1package garif 2 3// Address A physical or virtual address, or a range of addresses, in an 'addressable region' (memory or a binary file). 4type Address struct { 5 6 // The address expressed as a byte offset from the start of the addressable region. 7 AbsoluteAddress int `json:"absoluteAddress,omitempty"` 8 9 // A human-readable fully qualified name that is associated with the address. 10 FullyQualifiedName string `json:"fullyQualifiedName,omitempty"` 11 12 // The index within run.addresses of the cached object for this address. 13 Index int `json:"index,omitempty"` 14 15 // An open-ended string that identifies the address kind. 16 // 'data', 'function', 'header','instruction', 'module', 'page', 'section', 17 // 'segment', 'stack', 'stackFrame', 'table' are well-known values. 18 Kind string `json:"kind,omitempty"` 19 20 // The number of bytes in this range of addresses. 21 Length int `json:"length,omitempty"` 22 23 // A name that is associated with the address, e.g., '.text'. 24 Name string `json:"name,omitempty"` 25 26 // The byte offset of this address from the absolute or relative address of the parent object. 27 OffsetFromParent int `json:"offsetFromParent,omitempty"` 28 29 // The index within run.addresses of the parent object. 30 ParentIndex int `json:"parentIndex,omitempty"` 31 32 // Key/value pairs that provide additional information about the address. 33 Properties *PropertyBag `json:"properties,omitempty"` 34 35 // The address expressed as a byte offset from the absolute address of the top-most parent object. 36 RelativeAddress int `json:"relativeAddress,omitempty"` 37} 38 39// Artifact A single artifact. In some cases, this artifact might be nested within another artifact. 40type Artifact struct { 41 42 // The contents of the artifact. 43 Contents *ArtifactContent `json:"contents,omitempty"` 44 45 // A short description of the artifact. 46 Description *Message `json:"description,omitempty"` 47 48 // Specifies the encoding for an artifact object that refers to a text file. 49 Encoding string `json:"encoding,omitempty"` 50 51 // A dictionary, each of whose keys is the name of a hash function and each of whose values is 52 // the hashed value of the artifact produced by the specified hash function. 53 Hashes map[string]string `json:"hashes,omitempty"` 54 55 // The Coordinated Universal Time (UTC) date and time at which the artifact was most recently modified. 56 // See "Date/time properties" in the SARIF spec for the required format. 57 LastModifiedTimeUtc string `json:"lastModifiedTimeUtc,omitempty"` 58 59 // The length of the artifact in bytes. 60 Length int `json:"length,omitempty"` 61 62 // The location of the artifact. 63 Location *ArtifactLocation `json:"location,omitempty"` 64 65 // The MIME type (RFC 2045) of the artifact. 66 MimeType string `json:"mimeType,omitempty"` 67 68 // The offset in bytes of the artifact within its containing artifact. 69 Offset int `json:"offset,omitempty"` 70 71 // Identifies the index of the immediate parent of the artifact, if this artifact is nested. 72 ParentIndex int `json:"parentIndex,omitempty"` 73 74 // Key/value pairs that provide additional information about the artifact. 75 Properties *PropertyBag `json:"properties,omitempty"` 76 77 // The role or roles played by the artifact in the analysis. 78 Roles []interface{} `json:"roles,omitempty"` 79 80 // Specifies the source language for any artifact object that refers to a text file that contains source code. 81 SourceLanguage string `json:"sourceLanguage,omitempty"` 82} 83 84// ArtifactChange A change to a single artifact. 85type ArtifactChange struct { 86 87 // The location of the artifact to change. 88 ArtifactLocation *ArtifactLocation `json:"artifactLocation"` 89 90 // Key/value pairs that provide additional information about the change. 91 Properties *PropertyBag `json:"properties,omitempty"` 92 93 // An array of replacement objects, each of which represents the replacement of a single region in a 94 // single artifact specified by 'artifactLocation'. 95 Replacements []*Replacement `json:"replacements"` 96} 97 98// ArtifactContent Represents the contents of an artifact. 99type ArtifactContent struct { 100 101 // MIME Base64-encoded content from a binary artifact, or from a text artifact in its original encoding. 102 Binary string `json:"binary,omitempty"` 103 104 // Key/value pairs that provide additional information about the artifact content. 105 Properties *PropertyBag `json:"properties,omitempty"` 106 107 // An alternate rendered representation of the artifact (e.g., a decompiled representation of a binary region). 108 Rendered *MultiformatMessageString `json:"rendered,omitempty"` 109 110 // UTF-8-encoded content from a text artifact. 111 Text string `json:"text,omitempty"` 112} 113 114// ArtifactLocation Specifies the location of an artifact. 115type ArtifactLocation struct { 116 117 // A short description of the artifact location. 118 Description *Message `json:"description,omitempty"` 119 120 // The index within the run artifacts array of the artifact object associated with the artifact location. 121 Index int `json:"index,omitempty"` 122 123 // Key/value pairs that provide additional information about the artifact location. 124 Properties *PropertyBag `json:"properties,omitempty"` 125 126 // A string containing a valid relative or absolute URI. 127 Uri string `json:"uri,omitempty"` 128 129 // A string which indirectly specifies the absolute URI with respect to which a relative URI in the "uri" property is interpreted. 130 UriBaseId string `json:"uriBaseId,omitempty"` 131} 132 133// Attachment An artifact relevant to a result. 134type Attachment struct { 135 136 // The location of the attachment. 137 ArtifactLocation *ArtifactLocation `json:"artifactLocation"` 138 139 // A message describing the role played by the attachment. 140 Description *Message `json:"description,omitempty"` 141 142 // Key/value pairs that provide additional information about the attachment. 143 Properties *PropertyBag `json:"properties,omitempty"` 144 145 // An array of rectangles specifying areas of interest within the image. 146 Rectangles []*Rectangle `json:"rectangles,omitempty"` 147 148 // An array of regions of interest within the attachment. 149 Regions []*Region `json:"regions,omitempty"` 150} 151 152// CodeFlow A set of threadFlows which together describe a pattern of code execution relevant to detecting a result. 153type CodeFlow struct { 154 155 // A message relevant to the code flow. 156 Message *Message `json:"message,omitempty"` 157 158 // Key/value pairs that provide additional information about the code flow. 159 Properties *PropertyBag `json:"properties,omitempty"` 160 161 // An array of one or more unique threadFlow objects, each of which describes the progress of a program 162 // through a thread of execution. 163 ThreadFlows []*ThreadFlow `json:"threadFlows"` 164} 165 166// ConfigurationOverride Information about how a specific rule or notification was reconfigured at runtime. 167type ConfigurationOverride struct { 168 169 // Specifies how the rule or notification was configured during the scan. 170 Configuration *ReportingConfiguration `json:"configuration"` 171 172 // A reference used to locate the descriptor whose configuration was overridden. 173 Descriptor *ReportingDescriptorReference `json:"descriptor"` 174 175 // Key/value pairs that provide additional information about the configuration override. 176 Properties *PropertyBag `json:"properties,omitempty"` 177} 178 179// Conversion Describes how a converter transformed the output of a static analysis tool from the analysis tool's native output format into the SARIF format. 180type Conversion struct { 181 182 // The locations of the analysis tool's per-run log files. 183 AnalysisToolLogFiles []*ArtifactLocation `json:"analysisToolLogFiles,omitempty"` 184 185 // An invocation object that describes the invocation of the converter. 186 Invocation *Invocation `json:"invocation,omitempty"` 187 188 // Key/value pairs that provide additional information about the conversion. 189 Properties *PropertyBag `json:"properties,omitempty"` 190 191 // A tool object that describes the converter. 192 Tool *Tool `json:"tool"` 193} 194 195// Edge Represents a directed edge in a graph. 196type Edge struct { 197 198 // A string that uniquely identifies the edge within its graph. 199 Id string `json:"id"` 200 201 // A short description of the edge. 202 Label *Message `json:"label,omitempty"` 203 204 // Key/value pairs that provide additional information about the edge. 205 Properties *PropertyBag `json:"properties,omitempty"` 206 207 // Identifies the source node (the node at which the edge starts). 208 SourceNodeId string `json:"sourceNodeId"` 209 210 // Identifies the target node (the node at which the edge ends). 