Skip to content

Releases: microsoft/sarif-sdk

v4.5.4

29 Feb 20:49
fd35e22
Compare
Choose a tag to compare

**v4.5.4 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Fix incorrect base class in rule ADO2012.

v4.5.3

29 Feb 20:14
f6a32c6
Compare
Choose a tag to compare

**v4.5.3 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Restructure shared MessageResourceNames collections to ensure return of correct error messages.

v4.5.2

29 Feb 20:06
153f262
Compare
Choose a tag to compare

**v4.5.2 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Update Skimmer stack in Multitool.Library to support shared MessageResourceNames collections between base rules and their derivatives.
  • BUG: Fix message strings to always assume {1} is reserved for the rule's service name.
  • BUG: Clean up unused resource strings in Multitool.Library.Rules.RuleResources.resx.

v4.5.1

29 Feb 20:03
9036bb9
Compare
Choose a tag to compare

**v4.5.1 Sdk | Driver | Converters | Multitool | Multitool Library

  • DEP: Add explicit package references to Sarif and Sarif.Driver to resolve version conflict build error.
    System.Diagnostics.Debug 4.3.0,
    System.IO.FileSystem.Primitives 4.3.0,
    System.Text.Encoding.Extensions 4.3.0.

v4.5.0

10 Feb 01:10
84f83c8
Compare
Choose a tag to compare

**v4.5.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • DEP: Downgrade System.Text.Encoding.CodePages from 8.0.0 to 4.3.0 in Sarif.
  • DEP: Remove explicit versioning for System.Memory and System.Runtime.CompilerServices.Unsafe.
  • DEP: Remove spurious references to System.Collections.Immutable.
  • DEP: Update Microsoft.Data.SqlClient reference from 2.1.2 to 2.1.7 in WorkItems and Sarif.Multitool.Library to resolve CVE-2024-0056.
  • DEP: Update System.Data.SqlClient reference from 4.8.5 to 4.8.6 in WorkItems to resolve CVE-2024-0056.
  • BUG: Improve FileEncoding.IsTextualData method for detecting binary files.
  • BUG: Update Stack.Create method to populate missing PhysicalLocation instances when stack frames reference relative file paths.
  • BUG: Fix UnsupportedOperationException in ZipArchiveArtifact.
  • BUG: Fix MultithreadedAnalyzeCommandBase to return rich return code with the --rich-return-code option.
  • NEW: Add IsBinary property to IEnumeratedArtifact and implement the property in ZipArchiveArtifact.
  • NEW: Switch to content-based IsBinary categorization for ZipArchiveArtifacts.
  • PRF: Change default max-file-size-in-kb parameter to 10 megabytes.
  • PRF: Add support for efficiently peeking into non-seekable streams for binary/text categorization.
  • NEW: Add a new --timeout-in-seconds parameter to AnalyzeOptionsBase, which will override the TimeoutInMilliseconds property in AnalyzeContextBase.
  • NEW: --post-uri will skip sending the SARIF log to the configured endpoint if the file contains no results or fatal execution errors.
  • NEW: Add the following rules:
    ADO1011.ReferenceFinalSchema,
    ADO1013.ProvideRequiredSarifLogProperties,
    ADO1014.ProvideRequiredRunProperties,
    ADO1015.ProvideRequiredResultProperties,
    ADO1016.ProvideRequiredLocationProperties,
    ADO1017.ProvideRequiredPhysicalLocationProperties,
    ADO1018.ProvideRequiredToolProperties,
    ADO2012.ProvideRequiredReportingDescriptorProperties,
    GH1011.ReferenceFinalSchema,
    GH1013.ProvideRequiredSarifLogProperties,
    GH1014.ProvideRequiredRunProperties,
    GH1015.ProvideRequiredResultProperties,
    GH1016.ProvideRequiredLocationProperties,
    GH1017.ProvideRequiredPhysicalLocationProperties,
    GH1018.ProvideRequiredToolProperties,
    GH2012.ProvideRequiredReportingDescriptorProperties.
  • NEW: Add a new --rule-kind parameter to AnalyzeOptionsBase, which specifies rule kinds to run (Sarif, Ghas, Ado). Example: --rule-kind Ado;Sarif.

v4.2.1

26 Jun 19:58
b77e955
Compare
Choose a tag to compare

SARIF Package Release History (SDK, Driver, Converters, and Multitool)

v4.2.1 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUG: Resolve NotSupportedException thrown (on .NET 4.8 and earlier) on accessing DeflateStream.Length from MultithreadedZipArchiveArtifactProvider.SizeInBytes property.

