-call properties — so the JSON-payload contract avoids encoding-by-flag entirely and
|
|
66
|
+
preserves whatever the producer chose to express.
|
|
67
|
+
</remarks>
|
|
68
|
+
</member>
|
|
69
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddReportingDescriptorCommand">
|
|
70
|
+
<summary>
|
|
71
|
+
Implements <c>multitool add-reporting-descriptor</c>: validates a fully-formed SARIF
|
|
72
|
+
reportingDescriptor JSON and appends an event to <c><output>.wip.jsonl</c>.
|
|
73
|
+
</summary>
|
|
74
|
+
<remarks>
|
|
75
|
+
<para>Default target is <c>run.tool.driver.notifications[]</c>; pass <c>--rules</c> to
|
|
76
|
+
target <c>run.tool.driver.rules[]</c> instead.</para>
|
|
77
|
+
<para>On the <c>--rules</c> path, the descriptor id is gated against
|
|
78
|
+
<see cref="M:Microsoft.CodeAnalysis.Sarif.Emit.AIRuleIdConvention.IsNovel(System.String)"/>: only NOVEL- prefixed ids are accepted.
|
|
79
|
+
Taxonomy-mapped rule descriptors (e.g., <c>CWE-89</c>) come from the taxonomy enricher
|
|
80
|
+
at finalize time, not from this verb — this verb is the producer-side authoring path
|
|
81
|
+
for novel-finding descriptors that have no upstream taxonomy entry.</para>
|
|
82
|
+
<para>Duplicate-id submissions within the same event log are rejected on receipt — the
|
|
83
|
+
verb scans the existing event log (including any descriptors pre-populated on the
|
|
84
|
+
run-header event) and fails before appending. (A future <c>--force</c> escape hatch
|
|
85
|
+
is acknowledged; not in v1.)</para>
|
|
86
|
+
</remarks>
|
|
87
|
+
</member>
|
|
88
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.AddReportingDescriptorCommand.TryFindDuplicate(System.String,System.String,System.String,System.String,System.String@)">
|
|
89
|
+
<summary>
|
|
90
|
+
Scans the staged event log for a prior descriptor with the same id targeting the
|
|
91
|
+
same array. Returns <c>true</c> with <paramref name="error"/> populated when a
|
|
92
|
+
duplicate is found; <c>false</c> otherwise.
|
|
93
|
+
</summary>
|
|
94
|
+
<remarks>
|
|
95
|
+
Two sources are checked:
|
|
96
|
+
<list type="bullet">
|
|
97
|
+
<item><description>Run-header events: <c>payload.tool.driver.<targetArray>[*].id</c>
|
|
98
|
+
— producers MAY pre-populate descriptors on the header.</description></item>
|
|
99
|
+
<item><description>Prior descriptor events of the same target kind:
|
|
100
|
+
<c>payload.id</c>.</description></item>
|
|
101
|
+
</list>
|
|
102
|
+
The reader silently skips unknown kinds and malformed-but-skippable rows; for the
|
|
103
|
+
scan we walk the full event sequence so the event index reported in the error
|
|
104
|
+
matches the producer's mental model of "the Nth thing I appended."
|
|
105
|
+
</remarks>
|
|
106
|
+
</member>
|
|
107
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddReportingDescriptorOptions">
|
|
108
|
+
<summary>
|
|
109
|
+
Options for <c>add-reporting-descriptor</c>, which appends a fully-formed SARIF
|
|
110
|
+
<c>reportingDescriptor</c> object to a staged event log
|
|
111
|
+
(<c><output>.wip.jsonl</c>) created by <c>emit-init-run</c>.
|
|
112
|
+
</summary>
|
|
113
|
+
<remarks>
|
|
114
|
+
<para>The verb's default target is <c>run.tool.driver.notifications[]</c> — AI producers
|
|
115
|
+
routinely emit notification descriptors (progress, telemetry, config errors, handoff
|
|
116
|
+
breadcrumbs). Pass <c>--rules</c> to target <c>run.tool.driver.rules[]</c> instead;
|
|
117
|
+
this rule-descriptor path is reserved for NOVEL- novel-finding descriptors (taxonomy
|
|
118
|
+
rule descriptors such as <c>CWE-89</c> come from the taxonomy enricher, not this
|
|
119
|
+
verb).</para>
|
|
120
|
+
<para>The descriptor is supplied as a JSON document (file via <c>--input</c> or piped
|
|
121
|
+
on stdin). The full SARIF reportingDescriptor shape (id, name, shortDescription,
|
|
122
|
+
fullDescription, helpUri, messageStrings, defaultConfiguration, properties, …)
|
|
123
|
+
round-trips byte-for-byte through the staged event log.</para>
|
|
124
|
+
<para>Each descriptor <c>id</c> may appear at most once per event log. Submitting a
|
|
125
|
+
duplicate id is rejected with a clear error pointing at the prior occurrence.</para>
|
|
126
|
+
</remarks>
|
|
127
|
+
</member>
|
|
128
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddResultCommand">
|
|
129
|
+
<summary>
|
|
130
|
+
Implements <c>multitool add-result</c>: validates a fully-formed SARIF result JSON and
|
|
131
|
+
appends a <c>result</c> event to <c><output>.wip.jsonl</c>.
|
|
132
|
+
</summary>
|
|
133
|
+
<remarks>
|
|
134
|
+
The result's <c>ruleId</c> is validated at receipt against the AI ruleId convention
|
|
135
|
+
(taxonomy sub-id form or NOVEL- escape hatch). On rejection the verb writes the
|
|
136
|
+
AI-consumable error envelope (error code AI-RULEID-001) to stderr and returns
|
|
137
|
+
<see cref="F:Microsoft.CodeAnalysis.Sarif.Driver.CommandBase.FAILURE"/> WITHOUT appending — an AI orchestrator can retry the
|
|
138
|
+
individual result without first having to remove garbage from the event log.
|
|
139
|
+
</remarks>
|
|
140
|
+
</member>
|
|
141
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AddResultOptions">
|
|
142
|
+
<summary>
|
|
143
|
+
Options for <c>add-result</c>, which appends a fully-formed SARIF <c>result</c> object
|
|
144
|
+
to a staged event log (<c><output>.wip.jsonl</c>) created by <c>emit-init-run</c>.
|
|
145
|
+
</summary>
|
|
146
|
+
<remarks>
|
|
147
|
+
The result is supplied as a JSON document (file via <c>--input</c> or piped on stdin).
|
|
148
|
+
The SARIF <c>result</c> object can carry rich nested structures (code flows, thread flows,
|
|
149
|
+
stacks, fixes, taxa, related locations, properties bags). Modeling every field as a CLI
|
|
150
|
+
flag would explode the surface; the JSON-payload contract keeps the verb generic and lets
|
|
151
|
+
an AI producer emit arbitrarily-rich findings without losing fidelity.
|
|
152
|
+
|
|
153
|
+
On receipt the verb validates that <c>result.ruleId</c> conforms to the AI ruleId
|
|
154
|
+
convention (taxonomy sub-id form or NOVEL- escape hatch) so an AI orchestrator gets an
|
|
155
|
+
immediate, AI-consumable rejection envelope rather than discovering the violation later
|
|
156
|
+
at <c>emit-finalize</c> time.
|
|
157
|
+
</remarks>
|
|
158
|
+
</member>
|
|
159
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext">
|
|
160
|
+
<summary>
|
|
161
|
+
Detects an Azure DevOps pipeline execution context from environment variables and stamps
|
|
162
|
+
the corresponding <c>automationDetails</c> shape onto a <see cref="T:Microsoft.CodeAnalysis.Sarif.Run"/>, matching the
|
|
163
|
+
canonical write surface used by the Azure DevOps Advanced Security SARIF upload SDK
|
|
164
|
+
(<c>AlertHttpClientExtensions.AddAutomationDetails</c>).
|
|
165
|
+
</summary>
|
|
166
|
+
<remarks>
|
|
167
|
+
<para>Detection is gated on the standard ADO sentinel <c>TF_BUILD=True</c>. When not
|
|
168
|
+
running inside an ADO pipeline, <see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.None"/> is returned and no
|
|
169
|
+
stamping occurs. This avoids surprising failures on non-ADO CI systems that happen to
|
|
170
|
+
populate a subset of <c>BUILD_*</c> variables.</para>
|
|
171
|
+
<para>Inside an ADO pipeline three states are possible:</para>
|
|
172
|
+
<list type="bullet">
|
|
173
|
+
<item><see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.Complete"/> — every required logical variable is present
|
|
174
|
+
and well-formed; <see cref="!:ApplyTo(Run)"/> writes <c>automationDetails.id</c> plus the
|
|
175
|
+
four <c>azuredevops/pipeline/build/*</c> property keys that ADO ingestion validates.</item>
|
|
176
|
+
<item><see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.None"/> — no required variables are populated; nothing is
|
|
177
|
+
stamped (e.g. a manual local invocation that happens to have <c>TF_BUILD</c> set without
|
|
178
|
+
the rest).</item>
|
|
179
|
+
<item><see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.Partial"/> — one or more required variables are present
|
|
180
|
+
but others are missing or malformed; a partial pipeline identity is a misconfiguration
|
|
181
|
+
signal, not a soft skip, so callers should fail loudly rather than emit half-stamped
|
|
182
|
+
SARIF that will fail GHAzDO1019/1020 downstream.</item>
|
|
183
|
+
</list>
|
|
184
|
+
</remarks>
|
|
185
|
+
</member>
|
|
186
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.TryDetect(Microsoft.CodeAnalysis.Sarif.Multitool.IEnvironmentVariableGetter,Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext@,System.String@)">
|
|
187
|
+
<summary>
|
|
188
|
+
Reads ADO predefined environment variables via <paramref name="environment"/> and
|
|
189
|
+
returns one of <see cref="T:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState"/>.
|
|
190
|
+
</summary>
|
|
191
|
+
<param name="environment">Env getter (test seam).</param>
|
|
192
|
+
<param name="context">Populated context when state is <see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.Complete"/>; otherwise <c>null</c>.</param>
|
|
193
|
+
<param name="errorMessage">Human-readable description of present/missing/malformed variables when state is <see cref="F:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.DetectionState.Partial"/>; otherwise <c>null</c>.</param>
|
|
194
|
+
</member>
|
|
195
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.TryApplyTo(Microsoft.CodeAnalysis.Sarif.Run,System.String@)">
|
|
196
|
+
<summary>
|
|
197
|
+
Stamps the detected pipeline identity onto <paramref name="run"/>, returning
|
|
198
|
+
<c>true</c> when no conflict was detected. When the run already carries a
|
|
199
|
+
non-conflicting <c>automationDetails.id</c> or any of the four
|
|
200
|
+
<c>azuredevops/pipeline/build/*</c> property values, the existing values are
|
|
201
|
+
preserved. When the run carries a conflicting value, this method returns
|
|
202
|
+
<c>false</c> with a diagnostic on <paramref name="conflictError"/> and leaves
|
|
203
|
+
the run unchanged.
|
|
204
|
+
</summary>
|
|
205
|
+
<remarks>
|
|
206
|
+
<para>The "stamp only when absent, fail on conflict" contract is required because
|
|
207
|
+
callers (notably <c>emit-init-run</c>'s JSON-payload contract) may supply these
|
|
208
|
+
fields directly. An unconditional overwrite would silently clobber a producer's
|
|
209
|
+
declared identity; a conflict is a misconfiguration signal that we want to surface
|
|
210
|
+
at the verb rather than ship in the run.</para>
|
|
211
|
+
<para>Producer-supplied <see cref="P:Microsoft.CodeAnalysis.Sarif.RunAutomationDetails.Guid"/> and
|
|
212
|
+
<see cref="P:Microsoft.CodeAnalysis.Sarif.RunAutomationDetails.CorrelationGuid"/> fields are never touched —
|
|
213
|
+
they name a different scope (run / run-equivalence-class identity) than the
|
|
214
|
+
pipeline identity stamped here.</para>
|
|
215
|
+
</remarks>
|
|
216
|
+
</member>
|
|
217
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.BuildCanonicalAutomationId">
|
|
218
|
+
<summary>
|
|
219
|
+
Computes the canonical <c>automationDetails.id</c>
|
|
220
|
+
(<c>azuredevops/pipeline/build/<org>/<projectId>/<buildDefId>/<phaseId>/<branch>/<buildId></c>)
|
|
221
|
+
for this pipeline context. Exposed so JSON-direct callers can stamp the id without
|
|
222
|
+
constructing a typed <see cref="T:Microsoft.CodeAnalysis.Sarif.Run"/>.
|
|
223
|
+
</summary>
|
|
224
|
+
</member>
|
|
225
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext.GetPipelinePropertyValues">
|
|
226
|
+
<summary>
|
|
227
|
+
Returns the four <c>azuredevops/pipeline/build/*</c> property name/value pairs
|
|
228
|
+
validated by <c>GHAzDO1019</c>. Exposed so JSON-direct callers can stamp them
|
|
229
|
+
without constructing a typed <see cref="T:Microsoft.CodeAnalysis.Sarif.Run"/>.
|
|
230
|
+
</summary>
|
|
231
|
+
</member>
|
|
232
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.EmitEventLogHelpers">
|
|
233
|
+
<summary>
|
|
234
|
+
Shared plumbing for the emit verb chain (<c>emit-init-run</c>, <c>add-result</c>,
|
|
235
|
+
<c>add-notification</c>, <c>emit-finalize</c>): resolves the staged event log path,
|
|
236
|
+
reads caller-supplied JSON (file or stdin), and parses it into a
|
|
237
|
+
<see cref="T:Newtonsoft.Json.Linq.JToken"/> in a date-safe way.
|
|
238
|
+
</summary>
|
|
239
|
+
<remarks>
|
|
240
|
+
The verbs share three concerns — locating <c><output>.wip.jsonl</c>, sourcing
|
|
241
|
+
the payload, and parsing it without lossy normalization — which live here so the
|
|
242
|
+
per-verb commands can stay focused on payload-specific validation and append.
|
|
243
|
+
</remarks>
|
|
244
|
+
</member>
|
|
245
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitEventLogHelpers.TryValidateUri(System.String,System.String,System.String[],System.String@)">
|
|
246
|
+
<summary>
|
|
247
|
+
Validates that <paramref name="value"/> is either null/empty or a well-formed
|
|
248
|
+
absolute URI whose scheme appears in <paramref name="allowedSchemes"/>.
|
|
249
|
+
</summary>
|
|
250
|
+
<remarks>
|
|
251
|
+
Returning <c>true</c> when the value is empty preserves the "flag is optional"
|
|
252
|
+
contract — only supplied URIs are validated. We require an absolute URI (relative
|
|
253
|
+
values would never resolve meaningfully into a SARIF reader downstream) and we
|
|
254
|
+
constrain the scheme to a documented allow-list so a typo like <c>"htps://..."</c>
|
|
255
|
+
or an inappropriate scheme like <c>"file:..."</c> on a public-facing URL surfaces
|
|
256
|
+
here rather than silently shipping in the run header.
|
|
257
|
+
</remarks>
|
|
258
|
+
</member>
|
|
259
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitEventLogHelpers.TryResolveWipPath(System.String,Microsoft.CodeAnalysis.Sarif.IFileSystem,System.String@)">
|
|
260
|
+
<summary>
|
|
261
|
+
Resolves the staged event-log path for an output SARIF path and verifies it exists.
|
|
262
|
+
</summary>
|
|
263
|
+
<param name="outputFilePath">The final SARIF file path (positional verb argument).</param>
|
|
264
|
+
<param name="fileSystem">The file system facade.</param>
|
|
265
|
+
<param name="wipPath">Set to the absolute event-log path on success.</param>
|
|
266
|
+
<returns><see cref="F:Microsoft.CodeAnalysis.Sarif.Driver.CommandBase.SUCCESS"/> on success, <see cref="F:Microsoft.CodeAnalysis.Sarif.Driver.CommandBase.FAILURE"/>
|
|
267
|
+
with a stderr message otherwise.</returns>
|
|
268
|
+
</member>
|
|
269
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitEventLogHelpers.TryReadJsonPayload(System.String,System.String,Microsoft.CodeAnalysis.Sarif.IFileSystem,Newtonsoft.Json.Linq.JToken@)">
|
|
270
|
+
<summary>
|
|
271
|
+
Reads the caller-supplied JSON from <paramref name="inputFilePath"/> or stdin and
|
|
272
|
+
parses it. Returns <see cref="F:Microsoft.CodeAnalysis.Sarif.Driver.CommandBase.SUCCESS"/> with <paramref name="payload"/>
|
|
273
|
+
populated, or <see cref="F:Microsoft.CodeAnalysis.Sarif.Driver.CommandBase.FAILURE"/> with a stderr message describing
|
|
274
|
+
what went wrong.
|
|
275
|
+
</summary>
|
|
276
|
+
<param name="inputFilePath">File path supplied by <c>--input</c>, or null/empty to
|
|
277
|
+
read from stdin.</param>
|
|
278
|
+
<param name="payloadKind">Human-readable label used in error messages ("result",
|
|
279
|
+
"notification", ...).</param>
|
|
280
|
+
<param name="fileSystem">The file system facade.</param>
|
|
281
|
+
<param name="payload">Set to the parsed payload on success.</param>
|
|
282
|
+
</member>
|
|
283
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitEventLogHelpers.ReadStandardInputAsUtf8">
|
|
284
|
+
<summary>
|
|
285
|
+
Reads redirected stdin as UTF-8, bypassing <see cref="P:System.Console.InputEncoding"/>.
|
|
286
|
+
On Windows the console's default input encoding is the active OEM codepage
|
|
287
|
+
(often cp437 or cp850), which would mangle non-ASCII content in a piped
|
|
288
|
+
SARIF payload. AI orchestrators routinely emit messages, URIs, and properties
|
|
289
|
+
containing non-ASCII characters, so we must decode the raw byte stream as UTF-8
|
|
290
|
+
regardless of the console's current code page. A BOM-stamped input is still
|
|
291
|
+
honored — <see cref="T:System.IO.StreamReader"/>'s detect-BOM flag handles that case.
|
|
292
|
+
</summary>
|
|
293
|
+
</member>
|
|
294
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.EmitFinalizeCommand">
|
|
295
|
+
<summary>
|
|
296
|
+
Implements <c>multitool emit-finalize</c>: replays <c><output>.wip.jsonl</c>,
|
|
297
|
+
optionally enriches CWE-as-rule-id descriptors, and atomically writes the destination
|
|
298
|
+
SARIF file.
|
|
299
|
+
</summary>
|
|
300
|
+
</member>
|
|
301
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitFinalizeCommand.RunValidatorAndReport(System.String)">
|
|
302
|
+
<summary>
|
|
303
|
+
Runs the multitool validator (--rule-kind Sarif;AI) against the finalized SARIF.
|
|
304
|
+
Prints a one-line summary of Error/Warning/Note counts and (on Error) the rule IDs
|
|
305
|
+
that fired. Returns FAILURE if any Error-level finding is reported; otherwise SUCCESS.
|
|
306
|
+
</summary>
|
|
307
|
+
</member>
|
|
308
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.EmitFinalizeOptions">
|
|
309
|
+
<summary>
|
|
310
|
+
Options for <c>emit-finalize</c>, which replays the staged event log and atomically
|
|
311
|
+
writes the destination SARIF file.