211 TargetNodeId string `json:"targetNodeId"` 212} 213 214// EdgeTraversal Represents the traversal of a single edge during a graph traversal. 215type EdgeTraversal struct { 216 217 // Identifies the edge being traversed. 218 EdgeId string `json:"edgeId"` 219 220 // The values of relevant expressions after the edge has been traversed. 221 FinalState map[string]*MultiformatMessageString `json:"finalState,omitempty"` 222 223 // A message to display to the user as the edge is traversed. 224 Message *Message `json:"message,omitempty"` 225 226 // Key/value pairs that provide additional information about the edge traversal. 227 Properties *PropertyBag `json:"properties,omitempty"` 228 229 // The number of edge traversals necessary to return from a nested graph. 230 StepOverEdgeCount int `json:"stepOverEdgeCount,omitempty"` 231} 232 233// Exception Describes a runtime exception encountered during the execution of an analysis tool. 234type Exception struct { 235 236 // An array of exception objects each of which is considered a cause of this exception. 237 InnerExceptions []*Exception `json:"innerExceptions,omitempty"` 238 239 // A string that identifies the kind of exception, for example, the fully qualified type name of an object that was thrown, or the symbolic name of a signal. 240 Kind string `json:"kind,omitempty"` 241 242 // A message that describes the exception. 243 Message string `json:"message,omitempty"` 244 245 // Key/value pairs that provide additional information about the exception. 246 Properties *PropertyBag `json:"properties,omitempty"` 247 248 // The sequence of function calls leading to the exception. 249 Stack *Stack `json:"stack,omitempty"` 250} 251 252// ExternalProperties The top-level element of an external property file. 253type ExternalProperties struct { 254 255 // Addresses that will be merged with a separate run. 256 Addresses []*Address `json:"addresses,omitempty"` 257 258 // An array of artifact objects that will be merged with a separate run. 259 Artifacts []*Artifact `json:"artifacts,omitempty"` 260 261 // A conversion object that will be merged with a separate run. 262 Conversion *Conversion `json:"conversion,omitempty"` 263 264 // The analysis tool object that will be merged with a separate run. 265 Driver *ToolComponent `json:"driver,omitempty"` 266 267 // Tool extensions that will be merged with a separate run. 268 Extensions []*ToolComponent `json:"extensions,omitempty"` 269 270 // Key/value pairs that provide additional information that will be merged with a separate run. 271 ExternalizedProperties *PropertyBag `json:"externalizedProperties,omitempty"` 272 273 // An array of graph objects that will be merged with a separate run. 274 Graphs []*Graph `json:"graphs,omitempty"` 275 276 // A stable, unique identifer for this external properties object, in the form of a GUID. 277 Guid string `json:"guid,omitempty"` 278 279 // Describes the invocation of the analysis tool that will be merged with a separate run. 280 Invocations []*Invocation `json:"invocations,omitempty"` 281 282 // An array of logical locations such as namespaces, types or functions that will be merged with a separate run. 283 LogicalLocations []*LogicalLocation `json:"logicalLocations,omitempty"` 284 285 // Tool policies that will be merged with a separate run. 286 Policies []*ToolComponent `json:"policies,omitempty"` 287 288 // Key/value pairs that provide additional information about the external properties. 289 Properties *PropertyBag `json:"properties,omitempty"` 290 291 // An array of result objects that will be merged with a separate run. 292 Results []*Result `json:"results,omitempty"` 293 294 // A stable, unique identifer for the run associated with this external properties object, in the form of a GUID. 295 RunGuid string `json:"runGuid,omitempty"` 296 297 // The URI of the JSON schema corresponding to the version of the external property file format. 298 Schema string `json:"schema,omitempty"` 299 300 // Tool taxonomies that will be merged with a separate run. 301 Taxonomies []*ToolComponent `json:"taxonomies,omitempty"` 302 303 // An array of threadFlowLocation objects that will be merged with a separate run. 304 ThreadFlowLocations []*ThreadFlowLocation `json:"threadFlowLocations,omitempty"` 305 306 // Tool translations that will be merged with a separate run. 307 Translations []*ToolComponent `json:"translations,omitempty"` 308 309 // The SARIF format version of this external properties object. 310 Version interface{} `json:"version,omitempty"` 311 312 // Requests that will be merged with a separate run. 313 WebRequests []*WebRequest `json:"webRequests,omitempty"` 314 315 // Responses that will be merged with a separate run. 316 WebResponses []*WebResponse `json:"webResponses,omitempty"` 317} 318 319// ExternalPropertyFileReference Contains information that enables a SARIF consumer to locate the external property file that contains the value of an externalized property associated with the run. 320type ExternalPropertyFileReference struct { 321 322 // A stable, unique identifer for the external property file in the form of a GUID. 323 Guid string `json:"guid,omitempty"` 324 325 // A non-negative integer specifying the number of items contained in the external property file. 326 ItemCount int `json:"itemCount,omitempty"` 327 328 // The location of the external property file. 329 Location *ArtifactLocation `json:"location,omitempty"` 330 331 // Key/value pairs that provide additional information about the external property file. 332 Properties *PropertyBag `json:"properties,omitempty"` 333} 334 335// ExternalPropertyFileReferences References to external property files that should be inlined with the content of a root log file. 336type ExternalPropertyFileReferences struct { 337 338 // An array of external property files containing run.addresses arrays to be merged with the root log file. 339 Addresses []*ExternalPropertyFileReference `json:"addresses,omitempty"` 340 341 // An array of external property files containing run.artifacts arrays to be merged with the root log file. 342 Artifacts []*ExternalPropertyFileReference `json:"artifacts,omitempty"` 343 344 // An external property file containing a run.conversion object to be merged with the root log file. 345 Conversion *ExternalPropertyFileReference `json:"conversion,omitempty"` 346 347 // An external property file containing a run.driver object to be merged with the root log file. 348 Driver *ExternalPropertyFileReference `json:"driver,omitempty"` 349 350 // An array of external property files containing run.extensions arrays to be merged with the root log file. 351 Extensions []*ExternalPropertyFileReference `json:"extensions,omitempty"` 352 353 // An external property file containing a run.properties object to be merged with the root log file. 354 ExternalizedProperties *ExternalPropertyFileReference `json:"externalizedProperties,omitempty"` 355 356 // An array of external property files containing a run.graphs object to be merged with the root log file. 357 Graphs []*ExternalPropertyFileReference `json:"graphs,omitempty"` 358 359 // An array of external property files containing run.invocations arrays to be merged with the root log file. 360 Invocations []*ExternalPropertyFileReference `json:"invocations,omitempty"` 361 362 // An array of external property files containing run.logicalLocations arrays to be merged with the root log file. 363 LogicalLocations []*ExternalPropertyFileReference `json:"logicalLocations,omitempty"` 364 365 // An array of external property files containing run.policies arrays to be merged with the root log file. 366 Policies []*ExternalPropertyFileReference `json:"policies,omitempty"` 367 368 // Key/value pairs that provide additional information about the external property files. 369 Properties *PropertyBag `json:"properties,omitempty"` 370 371 // An array of external property files containing run.results arrays to be merged with the root log file. 372 Results []*ExternalPropertyFileReference `json:"results,omitempty"` 373 374 // An array of external property files containing run.taxonomies arrays to be merged with the root log file. 375 Taxonomies []*ExternalPropertyFileReference `json:"taxonomies,omitempty"` 376 377 // An array of external property files containing run.threadFlowLocations arrays to be merged with the root log file. 378 ThreadFlowLocations []*ExternalPropertyFileReference `json:"threadFlowLocations,omitempty"` 379 380 // An array of external property files containing run.translations arrays to be merged with the root log file. 381 Translations []*ExternalPropertyFileReference `json:"translations,omitempty"` 382 383 // An array of external property files containing run.requests arrays to be merged with the root log file. 384 WebRequests []*ExternalPropertyFileReference `json:"webRequests,omitempty"` 385 386 // An array of external property files containing run.responses arrays to be merged with the root log file. 387 WebResponses []*ExternalPropertyFileReference `json:"webResponses,omitempty"` 388} 389 390// Fix A proposed fix for the problem represented by a result object. 