Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add setting to disable rules per language #116

Closed
gerane opened this issue Mar 29, 2017 · 7 comments
Closed

Add setting to disable rules per language #116

gerane opened this issue Mar 29, 2017 · 7 comments
Assignees
@gfs
Labels
enhancement VS Related to the Visual Studio Extension
Milestone
1.1

Comments

@gerane
Copy link

gerane commented Mar 29, 2017

I primarily write PowerShell, and some of the rules do not translate well and create a flood of false positives. It would be nice to be able to disable Rules in an array in the extension settings. Something like this would be helpful

"devskim.disableRulesLanguage": {
    "PowerShell":  [
        "DS104456",
        "DS176209"
    ]
},
"devskim.disableRules": [
    "DS176209"
]

I am not sure if part of this would be an issue for the main repository or this one.
@joshbw
Copy link
Contributor

joshbw commented Apr 1, 2017

Hi Gerane - I'll work on spec'ing something like that out. It might also make sense to add an explicit exclusion to some of our catch all rules for areas where they don't work well, so that folks don't need to manually adjust those settings. Are the rule IDs above examples of ones that work poorly in Powershell?

@joshbw
Copy link
Contributor

joshbw commented Jun 9, 2017

@gerane, @scovetta - working on this now (the last couple months have been nuts, sorry for the delay), and a question for you. We have a couple of rules that override other rules. For example, we might have a catch all rule that looks for the string MD5 in everything, since it probably refers to the ill advised MD5 hashing algorithm, but then for C# we might have a specific rule for MD5CryptoServiceProvider so that we can target that API specifically (and offer an appropriate Fix It). The rule for MD5CryptoServiceProvider would have a value that says it supersedes the generic MD5 check, and that the MD5 check shouldn't also be reported.

My instinct is that if someone suppresses the rule for MD5CryptoServiceProvider they also want the generic check for MD5 suppressed, even if they didn't explicitly list it. Do you think that's a fair assumption?

@joshbw
Copy link
Contributor

joshbw commented Jun 13, 2017

@gerane - v0.1.3 was just uploaded to the marketplace and has an ignorerule setting, though it isn't per language

@kevinkabatra
Copy link

@joshbw To answer your earlier question about PowerShell specific rules DS104456 also works poorly for PowerShell. This triggers highlighting on all instances of the word Invoke, which is a PowerShell approved verb. Example: Invoke-Expression.

@gfs gfs closed this as completed Feb 7, 2020
@gfs
Copy link
Contributor

gfs commented Feb 7, 2020

@daalcant please provide an update when this is closed.

@gfs gfs reopened this Feb 7, 2020
@daalcant daalcant transferred this issue from microsoft/DevSkim-VSCode-Plugin Feb 24, 2020
@daalcant daalcant self-assigned this Feb 24, 2020
@daalcant daalcant added enhancement VSCode Related to the VS Code extension labels Feb 24, 2020
@gfs gfs changed the title Add setting to disable rules\Disable rules per language Add setting to disable rules Feb 25, 2020
@gfs gfs mentioned this issue Feb 25, 2020
Closed
@gfs gfs changed the title Add setting to disable rules Add setting to disable rules per language Mar 1, 2020
@gfs
Copy link
Contributor

gfs commented Mar 1, 2020

I noticed this is an issue with DS137138 which detects "insecure URLs" in .csproj files. I'm not sure that we should care about that.

@gfs gfs added the VS Related to the Visual Studio Extension label Mar 1, 2020
@gfs gfs assigned gfs and unassigned daalcant Mar 25, 2020
@gfs gfs added this to the 1.1 milestone Apr 23, 2020
@gfs gfs mentioned this issue Aug 3, 2020
Closed
@gfs
Copy link
Contributor

gfs commented Aug 3, 2020

Per previous conversation consider this resolved on VSCode.

The Visual Studio Extension needs a new setting in the GUI that allows providing a list of rules to ignore. This needs to somehow be a list of Key Value Pairs of languages and then the rules to ignore.

Need to add the setting here: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Settings.cs

Need to add CS logic here to load it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPage.cs

Need to add the XAML entries here to display it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPageControl.xaml.cs

The settings are then fetched here:

DevSkim/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Shim/SkimShim.cs

Line 32 in b6fa91e

Settings set = Settings.GetSettings();

And you'll need to filter out the rules that are filtered based on the settings before here:

DevSkim/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Shim/SkimShim.cs

Line 41 in b6fa91e

return _instance.processor.Analyze(text, _instance.GetLanguageList(contentType, fileName));

@gfs gfs removed the VSCode Related to the VS Code extension label Oct 21, 2021
@gfs gfs mentioned this issue Apr 20, 2023
Closed
gfs added a commit that referenced this issue Apr 28, 2023
@gfs
Fixes #116
946744f 
Adds a way to configure disabling rules on a per language basis to the analyze command, and to specify non-required options using json.
@gfs gfs closed this as completed in 0c648e0 Apr 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gfs gfs

Labels
enhancement VS Related to the Visual Studio Extension
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
5 participants
@gfs @gerane @kevinkabatra @joshbw @daalcant