|
|
312
|
+
</summary>
|
|
313
|
+
</member>
|
|
314
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunCommand">
|
|
315
|
+
<summary>
|
|
316
|
+
Implements <c>multitool emit-init-run</c>: creates an append-only SARIF event log
|
|
317
|
+
(<c><output>.wip.jsonl</c>) seeded with a <c>run-header</c> event built from a
|
|
318
|
+
caller-supplied SARIF <c>Run</c> JSON document (file via <c>--input</c> or stdin).
|
|
319
|
+
</summary>
|
|
320
|
+
<remarks>
|
|
321
|
+
<para>The JSON-payload contract matches the other emit verbs (<c>add-result</c>,
|
|
322
|
+
<c>add-notification</c>, <c>add-reporting-descriptor</c>). The supplied <c>Run</c> may
|
|
323
|
+
carry any subset of the partial-Run shape the replayer accepts (<c>tool</c>,
|
|
324
|
+
<c>language</c>, <c>columnKind</c>, <c>defaultEncoding</c>, <c>defaultSourceLanguage</c>,
|
|
325
|
+
<c>originalUriBaseIds</c>, <c>versionControlProvenance</c>, <c>automationDetails</c>,
|
|
326
|
+
<c>baselineGuid</c>, <c>redactionTokens</c>, …). <c>results</c>, <c>invocations</c>, and
|
|
327
|
+
notifications on the header are ignored at replay; those belong in their own events.</para>
|
|
328
|
+
<para>State table:</para>
|
|
329
|
+
<list type="table">
|
|
330
|
+
<listheader>
|
|
331
|
+
<term>State</term>
|
|
332
|
+
<term>No <c>--force-overwrite</c></term>
|
|
333
|
+
<term>With <c>--force-overwrite</c></term>
|
|
334
|
+
</listheader>
|
|
335
|
+
<item>
|
|
336
|
+
<term>Neither .sarif nor .wip.jsonl exists</term>
|
|
337
|
+
<term>Create new .wip.jsonl</term>
|
|
338
|
+
<term>Create new .wip.jsonl</term>
|
|
339
|
+
</item>
|
|
340
|
+
<item>
|
|
341
|
+
<term>.sarif exists, no .wip.jsonl</term>
|
|
342
|
+
<term>Fail — would clobber a committed SARIF on finalize</term>
|
|
343
|
+
<term>Create new .wip.jsonl (existing .sarif is left until finalize replaces it)</term>
|
|
344
|
+
</item>
|
|
345
|
+
<item>
|
|
346
|
+
<term>No .sarif, .wip.jsonl exists</term>
|
|
347
|
+
<term>Fail — another authoring session is in flight (or was crashed)</term>
|
|
348
|
+
<term>Delete .wip.jsonl and recreate</term>
|
|
349
|
+
</item>
|
|
350
|
+
<item>
|
|
351
|
+
<term>Both .sarif and .wip.jsonl exist</term>
|
|
352
|
+
<term>Fail</term>
|
|
353
|
+
<term>Delete .wip.jsonl and recreate</term>
|
|
354
|
+
</item>
|
|
355
|
+
</list>
|
|
356
|
+
</remarks>
|
|
357
|
+
</member>
|
|
358
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunCommand.TryRequireOptionalObject(Newtonsoft.Json.Linq.JObject,System.String,Newtonsoft.Json.Linq.JObject@)">
|
|
359
|
+
<summary>
|
|
360
|
+
If <paramref name="parent"/> carries a token at <paramref name="key"/>, requires it to
|
|
361
|
+
be a JSON object and returns it via <paramref name="value"/>. Returns true when the key
|
|
362
|
+
is absent (or explicitly null) without surfacing an error; returns false with a clear
|
|
363
|
+
AI-consumable diagnostic when the key is present but the wrong shape (e.g.
|
|
364
|
+
<c>"tool": "x"</c>). Walking parent shapes up front prevents JValue indexer accesses
|
|
365
|
+
further down the validator chain from throwing InvalidOperationException.
|
|
366
|
+
</summary>
|
|
367
|
+
</member>
|
|
368
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunCommand.TryStampAdoContext(Newtonsoft.Json.Linq.JObject,Microsoft.CodeAnalysis.Sarif.Multitool.AdoPipelineContext,System.String@)">
|
|
369
|
+
<summary>
|
|
370
|
+
Stamps ADO pipeline identity directly onto the JSON payload. Mutating the JObject
|
|
371
|
+
rather than round-tripping through the typed <see cref="M:Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunCommand.Run(Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunOptions,Microsoft.CodeAnalysis.Sarif.IFileSystem)"/> model preserves any
|
|
372
|
+
SARIF Run fields the typed model doesn't surface (e.g., <c>redactionTokens</c>) in
|
|
373
|
+
the wip line. (The replayer materializes a typed <c>Run</c> at finalize time, so
|
|
374
|
+
non-typed fields are durable only up to that boundary.)
|
|
375
|
+
</summary>
|
|
376
|
+
</member>
|
|
377
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.EmitInitRunOptions">
|
|
378
|
+
<summary>
|
|
379
|
+
Options for <c>emit-init-run</c>, which opens an append-only event log
|
|
380
|
+
(<c><output>.wip.jsonl</c>) seeded with a <c>run-header</c> event built from a
|
|
381
|
+
caller-supplied SARIF <c>Run</c> JSON document. Subsequent producers append events to the
|
|
382
|
+
log via the SARIF emit API and finalize via <c>multitool emit-finalize</c>.
|
|
383
|
+
</summary>
|
|
384
|
+
<remarks>
|
|
385
|
+
<para>The run JSON is supplied as a JSON document (file via <c>--input</c> or piped on
|
|
386
|
+
stdin), matching the contract used by <c>add-result</c>, <c>add-notification</c>, and
|
|
387
|
+
<c>add-reporting-descriptor</c>. SARIF <c>Run</c> is by far the richest object in the
|
|
388
|
+
schema; modeling each field as a CLI flag would require a sprawling and ever-expanding
|
|
389
|
+
surface that still could not express the legal partial-<c>Run</c> shape the replayer
|
|
390
|
+
accepts (multiple <c>versionControlProvenance</c> entries, <c>properties</c> bags,
|
|
391
|
+
<c>language</c>, <c>columnKind</c>, <c>defaultEncoding</c>, <c>redactionTokens</c>, …).