391// A fix specifies a set of artifacts to modify. For each artifact, 392// it specifies a set of bytes to remove, and provides a set of new bytes to replace them. 393type Fix struct { 394 395 // One or more artifact changes that comprise a fix for a result. 396 ArtifactChanges []*ArtifactChange `json:"artifactChanges"` 397 398 // A message that describes the proposed fix, enabling viewers to present the proposed change to an end user. 399 Description *Message `json:"description,omitempty"` 400 401 // Key/value pairs that provide additional information about the fix. 402 Properties *PropertyBag `json:"properties,omitempty"` 403} 404 405// Graph A network of nodes and directed edges that describes some aspect of the 406// structure of the code (for example, a call graph). 407type Graph struct { 408 409 // A description of the graph. 410 Description *Message `json:"description,omitempty"` 411 412 // An array of edge objects representing the edges of the graph. 413 Edges []*Edge `json:"edges,omitempty"` 414 415 // An array of node objects representing the nodes of the graph. 416 Nodes []*Node `json:"nodes,omitempty"` 417 418 // Key/value pairs that provide additional information about the graph. 419 Properties *PropertyBag `json:"properties,omitempty"` 420} 421 422// GraphTraversal Represents a path through a graph. 423type GraphTraversal struct { 424 425 // A description of this graph traversal. 426 Description *Message `json:"description,omitempty"` 427 428 // The sequences of edges traversed by this graph traversal. 429 EdgeTraversals []*EdgeTraversal `json:"edgeTraversals,omitempty"` 430 431 // Values of relevant expressions at the start of the graph traversal that remain constant for the graph traversal. 432 ImmutableState map[string]*MultiformatMessageString `json:"immutableState,omitempty"` 433 434 // Values of relevant expressions at the start of the graph traversal that may change during graph traversal. 435 InitialState map[string]*MultiformatMessageString `json:"initialState,omitempty"` 436 437 // Key/value pairs that provide additional information about the graph traversal. 438 Properties *PropertyBag `json:"properties,omitempty"` 439 440 // The index within the result.graphs to be associated with the result. 441 ResultGraphIndex int `json:"resultGraphIndex,omitempty"` 442 443 // The index within the run.graphs to be associated with the result. 444 RunGraphIndex int `json:"runGraphIndex,omitempty"` 445} 446 447// Invocation The runtime environment of the analysis tool run. 448type Invocation struct { 449 450 // The account under which the invocation occurred. 451 Account string `json:"account,omitempty"` 452 453 // An array of strings, containing in order the command line arguments passed to the tool from the operating system. 454 Arguments []string `json:"arguments,omitempty"` 455 456 // The command line used to invoke the tool. 457 CommandLine string `json:"commandLine,omitempty"` 458 459 // The Coordinated Universal Time (UTC) date and time at which the invocation ended. See "Date/time properties" in the SARIF spec for the required format. 460 EndTimeUtc string `json:"endTimeUtc,omitempty"` 461 462 // The environment variables associated with the analysis tool process, expressed as key/value pairs. 463 EnvironmentVariables map[string]string `json:"environmentVariables,omitempty"` 464 465 // An absolute URI specifying the location of the executable that was invoked. 466 ExecutableLocation *ArtifactLocation `json:"executableLocation,omitempty"` 467 468 // Specifies whether the tool's execution completed successfully. 469 ExecutionSuccessful bool `json:"executionSuccessful"` 470 471 // The process exit code. 472 ExitCode int `json:"exitCode,omitempty"` 473 474 // The reason for the process exit. 475 ExitCodeDescription string `json:"exitCodeDescription,omitempty"` 476 477 // The name of the signal that caused the process to exit. 478 ExitSignalName string `json:"exitSignalName,omitempty"` 479 480 // The numeric value of the signal that caused the process to exit. 481 ExitSignalNumber int `json:"exitSignalNumber,omitempty"` 482 483 // The machine on which the invocation occurred. 484 Machine string `json:"machine,omitempty"` 485 486 // An array of configurationOverride objects that describe notifications related runtime overrides. 487 NotificationConfigurationOverrides []*ConfigurationOverride `json:"notificationConfigurationOverrides,omitempty"` 488 489 // The id of the process in which the invocation occurred. 490 ProcessId int `json:"processId,omitempty"` 491 492 // The reason given by the operating system that the process failed to start. 493 ProcessStartFailureMessage string `json:"processStartFailureMessage,omitempty"` 494 495 // Key/value pairs that provide additional information about the invocation. 496 Properties *PropertyBag `json:"properties,omitempty"` 497 498 // The locations of any response files specified on the tool's command line. 499 ResponseFiles []*ArtifactLocation `json:"responseFiles,omitempty"` 500 501 // An array of configurationOverride objects that describe rules related runtime overrides. 502 RuleConfigurationOverrides []*ConfigurationOverride `json:"ruleConfigurationOverrides,omitempty"` 503 504 // The Coordinated Universal Time (UTC) date and time at which the invocation started. See "Date/time properties" in the SARIF spec for the required format. 505 StartTimeUtc string `json:"startTimeUtc,omitempty"` 506 507 // A file containing the standard error stream from the process that was invoked. 508 Stderr *ArtifactLocation `json:"stderr,omitempty"` 509 510 // A file containing the standard input stream to the process that was invoked. 511 Stdin *ArtifactLocation `json:"stdin,omitempty"` 512 513 // A file containing the standard output stream from the process that was invoked. 514 Stdout *ArtifactLocation `json:"stdout,omitempty"` 515 516 // A file containing the interleaved standard output and standard error stream from the process that was invoked. 517 StdoutStderr *ArtifactLocation `json:"stdoutStderr,omitempty"` 518 519 // A list of conditions detected by the tool that are relevant to the tool's configuration. 520 ToolConfigurationNotifications []*Notification `json:"toolConfigurationNotifications,omitempty"` 521 522 // A list of runtime conditions detected by the tool during the analysis. 523 ToolExecutionNotifications []*Notification `json:"toolExecutionNotifications,omitempty"` 524 525 // The working directory for the invocation. 526 WorkingDirectory *ArtifactLocation `json:"workingDirectory,omitempty"` 527} 528 529// Location A location within a programming artifact. 530type Location struct { 531 532 // A set of regions relevant to the location. 533 Annotations []*Region `json:"annotations,omitempty"` 534 535 // Value that distinguishes this location from all other locations within a single result object. 536 Id int `json:"id,omitempty"` 537 538 // The logical locations associated with the result. 539 LogicalLocations []*LogicalLocation `json:"logicalLocations,omitempty"` 540 541 // A message relevant to the location. 542 Message *Message `json:"message,omitempty"` 543 544 // Identifies the artifact and region. 545 PhysicalLocation *PhysicalLocation `json:"physicalLocation,omitempty"` 546 547 // Key/value pairs that provide additional information about the location. 548 Properties *PropertyBag `json:"properties,omitempty"` 549 550 // An array of objects that describe relationships between this location and others. 551 Relationships []*LocationRelationship `json:"relationships,omitempty"` 552} 553 554// LocationRelationship Information about the relation of one location to another. 555type LocationRelationship struct { 556 557 // A description of the location relationship. 558 Description *Message `json:"description,omitempty"` 559 560 // A set of distinct strings that categorize the relationship. Well-known kinds include 'includes', 'isIncludedBy' and 'relevant'. 561 Kinds []string `json:"kinds,omitempty"` 562 563 // Key/value pairs that provide additional information about the location relationship. 564 Properties *PropertyBag `json:"properties,omitempty"` 565 566 // A reference to the related location. 567 Target int `json:"target"` 568} 569 570// LogFile Static Analysis Results Format (SARIF) Version 2.1.0 JSON Schema. 571type LogFile struct { 572 573 // References to external property files that share data between runs. 574 InlineExternalProperties []*ExternalProperties `json:"inlineExternalProperties,omitempty"` 575 576 // Key/value pairs that provide additional information about the log file. 577 Properties *PropertyBag `json:"properties,omitempty"` 578 579 // The set of runs contained in this log file. 580 Runs []*Run `json:"runs"` 581 582 // The URI of the JSON schema corresponding to the version. 583 Schema string `json:"$schema,omitempty"` 584 585 // The SARIF format version of this log file. 586 Version interface{} `json:"version"` 587} 588 589// LogicalLocation A logical location of a construct that produced a result. 590type LogicalLocation struct { 591 592 // The machine-readable name for the logical location, such as a mangled function name provided by a C++ compiler that encodes calling convention, return type and other details along with the function name. 593 DecoratedName string `json:"decoratedName,omitempty"` 594 595 // The human-readable fully qualified name of the logical location. 596 FullyQualifiedName string `json:"fullyQualifiedName,omitempty"` 597 598 // The index within the logical locations array. 599 Index int `json:"index,omitempty"` 600 601 // The type of construct this logical location component refers to. Should be one of 'function', 'member', 'module', 'namespace', 'parameter', 'resource', 'returnType', 'type', 'variable', 'object', 'array', 'property', 'value', 'element', 'text', 'attribute', 'comment', 'declaration', 'dtd' or 'processingInstruction', if any of those accurately describe the construct. 602 Kind string `json:"kind,omitempty"` 603 604 // Identifies the construct in which the result occurred. For example, this property might contain the name of a class or a method. 605 Name string `json:"name,omitempty"` 606 607 // Identifies the index of the immediate parent of the construct in which the result was detected. For example, this property might point to a logical location that represents the namespace that holds a type. 608 ParentIndex int `json:"parentIndex,omitempty"` 609 610 // Key/value pairs that provide additional information about the logical location. 611 Properties *PropertyBag `json:"properties,omitempty"` 612} 613 614// Message Encapsulates a message intended to be read by the end user. 615type Message struct { 616 617 // An array of strings to substitute into the message string. 618 Arguments []string `json:"arguments,omitempty"` 619 620 // The identifier for this message. 621 Id string `json:"id,omitempty"` 622 623 // A Markdown message string. 624 Markdown string `json:"markdown,omitempty"` 625 626 // Key/value pairs that provide additional information about the message. 627 Properties *PropertyBag `json:"properties,omitempty"` 628 629 // A plain text message string. 630 Text string `json:"text,omitempty"` 631} 632 633// MultiformatMessageString A message string or message format string rendered in multiple formats. 634type MultiformatMessageString struct { 635 636 // A Markdown message string or format string. 637 Markdown string `json:"markdown,omitempty"` 638 639 // Key/value pairs that provide additional information about the message. 640 Properties *PropertyBag `json:"properties,omitempty"` 641 642 // A plain text message string or format string. 643 Text string `json:"text"` 644} 645 646// Node Represents a node in a graph. 647type Node struct { 648 649 // Array of child nodes. 650 Children []*Node `json:"children,omitempty"` 651 652 // A string that uniquely identifies the node within its graph. 653 Id string `json:"id"` 654 655 // A short description of the node. 656 Label *Message `json:"label,omitempty"` 657 658 // A code location associated with the node. 659 Location *Location `json:"location,omitempty"` 660 661 // Key/value pairs that provide additional information about the node. 662 Properties *PropertyBag `json:"properties,omitempty"` 663} 664 665// Notification Describes a condition relevant to the tool itself, as opposed to being relevant to a target being analyzed by the tool. 666type Notification struct { 667 668 // A reference used to locate the rule descriptor associated with this notification. 669 AssociatedRule *ReportingDescriptorReference `json:"associatedRule,omitempty"` 670 671 // A reference used to locate the descriptor relevant to this notification. 672 Descriptor *ReportingDescriptorReference `json:"descriptor,omitempty"` 673 674 // The runtime exception, if any, relevant to this notification. 675 Exception *Exception `json:"exception,omitempty"` 676 677 // A value specifying the severity level of the notification. 678 Level interface{} `json:"level,omitempty"` 679 680 // The locations relevant to this notification. 681 Locations []*Location `json:"locations,omitempty"` 682 683 // A message that describes the condition that was encountered. 684 Message *Message `json:"message"` 685 686 // Key/value pairs that provide additional information about the notification. 687 Properties *PropertyBag `json:"properties,omitempty"` 688 689 // The thread identifier of the code that generated the notification. 690 ThreadId int `json:"threadId,omitempty"` 691 692 // The Coordinated Universal Time (UTC) date and time at which the analysis tool generated the notification. 693 TimeUtc string `json:"timeUtc,omitempty"` 694} 695 696// PhysicalLocation A physical location relevant to a result. Specifies a reference to a programming artifact together with a range of bytes or characters within that artifact. 697type PhysicalLocation struct { 698 699 // The address of the location. 700 Address *Address `json:"address,omitempty"` 701 702 // The location of the artifact. 703 ArtifactLocation *ArtifactLocation `json:"artifactLocation,omitempty"` 704 705 // Specifies a portion of the artifact that encloses the region. Allows a viewer to display additional context around the region. 706 ContextRegion *Region `json:"contextRegion,omitempty"` 707 708 // Key/value pairs that provide additional information about the physical location. 709 Properties *PropertyBag `json:"properties,omitempty"` 710 711 // Specifies a portion of the artifact. 712 Region *Region `json:"region,omitempty"` 713} 714 715type PropertyBag map[string]interface{} 716 717/* 718// PropertyBag Key/value pairs that provide additional information about the object. 719type PropertyBag struct { 720 AdditionalProperties map[string]interface{} `json:"-,omitempty"` 721 722 // A set of distinct strings that provide additional information. 723 Tags []string `json:"tags,omitempty"` 724} 725*/ 726// Rectangle An area within an image. 727type Rectangle struct { 728 729 // The Y coordinate of the bottom edge of the rectangle, measured in the image's natural units. 730 Bottom float64 `json:"bottom,omitempty"` 731 732 // The X coordinate of the left edge of the rectangle, measured in the image's natural units. 733 Left float64 `json:"left,omitempty"` 734 735 // A message relevant to the rectangle. 736 Message *Message `json:"message,omitempty"` 737 738 // Key/value pairs that provide additional information about the rectangle. 739 Properties *PropertyBag `json:"properties,omitempty"` 740 741 // The X coordinate of the right edge of the rectangle, measured in the image's natural units. 742 Right float64 `json:"right,omitempty"` 743 744 // The Y coordinate of the top edge of the rectangle, measured in the image's natural units. 745 Top float64 `json:"top,omitempty"` 746} 747 748// Region A region within an artifact where a result was detected. 749type Region struct { 750 751 // The length of the region in bytes. 752 ByteLength int `json:"byteLength,omitempty"` 753 754 // The zero-based offset from the beginning of the artifact of the first byte in the region. 755 ByteOffset int `json:"byteOffset,omitempty"` 756 757 // The length of the region in characters. 758 CharLength int `json:"charLength,omitempty"` 759 760 // The zero-based offset from the beginning of the artifact of the first character in the region. 761 CharOffset int `json:"charOffset,omitempty"` 762 763 // The column number of the character following the end of the region. 764 EndColumn int `json:"endColumn,omitempty"` 765 766 // The line number of the last character in the region. 767 EndLine int `json:"endLine,omitempty"` 768 769 // A message relevant to the region. 770 Message *Message `json:"message,omitempty"` 771 772 // Key/value pairs that provide additional information about the region. 773 Properties *PropertyBag `json:"properties,omitempty"` 774 775 // The portion of the artifact contents within the specified region. 776 Snippet *ArtifactContent `json:"snippet,omitempty"` 777 778 // Specifies the source language, if any, of the portion of the artifact specified by the region object. 779 SourceLanguage string `json:"sourceLanguage,omitempty"` 780 781 // The column number of the first character in the region. 782 StartColumn int `json:"startColumn,omitempty"` 783 784 // The line number of the first character in the region. 785 StartLine int `json:"startLine,omitempty"` 786} 787 788// Replacement The replacement of a single region of an artifact. 789type Replacement struct { 790 791 // The region of the artifact to delete. 