Missing originalUriBaseIds property from the SARIF specification (#35043

) Co-authored-by: Ben Ahmady <[email protected]>
github · Nov 7, 2024 · aec2b02 · aec2b02
1 parent 9f36ca3
commit aec2b02
Showing 1 changed file with 80 additions and 0 deletions.
diff --git a/...code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md b/...code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning.md
@@ -313,6 +313,86 @@ This SARIF output file has example values to show the minimum required propertie
 }
 ```
 
+### Relative URI Guidance for SARIF Producers
+
+This SARIF output file has example of values for the field `originalUriBaseIds`, showing the minimum required properties a SARIF producer should include when using relative URI references.
+
+{% note %}
+
+**Note:** While this property is not required by {% data variables.product.prodname_dotcom %} for the {% data variables.product.prodname_code_scanning %} results to be displayed correctly, it is required to produce a valid SARIF output when using relative URI references.
+
+{% endnote %}
+
+```json
+{
+  "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Tool Name",
+          "rules": [
+            {
+              "id": "R01"
+                      ...
+              "properties" : {
+                 "id" : "java/unsafe-deserialization",
+                 "kind" : "path-problem",
+                 "name" : "...",
+                 "problem.severity" : "error",
+                 "security-severity" : "9.8",
+               }
+            }
+          ]
+        }
+      },
+      "originalUriBaseIds": {
+        "PROJECTROOT": {
+         "uri": "file:///C:/Users/Mary/code/TheProject/",
+           "description": {
+             "text": "The root directory for all project files."
+           }
+        },
+         "%SRCROOT%": {
+           "uri": "src/",
+           "uriBaseId": "PROJECTROOT",
+           "description": {
+             "text": "The root of the source tree."
+           }
+         }
+      },
+      "results": [
+        {
+          "ruleId": "R01",
+          "message": {
+            "text": "Result text. This result does not have a rule associated."
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "fileURI",
+                  "uriBaseId": "%SRCROOT%"
+                },
+                "region": {
+                  "startLine": 2,
+                  "startColumn": 7,
+                  "endColumn": 10
+                }
+              }
+            }
+          ],
+          "partialFingerprints": {
+            "primaryLocationLineHash": "39fa2ee980eb94b0:1"
+          }
+        }
+      ]
+    }
+  ]
+}
+```
+
 ### Example showing all supported SARIF properties
 
 This SARIF output file has example values to show all supported SARIF properties for {% data variables.product.prodname_code_scanning %}.