|
|
392
|
+
The JSON-payload contract keeps the verb generic and lets an AI producer emit
|
|
393
|
+
arbitrarily-rich run headers without losing fidelity.</para>
|
|
394
|
+
<para>Profile-essential defects are validated at receipt: <c>tool.driver.name</c> must
|
|
395
|
+
be a non-empty string; <c>tool.driver.informationUri</c> and
|
|
396
|
+
<c>versionControlProvenance[*].repositoryUri</c> must be <c>https</c>;
|
|
397
|
+
<c>originalUriBaseIds["SRCROOT"].uri</c> must be <c>https</c> or <c>file</c>;
|
|
398
|
+
<c>automationDetails.guid</c> / <c>correlationGuid</c> must be canonical 8-4-4-4-12
|
|
399
|
+
GUIDs; <c>properties["ai/origin"]</c> must be <c>generated</c>, <c>annotated</c>, or
|
|
400
|
+
<c>synthesized</c>. The verb also rejects a SARIF <em>log</em> accidentally supplied in
|
|
401
|
+
place of a <c>Run</c>.</para>
|
|
402
|
+
</remarks>
|
|
403
|
+
</member>
|
|
7
404
|
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.FileWorkItemsCommand">
|
|
8
405
|
<summary>
|
|
9
406
|
A class that drives SARIF work item filing. This class is responsible for
|
|
@@ -105,46 +502,6 @@
|
|
|
105
502
|
and shows results.
|
|
106
503
|
</summary>
|
|
107
504
|
</member>
|
|
108
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoReferenceFinalSchema.Id">
|
|
109
|
-
<summary>
|
|
110
|
-
ADO1011
|
|
111
|
-
</summary>
|
|
112
|
-
</member>
|
|
113
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredSarifLogProperties.Id">
|
|
114
|
-
<summary>
|
|
115
|
-
ADO1013
|
|
116
|
-
</summary>
|
|
117
|
-
</member>
|
|
118
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredRunProperties.Id">
|
|
119
|
-
<summary>
|
|
120
|
-
ADO1014
|
|
121
|
-
</summary>
|
|
122
|
-
</member>
|
|
123
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredResultProperties.Id">
|
|
124
|
-
<summary>
|
|
125
|
-
ADO1015
|
|
126
|
-
</summary>
|
|
127
|
-
</member>
|
|
128
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredLocationProperties.Id">
|
|
129
|
-
<summary>
|
|
130
|
-
ADO1016
|
|
131
|
-
</summary>
|
|
132
|
-
</member>
|
|
133
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredPhysicalLocationProperties.Id">
|
|
134
|
-
<summary>
|
|
135
|
-
ADO1017
|
|
136
|
-
</summary>
|
|
137
|
-
</member>
|
|
138
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredToolProperties.Id">
|
|
139
|
-
<summary>
|
|
140
|
-
ADO1018
|
|
141
|
-
</summary>
|
|
142
|
-
</member>
|
|
143
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AdoProvideRequiredReportingDescriptorProperties.Id">
|
|
144
|
-
<summary>
|
|
145
|
-
ADO2012
|
|
146
|
-
</summary>
|
|
147
|
-
</member>
|
|
148
505
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.AIProvideRequiredRegionProperties.Id">
|
|
149
506
|
<summary>
|
|
150
507
|
AI1003
|
|
@@ -185,11 +542,6 @@
|
|
|
185
542
|
AI1013
|
|
186
543
|
</summary>
|
|
187
544
|
</member>
|
|
188
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.ExecutionNotificationPlacement.Id">
|
|
189
|
-
<summary>
|
|
190
|
-
AI1014
|
|
191
|
-
</summary>
|
|
192
|
-
</member>
|
|
193
545
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.ProvideSemanticVersion.Id">
|
|
194
546
|
<summary>
|
|
195
547
|
AI2003
|
|
@@ -235,7 +587,7 @@
|
|
|
235
587
|
AI2017
|
|
236
588
|
</summary>
|
|
237
589
|
</member>
|
|
238
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.
|
|
590
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.ProvideLearningSignalArtifact.Id">
|
|
239
591
|
<summary>
|
|
240
592
|
AI2018
|
|
241
593
|
</summary>
|
|
@@ -255,6 +607,33 @@
|
|
|
255
607
|
of the schema is valid.
|
|
256
608
|
</summary>
|
|
257
609
|
</member>
|
|
610
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.EvidenceJsonReader">
|
|
611
|
+
<summary>
|
|
612
|
+
Defensive reads of <c>ai/evidence</c> entry properties. Producers in the
|
|
613
|
+
wild emit some properties (e.g. <c>backing</c>) as either a single
|
|
614
|
+
string or as an array of strings; a validator rule must accept both
|
|
615
|
+
shapes without throwing on well-formed input.
|
|
616
|
+
</summary>
|
|
617
|
+
</member>
|
|
618
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.EvidenceJsonReader.ReadString(Newtonsoft.Json.Linq.JObject,System.String)">
|
|
619
|
+
<summary>
|
|
620
|
+
Reads <paramref name="propertyName"/> from <paramref name="entry"/>
|
|
621
|
+
as a string. Returns null if the property is absent or not a JSON
|
|
622
|
+
string token (i.e., array, object, number, boolean, null).
|
|
623
|
+
</summary>
|
|
624
|
+
</member>
|
|
625
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.EvidenceJsonReader.ReadStrings(Newtonsoft.Json.Linq.JObject,System.String)">
|
|
626
|
+
<summary>
|
|
627
|
+
Reads <paramref name="propertyName"/> from <paramref name="entry"/>
|
|
628
|
+
as a list of strings. Accepts both shapes:
|
|
629
|
+
<list type="bullet">
|
|
630
|
+
<item>a single JSON string (yields a one-element list);</item>
|
|
631
|
+
<item>a JSON array of strings (non-string array elements are silently dropped).</item>
|
|
632
|
+
</list>
|
|
633
|
+
Returns an empty list when the property is absent, null-valued, or any
|
|
634
|
+
other JSON shape (object, number, boolean).