792 DeletedRegion *Region `json:"deletedRegion"` 793 794 // The content to insert at the location specified by the 'deletedRegion' property. 795 InsertedContent *ArtifactContent `json:"insertedContent,omitempty"` 796 797 // Key/value pairs that provide additional information about the replacement. 798 Properties *PropertyBag `json:"properties,omitempty"` 799} 800 801// ReportingConfiguration Information about a rule or notification that can be configured at runtime. 802type ReportingConfiguration struct { 803 804 // Specifies whether the report may be produced during the scan. 805 Enabled bool `json:"enabled,omitempty"` 806 807 // Specifies the failure level for the report. 808 Level interface{} `json:"level,omitempty"` 809 810 // Contains configuration information specific to a report. 811 Parameters *PropertyBag `json:"parameters,omitempty"` 812 813 // Key/value pairs that provide additional information about the reporting configuration. 814 Properties *PropertyBag `json:"properties,omitempty"` 815 816 // Specifies the relative priority of the report. Used for analysis output only. 817 Rank float64 `json:"rank,omitempty"` 818} 819 820// ReportingDescriptor Metadata that describes a specific report produced by the tool, as part of the analysis it provides or its runtime reporting. 821type ReportingDescriptor struct { 822 823 // Default reporting configuration information. 824 DefaultConfiguration *ReportingConfiguration `json:"defaultConfiguration,omitempty"` 825 826 // An array of unique identifies in the form of a GUID by which this report was known in some previous version of the analysis tool. 827 DeprecatedGuids []string `json:"deprecatedGuids,omitempty"` 828 829 // An array of stable, opaque identifiers by which this report was known in some previous version of the analysis tool. 830 DeprecatedIds []string `json:"deprecatedIds,omitempty"` 831 832 // An array of readable identifiers by which this report was known in some previous version of the analysis tool. 833 DeprecatedNames []string `json:"deprecatedNames,omitempty"` 834 835 // A description of the report. Should, as far as possible, provide details sufficient to enable resolution of any problem indicated by the result. 836 FullDescription *MultiformatMessageString `json:"fullDescription,omitempty"` 837 838 // A unique identifer for the reporting descriptor in the form of a GUID. 839 Guid string `json:"guid,omitempty"` 840 841 // Provides the primary documentation for the report, useful when there is no online documentation. 842 Help *MultiformatMessageString `json:"help,omitempty"` 843 844 // A URI where the primary documentation for the report can be found. 845 HelpUri string `json:"helpUri,omitempty"` 846 847 // A stable, opaque identifier for the report. 848 Id string `json:"id"` 849 850 // A set of name/value pairs with arbitrary names. Each value is a multiformatMessageString object, which holds message strings in plain text and (optionally) Markdown format. The strings can include placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments. 851 MessageStrings map[string]*MultiformatMessageString `json:"messageStrings,omitempty"` 852 853 // A report identifier that is understandable to an end user. 854 Name string `json:"name,omitempty"` 855 856 // Key/value pairs that provide additional information about the report. 857 Properties *PropertyBag `json:"properties,omitempty"` 858 859 // An array of objects that describe relationships between this reporting descriptor and others. 860 Relationships []*ReportingDescriptorRelationship `json:"relationships,omitempty"` 861 862 // A concise description of the report. Should be a single sentence that is understandable when visible space is limited to a single line of text. 863 ShortDescription *MultiformatMessageString `json:"shortDescription,omitempty"` 864} 865 866// ReportingDescriptorReference Information about how to locate a relevant reporting descriptor. 867type ReportingDescriptorReference struct { 868 869 // A guid that uniquely identifies the descriptor. 870 Guid string `json:"guid,omitempty"` 871 872 // The id of the descriptor. 873 Id string `json:"id,omitempty"` 874 875 // The index into an array of descriptors in toolComponent.ruleDescriptors, toolComponent.notificationDescriptors, or toolComponent.taxonomyDescriptors, depending on context. 876 Index int `json:"index,omitempty"` 877 878 // Key/value pairs that provide additional information about the reporting descriptor reference. 879 Properties *PropertyBag `json:"properties,omitempty"` 880 881 // A reference used to locate the toolComponent associated with the descriptor. 882 ToolComponent *ToolComponentReference `json:"toolComponent,omitempty"` 883} 884 885// ReportingDescriptorRelationship Information about the relation of one reporting descriptor to another. 886type ReportingDescriptorRelationship struct { 887 888 // A description of the reporting descriptor relationship. 889 Description *Message `json:"description,omitempty"` 890 891 // A set of distinct strings that categorize the relationship. Well-known kinds include 'canPrecede', 'canFollow', 'willPrecede', 'willFollow', 'superset', 'subset', 'equal', 'disjoint', 'relevant', and 'incomparable'. 892 Kinds []string `json:"kinds,omitempty"` 893 894 // Key/value pairs that provide additional information about the reporting descriptor reference. 895 Properties *PropertyBag `json:"properties,omitempty"` 896 897 // A reference to the related reporting descriptor. 898 Target *ReportingDescriptorReference `json:"target"` 899} 900 901// Result A result produced by an analysis tool. 902type Result struct { 903 904 // Identifies the artifact that the analysis tool was instructed to scan. This need not be the same as the artifact where the result actually occurred. 905 AnalysisTarget *ArtifactLocation `json:"analysisTarget,omitempty"` 906 907 // A set of artifacts relevant to the result. 908 Attachments []*Attachment `json:"attachments,omitempty"` 909 910 // The state of a result relative to a baseline of a previous run. 911 BaselineState interface{} `json:"baselineState,omitempty"` 912 913 // An array of 'codeFlow' objects relevant to the result. 914 CodeFlows []*CodeFlow `json:"codeFlows,omitempty"` 915 916 // A stable, unique identifier for the equivalence class of logically identical results to which this result belongs, in the form of a GUID. 917 CorrelationGuid string `json:"correlationGuid,omitempty"` 918 919 // A set of strings each of which individually defines a stable, unique identity for the result. 920 Fingerprints map[string]string `json:"fingerprints,omitempty"` 921 922 // An array of 'fix' objects, each of which represents a proposed fix to the problem indicated by the result. 923 Fixes []*Fix `json:"fixes,omitempty"` 924 925 // An array of one or more unique 'graphTraversal' objects. 926 GraphTraversals []*GraphTraversal `json:"graphTraversals,omitempty"` 927 928 // An array of zero or more unique graph objects associated with the result. 929 Graphs []*Graph `json:"graphs,omitempty"` 930 931 // A stable, unique identifer for the result in the form of a GUID. 932 Guid string `json:"guid,omitempty"` 933 934 // An absolute URI at which the result can be viewed. 935 HostedViewerUri string `json:"hostedViewerUri,omitempty"` 936 937 // A value that categorizes results by evaluation state. 938 Kind interface{} `json:"kind,omitempty"` 939 940 // A value specifying the severity level of the result. 941 Level interface{} `json:"level,omitempty"` 942 943 // The set of locations where the result was detected. Specify only one location unless the problem indicated by the result can only be corrected by making a change at every specified location. 944 Locations []*Location `json:"locations,omitempty"` 945 946 // A message that describes the result. The first sentence of the message only will be displayed when visible space is limited. 947 Message *Message `json:"message"` 948 949 // A positive integer specifying the number of times this logically unique result was observed in this run. 950 OccurrenceCount int `json:"occurrenceCount,omitempty"` 951 952 // A set of strings that contribute to the stable, unique identity of the result. 953 PartialFingerprints map[string]string `json:"partialFingerprints,omitempty"` 954 955 // Key/value pairs that provide additional information about the result. 956 Properties *PropertyBag `json:"properties,omitempty"` 957 958 // Information about how and when the result was detected. 959 Provenance *ResultProvenance `json:"provenance,omitempty"` 960 961 // A number representing the priority or importance of the result. 962 Rank float64 `json:"rank,omitempty"` 963 964 // A set of locations relevant to this result. 965 RelatedLocations []*Location `json:"relatedLocations,omitempty"` 966 967 // A reference used to locate the rule descriptor relevant to this result. 