Ballot Details: Schema ballot: Issue #324 (CLOSED)

Ballot Question Define a reportingDescriptorReference object?
Ballot Description EBALLOT PROPOSAL. Define a reporting descriptor reference object that allows notifications to point into reporting metadata that may be persisted to the driver or any of its extensions or to the new taxonomies metadata.

API IMPACT
Schema only PR: Microsoft/sarif-sdk#1316

Create a reportingDescriptorReference type with these properties.
id of type string: a notification identifier
pointer of type string: a JSON pointer that locates the descriptor for the notification with that identifier.
In the reportingConfigurationOverride object:
Remove the notificationIndex, ruleIndex, and extensionIndex properties.
Replace them with a reportingDescriptorReference property of type reportingDescriptorReference, which specifies the reportingDescriptor whose configuration is being overridden.
In the notification object:
Remove the id property.
Replace it with a notificationDescriptorReference property of type reportingDescriptorReference.
Remove the ruleId and ruleIndex properties.
Replace them with an associatedRuleDescriptorReference property of type reportingDescriptorReference, which locates the descriptor for the rule, if any, with which this notification is associated.
In the invocation object:
Replace the property reportingConfigurationOverrides (which was defined to hold overrides for both rules and notifications) with separate properties ruleConfigurationOverrides and notificationConfigurationOverrides.
In the result object
Remove the ruleIndex and extensionIndex properties.
Replace them with a rulePointer property of type string, containing a JSON pointer that locates the rule descriptor.
EXAMPLE
{ # A run object
"tool": {
"driver": {
"name": "CodeScanner",
"ruleDescriptors": [
{ # A reportingDescriptor object.
"id": "CA2101",
"name": "DoNotBeEvil",
"shortDescription": {
"text": "Do unto others as you would have them do unto you."
},
"messageStrings": {
"default": {
"text": "Evildoing was detected."
}
},
"defaultConfiguration": {
"level": "error"
}
}
],
"notificationDescriptors": [
{
"id": "MSG0001",
"name": "RuleDisabled",
"shortDescription": {
"text": "This notification occurs when a rule is disabled due to an exception."
},
"messageStrings": {
"default": {
"text": "Rule {0} has been disabled."
}
}
}
]
}
},
"results": [
{ # A result object.
"id": "CA2101",
"rulePointer": "0" # In this context, an abbreviation for "driver/ruleDescriptors/0"
"message": {
"messageId": "default"
}
}
],
"invocations": [
{
"ruleConfigurationOverrides": [
{
"reportingDescriptorReference": {
"id": "CA2101"
"pointer": "0" # In this context, ruleDescriptors are the default target
},
"configuration": {
"level": "warning"
}
}
],
"toolNotifications": [ # toolExecutionNotifications if #330 is approved
{
"notificationDescriptorReference": {
"id": "MSG0001",
"pointer": "0" # In this context, an abbreviation for "driver/notificationDescriptors/0"
},
"associatedRuleDescriptorReference": {
"id": "CA2101",
"pointer": "0" # In this context, an abbreviation for "driver/ruleDescriptors/0"
}
"message": {
"messageId": "default",
"arguments": [
"CA2101"
]
}
}
]
}
]
}
NOTES
Certain JSON pointer-valued properties can be abbreviated, to optimize the most common cases:
A JSON pointer that refers to a descriptor defined by the tool's driver can be abbreviated to a stringified integer value >=0 that will be treated as a relative reference into the driver's ruleDescriptors array or notificationDescriptors array, as appropriate. That is, if notification.notificationDescriptorReference is "driver/notificationDescriptors/42", it can be abbreviated to "42", and if notification.associatedRuleDescriptorReference is "driver/ruleDescriptors/54", it can be abbreviated to "54".
We do not replace result.ruleId and result.rulePointer with a reportingDescriptorReference in order to minimize churn in SARIF pre-release v2 producers.

taxonomies will also use this mechanism. That is covered in #314.

https://github.com/oasis-tcs/sarif-spec/issues/324
Ballot Options
VOTING CLOSED: Thursday, 7 March 2019 @ 10:00 pm PST
Yes 8 100
No 0 0
Abstain 0
Open Date Thursday, 28 February 2019 @ 10:00 pm PST
Close Date Thursday, 7 March 2019 @ 10:00 pm PST
Ballot Type Official, as defined by organization policies and procedures

Voting Statistics

Number of votes cast (excluding abstentions) 8
Eligible members who have voted 8 of 10 80%
Eligible members who have not voted 2 of 10 20%

Voting Summary by Option

Options with highest number of votes are bold
Option # Votes % of Total
Yes 8 100%
No 0 0%
Abstain 0

Voting Details

Voter Name Company Vote * Time (UTC) Comments
* Anderson, Paul GrammaTech, Inc. Yes 2019-03-05 10:01:00
* Fanning, Michael Microsoft Yes 2019-03-03 20:54:00
* Golding, Laurence Microsoft Yes 2019-03-01 18:04:00
* Keaton, David Individual Yes 2019-03-07 14:35:00
* Kupsch, Jim SWAMP Yes 2019-03-07 15:24:00
* Meyer, Chris Microsoft Yes 2019-03-06 04:37:00
* O'Neil, Yekaterina Micro Focus Yes 2019-03-06 00:13:00
* Sipma, Henny Kestrel Technology Yes 2019-03-07 18:56:00
* Cartey, Luke Semmle --
* Chatterjee, Sunny Microsoft --