Expand current and planned table description

notes/l3style.css

@@ -0,0 +1,170 @@
+
+/* The sum of width and margin percentages must not exceed 100.*/
+div#toc {
+    /* Use a moving table of contents (scrolled away for long contents) */
+        /*
+         * float: left;
+         */
+    /* OR */
+    /* use a fixed-position toc */
+    position: fixed;
+    top:  80px;
+    left: 0px;
+
+    /* match toc, org-content, postamble */
+    width: 26%;
+    margin-right: 1%;
+    margin-left: 1%;
+}
+
+div#org-content {
+    float: right;
+    width: 70%;
+    /* match toc, org-content, postamble */
+    margin-left: 28%;
+}
+
+div#postamble {
+    float: right;
+    width: 70%;
+    /* match toc, org-content, postamble */
+    margin-left: 28%;
+}
+
+
+p.author {
+    clear: both;
+    font-size: 1em;
+    margin-left: 25%;
+}
+
+p.date {
+    clear: both;
+    font-size: 1em;
+    margin-left: 25%;
+}
+
+#toc * {
+    font-size:1em;
+}
+
+#toc h3 {
+    font-weight:normal;
+    margin:1em 0 0 0;
+    padding: 4px 0;
+    border-bottom:1px solid #666;
+    text-transform:uppercase;
+}
+
+#toc ul, #toc li {
+    margin:0;
+    padding:0;
+    list-style:none;
+}
+
+#toc li {
+    display:inline;
+}
+
+#toc ul li a {
+    text-decoration:none;
+    display:block;
+    margin:0;
+    padding:4px 6px;
+    color:#990000;
+    border-bottom:1px solid #aaa;
+}
+
+#toc ul ul li a {
+    padding-left:18px;
+    color:#666;
+}
+
+#toc ul li a:hover {
+    background-color:#F6F6F6;
+}
+
+
+/* Description lists. */
+dt { 
+    font-style: bold;
+    background-color:#F6F6F6;
+}
+
+
+/* From org-mode page. */
+body {
+    font-family: avenir, Lao Sangam MN, Myanmar Sangam MN, Songti SC, Kohinoor Devanagari, Menlo, avenir, helvetica, verdana, sans-serif;
+    font-size: 100%;
+    margin-top: 5%;
+    margin-bottom: 8%;
+    background: white; color: black;
+    margin-left: 3% !important; margin-right: 3% !important;
+}
+
+h1 { 
+   font-size: 2em;
+   color: #cc8c00;
+/*    padding-top: 5px; */
+   border-bottom: 2px solid #aaa;
+   width: 70%;
+    /* match toc, org-content, postamble */
+   margin-left: 28%;            /* Align with div#content */
+}
+
+h2 {
+   font-size: 1.5em;
+   padding-top: 1em;
+   border-bottom: 1px solid #ccc;
+}
+
+h3 {
+   font-size: 1.2em; 
+   padding-top: 0.5em;
+   border-bottom: 1px solid #eee;
+}
+
+.todo, .deadline { color: red; font-style: italic }
+.done { color: green; font-style: italic }
+.timestamp { color: grey }
+.timestamp-kwd { color: CadetBlue; }
+.tag { background-color:lightblue; font-weight:normal; }
+
+.target { background-color: lavender; }
+
+.menu {
+      color: #666;
+}
+
+.menu a:link { 
+      color: #888;
+}
+.menu a:active { 
+      color: #888;
+}
+.menu a:visited { 
+      color: #888;
+}
+
+img { align: center; }
+
+pre {
+	padding: 5pt;
+	font-family: andale mono, vera sans mono, monospace, courier ;
+	font-size: 0.8em;
+        background-color: #f0f0f0;
+}
+
+code {
+	font-family: andale mono, vera sans mono, monospace, courier ;
+	font-size: 0.8em;
+        background-color: #f0f0f0;
+}
+
+table { border-collapse: collapse; }
+
+td, th {
+	vertical-align: top;
+	border: 1pt solid #ADB9CC;
+}
+