968 Rule *ReportingDescriptorReference `json:"rule,omitempty"` 969 970 // The stable, unique identifier of the rule, if any, to which this result is relevant. 971 RuleId string `json:"ruleId,omitempty"` 972 973 // The index within the tool component rules array of the rule object associated with this result. 974 RuleIndex int `json:"ruleIndex,omitempty"` 975 976 // An array of 'stack' objects relevant to the result. 977 Stacks []*Stack `json:"stacks,omitempty"` 978 979 // A set of suppressions relevant to this result. 980 Suppressions []*Suppression `json:"suppressions,omitempty"` 981 982 // An array of references to taxonomy reporting descriptors that are applicable to the result. 983 Taxa []*ReportingDescriptorReference `json:"taxa,omitempty"` 984 985 // A web request associated with this result. 986 WebRequest *WebRequest `json:"webRequest,omitempty"` 987 988 // A web response associated with this result. 989 WebResponse *WebResponse `json:"webResponse,omitempty"` 990 991 // The URIs of the work items associated with this result. 992 WorkItemUris []string `json:"workItemUris,omitempty"` 993} 994 995// ResultProvenance Contains information about how and when a result was detected. 996type ResultProvenance struct { 997 998 // An array of physicalLocation objects which specify the portions of an analysis tool's output that a converter transformed into the result. 999 ConversionSources []*PhysicalLocation `json:"conversionSources,omitempty"` 1000 1001 // A GUID-valued string equal to the automationDetails.guid property of the run in which the result was first detected. 1002 FirstDetectionRunGuid string `json:"firstDetectionRunGuid,omitempty"` 1003 1004 // The Coordinated Universal Time (UTC) date and time at which the result was first detected. See "Date/time properties" in the SARIF spec for the required format. 1005 FirstDetectionTimeUtc string `json:"firstDetectionTimeUtc,omitempty"` 1006 1007 // The index within the run.invocations array of the invocation object which describes the tool invocation that detected the result. 1008 InvocationIndex int `json:"invocationIndex,omitempty"` 1009 1010 // A GUID-valued string equal to the automationDetails.guid property of the run in which the result was most recently detected. 1011 LastDetectionRunGuid string `json:"lastDetectionRunGuid,omitempty"` 1012 1013 // The Coordinated Universal Time (UTC) date and time at which the result was most recently detected. See "Date/time properties" in the SARIF spec for the required format. 1014 LastDetectionTimeUtc string `json:"lastDetectionTimeUtc,omitempty"` 1015 1016 // Key/value pairs that provide additional information about the result. 1017 Properties *PropertyBag `json:"properties,omitempty"` 1018} 1019 1020// Run Describes a single run of an analysis tool, and contains the reported output of that run. 1021type Run struct { 1022 1023 // Addresses associated with this run instance, if any. 1024 Addresses []*Address `json:"addresses,omitempty"` 1025 1026 // An array of artifact objects relevant to the run. 1027 Artifacts []*Artifact `json:"artifacts,omitempty"` 1028 1029 // Automation details that describe this run. 1030 AutomationDetails *RunAutomationDetails `json:"automationDetails,omitempty"` 1031 1032 // The 'guid' property of a previous SARIF 'run' that comprises the baseline that was used to compute result 'baselineState' properties for the run. 1033 BaselineGuid string `json:"baselineGuid,omitempty"` 1034 1035 // Specifies the unit in which the tool measures columns. 1036 ColumnKind interface{} `json:"columnKind,omitempty"` 1037 1038 // A conversion object that describes how a converter transformed an analysis tool's native reporting format into the SARIF format. 1039 Conversion *Conversion `json:"conversion,omitempty"` 1040 1041 // Specifies the default encoding for any artifact object that refers to a text file. 1042 DefaultEncoding string `json:"defaultEncoding,omitempty"` 1043 1044 // Specifies the default source language for any artifact object that refers to a text file that contains source code. 1045 DefaultSourceLanguage string `json:"defaultSourceLanguage,omitempty"` 1046 1047 // References to external property files that should be inlined with the content of a root log file. 1048 ExternalPropertyFileReferences *ExternalPropertyFileReferences `json:"externalPropertyFileReferences,omitempty"` 1049 1050 // An array of zero or more unique graph objects associated with the run. 1051 Graphs []*Graph `json:"graphs,omitempty"` 1052 1053 // Describes the invocation of the analysis tool. 1054 Invocations []*Invocation `json:"invocations,omitempty"` 1055 1056 // The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase culture code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646). 1057 Language string `json:"language,omitempty"` 1058 1059 // An array of logical locations such as namespaces, types or functions. 1060 LogicalLocations []*LogicalLocation `json:"logicalLocations,omitempty"` 1061 1062 // An ordered list of character sequences that were treated as line breaks when computing region information for the run. 1063 NewlineSequences []string `json:"newlineSequences,omitempty"` 1064 1065 // The artifact location specified by each uriBaseId symbol on the machine where the tool originally ran. 1066 OriginalUriBaseIds map[string]*ArtifactLocation `json:"originalUriBaseIds,omitempty"` 1067 1068 // Contains configurations that may potentially override both reportingDescriptor.defaultConfiguration (the tool's default severities) and invocation.configurationOverrides (severities established at run-time from the command line). 1069 Policies []*ToolComponent `json:"policies,omitempty"` 1070 1071 // Key/value pairs that provide additional information about the run. 1072 Properties *PropertyBag `json:"properties,omitempty"` 1073 1074 // An array of strings used to replace sensitive information in a redaction-aware property. 1075 RedactionTokens []string `json:"redactionTokens,omitempty"` 1076 1077 // The set of results contained in an SARIF log. The results array can be omitted when a run is solely exporting rules metadata. It must be present (but may be empty) if a log file represents an actual scan. 1078 Results []*Result `json:"results,omitempty"` 1079 1080 // Automation details that describe the aggregate of runs to which this run belongs. 1081 RunAggregates []*RunAutomationDetails `json:"runAggregates,omitempty"` 1082 1083 // A specialLocations object that defines locations of special significance to SARIF consumers. 1084 SpecialLocations *SpecialLocations `json:"specialLocations,omitempty"` 1085 1086 // An array of toolComponent objects relevant to a taxonomy in which results are categorized. 1087 Taxonomies []*ToolComponent `json:"taxonomies,omitempty"` 1088 1089 // An array of threadFlowLocation objects cached at run level. 1090 ThreadFlowLocations []*ThreadFlowLocation `json:"threadFlowLocations,omitempty"` 1091 1092 // Information about the tool or tool pipeline that generated the results in this run. A run can only contain results produced by a single tool or tool pipeline. A run can aggregate results from multiple log files, as long as context around the tool run (tool command-line arguments and the like) is identical for all aggregated files. 1093 Tool *Tool `json:"tool"` 1094 1095 // The set of available translations of the localized data provided by the tool. 1096 Translations []*ToolComponent `json:"translations,omitempty"` 1097 1098 // Specifies the revision in version control of the artifacts that were scanned. 1099 VersionControlProvenance []*VersionControlDetails `json:"versionControlProvenance,omitempty"` 1100 1101 // An array of request objects cached at run level. 1102 WebRequests []*WebRequest `json:"webRequests,omitempty"` 1103 1104 // An array of response objects cached at run level. 1105 WebResponses []*WebResponse `json:"webResponses,omitempty"` 1106} 1107 1108// RunAutomationDetails Information that describes a run's identity and role within an engineering system process. 1109type RunAutomationDetails struct { 1110 1111 // A stable, unique identifier for the equivalence class of runs to which this object's containing run object belongs in the form of a GUID. 1112 CorrelationGuid string `json:"correlationGuid,omitempty"` 1113 1114 // A description of the identity and role played within the engineering system by this object's containing run object. 1115 Description *Message `json:"description,omitempty"` 1116 1117 // A stable, unique identifer for this object's containing run object in the form of a GUID. 1118 Guid string `json:"guid,omitempty"` 1119 1120 // A hierarchical string that uniquely identifies this object's containing run object. 1121 Id string `json:"id,omitempty"` 1122 1123 // Key/value pairs that provide additional information about the run automation details. 1124 Properties *PropertyBag `json:"properties,omitempty"` 1125} 1126 1127// SpecialLocations Defines locations of special significance to SARIF consumers. 1128type SpecialLocations struct { 1129 1130 // Provides a suggestion to SARIF consumers to display file paths relative to the specified location. 1131 DisplayBase *ArtifactLocation `json:"displayBase,omitempty"` 1132 1133 // Key/value pairs that provide additional information about the special locations. 1134 Properties *PropertyBag `json:"properties,omitempty"` 1135} 1136 1137// Stack A call stack that is relevant to a result. 1138type Stack struct { 1139 1140 // An array of stack frames that represents a sequence of calls, rendered in reverse chronological order, that comprise the call stack. 1141 Frames []*StackFrame `json:"frames"` 1142 1143 // A message relevant to this call stack. 1144 Message *Message `json:"message,omitempty"` 1145 1146 // Key/value pairs that provide additional information about the stack. 1147 Properties *PropertyBag `json:"properties,omitempty"` 1148} 1149 1150// StackFrame A function call within a stack trace. 1151type StackFrame struct { 1152 1153 // The location to which this stack frame refers. 1154 Location *Location `json:"location,omitempty"` 1155 1156 // The name of the module that contains the code of this stack frame. 1157 Module string `json:"module,omitempty"` 1158 1159 // The parameters of the call that is executing. 1160 Parameters []string `json:"parameters,omitempty"` 1161 1162 // Key/value pairs that provide additional information about the stack frame. 1163 Properties *PropertyBag `json:"properties,omitempty"` 1164 1165 // The thread identifier of the stack frame. 1166 ThreadId int `json:"threadId,omitempty"` 1167} 1168 1169// Suppression A suppression that is relevant to a result. 1170type Suppression struct { 1171 1172 // A stable, unique identifer for the supression in the form of a GUID. 1173 Guid string `json:"guid,omitempty"` 1174 1175 // A string representing the justification for the suppression. 1176 Justification string `json:"justification,omitempty"` 1177 1178 // A string that indicates where the suppression is persisted. 1179 Kind string `json:"kind"` 1180 1181 // Identifies the location associated with the suppression. 1182 Location *Location `json:"location,omitempty"` 1183 1184 // Key/value pairs that provide additional information about the suppression. 1185 Properties *PropertyBag `json:"properties,omitempty"` 1186 1187 // A string that indicates the review status of the suppression. 1188 Status interface{} `json:"status,omitempty"` 1189} 1190 1191// ThreadFlow Describes a sequence of code locations that specify a path through a single thread of execution such as an operating system or fiber. 1192type ThreadFlow struct { 1193 1194 // An string that uniquely identifies the threadFlow within the codeFlow in which it occurs. 1195 Id string `json:"id,omitempty"` 1196 1197 // Values of relevant expressions at the start of the thread flow that remain constant. 1198 ImmutableState map[string]*MultiformatMessageString `json:"immutableState,omitempty"` 1199 1200 // Values of relevant expressions at the start of the thread flow that may change during thread flow execution. 1201 InitialState map[string]*MultiformatMessageString `json:"initialState,omitempty"` 1202 1203 // A temporally ordered array of 'threadFlowLocation' objects, each of which describes a location visited by the tool while producing the result. 1204 Locations []*ThreadFlowLocation `json:"locations"` 1205 1206 // A message relevant to the thread flow. 1207 Message *Message `json:"message,omitempty"` 1208 1209 // Key/value pairs that provide additional information about the thread flow. 1210 Properties *PropertyBag `json:"properties,omitempty"` 1211} 1212 1213// ThreadFlowLocation A location visited by an analysis tool while simulating or monitoring the execution of a program. 1214type ThreadFlowLocation struct { 1215 1216 // An integer representing the temporal order in which execution reached this location. 1217 ExecutionOrder int `json:"executionOrder,omitempty"` 1218 1219 // The Coordinated Universal Time (UTC) date and time at which this location was executed. 1220 ExecutionTimeUtc string `json:"executionTimeUtc,omitempty"` 1221 1222 // Specifies the importance of this location in understanding the code flow in which it occurs. The order from most to least important is "essential", "important", "unimportant". Default: "important". 1223 Importance interface{} `json:"importance,omitempty"` 1224 1225 // The index within the run threadFlowLocations array. 1226 Index int `json:"index,omitempty"` 1227 1228 // A set of distinct strings that categorize the thread flow location. Well-known kinds include 'acquire', 'release', 'enter', 'exit', 'call', 'return', 'branch', 'implicit', 'false', 'true', 'caution', 'danger', 'unknown', 'unreachable', 'taint', 'function', 'handler', 'lock', 'memory', 'resource', 'scope' and 'value'. 1229 Kinds []string `json:"kinds,omitempty"` 1230 1231 // The code location. 1232 Location *Location `json:"location,omitempty"` 1233 1234 // The name of the module that contains the code that is executing. 1235 Module string `json:"module,omitempty"` 1236 1237 // An integer representing a containment hierarchy within the thread flow. 1238 NestingLevel int `json:"nestingLevel,omitempty"` 1239 1240 // Key/value pairs that provide additional information about the threadflow location. 1241 Properties *PropertyBag `json:"properties,omitempty"` 1242 1243 // The call stack leading to this location. 1244 Stack *Stack `json:"stack,omitempty"` 1245 1246 // A dictionary, each of whose keys specifies a variable or expression, the associated value of which represents the variable or expression value. For an annotation of kind 'continuation', for example, this dictionary might hold the current assumed values of a set of global variables. 1247 State map[string]*MultiformatMessageString `json:"state,omitempty"` 1248 1249 // An array of references to rule or taxonomy reporting descriptors that are applicable to the thread flow location. 1250 Taxa []*ReportingDescriptorReference `json:"taxa,omitempty"` 1251 1252 // A web request associated with this thread flow location. 1253 WebRequest *WebRequest `json:"webRequest,omitempty"` 1254 1255 // A web response associated with this thread flow location. 1256 WebResponse *WebResponse `json:"webResponse,omitempty"` 1257} 1258 1259// Tool The analysis tool that was run. 1260type Tool struct { 1261 1262 // The analysis tool that was run. 1263 Driver *ToolComponent `json:"driver"` 1264 1265 // Tool extensions that contributed to or reconfigured the analysis tool that was run. 1266 Extensions []*ToolComponent `json:"extensions,omitempty"` 1267 1268 // Key/value pairs that provide additional information about the tool. 1269 Properties *PropertyBag `json:"properties,omitempty"` 1270} 1271 1272// ToolComponent A component, such as a plug-in or the driver, of the analysis tool that was run. 1273type ToolComponent struct { 1274 1275 // The component which is strongly associated with this component. For a translation, this refers to the component which has been translated. For an extension, this is the driver that provides the extension's plugin model. 1276 AssociatedComponent *ToolComponentReference `json:"associatedComponent,omitempty"` 1277 1278 // The kinds of data contained in this object. 1279 Contents []interface{} `json:"contents,omitempty"` 1280 1281 // The binary version of the tool component's primary executable file expressed as four non-negative integers separated by a period (for operating systems that express file versions in this way). 1282 DottedQuadFileVersion string `json:"dottedQuadFileVersion,omitempty"` 1283 1284 // The absolute URI from which the tool component can be downloaded. 1285 DownloadUri string `json:"downloadUri,omitempty"` 1286 1287 // A comprehensive description of the tool component. 1288 FullDescription *MultiformatMessageString `json:"fullDescription,omitempty"` 1289 1290 // The name of the tool component along with its version and any other useful identifying information, such as its locale. 1291 FullName string `json:"fullName,omitempty"` 1292 1293 // A dictionary, each of whose keys is a resource identifier and each of whose values is a multiformatMessageString object, which holds message strings in plain text and (optionally) Markdown format. The strings can include placeholders, which can be used to construct a message in combination with an arbitrary number of additional string arguments. 1294 GlobalMessageStrings map[string]*MultiformatMessageString `json:"globalMessageStrings,omitempty"` 1295 1296 // A unique identifer for the tool component in the form of a GUID. 1297 Guid string `json:"guid,omitempty"` 1298 1299 // The absolute URI at which information about this version of the tool component can be found. 