Sourcemaps or #line directives

[ratmice]

Reading through the spec, I was curious because I didn't see anything that mentioned line directives or sourcemaps. I'm curious if this has been discussed, and whether there is a reasonable mechanism for it within the spec that I missed, or an intention that this be handled externally by some too taking a sarif file and a sourcemap and translating the relevant locations, or whether this is something that could be considered in the future.

[KalleOlaviNiemitalo]

Perhaps transpiled or minimized code could be indicated by making a result object (§3.27) list the corresponding locations in both files, linking them together via a locationRelationship object (§3.34), and setting a dedicated value in the "kinds" property (§3.34.3).

If the original source is in a different programming language not understood by the SARIF producer, then I suppose it won't be able to produce any fix objects (§3.55) that would propose changes to the original file.

[ratmice]

Regarding your last observation, in our case it's more like a template engine where verbatim code in the target language is interspersed with generated code. In theory if a fix fully overlaps the target, and the producer and the template language translator both understand SARIF, it seems possible that we could translate some fixes.

Edit: If I understand I think the existing "includedBy"/"includes", cover this exact kind of relationship

[KalleOlaviNiemitalo]

From the example in §3.34.1, it seems "includes" and "isIncludedBy" are intended for cases like the #include directive in C, i.e. an artifact does not actually contain text copied from another artifact, but contains a directive that causes tools to read the other artifact.

[ratmice]

Yeah, bit of a brain fart there, so it is probably best to leverage the "a SARIF producer MAY use any value." value clause with something else, perhaps "verbatimCopiedBy". "verbatimCopied"

[sthagen]

I like to discuss this within the TC as I try to minimize the number of MAY statements. In addition, I think this question deserves an answer on the intentions of the TC members in the existing specification. Also, we may find a way to achieve a more clear specification in the future.