Skip to content

fix(sarif): Use HTTPS scheme for schema URI#844

Merged
kucherenko merged 1 commit into
kucherenko:masterfrom
chrisc-onaorg:schema-uri-https
Jun 24, 2026
Merged

fix(sarif): Use HTTPS scheme for schema URI#844
kucherenko merged 1 commit into
kucherenko:masterfrom
chrisc-onaorg:schema-uri-https

Conversation

@chrisc-onaorg

@chrisc-onaorg chrisc-onaorg commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Resolve "untrusted URI" issues in some SARIF-consuming tools caused by use of an HTTP URL for the schema URI in generated SARIF output.

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Very minor fix / improvement.

  • What is the current behavior? (You can also link to an open issue here)

Schema URI emitted in SARIF output is HTTP instead of HTTPS.

  • What is the new behavior (if this is a feature change)?

Schema URI is now emitted as an HTTPS URL.

  • Other information:

This is a fix or improvement for tools which consume JSON documents including SARIF, which report trust errors for JSON schemas which are not built-in to said tools and are not referenced by HTTPS. All HTTP URLs from json.schemastore.org are also accessible via HTTPS.


This change is Reviewable

Summary by CodeRabbit

  • Bug Fixes
    • Updated the generated SARIF output to use a secure HTTPS schema URL instead of HTTP.

Resolve "untrusted URI" issues in some SARIF-consuming tools caused by
use of an HTTP URL for the schema URI in generated SARIF output.
@coderabbitai

coderabbitai Bot commented Jun 24, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 8638f1d3-b89c-4298-babb-dc357bddd12f

📥 Commits

Reviewing files that changed from the base of the PR and between 9cf3cc3 and d8aae77.

📒 Files selected for processing (1)
  • rust/crates/cpd-reporter/src/sarif.rs

Walkthrough

The SARIF output's $schema URL in rust/crates/cpd-reporter/src/sarif.rs is updated from HTTP to HTTPS, changing http://json.schemastore.org/sarif-2.1.0.json to https://json.schemastore.org/sarif-2.1.0.json.

Changes

SARIF Schema URL Protocol Fix

Layer / File(s) Summary
SARIF $schema URL protocol update
rust/crates/cpd-reporter/src/sarif.rs
The hardcoded $schema field value is changed from http:// to https:// for the schemastore.org SARIF 2.1.0 schema URL.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A tiny hop, a small refine,
The URL now starts with https:// — divine!
No more plain HTTP for me,
Secure connections, hopping free!
🐇✨ One line changed, the schema shines!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately describes the main change: switching the SARIF schema URI to HTTPS.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@kucherenko kucherenko merged commit c1e84dd into kucherenko:master Jun 24, 2026
6 checks passed
@chrisc-onaorg chrisc-onaorg deleted the schema-uri-https branch June 24, 2026 17:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants