search

oasis-tcs / sarif-spec

OASIS SARIF TC: Repository for development of the draft standard, where requests for modification should be made via Github Issues
https://github.com/oasis-tcs/sarif-spec
Other
166 stars 47 forks source link

Ambiguous interpretation of square brackets in plaintext messages with embedded links (3.11.6)? #658

Open davidmalcolm opened 1 month ago

davidmalcolm commented 1 month ago

"3.11.6 Messages with embedded links" has:

Literal square brackets and (doubled) backslashes MAY appear anywhere else in a plain text message without being escaped.

Without escaping, how does a consumer tell if a square bracket is a literal square bracket, or the start of an embedded link?

Consider the case of a tool that reports the message:

out-of-bounds accessing "callbacks[42](0)"

where we're accessing an element within an array of function pointers [42], and calling one of them via (0).

Is this to be parsed as an embedded link, or as literals?

Am I missing something here, or do we need a way to be able to escape literal [ within plaintext messages?