-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add setting to disable rules per language #116
Comments
Hi Gerane - I'll work on spec'ing something like that out. It might also make sense to add an explicit exclusion to some of our catch all rules for areas where they don't work well, so that folks don't need to manually adjust those settings. Are the rule IDs above examples of ones that work poorly in Powershell? |
@gerane, @scovetta - working on this now (the last couple months have been nuts, sorry for the delay), and a question for you. We have a couple of rules that override other rules. For example, we might have a catch all rule that looks for the string MD5 in everything, since it probably refers to the ill advised MD5 hashing algorithm, but then for C# we might have a specific rule for MD5CryptoServiceProvider so that we can target that API specifically (and offer an appropriate Fix It). The rule for MD5CryptoServiceProvider would have a value that says it supersedes the generic MD5 check, and that the MD5 check shouldn't also be reported. My instinct is that if someone suppresses the rule for MD5CryptoServiceProvider they also want the generic check for MD5 suppressed, even if they didn't explicitly list it. Do you think that's a fair assumption? |
@gerane - v0.1.3 was just uploaded to the marketplace and has an ignorerule setting, though it isn't per language |
@joshbw To answer your earlier question about PowerShell specific rules DS104456 also works poorly for PowerShell. This triggers highlighting on all instances of the word Invoke, which is a PowerShell approved verb. Example: Invoke-Expression. |
@daalcant please provide an update when this is closed. |
I noticed this is an issue with DS137138 which detects "insecure URLs" in .csproj files. I'm not sure that we should care about that. |
Per previous conversation consider this resolved on VSCode. The Visual Studio Extension needs a new setting in the GUI that allows providing a list of rules to ignore. This needs to somehow be a list of Key Value Pairs of languages and then the rules to ignore. Need to add the setting here: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Settings.cs Need to add CS logic here to load it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPage.cs Need to add the XAML entries here to display it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPageControl.xaml.cs The settings are then fetched here:
And you'll need to filter out the rules that are filtered based on the settings before here:
|
I primarily write PowerShell, and some of the rules do not translate well and create a flood of false positives. It would be nice to be able to disable Rules in an array in the extension settings. Something like this would be helpful
I am not sure if part of this would be an issue for the main repository or this one.
The text was updated successfully, but these errors were encountered: