Fixed #14032 (SARIF: version should be the first property)

danmar · danmar · commit ca631b3b1415 · 2025-11-20T17:13:40.000+01:00
diff --git a/lib/sarifreport.cpp b/lib/sarifreport.cpp
@@ -180,11 +180,10 @@ std::string SarifReport::serialize(std::string productName) const
         version.erase(version.find(' '), std::string::npos);
 
     picojson::object doc;
-    doc["version"] = picojson::value("2.1.0");
     doc["$schema"] = picojson::value("https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json");
     doc["runs"] = serializeRuns(productName, version);
 
-    return picojson::value(doc).serialize(true);
+    return "{\n  \"version\": \"2.1.0\"," + picojson::value(doc).serialize(true).substr(1);
 }
 
 std::string SarifReport::sarifSeverity(const ErrorMessage& errmsg)
diff --git a/test/testsarifreport.cpp b/test/testsarifreport.cpp
@@ -98,6 +98,10 @@ class TestSarifReport : public TestFixture
         ASSERT_EQUALS("2.1.0", root.at("version").get<std::string>());
         ASSERT(root.at("$schema").get<std::string>().find("sarif-schema-2.1.0") != std::string::npos);
 
+        // From SARIF specification (https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/sarif-v2.1.0-errata01-os-complete.html#_Toc141790730):
+        // Although the order in which properties appear in a JSON object value is not semantically significant, the version property SHOULD appear first.
+        ASSERT_EQUALS("{\n  \"version\": \"2.1.0\"", sarif.substr(0,22));
+
         const picojson::array& runs = root.at("runs").get<picojson::array>();
         ASSERT_EQUALS(1U, runs.size());
 