notes/tables.org

@@ -0,0 +1,279 @@
+# -*- coding: utf-8 -*-
+# Created [Apr-19-2022]
+#+TITLE: 
+#+AUTHOR: Michael Hohn
+#+LANGUAGE:  en
+#+TEXT:      
+#+OPTIONS: ^:{} H:2 num:t \n:nil @:t ::t |:t ^:nil f:t *:t TeX:t LaTeX:t skip:nil p:nil
+#+OPTIONS: toc:nil
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="./l3style.css"/>
+#+HTML: <div id="toc">
+#+TOC: headlines 2        insert TOC here, with two headline levels
+#+HTML: </div> 
+# 
+#+HTML: <div id="org-content">
+
+* Overview
+  The current ==> project.csv <== table is broken.  It's a combination of project
+  meta info (to be moved to a separate =project= table) and the entry point to a
+  single =project='s sarif results 
+
+* Currently Exported Tables
+  Tables exported by sarif-extract-multi, commit d5390bb87, [Mar-23-2022]
+
+  #+BEGIN_SRC text
+    ==> artifacts.csv <==
+    artifacts_id
+    index
+    uri
+    uriBaseId
+  #+END_SRC
+
+  #+BEGIN_SRC text
+    ==> codeflows.csv <==
+    codeflow_id
+    codeflow_index
+    threadflow_index
+    location_index
+    endColumn
+    endLine
+    startColumn
+    startLine
+    artifact_index
+    uri
+    uriBaseId
+    message
+  #+END_SRC
+
+  #+BEGIN_SRC text
+    ==> kind_pathproblem.csv <==
+    results_array_id
+    results_array_index
+    codeFlows_id
+    ruleId
+    ruleIndex
+    location_array_index
+    location_id
+    location_endColumn
+    location_endLine
+    location_startColumn
+    location_startLine
+    location_index
+    location_uri
+    location_uriBaseId
+    location_message
+    relatedLocation_array_index
+    relatedLocation_id
+    relatedLocation_endColumn
+    relatedLocation_endLine
+    relatedLocation_startColumn
+    relatedLocation_startLine
+    relatedLocation_index
+    relatedLocation_uri
+    relatedLocation_uriBaseId
+    relatedLocation_message
+    message_text
+    primaryLocationLineHash
+    primaryLocationStartColumnFingerprint
+    rule_id
+    rule_index
+
+  #+END_SRC
+
+
+  #+BEGIN_SRC text
+    ==> kind_problem.csv <==
+    results_array_id
+    results_array_index
+    ruleId
+    ruleIndex
+    location_array_index
+    location_id
+    location_endColumn
+    location_endLine
+    location_startColumn
+    location_startLine
+    location_index
+    location_uri
+    location_uriBaseId
+    location_message
+    relatedLocation_array_index
+    relatedLocation_id
+    relatedLocation_endColumn
+    relatedLocation_endLine
+    relatedLocation_startColumn
+    relatedLocation_startLine
+    relatedLocation_index
+    relatedLocation_uri
+    relatedLocation_uriBaseId
+    relatedLocation_message
+    message_text
+    primaryLocationLineHash
+    primaryLocationStartColumnFingerprint
+    rule_id
+    rule_index
+
+  #+END_SRC
+
+
+  #+BEGIN_SRC text
+    ==> project.csv <==
+    creation_date
+    primary_language
+    project_name
+    query_commit_id
+    sarif_file_name
+    scan_id
+    scan_start_date
+    scan_stop_date
+    tool_name
+    tool_version
+    $schema
+    sarif_version
+    run_index
+    artifacts
+    columnKind
+    results
+    semmle.formatSpecifier
+    semmle.sourceLanguage
+    driver_name
+    organization
+    rules
+    driver_version
+    repositoryUri
+    revisionId
+
+  #+END_SRC
+
+
+  #+BEGIN_SRC text
+    ==> relatedLocations.csv <==
+    struct_id
+    uri
+    startLine
+    startColumn
+    endLine
+    endColumn
+    message
+
+  #+END_SRC
+
+
+  #+BEGIN_SRC text
+    ==> rules.csv <==
+    rules_array_id
+    rules_array_index
+    id
+    name
+    enabled
+    level
+    fullDescription
+    shortDescription
+    kind
+    precision
+    security-severity
+    severity
+    sub-severity
+    tag_index
+    tag_text
+  #+END_SRC
+
+* New tables to be exported
+  Possible splits from =project.csv=
+
+  The scan results are the root of the sarif tree, so this is a required base table.
+  #+BEGIN_SRC text
+    ==> project-scan-result.csv <==
+    $schema
+    sarif_version
+    run_index
+    artifacts
+    columnKind
+    results
+    semmle.formatSpecifier
+    semmle.sourceLanguage
+    driver_name
+    organization
+    rules
+    driver_version
+    repositoryUri
+    revisionId
+  #+END_SRC
+
+  The rest of the [Mar-23-2022] =projects.csv= table is ad-hoc and included in the
+  other tables below; it can be discarded.
+  #+BEGIN_SRC text
+    ==> project-meta.csv <==
+    creation_date
+    primary_language
+    project_name
+    query_commit_id
+    sarif_file_name
+    scan_id
+    scan_start_date
+    scan_stop_date
+    tool_name
+    tool_version
+
+  #+END_SRC
+
+  New tables intended for reporting infrastructure:
+  #+BEGIN_SRC text
+    ==> project.csv <==
+    id
+    project_name
+    creation_date
+    repository_url -- new
+    primary_language -- from github api
+    languages_analyzed
+  #+END_SRC
+
+  #+BEGIN_SRC text
+    ==> scans.csv <==
+    id
+    commit_id
+    project_id
+    db_create_start
+    db_create_stop
+    scan_start_date
+    scan_stop_date
+    tool_name
+    tool_version
+    tool_query_commit_id
+    sarif_content
+    sarif_file_name
+
+  #+END_SRC
+
+  #+BEGIN_SRC text
+    ==> results.csv <==
+    id INT,                  -- primary key
+    scan_id INT,             -- scans.id
+    query_id STRING,         -- git commit id of the ql query set
+    location STRING,
+    message STRING,
+    message_object OBJ,
+    -- for kind_path_problem, use distinct source / sink
+    -- for kind_problem, use the same location for both
+    result_type STRING,      -- kind_problem | kind_path_problem
+    -- link to codeflows (kind_pathproblem.csv only, NULL otherwise)
+    codeFlow_id INT,
+    --
+    source_startLine int,
+    source_startCol int,
+    source_endLine int,
+    source_endCol int,
+    --
+    sink_startLine int,
+    sink_startCol int,
+    sink_endLine int,
+    sink_endCol int,
+    --
+    source_object STRING, -- higher-level info: 'args', 'request', etc.
+    sink_object string, -- higher level: 'execute', 'sql statement', etc.
+
+  #+END_SRC
+
+
+
+#+HTML: </div> 

notes/tables.txt

@@ -1,187 +0,0 @@
-The current ==> project.csv <== table is broken.  It's a combination of project
-meta info (to be moved to a separate =project= table) and the entry point to a
-single =project='s sarif results 
-
-==> project-meta.csv <==
-creation_date
-primary_language
-project_name
-query_commit_id
-sarif_file_name
-scan_id
-scan_start_date
-scan_stop_date
-tool_name
-tool_version
-
-==> project-scan-result.csv <==
-$schema
-sarif_version
-run_index
-artifacts
-columnKind
-results
-semmle.formatSpecifier
-semmle.sourceLanguage
-driver_name
-organization
-rules
-driver_version
-repositoryUri
-revisionId
-
-
-==> artifacts.csv <==
-artifacts_id
-index
-uri
-uriBaseId
-
-==> codeflows.csv <==
-codeflow_id
-codeflow_index
-threadflow_index
-location_index
-endColumn
-endLine
-startColumn
-startLine
-artifact_index
-uri
-uriBaseId
-message
-
-==> kind_pathproblem.csv <==
-results_array_id
-results_array_index
-codeFlows_id
-ruleId
-ruleIndex
-location_array_index
-location_id
-location_endColumn
-location_endLine
-location_startColumn
-location_startLine
-location_index
-location_uri
-location_uriBaseId
-location_message
-relatedLocation_array_index
-relatedLocation_id
-relatedLocation_endColumn
-relatedLocation_endLine
-relatedLocation_startColumn
-relatedLocation_startLine
-relatedLocation_index
-relatedLocation_uri
-relatedLocation_uriBaseId
-relatedLocation_message
-message_text
-primaryLocationLineHash
-primaryLocationStartColumnFingerprint
-rule_id
-rule_index
-
-==> kind_problem.csv <==
-results_array_id
-results_array_index
-ruleId
-ruleIndex
-location_array_index
-location_id
-location_endColumn
-location_endLine
-location_startColumn
-location_startLine
-location_index
-location_uri
-location_uriBaseId
-location_message
-relatedLocation_array_index
-relatedLocation_id
-relatedLocation_endColumn
-relatedLocation_endLine
-relatedLocation_startColumn
-relatedLocation_startLine
-relatedLocation_index
-relatedLocation_uri
-relatedLocation_uriBaseId
-relatedLocation_message
-message_text
-primaryLocationLineHash
-primaryLocationStartColumnFingerprint
-rule_id
-rule_index
-
-==> project.csv <==
-creation_date
-primary_language
-project_name
-query_commit_id
-sarif_file_name
-scan_id
-scan_start_date
-scan_stop_date
-tool_name
-tool_version
-$schema
-sarif_version
-run_index
-artifacts
-columnKind
-results
-semmle.formatSpecifier
-semmle.sourceLanguage
-driver_name
-organization
-rules
-driver_version
-repositoryUri
-revisionId
-
-==> relatedLocations.csv <==
-struct_id
-uri
-startLine
-startColumn
-endLine
-endColumn
-message
-
-==> rules.csv <==
-rules_array_id
-rules_array_index
-id
-name
-enabled
-level
-fullDescription
-shortDescription
-kind
-precision
-security-severity
-severity
-sub-severity
-tag_index
-tag_text
-
-==> scans.csv <==
-commit_id
-project_id
-db_create_start
-db_create_stop
-scan_start_date
-scan_stop_date
-tool_name
-tool_version
-tool_query_commit_id
-sarif_content
-sarif_file_name
-
-==> projects.csv <==
-project_name
-creation_date
-repository_url
-primary_language
-languages_analyzed