Enhance rule metadata and suppression info in SARIF V2 errorlog #64277
Conversation
Two additional piece of info is now logged in SARIF v2 log: 1. We now report the rule metadata, i.e. Descriptor info, for all analyzers that were provided to the compilation, regardless of whether or not they executed on the entire compilation, part of the compilation or were suppressed for the entire compilation. Additionally, the rule metadata contains a special flag "isEverSuppressed = true" if the diagnostic ID was suppressed for the entire compilation (via global options such as /nowarn, ruleset, globalconfig, etc.) or for certain files or folders in the compilation (via editorconfig). 2. For each diagnostic instance that is suppressed in source with a pragma, SuppressMessageAttribute or via a DiagnosticSuppressor, we now report a new property "suppressionType" with one of these three values.
mavasani
changed the title
mavasani
changed the title
|
Could we add a doc file that captures much of the information in your PR message and include it in the PR? It's very valuable to know what these items mean and I think your PR has a great starting point for a doc. Doesn't need to be complex, just something we can point customers to in the future that explain what entries mean what. Can be roughly your PR description with a few formatting changes. |
|
@jaredpar Thanks for the suggestion. I have updated the error log format doc with a high level overview of the SARIF v2 format error log contents. |
|
@dotnet/roslyn-compiler for reviews. |
|
@jjonescz, @cston, @RikkiGibson PTAL |
src/Compilers/CSharp/Test/CommandLine/SarifV2ErrorLoggerTests.cs
Outdated
Show resolved
Hide resolved
|
@jjonescz @RikkiGibson for second review, thanks! |
|
@jjonescz @RikkiGibson @dotnet/roslyn-compiler for second review, thanks! |
|
@dotnet/roslyn-compiler can I please get a second review? Thanks! |
|
Merging this in to unblock the security team from using the additional SARIF info. I'll address any additional feedback with a follow-up PR. Thanks! |
ghost
added this to the 
Two additional piece of data is now logged in SARIF v2 log:
Resultssection for reported diagnostics:Resultssection contains an entry for each reported diagnostic. For each diagnostic instance that is suppressed with a pragma, SuppressMessageAttribute or via a DiagnosticSuppressor, we now report a new propertysuppressionTypewith one of these three values. This data helps analyze the preferred in-source suppression mechanisms in a code base.Rulesmetadata section for analyzer rules:Rulessection contain an entry for each analyzer reportedDiagnosticDescriptor. Prior to this PR, we only logged rule metadata, i.e.DiagnosticDescriptordata, for those rules that fired at least one diagnostic instance in the compilation, and the rule metadata had no suppression info, so there was no way to know which all rules were executed on the project and which were disabled for part or entirety of the compilation. We now report theDiagnosticDescriptorinfo for all analyzers that were provided to the compilation, regardless of whether or not they executed on the entire compilation, part of the compilation or were disabled for the entire compilation. Additionally, if a rule had either a source suppression or was disabled for part or whole of the compilation via options, the rule metadata contains a special flagisEverSuppressed = trueand an arraysuppressionKindswith either or both of the below suppression kinds:inSourcesuppression kind for one or more reported diagnostic(s) that were suppressed through pragma directive, SuppressMessageAttribute or a DiagnosticSuppressor.externalsuppression kind for diagnostic ID that is disabled either for the entire compilation (via global options such as /nowarn, ruleset, globalconfig, etc.) or for certain files or folders in the compilation (via editorconfig options).Sample errorlog.txt
TODO: