[PATCH] D131084: Add support for specifying the severity of a SARIF Result.

Thu Aug 4 14:16:01 PDT 2022

vaibhav.y added a comment.

> A part of my endgame is to see notes be incorporated into their parents, but that's a long way off methinks.

Regarding this, the current best approach the spec provides is using the "locationRelationShip" <https://docs.oasis-open.org/sarif/sarif/v2.0/csprd02/sarif-v2.0-csprd02.html#_Toc10127919>, but the relationships that exist dont' seem to cover cases needed by us. One example is macro-expansion (example <https://gist.github.com/envp/3a5fdd33115b91c391c22e5e8a5210f4#macro-expansions-nested-diagnostics> from an older proposal for SARIF in clang).

Seems that for locationRelationShip the spec allows producer defined strings:

> A locationRelationship object MAY contain a property named kinds whose value is an array of one or more unique (§3.7.3) strings each of which specifies a relationship between theSource and theTarget (see §3.34.1). If kinds is absent, it SHALL default to [ "relevant" ] (see below for the meaning of "relevant").
>
> When possible, SARIF producers SHOULD use the following values, with the specified meanings.
>
> ·         "includes": The artifact identified by theSource includes the artifact identified by theTarget.
>
> ·         "isIncludedBy": The artifact identified by theSource is included by the artifact identified by theTarget.
>
> ·         "relevant": theTarget is relevant to theSource in a way not covered by other relationship kinds.
>
> If none of these values are appropriate, a SARIF producer MAY use any value.
>
> NOTE: Although "relevant" is a catch-all for any relationship not described by the other values, a producer might still wish to define its own more specific values.
>
> In particular, the values defined for logicalLocation.kind (§3.33.7) and threadFlowLocation.kinds (§3.38.8) might prove useful.

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D131084/new/

https://reviews.llvm.org/D131084