ROSE 0.11.145.192
Classes | Enumerations
Rose::Sarif Namespace Reference

Description

Static analysis results interchange format.

This namespace is a simplified ROSE API for the SARIF format. ROSE's intermediate representation (IR) of the major components of a SARIF log forms a tree. The tree is unparsed to create the at-rest file representation of the SARIF information.

A SARIF tree is rooted at a Sarif::Log object that contains information about zero or more analyses, each of which is run individually or as part of a larger tool. Each analysis object contains a list of rules, artifacts, and results. The artifacts describe files produced by an analysis and each result is an individual finding from an analysis. Each result can refer to a rule and has a list of locations that refer to parts of artifacts. The SARIF IR uses the Sawyer Tree API which has numerous benefits over the older ROSETTA-based IR used by most of the rest of ROSE. Some of these benefits are:

For example, the binary model checker tool, in a single run, can check for null pointer dereferences, static buffer overflows, and uninitialized local variables. A single run of the tool itself can be represented as a Sarif::Log that contains three Sarif::Analysis objects. Each of those analysis objects contains a single Sarif::Rule, such as "a dereferenced pointer must not have a value between zero and 1023, inclusive". When a null pointer dereference is detected, a new Sarif::Result object is attached to the tree as a child of the Sarif::Analysis. The result refers to the aforementioned rule, the binary artifact that is being analyzed, and a list of locations corresponding to the execution path leading to the null dereference. The result might also have Sarif::Artifact objects that describe any additional outputs for the result, such as an optional memory slice file.

Example:

Classes

class  Exception
 Base class for SARIF exceptions. More...
 

Enumerations

enum class  Kind {
  PASS ,
  OPEN ,
  INFORMATIONAL ,
  NOT_APPLICABLE ,
  REVIEW ,
  FAIL
}
 Analysis result kind. More...
 
enum class  Severity {
  NONE ,
  NOTE ,
  WARNING ,
  ERROR
}
 Analysis result severity. More...
 

Enumeration Type Documentation

◆ Kind

enum class Rose::Sarif::Kind
strong

Analysis result kind.

Enumerator
PASS 

Rule was evaluated and no problem found.

OPEN 

Rule was evaluated with insufficient information.

INFORMATIONAL 

Rule was evaluated and produced a purely informational result.

NOT_APPLICABLE 

Rule was not evaluated because it doesn't apply.

REVIEW 

The result requires review by a human.

FAIL 

The result represents a problem whose severity is specified.

Definition at line 15 of file Rose/Sarif/BasicTypes.h.

◆ Severity

enum class Rose::Sarif::Severity
strong

Analysis result severity.

Enumerator
NONE 

No specified severity.

NOTE 

A minor problem.

WARNING 

A problem.

ERROR 

A serious problem.

Definition at line 25 of file Rose/Sarif/BasicTypes.h.