Fix bug: match-results-forward command generates invalid Sarif (duplicated rules).
#2505
Conversation
| ruleId = possilbeParentRuleId; | ||
| } | ||
| } | ||
|
|
||
| if (!string.IsNullOrEmpty(ruleId)) | ||
| { | ||
| if (RuleIdToIndex.TryGetValue(ruleId, out int ruleIndex)) |
There was a problem hiding this comment.
It uses this rule-id to index mapping to track all referenced rules.
If there are multiple unique sub ruleIds of a same parent rule in the results, it caches the same parent rule for each unique sub ruleId, which caused the invalid Sarif output (same rule duplicated multiple times) #ByDesign
| @@ -278,6 +278,7 @@ private List<ExtractedResult> ExtractResultsFromRuns(IEnumerable<Run> sarifRuns) | |||
| run.Graphs = graphs; | |||
| run.Invocations = invocations; | |||
| run.Properties = properties; | |||
| run.VersionControlProvenance = MergeVersionControlDetails(currentRuns.Concat(previousRuns)); | |||
There was a problem hiding this comment.
there are couple properties of run like Addresses/WebRequest/WebResponse etc are not been set.
I am not sure if any special requirements to merge these properties. Can I just combine the values of the properties in the final run object?
There was a problem hiding this comment.
moved this change to another PR. resolving this comment.
| { | ||
| ruleId = possilbeParentRuleId; | ||
| } | ||
| } |
There was a problem hiding this comment.
can't we replace this for a smaller logic?
ReportingDescriptor rule = result.GetRule(CurrentRun);
use rule everywhere when possible. #Resolved
There was a problem hiding this comment.
agree. The additional checks is to make sure the case is a rule with sub rule. I can trust result.GetRule(...) and remove these checks.
There was a problem hiding this comment.
updated with simple implementation
|
|
||
| RuleIdToIndex[ruleId] = newIndex; | ||
| node.RuleIndex = newIndex; | ||
| } | ||
|
|
||
| node.RuleId = ruleId; | ||
| node.RuleId = resultRuleId; |
There was a problem hiding this comment.
can't we remove this entire line or just replace if node.ruleid is null/empty?
There was a problem hiding this comment.
Also, why are we using resultRuleId when the remainder of the logic in this if statement is around using ruleId?
There was a problem hiding this comment.
The resultRuleId keeps the value from result entity, ruleId is the value from referenced rule entity. They may be different if result uses a sub rule id of the rule.
e.g.
in rules array there is a rule id is "SEC105/003", value of ruleId should be "SEC105/003"
a result has rule id "SEC105/003/maybenull", which is a sub rule of above rule, resultRuleId keeps this id.
ruleId should be used as key of the cache RuleIdToIndex.
resultRuleId used to set on result rule id.
There was a problem hiding this comment.
updated the implementation pls see latest iteration
|
We also need a release history update for this. In reply to: 1192800154 In reply to: 1192800154 In reply to: 1192800154 |
| @@ -78,7 +78,23 @@ public override Result VisitResult(Result node) | |||
| } | |||
|
|
|||
| // Cache RuleId and set Result.RuleIndex to the (new) index | |||
| string ruleId = node.ResolvedRuleId(CurrentRun); | |||
| string resultRuleId = node.ResolvedRuleId(CurrentRun); | |||
| string ruleId = resultRuleId; | |||
There was a problem hiding this comment.
Do we really need both of these? Why isn't this just:
string ruleId = node.ResolvedRuleId(CurrentRun);? #Resolved
There was a problem hiding this comment.
this was to keep the value of the result's rule id and can be used later, i updated the implemenation pls see the latest iteration.
…b.com/microsoft/sarif-sdk into users/yongyan-gh/ResultMatchingBugFix
| int newIndex = Rules.Count; | ||
| Rules.Add(rule); | ||
| Rules.Add(rule ?? node.GetRule(CurrentRun)); |
|
Also, the title of the PR should tell more about the bug. What bug are you fixing? Is it one? Many? Should be in the same PR or should be separate? In reply to: 1192800154 |
yongyan-gh
changed the title
|
updated release history. since both issue are related to In reply to: 1193015158 |
|
|
||
| private static IList<VersionControlDetails> MergeVersionControlDetails(IEnumerable<Run> runs) | ||
| { | ||
| // use HashSet with EqualityComparer to avoid duplicated entries |
There was a problem hiding this comment.
I would remove the entire comment. I don't see the difference between comment and the actual code.
There was a problem hiding this comment.
removed the comments.
src/ReleaseHistory.md
Outdated
| @@ -1,5 +1,10 @@ | |||
| # SARIF Package Release History (SDK, Driver, Converters, and Multitool) | |||
|
|
|||
| ## Unreleased | |||
|
|
|||
| * BUGFIX: Fix issue `match-results-forward` command generates invalid Sarif when results contain sub ruleId. [#2486](https://github.com/microsoft/sarif-sdk/pull/2486) | |||
There was a problem hiding this comment.