|
|
635
|
+
</summary>
|
|
636
|
+
</member>
|
|
258
637
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.ProvideRequiredLocationProperties.Id">
|
|
259
638
|
<summary>
|
|
260
639
|
GH1001
|
|
@@ -345,6 +724,76 @@
|
|
|
345
724
|
GH2012
|
|
346
725
|
</summary>
|
|
347
726
|
</member>
|
|
727
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOReferenceFinalSchema.Id">
|
|
728
|
+
<summary>
|
|
729
|
+
GHAzDO1011
|
|
730
|
+
</summary>
|
|
731
|
+
</member>
|
|
732
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredSarifLogProperties.Id">
|
|
733
|
+
<summary>
|
|
734
|
+
GHAzDO1013
|
|
735
|
+
</summary>
|
|
736
|
+
</member>
|
|
737
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredRunProperties.Id">
|
|
738
|
+
<summary>
|
|
739
|
+
GHAzDO1014
|
|
740
|
+
</summary>
|
|
741
|
+
</member>
|
|
742
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredResultProperties.Id">
|
|
743
|
+
<summary>
|
|
744
|
+
GHAzDO1015
|
|
745
|
+
</summary>
|
|
746
|
+
</member>
|
|
747
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredLocationProperties.Id">
|
|
748
|
+
<summary>
|
|
749
|
+
GHAzDO1016
|
|
750
|
+
</summary>
|
|
751
|
+
</member>
|
|
752
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredPhysicalLocationProperties.Id">
|
|
753
|
+
<summary>
|
|
754
|
+
GHAzDO1017
|
|
755
|
+
</summary>
|
|
756
|
+
</member>
|
|
757
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredToolProperties.Id">
|
|
758
|
+
<summary>
|
|
759
|
+
GHAzDO1018
|
|
760
|
+
</summary>
|
|
761
|
+
</member>
|
|
762
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvidePipelineProperties">
|
|
763
|
+
<summary>
|
|
764
|
+
GHAzDO1019 — when run.automationDetails is present, require the four
|
|
765
|
+
`azuredevops/pipeline/build/*` properties that GHAzDO ingestion reads to
|
|
766
|
+
identify the build definition + phase. Missing or unparseable values cause
|
|
767
|
+
ingestion to drop the run with "SarifValidation_MissingAdoPipelineProperties".
|
|
768
|
+
|
|
769
|
+
Required keys (all under run.automationDetails.properties):
|
|
770
|
+
azuredevops/pipeline/build/buildDefinitionId (int, != 0)
|
|
771
|
+
azuredevops/pipeline/build/buildDefinitionName (non-empty string)
|
|
772
|
+
azuredevops/pipeline/build/phaseId (GUID, != Guid.Empty)
|
|
773
|
+
azuredevops/pipeline/build/phaseName (non-empty string)
|
|
774
|
+
|
|
775
|
+
Source of truth: AdvancedSecurity.Service ./SarifUtils/SarifExtensions.cs
|
|
776
|
+
`GetPipeline(Run)` and CodeScanningResultPluginBase.ValidateRun.
|
|
777
|
+
</summary>
|
|
778
|
+
</member>
|
|
779
|
+
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideAutomationDetailsIdFormat">
|
|
780
|
+
<summary>
|
|
781
|
+
GHAzDO1020 — when run.automationDetails.id is present, require it to start
|
|
782
|
+
with the canonical `azuredevops/pipeline/build/` prefix. GHAzDO ingestion
|
|
783
|
+
parses the slash-delimited remainder as
|
|
784
|
+
`<org>/<project>/<buildDefId>/<phaseId>/<branch>/<buildId>`;
|
|
785
|
+
IDs that don't carry the prefix fail downstream parsing.
|
|
786
|
+
|
|
787
|
+
Source of truth: AdvancedSecurity.Service runAutomationDetails.Id consumers.
|
|
788
|
+
We deliberately validate only the prefix here — the slash content is derived
|
|
789
|
+
from pipeline state and not authored by hand.
|
|
790
|
+
</summary>
|
|
791
|
+
</member>
|
|
792
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.GHAzDOProvideRequiredReportingDescriptorProperties.Id">
|
|
793
|
+
<summary>
|
|
794
|
+
GHAzDO2012
|
|
795
|
+
</summary>
|
|
796
|
+
</member>
|
|
348
797
|
<member name="T:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources">
|
|
349
798
|
<summary>
|
|
350
799
|
A strongly-typed resource class, for looking up localized strings, etc.
|
|
@@ -361,33 +810,33 @@
|
|
|
361
810
|
resource lookups using this strongly typed resource class.
|
|
362
811
|
</summary>
|
|
363
812
|
</member>
|
|
364
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
813
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1011_ReferenceFinalSchema_FullDescription_Text">
|
|
365
814
|
<summary>
|
|
366
815
|
Looks up a localized string similar to The '$schema' property must refer to the final version of the SARIF 2.1.0 schema. This enables IDEs to provide Intellisense for SARIF log files.
|
|
367
816
|
|
|
368
817
|
The SARIF standard was developed over several years and many intermediate versions of the schema were produced. Now that the standard is final, only the OASIS standard version of the schema is valid..
|
|
369
818
|
</summary>
|
|
370
819
|
</member>
|
|
371
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
820
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1013_ProvideRequiredSarifLogProperties_FullDescription_Text">
|
|
372
821
|
<summary>
|
|
373
|
-
Looks up a localized string similar to The root element of a SARIF log file is a SarifLog object. The properties of this element provide information about the log's schema version as well as an array of analysis runs. These properties are required by the
|
|
822
|
+
Looks up a localized string similar to The root element of a SARIF log file is a SarifLog object. The properties of this element provide information about the log's schema version as well as an array of analysis runs. These properties are required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
374
823
|
|
|
375
824
|
Provide the '$schema' property, which must refer to the final version of the SARIF 2.1.0 schema. This enables IDEs to provide Intellisense for SARIF log files.
|
|
376
825
|
|
|
377
826
|
Provide the 'version' property, which must refer to the the final, OASIS standard version of the SA [rest of string was truncated]";.
|
|
378
827
|
</summary>
|
|
379
828
|
</member>
|
|
380
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
829
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1014_GHAzDOProvideRequiredRunProperties_Error_MissingAutomationDetails_Text">
|
|
381
830
|
<summary>
|
|
382
831
|
Looks up a localized string similar to {0}: This 'run' object does not provide an 'automationDetails' property. This property is required by the {1} service..
|
|
383
832
|
</summary>
|
|
384
833
|
</member>
|
|
385
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
834
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1014_GHAzDOProvideRequiredRunProperties_Error_MissingAutomationDetailsId_Text">
|
|
386
835
|
<summary>
|
|
387
836
|
Looks up a localized string similar to {0}: This 'run' object's 'automationDetails' object does not provide an 'id' value. This property is required by the {1} service..
|
|
388
837
|
</summary>
|
|
389
838
|
</member>
|
|
390
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
839
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1014_ProvideRequiredRunProperties_FullDescription_Text">
|
|
391
840
|
<summary>
|
|
392
841
|
Looks up a localized string similar to The Run object represents a single execution of the specified analysis tool.
|
|
393
842
|
|
|
@@ -395,56 +844,101 @@
|
|
|
395
844
|
|
|
396
845
|
Provide the 'results' array, even if it is empty.
|
|
397
846
|
|
|
398
|
-
Provide the 'automationDetails' property. The automationDetails's 'id' property is required by the
|
|
847
|
+
Provide the 'automationDetails' property. The automationDetails's 'id' property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service..
|
|
399
848
|
</summary>
|
|
400
849
|
</member>
|
|
401
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
850
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1015_ProvideRequiredResultProperties_Error_MissingRuleId_Text">
|
|
402
851
|
<summary>
|
|
403
852
|
Looks up a localized string similar to {0}: This 'result' object does not provide a 'ruleId' value. This property is required by the {1} service..
