search

microsoft / sarif-sdk

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)
Other
192 stars 90 forks source link

SARIF Multitool query OR logic doesn't work #2709

Closed dotpaul closed 11 months ago

dotpaul commented 1 year ago

With this example SARIF:

{
  "version": "2.1.0",
  "$schema": "http://json.schemastore.org/sarif-2.1.0-rtm.4",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "ESLint",
          "informationUri": "https://eslint.org",
          "rules": [
            {
              "id": "no-eval",
              "shortDescription": {
                "text": "disallow the use of `eval()`"
              },
              "helpUri": "https://eslint.org/docs/rules/no-eval",
              "properties": {
                "category": "Best Practices"
              }
            },
            {
              "id": "no-unused-vars",
              "shortDescription": {
                "text": "disallow unused variables"
              },
              "helpUri": "https://eslint.org/docs/rules/no-unused-vars",
              "properties": {
                "category": "Variables"
              }
            }
          ]
        }
      },
      "artifacts": [
        {
          "location": {
            "uri": "file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js"
          }
        }
      ],
      "results": [
        {
          "level": "error",
          "message": {
            "text": "eval can be harmful."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js",
                  "index": 0
                },
                "region": {
                  "startLine": 500,
                  "startColumn": 4
                }
              }
            }
          ],
          "ruleId": "no-eval",
          "ruleIndex": 0
        },
        {
          "level": "error",
          "message": {
            "text": "'x' is assigned a value but never used."
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "file:///C:/dev/sarif/sarif-tutorials/samples/Introduction/simple-example.js",
                  "index": 0
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 5
                }
              }
            }
          ],
          "ruleId": "no-unused-vars",
          "ruleIndex": 1
        }
      ]
    }
  ]
}

Expected behavior

These two queries should be equivalent and include both results:

Actual behavior

C:\>sarif query simple-example2.sarif -w -e "Message.Text : assigned OR Message.Text : eval"
C:\dev\sarif\sarif-tutorials\samples\Introduction\simple-example.js(500,4): error no-eval: eval can be harmful.
Found 1 of 2 results matched in 0.2s.

C:\>sarif query simple-example2.sarif -w -e "Message.Text : eval OR Message.Text : assigned"
C:\dev\sarif\sarif-tutorials\samples\Introduction\simple-example.js(1,5): error no-unused-vars: 'x' is assigned a value but never used.
Found 1 of 2 results matched in 0.2s.