Separated into 2 PRs.
|
remove fix for #2487 to another PR. keep only fix for #2486 In reply to: 1194682619 |
yongyan-gh
changed the title
yongyan-gh
changed the title
match-results-forward command generates invalid Sarif (duplicated rules).
src/ReleaseHistory.md
Outdated
| @@ -1,5 +1,9 @@ | |||
| # SARIF Package Release History (SDK, Driver, Converters, and Multitool) | |||
|
|
|||
| ## Unreleased | |||
|
|
|||
| * BUGFIX: Fix issue `match-results-forward` command generates invalid Sarif when results contain sub ruleId. [#2486](https://github.com/microsoft/sarif-sdk/pull/2486) | |||
There was a problem hiding this comment.
BUGFIX: Fix issue
match-results-forwardcommand generates invalid Sarif when results contain sub ruleId. #2486
I'm not sure if this is just unclear or not descriptive enough. What was invalid about the SARIF results before this fix? #Resolved
There was a problem hiding this comment.
The issue of invalid Sarif produced before the fix is it contains duplicated rule definitions in rules array if the Sarif results contain results have sub ruleId.
E.g. if there are 2 results' ruleId is "TESTRULE/001", the rules array creates 2 duplicated rules of "TESTRULE".
Will update the description with the duplicated rules issue, and update the issue with the detail errors. What do you think?
There was a problem hiding this comment.
So, this is fixing an issue where the match-results-forward command generates Sarif with duplicated results if there is a sub ruleId?
Yes, please update both.
There was a problem hiding this comment.
And just to be clear, also update the release note here. If the above captures everything, you can copy/paste most of it. Don't forget the backticks around ruleId.
| string ruleId = node.ResolvedRuleId(CurrentRun); | ||
| string resultRuleId = node.ResolvedRuleId(CurrentRun); | ||
| ReportingDescriptor rule = node.GetRule(CurrentRun); | ||
| string ruleId = rule?.Id ?? resultRuleId; |
There was a problem hiding this comment.
Yes, if the ruleId from result (resultRuleId) is a sub ruleId. The rule's Id (rule.Id) is the parent ruleId.
e.g. a result has sub rule id ("SEC105/001/allocator"), and a rule index points to its parent rule definition in rules array.
"results": [
{
"ruleId": "SEC105/001/allocator",
"ruleIndex": 0,
...
}
"rules": [
{
"id": "SEC105/001", // index 0
...
}
The fix here is to use the parent ruleId instead of sub ruleId as the RuleIdToIndex dictionary's key, to avoid the (parent) rule definition to be added multiple times.
| { | ||
| subRuleId.StartsWith(parentRuleId).Should().BeTrue(); | ||
| } | ||
| } |
There was a problem hiding this comment.
We can consolidate all of this:
int rule_001Count = 0;
int rule_002Count = 0;
int rule_003Count = 0;
int rule004Count = 0;
int rule_005Count = 0;
int rule_006Count = 0;
int rule_DoesNotExistCount = 0;
mergedRun.Results.Count.Should().Be(11); //Even better if you have a way of calculating this expected value from the inputs above.
foreach (Result result in mergedRune.Results)
{
...// keep everything the same and add something like this:
if(result.Id == "Rule/001")
{
rule_001Count+=1;
}
}
rule_001Count.Should().Be(expectedRule001Count);
//etc
We're trying to avoid iterating over the same lists multiple times. Let me know if this makes sense.
#Resolved
There was a problem hiding this comment.
agree, updated & removed duplicated iterations
Code coverage (via Live Unit Testing) shows this is the only segment of code in VisitResults that is not covered by a test. Stepped through the added tests and confirmed they cover remaining if/else blocks. All changed code appears fully covered. If at all possible to sneak in a unit test to cover this section, that would help improve our code coverage overall. In reply to: 1211334197 In reply to: 1211334197 Refers to: src/Sarif/Visitors/RunMergingVisitor.cs:77 in 9548a62. [](commit_id = 9548a62, deletion_comment = False) |
test case added for the case CurrentRun is null. In reply to: 1211334197 Refers to: src/Sarif/Visitors/RunMergingVisitor.cs:77 in 9548a62. [](commit_id = 9548a62, deletion_comment = False) |
|
Need to resolve the conflicts. In reply to: 1218847548 |
|
resolved In reply to: 1218847548 |
src/ReleaseHistory.md
Outdated
| @@ -1,5 +1,9 @@ | |||
| # SARIF Package Release History (SDK, Driver, Converters, and Multitool) | |||
|
|
|||
| ## Unreleased | |||
|
|
|||
| * BUGFIX: Fix an issue where the `match-results-forward` command generates Sarif with duplicated rules if there are results with sub `ruleId`. [#2486](https://github.com/microsoft/sarif-sdk/pull/2486) | |||
There was a problem hiding this comment.
Description
Fixes for below issue:
match-results-forward command generates invalid SARIF when results contain SubRuleId (#2486)