|
|
404
853
|
</summary>
|
|
405
854
|
</member>
|
|
406
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
855
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1015_ProvideRequiredResultProperties_FullDescription_Text">
|
|
407
856
|
<summary>
|
|
408
857
|
Looks up a localized string similar to The Result object represents an analysis finding and should provide details describing the nature of the problem along with its location in the scan target.
|
|
409
858
|
|
|
410
|
-
Provide the 'ruleId' property, which is the unique identifier of the analysis rule that was violated. This property is required by the
|
|
859
|
+
Provide the 'ruleId' property, which is the unique identifier of the analysis rule that was violated. This property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
411
860
|
|
|
412
|
-
Provide the 'message' property, which is a user-facing explanation of the result occurrence. The message's 'text' property is required by the
|
|
861
|
+
Provide the 'message' property, which is a user-facing explanation of the result occurrence. The message's 'text' property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
413
862
|
|
|
414
863
|
Provide [rest of string was truncated]";.
|
|
415
864
|
</summary>
|
|
416
865
|
</member>
|
|
417
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
866
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1016_ProvideRequiredLocationProperties_FullDescription_Text">
|
|
418
867
|
<summary>
|
|
419
868
|
Looks up a localized string similar to The Location object is important for providing consumers with the location where the result occurred.
|
|
420
869
|
|
|
421
|
-
Provide the 'physicalLocation' property. This property is required by the
|
|
870
|
+
Provide the 'physicalLocation' property. This property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service..
|
|
422
871
|
</summary>
|
|
423
872
|
</member>
|
|
424
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
873
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1017_ProvideRequiredPhysicalLocationProperties_FullDescription_Text">
|
|
425
874
|
<summary>
|
|
426
|
-
Looks up a localized string similar to Provide the 'region' property, along with the appropriate region properties. This property is required by the
|
|
875
|
+
Looks up a localized string similar to Provide the 'region' property, along with the appropriate region properties. This property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
427
876
|
|
|
428
|
-
Provide the 'artifactLocation' property. This property is required by the
|
|
877
|
+
Provide the 'artifactLocation' property. This property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service..
|
|
429
878
|
</summary>
|
|
430
879
|
</member>
|
|
431
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
880
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1018_ProvideRequiredToolProperties_Error_MissingDriverFullName_Text">
|
|
432
881
|
<summary>
|
|
433
882
|
Looks up a localized string similar to {0}: This 'driver' object does not provide a 'fullName' value. This property is required by the {1} service..
|
|
434
883
|
</summary>
|
|
435
884
|
</member>
|
|
436
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
885
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1018_ProvideRequiredToolProperties_FullDescription_Text">
|
|
437
886
|
<summary>
|
|
438
887
|
Looks up a localized string similar to Provide information that makes it easy to identify the name and version of your tool.
|
|
439
888
|
|
|
440
|
-
Provide the 'driver' property. This property is required by the
|
|
889
|
+
Provide the 'driver' property. This property is required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
441
890
|
|
|
442
891
|
Provide the driver's 'name' and 'fullName' properties.
|
|
443
892
|
|
|
444
893
|
Provide the driver's 'rules' array..
|
|
445
894
|
</summary>
|
|
446
895
|
</member>
|
|
447
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
896
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_FullDescription_Text">
|
|
897
|
+
<summary>
|
|
898
|
+
Looks up a localized string similar to When 'run.automationDetails' is present, the four 'azuredevops/pipeline/build/' properties identify the build definition and phase that produced the run..
|
|
899
|
+
</summary>
|
|
900
|
+
</member>
|
|
901
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_MissingBuildDefinitionId_Text">
|
|
902
|
+
<summary>
|
|
903
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' bag does not provide '{2}'. This property is required by the {1} service to identify the build definition..
|
|
904
|
+
</summary>
|
|
905
|
+
</member>
|
|
906
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_InvalidBuildDefinitionId_Text">
|
|
907
|
+
<summary>
|
|
908
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' value for '{2}' is '{3}', which is not a non-zero integer. The {1} service requires a non-zero integer build definition id..
|
|
909
|
+
</summary>
|
|
910
|
+
</member>
|
|
911
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_MissingBuildDefinitionName_Text">
|
|
912
|
+
<summary>
|
|
913
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' bag does not provide '{2}'. This property is required by the {1} service to identify the build definition by name..
|
|
914
|
+
</summary>
|
|
915
|
+
</member>
|
|
916
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_MissingPhaseId_Text">
|
|
917
|
+
<summary>
|
|
918
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' bag does not provide '{2}'. This property is required by the {1} service to identify the build phase..
|
|
919
|
+
</summary>
|
|
920
|
+
</member>
|
|
921
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_InvalidPhaseId_Text">
|
|
922
|
+
<summary>
|
|
923
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' value for '{2}' is '{3}', which is not a non-empty GUID. The {1} service requires a non-empty GUID phase id..
|
|
924
|
+
</summary>
|
|
925
|
+
</member>
|
|
926
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1019_ProvidePipelineProperties_Error_MissingPhaseName_Text">
|
|
927
|
+
<summary>
|
|
928
|
+
Looks up a localized string similar to {0}: The 'automationDetails.properties' bag does not provide '{2}'. This property is required by the {1} service to identify the build phase by name..
|
|
929
|
+
</summary>
|
|
930
|
+
</member>
|
|
931
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1020_ProvideAutomationDetailsIdFormat_FullDescription_Text">
|
|
932
|
+
<summary>
|
|
933
|
+
Looks up a localized string similar to When 'run.automationDetails.id' is present, it must start with the canonical 'azuredevops/pipeline/build/' prefix..
|
|
934
|
+
</summary>
|
|
935
|
+
</member>
|
|
936
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO1020_ProvideAutomationDetailsIdFormat_Error_BadPrefix_Text">
|
|
937
|
+
<summary>
|
|
938
|
+
Looks up a localized string similar to {0}: The 'automationDetails.id' value '{3}' does not start with the expected prefix '{2}'..
|
|
939
|
+
</summary>
|
|
940
|
+
</member>
|
|
941
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO2012_ProvideRequiredReportingDescriptorProperties_FullDescription_Text">
|
|
448
942
|
<summary>
|
|
449
943
|
Looks up a localized string similar to Rule metadata should provide information that makes it easy to understand and fix the problem.
|
|
450
944
|
rule.id
|
|
@@ -454,7 +948,7 @@
|
|
|
454
948
|
Provide the 'name' property, which contains a "friendly name" that helps users see at a glance the purpose of the rule. For uniformity of experience across all tools that produce SARIF, the friendly name should be a single Pascal-case identifier, for example, 'ProvideRuleFriendlyName'..
