AndroidStudio converter formatting issues

microsoft / sarif-sdk

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)

Other

195 stars 93 forks source link

AndroidStudio converter formatting issues #147

Open michaelcfanning opened 8 years ago

michaelcfanning commented 8 years ago

"fullMessage": "for loop replaceable with 'foreach' #loc",

1) is it ok for fullMessage to include and other mark-up formatting hints? 2) what is #loc? i'd guess this is expanded in the output to represent a code location. could be a tag. if it's a code location marker, we probably don't require it as the log already contains this data.


    
            
            
                ghost
                commented
                 8 years ago            
            
                Re 1, it's not ok IMO because we can't assume clients can parse HTML or other markup, and it's always a potential security hole. I filed sarif-standard/sarif-spec#136, "Add guidance: No formatting information in message and description properties".
            
        
    
    
            

    
        
            ©  Githubissues.
            Githubissues is a development platform for aggregating issues.