SARIF viewer panel correctly parses and views sarif results but ext output panel, problems list, and code hovers in the file do not

[ShiningMassXAcc]

See screenshot.

I have a sarif result im prototyping with. It has the result and the markdown specified - all of this is viewable in the sarif panel. It passes sarif validation. I have another file where this is working for, but I can't tell the difference between them for what is required for certain functionality to work.

What is missing:

• This doesn't show up in problems list
• Sarif viewer extension output does not believe it has parsed a result
• The on-hover + squiggles in the file do not show. Note that you can click the artifact location from sarif panel to get to this code location though.

AntaresCopy.txt

[marmegh]

@ShiningMassXAcc, can you confirm whether you're using the Preview version of the VS Code extension? @jeffersonking, can you take a look at this? Let me know if I need to connect the two of you via email.

[ShiningMassXAcc]

Yes I'm in preview version of VS Code extension.

[marmegh]

@jeffersonking, please investigate this as well.

[jeffersonking]

In the process of preparing a custom build to diagnose the issue.

[jeffersonking]

@ShiningMassXAcc Can you verify your SARIF VS Code Extension has auto-updated to 3.3.0-9, try the repro again, and capture the output window for the SARIF Viewer (like how you already did above).

If the extension has not been updated to 3.3.0-9, you can try restarting VS Code or manually install it from Github

[jeffersonking]

@marmegh I don't have access to the repository mentioned in the site. Do you have access? Would you be able to try the repro with 3.3.0-9.

[ShiningMassXAcc]

Thanks for taking a look! I noted that our markdown rendering of icons is in!

Still not seeing output changes in 3.3.0-9. I've sent the file to Mary.

[jeffersonking]

@ShiningMassXAcc Thanks for sending that screenshot. The local === artifact data is exactly what I was looking for. Investigating how to fix now.

[jeffersonking]

@ShiningMassXAcc One more thing, do you have a workspace (or folder) open? If so, it is possible to share the path for that (without giving away any PII)?

[ShiningMassXAcc]

I have an open folder for the root of the repo. I've unfortunately started doing this as my default behavior because I've had too many devs that actually do that and then break our parsing. In our 'sarif-like client', we limit our processing of files due to this. Office org would open at the root.

We have this type of setting to control parsing - would be interesting to see how you've thought about this.

[jeffersonking]

I'm suspecting a path alignment issue. Given the screenshot, I presume the "root of the repo" folder you mention is s:/AAPT-Antares-Websites?

[yongyan-gh]

Noticed an issue in the SARIF file which caused the problem not able to navigate to right place in the source code.

The region object of the SARIF result in the sample file has same endColumn and startColumn value.

   "region": {
      "startLine": 40,
      "startColumn": 1,
      "endColumn": 1,
      "properties" : { . . . }
  }

According to SARIF spec, the endColumn should be 2 in this case.

3.30.8 endColumn property When a region object represents a text region specified by line/column properties, it MAY contain a property named endColumn whose value is an integer whose value is one greater than the column number of the last character in the region.

If endColumn is 1, it may mean the region length is 0, which presents for an insert point.

A region of length 0 is referred to as an “insertion point.”

I can repro this issue in SARIF viewer for VS, after changing the endColumn to 2, I can navigate to right source code location.

[jeffersonking]

@ShiningMassXAcc Can you try one more time on 3.3.0-10? This latest pre-release should address your issue.