[media-types] Notice of request for media-type registration: application/sarif+json
Chet Ensign <chet.ensign@oasis-open.org> Thu, 09 April 2020 18:34 UTC
Return-Path: <chet.ensign@oasis-open.org>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7F443A0B8C for <media-types@ietfa.amsl.com>; Thu, 9 Apr 2020 11:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oasis-open-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gIFbQ95HxZK5 for <media-types@ietfa.amsl.com>; Thu, 9 Apr 2020 11:34:15 -0700 (PDT)
Received: from pechora1.lax.icann.org (pechora1.icann.org [IPv6:2620:0:2d0:201::1:71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DF683A0B87 for <media-types@ietf.org>; Thu, 9 Apr 2020 11:34:14 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pechora1.lax.icann.org (Postfix) with ESMTPS id 3DA401E0AF9 for <media-types@iana.org>; Thu, 9 Apr 2020 18:34:14 +0000 (UTC)
Received: by mail-ed1-x531.google.com with SMTP id z65so1170269ede.0 for <media-types@iana.org>; Thu, 09 Apr 2020 11:34:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oasis-open-org.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:cc; bh=xLpOP/3MiuFK76P8kYZ5aki/s6aKqDra4g9WtmW3NPQ=; b=NG5y+MOaT9X5kl64Tf+N+g5SEdxv77XzRMfNcTbqACwdSd1RAcBVjqBYIrnLN00BUd +4z2vXkPEpK74hbTWufmU6RRi3gX59ZImqglSg+ZUeprmDeOw8eEdlpF/8ffXAnJuwrP Goe/YTHEJPdpQdCaQXdoF9i3DVCGNkF4vKv06jwO5RVyHACo9nz3/t2kPSUTjdbNyV4i TMZ6935UUUXu++R9Dr/NpnW4Y3t4dpgYbEUaoTPy4nTfc8veDDIv59kmvqjiPP5+/h9v Pps/yVLQUW/BkESkr0+viDuI0rVMms19N6XBE2xXVIfMXmDyuR/CPDL8W+FDYxXTz2WA Tq7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=xLpOP/3MiuFK76P8kYZ5aki/s6aKqDra4g9WtmW3NPQ=; b=NAz3yYszhZWYty24lTzkB0VtRpNvrRHxNdGbp9c8W+tRGXoHu22lHPjM3zHFn8ijpv Y92t16CpGp5QH8YAx6gfGhLaoNJ4G48yhXL7J0yPgFaLhNOlwPsoQVF3jfcStwg8yFK9 1Ycwp9ru39KODAt5j5VyX4vT+yW5ViEr4N/iNcsVukBf+N60YPx8LRA37zJHEIeQauIS HlfH15DnIti20TzAqLk0qFJrWH9HLeMowjye3AzF54juHHrvzgdcYsmCkZXoSTrl/+xJ lXAGrPKP4YQFYBxThVXdSWFIcqPp43s4T51tCBSczGdDdV9OF8ikACEGJxL+b/aziftq wtdA==
X-Gm-Message-State: AGi0PuYihA2A6YUNOQvaQagIEpW7wBbJ/CQEscDLcm35wK4qxFcO8Hdv 1cvdbM1swmE62l98vvStWIiodWCNE4gQreCgoAV5iO+RBg==
X-Google-Smtp-Source: APiQypLdAyUWgJXjKtsEUYJikIeOAgGNHHK7OU0gvYwQj+h4vBgO93BCWsWx4sV5u+VNsEmfIBYKvgQW2BtlmHyT0SQ=
X-Received: by 2002:a05:6402:1655:: with SMTP id s21mr1333833edx.295.1586457233018; Thu, 09 Apr 2020 11:33:53 -0700 (PDT)
MIME-Version: 1.0
From: Chet Ensign <chet.ensign@oasis-open.org>
Date: Thu, 09 Apr 2020 14:33:42 -0400
Message-ID: <CAAwgnnPTwLaJo8fBYZQKOc+7hK-mDWKedEauW5SeYfvGuGWNZw@mail.gmail.com>
To: media-types@iana.org
Cc: mikefan@microsoft.com, "Larry Golding (Myriad Consulting Inc)" <v-lgold@microsoft.com>
Content-Type: multipart/alternative; boundary="000000000000d37dbe05a2dfdbd0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/media-types/dYcLl3hit3UIfVxyvmSBROq_o0A>
Subject: [media-types] Notice of request for media-type registration: application/sarif+json
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/media-types/>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2020 18:34:17 -0000
Members of the OASIS Static Analysis Results Interchange Format (SARIF) Technical Committee wish to register a media type associated with the recently-approved SARIF Version 2.1.0 OASIS Standard. We post the registration request form here for review before submitting it to IANA. I am the administrative contact for OASIS for IANA registration requests. The technical contacts for this request are Michael Fanning ( mikefan@microsoft.com) and Laurence Golding (v-lgold@microsoft.com). They are tasked by the OASIS SARIF TC to provide any additional information or answers to questions that you may have. Thank you in advance for your comments and feedback. /chet ensign OASIS Open, Inc. IETF RFC6838 Section 5.6. Registration Template https://tools.ietf.org/html/rfc6838#section-5.6 --- Type name: application Subtype name: sarif+json Required parameters: N/A Optional parameters: N/A Encoding considerations: UTF8 only Security considerations: - The use of absolute paths in analysis result location URIs might reveal sensitive information about the machine on which the scan was performed. - The use of the hostname component in analysis result location URI might reveal the network location of the machine on which the scan was performed. - The use of raw HTML in message strings expressed in Markdown might allow arbitrary code execution (for example, through javascript: links). - The use of deeply nested constructs in Markdown message strings might lead to stack overflow in some Markdown implementations. - Certain properties of the SARIF object model might reveal information about the machine on which a scan was run. (The specification allows such properties to be omitted or "redacted".) - Certain properties of the SARIF object model (such as the command line that invoked the analysis tool) can contain arbitrary commands which might damage a machine on which they are run. Interoperability considerations: N/A Published specification: Static Analysis Results Interchange Format (SARIF) Version 2.1.0. Edited by Michael C. Fanning and Laurence J. Golding. 27 March 2020. OASIS Standard. https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.html. Latest stage: https://docs.oasis-open.org/sarif/sarif/v2.1.0/sarif-v2.1.0.html. Applications that use this media type: The following list is not exhaustive: - Static analysis tools - Static analysis results visualization tools (viewers) - Bug filing tools - Defect databases - Compliance systems Fragment identifier considerations: N/A Additional information: Deprecated alias names for this type: N/A Magic number(s): N/A File extension(s): .sarif, .sarif.json Macintosh file type code(s): N/A Person & email address to contact for further information: Michael C. Fanning (mikefan@microsoft.com), Laurence J. Golding ( v-lgold@microsoft.com), and Chet Ensign (chet.ensign@oasis-open.org) Intended usage: LIMITED USE Restrictions on usage: N/A Author: OASIS Static Analysis Results Interchange Format (SARIF) TC ( https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=sarif) Change controller: OASIS Open (https://www.oasis-open.org/) Provisional registration? (standards tree only): No -- /chet ---------------- Chet Ensign Chief Technical Community Steward OASIS: Advancing open source & open standards for the information society http://www.oasis-open.org Mobile: +1 201-341-1393