|
|
455
949
|
</summary>
|
|
456
950
|
</member>
|
|
457
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
951
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GHAzDO2012_ProvideRequiredResultProperties_Error_MissingName_Text">
|
|
458
952
|
<summary>
|
|
459
953
|
Looks up a localized string similar to {0}: This 'reportingDescriptor' object does not provide a 'name' value. This property is required by the {1} service..
|
|
460
954
|
</summary>
|
|
@@ -652,7 +1146,7 @@
|
|
|
652
1146
|
</member>
|
|
653
1147
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.GH1013_ProvideRequiredSarifLogProperties_FullDescription_Text">
|
|
654
1148
|
<summary>
|
|
655
|
-
Looks up a localized string similar to The root element of a SARIF log file is a SarifLog object. The properties of this element provide information about the log's schema version as well as an array of analysis runs. These properties are required by the
|
|
1149
|
+
Looks up a localized string similar to The root element of a SARIF log file is a SarifLog object. The properties of this element provide information about the log's schema version as well as an array of analysis runs. These properties are required by the GHAzDO (GitHub Advanced Security for Azure DevOps) service.
|
|
656
1150
|
|
|
657
1151
|
Provide the '$schema' property, which must refer to the final version of the SARIF 2.1.0 schema. This enables IDEs to provide Intellisense for SARIF log files.
|
|
658
1152
|
|
|
@@ -1183,9 +1677,9 @@
|
|
|
1183
1677
|
Looks up a localized string similar to {0}: The 'startLine' property is absent....
|
|
1184
1678
|
</summary>
|
|
1185
1679
|
</member>
|
|
1186
|
-
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.
|
|
1680
|
+
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.ServiceName_GHAzDO">
|
|
1187
1681
|
<summary>
|
|
1188
|
-
Looks up a localized string similar to
|
|
1682
|
+
Looks up a localized string similar to GHAzDO (GitHub Advanced Security for Azure DevOps).
|
|
1189
1683
|
</summary>
|
|
1190
1684
|
</member>
|
|
1191
1685
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.RuleResources.ServiceName_GHAS">
|
|
@@ -1474,6 +1968,14 @@
|
|
|
1474
1968
|
example.h. In this case, 'analysisTarget' is example.c, and the result location is in example.h.
|
|
1475
1969
|
</summary>
|
|
1476
1970
|
</member>
|
|
1971
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.OptimizeFileSize.CheckSentinelIndex(System.Int32,System.String,System.String)">
|
|
1972
|
+
<summary>
|
|
1973
|
+
Flag an explicit emission of the SARIF <c>-1</c> "unset index" sentinel
|
|
1974
|
+
(\u00a73.4) when the JSON contains the property literally. The sentinel is
|
|
1975
|
+
semantically equivalent to omitting the property; emitting it bloats the
|
|
1976
|
+
log without changing meaning.
|
|
1977
|
+
</summary>
|
|
1978
|
+
</member>
|
|
1477
1979
|
<member name="P:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.ProvideToolProperties.Id">
|
|
1478
1980
|
<summary>
|
|
1479
1981
|
SARIF2005
|
|
@@ -1690,5 +2192,42 @@
|
|
|
1690
2192
|
<param name="uriKind">The type of the `Uri` in `uriString`.</param>
|
|
1691
2193
|
<returns></returns>
|
|
1692
2194
|
</member>
|
|
2195
|
+
<member name="F:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.SarifValidationSkimmerBase.AIOriginPropertyName">
|
|
2196
|
+
<summary>
|
|
2197
|
+
The well-known run property whose presence (with any non-null/non-empty
|
|
2198
|
+
value) declares that the containing run was produced by an AI emitter.
|
|
2199
|
+
AI-emitted SARIF is stochastic by construction — message text is rendered
|
|
2200
|
+
per-result rather than authored against a table of <c>messageStrings</c>
|
|
2201
|
+
templates, and rule ids ride the <c>NOVEL-</c> / <c>BASE/sub-id</c>
|
|
2202
|
+
convention rather than a fixed tool prefix. Style-class validation rules
|
|
2203
|
+
(e.g. SARIF2002, SARIF2009, SARIF2014, SARIF2015) encode human-authoring
|
|
2204
|
+
guidance whose preconditions don't hold for AI output, so they suppress
|
|
2205
|
+
themselves when this marker is set.
|
|
2206
|
+
|
|
2207
|
+
Correctness-class rules (snippets, hashes, provenance, relative URIs, etc.)
|
|
2208
|
+
must NOT consult this marker — those checks apply uniformly to AI content.
|
|
2209
|
+
</summary>
|
|
2210
|
+
</member>
|
|
2211
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.SarifValidationSkimmerBase.IsAIOriginRun(Microsoft.CodeAnalysis.Sarif.Run)">
|
|
2212
|
+
<summary>
|
|
2213
|
+
Returns true when <paramref name="run"/> declares AI provenance via the
|
|
2214
|
+
<c>ai/origin</c> run property. Any non-null/non-empty value counts; the
|
|
2215
|
+
vocabulary (<c>generated</c>, <c>annotated</c>, <c>synthesized</c>, …)
|
|
2216
|
+
is open by design so AI tooling can self-describe at any granularity.
|
|
2217
|
+
</summary>
|
|
2218
|
+
<exception cref="T:System.ArgumentNullException">
|
|
2219
|
+
<paramref name="run"/> is null. Callers reading AI-origin during rule
|
|
2220
|
+
dispatch should already hold a non-null run; the strict contract makes
|
|
2221
|
+
upstream lifecycle bugs loud rather than masking them as "not AI".
|
|
2222
|
+
</exception>
|
|
2223
|
+
</member>
|
|
2224
|
+
<member name="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.SarifValidationSkimmerBase.IsAIOriginRun">
|
|
2225
|
+
<summary>
|
|
2226
|
+
Instance convenience: reports whether the run currently being visited
|
|
2227
|
+
declares AI provenance. Returns false when there is no current run
|
|
2228
|
+
scope (e.g. an <c>Analyze(SarifLog)</c> dispatch); otherwise defers to
|
|
2229
|
+
<see cref="M:Microsoft.CodeAnalysis.Sarif.Multitool.Rules.SarifValidationSkimmerBase.IsAIOriginRun(Microsoft.CodeAnalysis.Sarif.Run)"/>.
|
|
2230
|
+
</summary>
|
|
2231
|
+
</member>
|
|
1693
2232
|
</members>
|
|
1694
2233
|
</doc>
|