Skip to content

[core] SARIF formatter doesn't provide valid URIs when run under Windows #3798

Open
Open
[core] SARIF formatter doesn't provide valid URIs when run under Windows#3798
Labels
a:bugPMD crashes or fails to analyse a file.needs:pmd7-revalidationThe issue hasn't yet been retested vs PMD 7 and may be stale
@adangel

Description

@adangel
adangel
opened on Feb 19, 2022

Affects PMD Version: since 6.31.0

Description:

When PMD is run under Windows, the URIs in the SARIF report look like

                "artifactLocation": {
                  "uri": "D:\\a\\pmd-github-action-test\\src\\classes\\UnusedLocalVariableSample.cls"
                },

This is not a valid URI - the SARIF format demands a URI (relative or absolute).
3.4.3 uri property

In order to use the SARIF report with github, the URI should be relative - as otherwise "GitHub Advanced Security code scanning will reject this file because it cannot determine the location of the repository root (which it refers to as the "checkout path")" (from https://sarifweb.azurewebsites.net/Validation) . So using file:///D:/a/pmd-github-action-test/src/classes/UnusedLocalVariableSample.cls instead won't work either.

For that matter, the pmd-github-action relativizes the report manually.

But it would be nice if PMD would create a valid SARIF report with already relatived URIs. The base uri can also be noted in the SARIF report (invocations[].workingDirectory). Or use uriBaseId. See 3.4.4 uriBaseId property and 3.4.7 Guidance on the use of artifactLocation objects

Metadata

Metadata

Assignees

No one assigned

    Labels

    a:bugPMD crashes or fails to analyse a file.needs:pmd7-revalidationThe issue hasn't yet been retested vs PMD 7 and may be stale

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions