search

microsoft / sarif-sdk

.NET code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oasis-tcs/sarif-spec)
Other
193 stars 91 forks source link

[Feature Request] Nodes with default objects have null instead of the default object #2803

Open MattKotsenas opened 6 months ago

MattKotsenas commented 6 months ago

I just hit this issue with the ReportingDescriptor object, but it likely applies to other objects as well.

The Scenario

Consider a Sarif v2.1 log like this:

{
  "$schema": "http://json.schemastore.org/sarif-2.1.0",
  "version": "2.1.0",
  "runs": [
    {
      "results": [
      ],
      "properties": {
        "analyzerExecutionTime": "3.296"
      },
      "tool": {
        "driver": {
          "name": "Microsoft (R) Visual C# Compiler",
          "version": "4.8.0-7.24067.24 (26357112)",
          "dottedQuadFileVersion": "4.8.0.0",
          "semanticVersion": "4.8.0",
          "language": "en-US",
          "rules": [
            {
              "id": "CA1416",
              "shortDescription": {
                "text": "Validate platform compatibility"
              },
              "fullDescription": {
                "text": "Using platform dependent API on a component makes the code no longer work across all platforms."
              },
              "helpUri": "https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416",
              "properties": {
                "category": "Interoperability",
                "executionTimeInSeconds": "0.032",
                "executionTimeInPercentage": "<1",
                "tags": [
                  "Telemetry",
                  "EnabledRuleInAggressiveMode"
                ]
              }
            },
          ]
        }
      }
    }
  ]
}

If I try to get the default configuration level like this:

SarifLog.Load(path).Runs.Single().Tool.Driver.Rules.Single(rule => rule.Id == "CA1416").DefaultConfiguration.Level

I get a NullReferenceException trying to get DefaultConfiguration because it is null. However, the type of DefaultConfiguration is ReportingConfiguration, and that has a default value of "warning".

The Problem

There's two issues that as a user I find surprising:

  1. The APIs don't have nullability annotations, so the compiler doesn't warn that I may get a null from the property
  2. I now need to manually construct "default" or "fallback" objects in my own usage

The Workaround

I can do a workaround in my own code like this to avoid the issue:

var rule = SarifLog.Load(path).Runs.Single().Tool.Driver.Rules.Single(rule => rule.Id == "CA1416");
var config = (rule.DefaultConfiguration is null) ? new ReportingConfiguration() : rule.DefaultConfiguration;

config.Level

or more generically I can write an extension like this:

internal static class SarifExtensions
{
    public static T OrDefault<T>(this T value) where T : ISarifNode, new()
    {
        return value ?? new T();
    }
}

SarifLog.Load(path).Runs.Single().Tool.Driver.Rules.Single(rule => rule.Id == "CA1416").DefaultConfiguration.OrDefault().Level

The Solution

The request is for this "default object if null" pattern to be part of the API to avoid repeating it everywhere or creating extension methods for multiple properties. If that's not possible / not desirable, then an extension like the above is acceptable if nullability annotations are also possible to make it clear where default values may be needed.