1300 InformationUri string `json:"informationUri,omitempty"` 1301 1302 // Specifies whether this object contains a complete definition of the localizable and/or non-localizable data for this component, as opposed to including only data that is relevant to the results persisted to this log file. 1303 IsComprehensive bool `json:"isComprehensive,omitempty"` 1304 1305 // The language of the messages emitted into the log file during this run (expressed as an ISO 639-1 two-letter lowercase language code) and an optional region (expressed as an ISO 3166-1 two-letter uppercase subculture code associated with a country or region). The casing is recommended but not required (in order for this data to conform to RFC5646). 1306 Language string `json:"language,omitempty"` 1307 1308 // The semantic version of the localized strings defined in this component; maintained by components that provide translations. 1309 LocalizedDataSemanticVersion string `json:"localizedDataSemanticVersion,omitempty"` 1310 1311 // An array of the artifactLocation objects associated with the tool component. 1312 Locations []*ArtifactLocation `json:"locations,omitempty"` 1313 1314 // The minimum value of localizedDataSemanticVersion required in translations consumed by this component; used by components that consume translations. 1315 MinimumRequiredLocalizedDataSemanticVersion string `json:"minimumRequiredLocalizedDataSemanticVersion,omitempty"` 1316 1317 // The name of the tool component. 1318 Name string `json:"name"` 1319 1320 // An array of reportingDescriptor objects relevant to the notifications related to the configuration and runtime execution of the tool component. 1321 Notifications []*ReportingDescriptor `json:"notifications,omitempty"` 1322 1323 // The organization or company that produced the tool component. 1324 Organization string `json:"organization,omitempty"` 1325 1326 // A product suite to which the tool component belongs. 1327 Product string `json:"product,omitempty"` 1328 1329 // A localizable string containing the name of the suite of products to which the tool component belongs. 1330 ProductSuite string `json:"productSuite,omitempty"` 1331 1332 // Key/value pairs that provide additional information about the tool component. 1333 Properties *PropertyBag `json:"properties,omitempty"` 1334 1335 // A string specifying the UTC date (and optionally, the time) of the component's release. 1336 ReleaseDateUtc string `json:"releaseDateUtc,omitempty"` 1337 1338 // An array of reportingDescriptor objects relevant to the analysis performed by the tool component. 1339 Rules []*ReportingDescriptor `json:"rules,omitempty"` 1340 1341 // The tool component version in the format specified by Semantic Versioning 2.0. 1342 SemanticVersion string `json:"semanticVersion,omitempty"` 1343 1344 // A brief description of the tool component. 1345 ShortDescription *MultiformatMessageString `json:"shortDescription,omitempty"` 1346 1347 // An array of toolComponentReference objects to declare the taxonomies supported by the tool component. 1348 SupportedTaxonomies []*ToolComponentReference `json:"supportedTaxonomies,omitempty"` 1349 1350 // An array of reportingDescriptor objects relevant to the definitions of both standalone and tool-defined taxonomies. 1351 Taxa []*ReportingDescriptor `json:"taxa,omitempty"` 1352 1353 // Translation metadata, required for a translation, not populated by other component types. 1354 TranslationMetadata *TranslationMetadata `json:"translationMetadata,omitempty"` 1355 1356 // The tool component version, in whatever format the component natively provides. 1357 Version string `json:"version,omitempty"` 1358} 1359 1360// ToolComponentReference Identifies a particular toolComponent object, either the driver or an extension. 1361type ToolComponentReference struct { 1362 1363 // The 'guid' property of the referenced toolComponent. 1364 Guid string `json:"guid,omitempty"` 1365 1366 // An index into the referenced toolComponent in tool.extensions. 1367 Index int `json:"index,omitempty"` 1368 1369 // The 'name' property of the referenced toolComponent. 1370 Name string `json:"name,omitempty"` 1371 1372 // Key/value pairs that provide additional information about the toolComponentReference. 1373 Properties *PropertyBag `json:"properties,omitempty"` 1374} 1375 1376// TranslationMetadata Provides additional metadata related to translation. 1377type TranslationMetadata struct { 1378 1379 // The absolute URI from which the translation metadata can be downloaded. 1380 DownloadUri string `json:"downloadUri,omitempty"` 1381 1382 // A comprehensive description of the translation metadata. 1383 FullDescription *MultiformatMessageString `json:"fullDescription,omitempty"` 1384 1385 // The full name associated with the translation metadata. 1386 FullName string `json:"fullName,omitempty"` 1387 1388 // The absolute URI from which information related to the translation metadata can be downloaded. 1389 InformationUri string `json:"informationUri,omitempty"` 1390 1391 // The name associated with the translation metadata. 1392 Name string `json:"name"` 1393 1394 // Key/value pairs that provide additional information about the translation metadata. 1395 Properties *PropertyBag `json:"properties,omitempty"` 1396 1397 // A brief description of the translation metadata. 1398 ShortDescription *MultiformatMessageString `json:"shortDescription,omitempty"` 1399} 1400 1401// VersionControlDetails Specifies the information necessary to retrieve a desired revision from a version control system. 1402type VersionControlDetails struct { 1403 1404 // A Coordinated Universal Time (UTC) date and time that can be used to synchronize an enlistment to the state of the repository at that time. 1405 AsOfTimeUtc string `json:"asOfTimeUtc,omitempty"` 1406 1407 // The name of a branch containing the revision. 1408 Branch string `json:"branch,omitempty"` 1409 1410 // The location in the local file system to which the root of the repository was mapped at the time of the analysis. 1411 MappedTo *ArtifactLocation `json:"mappedTo,omitempty"` 1412 1413 // Key/value pairs that provide additional information about the version control details. 1414 Properties *PropertyBag `json:"properties,omitempty"` 1415 1416 // The absolute URI of the repository. 1417 RepositoryUri string `json:"repositoryUri"` 1418 1419 // A string that uniquely and permanently identifies the revision within the repository. 1420 RevisionId string `json:"revisionId,omitempty"` 1421 1422 // A tag that has been applied to the revision. 1423 RevisionTag string `json:"revisionTag,omitempty"` 1424} 1425 1426// WebRequest Describes an HTTP request. 1427type WebRequest struct { 1428 1429 // The body of the request. 1430 Body *ArtifactContent `json:"body,omitempty"` 1431 1432 // The request headers. 1433 Headers map[string]string `json:"headers,omitempty"` 1434 1435 // The index within the run.webRequests array of the request object associated with this result. 1436 Index int `json:"index,omitempty"` 1437 1438 // The HTTP method. Well-known values are 'GET', 'PUT', 'POST', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS', 'TRACE', 'CONNECT'. 1439 Method string `json:"method,omitempty"` 1440 1441 // The request parameters. 1442 Parameters map[string]string `json:"parameters,omitempty"` 1443 1444 // Key/value pairs that provide additional information about the request. 1445 Properties *PropertyBag `json:"properties,omitempty"` 1446 1447 // The request protocol. Example: 'http'. 1448 Protocol string `json:"protocol,omitempty"` 1449 1450 // The target of the request. 1451 Target string `json:"target,omitempty"` 1452 1453 // The request version. Example: '1.1'. 1454 Version string `json:"version,omitempty"` 1455} 1456 1457// WebResponse Describes the response to an HTTP request. 1458type WebResponse struct { 1459 1460 // The body of the response. 1461 Body *ArtifactContent `json:"body,omitempty"` 1462 1463 // The response headers. 1464 Headers map[string]string `json:"headers,omitempty"` 1465 1466 // The index within the run.webResponses array of the response object associated with this result. 1467 Index int `json:"index,omitempty"` 1468 1469 // Specifies whether a response was received from the server. 1470 NoResponseReceived bool `json:"noResponseReceived,omitempty"` 1471 1472 // Key/value pairs that provide additional information about the response. 1473 Properties *PropertyBag `json:"properties,omitempty"` 1474 1475 // The response protocol. Example: 'http'. 1476 Protocol string `json:"protocol,omitempty"` 1477 1478 // The response reason. Example: 'Not found'. 1479 ReasonPhrase string `json:"reasonPhrase,omitempty"` 1480 1481 // The response status code. Example: 451. 1482 StatusCode int `json:"statusCode,omitempty"` 1483 1484 // The response version. Example: '1.1'. 1485 Version string `json:"version,omitempty"` 1486} 1487