v4.0.0

22 Feb 00:43
697281e
Compare
Choose a tag to compare

v4.0.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BRK: SarifLogger no longer allows providing a Tool instance. Use the run parameter instead (and populate it with any custom Tool object). #2614
  • BRK: SarifLogger updates version details differently. #2611
  • BRK: Add ToolComponent argument to IAnalysisLogger.Log(ReportingDescriptor, Result) method. #2611
  • BRK: Rename --normalize-for-github argument to --normalize-for-ghas for convert command and mark --normalize-for-github as obsolete. #2581
  • BRK: Update IAnalysisContext.LogToolNotification method to add ReportingDescriptor parameter. This is required in order to populated AssociatedRule data in Notification instances. The new method has an option value of null for the associatedRule parameter to maximize build compatibility. #2604
  • BRK: Correct casing of LogMissingreportingConfiguration helper to LogMissingReportingConfiguration. #2599
  • BRK: Change type of MaxFileSizeInKilobytes from int to long in IAnalysisContext and other classes. #2599
  • BRK: For Guid properties defined in SARIF spec, updated Json schema to use uuid, and updated C# object model to use Guid? instead of string. #2555
  • BRK: Mark AnalyzeCommandBase as obsolete. This type will be removed in the next significant update. #2599
  • BRK: LogUnhandledEngineException no longer has a return value (and updates the RuntimeErrors context property directly as other helpers do). #2599
  • BUG: Populate missing context region data for small, single-line scan targets. #2616
  • BUG: Increase parallelism in MultithreadedAnalyzeCommandBase by correcting task creation. []#2618](#2618)
  • BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file enumeration phase. #2599
  • BUG: Resolve hangs due to unhandled exceptions during multithreaded analysis file hashing phase. #2600
  • BUG: Another attempt to resolve 'InvalidOperationException' with message Collection was modified; enumeration operation may not execute in MultithreadedAnalyzeCommandBase, raised when analyzing with the --hashes switch. #2459. There was a previous attempt to fix this in #2447.
  • BUG: Resolve issue where match-results-forward command fails to generate VersionControlDetails data. #2487
  • BUG: Remove duplicated rule definitions when executing match-results-forward commands for results with sub-rule ids. #2486
  • BUG: Update merge command to properly produce runs by tool and version when passed the --merge-runs argument. #2488
  • BUG: Eliminate IOException and DirectoryNotFoundException exceptions thrown by merge command when splitting by rule (due to invalid file characters in rule ids). #2513
  • BUG: Fix classes inside NotYetAutoGenerated folder missing virtual keyword for public methods and properties, by regenerate and manually sync the changes. #2537
  • BUG: MSBuild Converter now accepts case insensitive keywords and supports PackageValidator msbuild log output. #2579
  • BUG: Eliminate NullReferenceException when file hashing fails (due to file locked or other errors reading the file). #2596
  • NEW: Provide PluginDriver property (AdditionalOptionsProvider) that allows additional options to be exported (typically for command-line arguments). #2599
  • NEW: Provide LogFileSkippedDueToSize that fires a warning notification if any file is skipped due to exceeding size threshold. #2599
  • NEW: Provide overridable ShouldEnqueue predicate method to filter files from driver processing. #2599
  • NEW: Provide overridable ShouldComputeHashes predicate method to prevent files from hashing. #2601
  • NEW: Allow external set of MaxFileSizeInKilobytes, which will allow SDK users to change the value. (Default value is 1024) #2578
  • NEW: Add a Github validation rule GH1007, which requires flattened result message so GHAS code scanning can ingest the log. #2580
  • NEW: Provide mechanism to populate SarifLogger with a FileRegionsCache instance.
  • NEW: Allow initialization of file regions cache in InsertOptionalDataVisitor (previously initialized exclusively from FileRegionsCache.Instance).
  • NEW: Provide 'RuleScanTimetrace and emitted timing data. ProvideScanExecution` trace with no utilization.
  • NEW: Populate associated rule data in LogToolNotification as called from SarifLogger. #2604
  • NEW: Add --normalize-for-ghas argument to the rewrite command to ensure rewritten SARIF is compatible with GitHub Advanced Security (GHAS) ingestion requirements. #2581
  • NEW: Allow per-line rolling (partial) hash computation for a file. #2605
  • NEW: SarifLogger now supports extensions rules data when logging (by providing a ToolComponent instance to the result logging method). #2661
  • NEW: SarifLogger provides a ComputeHashData callback to provide hash data for in-memory scan targets. #2614
  • NEW: Provide HashUtilities.ComputeHashes(Stream) and `ComputeHashesForText(string) helpers. #2614

v3.1.0

29 Aug 18:36
025f64c
Compare
Choose a tag to compare

v3.1.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUGFIX: Loosen System.Collections.Immutable minimum version requirement to 1.5.0. #2504

v3.1.0-beta1

17 Aug 18:03
5988503
Compare
Choose a tag to compare
v3.1.0-beta1 Pre-release
Pre-release

v3.1.0-beta1 Sdk | Driver | Converters | Multitool | Multitool Library

  • DEPENDENCY BREAKING: SARIF.SDK now requires System.Collections.Immutable 1.5.0. #2504

v3.0.0

09 Aug 00:25
e5ff82b
Compare
Choose a tag to compare

v3.0.0 Sdk | Driver | Converters | Multitool | Multitool Library

  • BUGFIX: Loosen Newtonsoft.JSON minimum version requirement to 6.0.8 (for .NET framework) or 9.0.1 (for all other compilations) for Sarif.Sdk. Sarif.Converts requires 8.0.1, minimally, for .NET framework compilations.
  • BUGFIX: Broaden set of supported .NET frameworks for compatibility reasons. Sarif.Sdk, Sarif.Driver and Sarif.WorkItems requires net461.
  • BUGFIX: Set default stack limit in Newtonsoft.JSON utilization (if JsonConvert.Defaults is not already configured) to address GitHub advisory GHSA-5crp-9r3c-p9vr.