False positive: "http:" flagged as a variable name #68

scovetta · 2019-04-11T04:47:21Z

Instead of flagging http:, we should probably include the slashes too. That should cut down a bit on the noise.

joshbw · 2019-04-12T13:30:30Z

This was updated ages ago in https://github.com/Microsoft/DevSkim/blob/master/rules/default/security/attack_surface/outbound_network.json - it requires finding http:/ - which plugin is in use? That plugin likely has an outdated rule

anuraj · 2019-04-17T08:52:24Z

I am not using any plugins - default installation I mean. I am using VS 2017 DevSkim extension.

Here is the details of extension.

Here is the details of Visual Studio.

It is throwing this error for an Angular typescript file.

Fix #68.

scovetta added the bug label Apr 11, 2019

seanmccay mentioned this issue Dec 12, 2019

False Positive: variable name flagged as Insecure URL #78

Closed

gfs added the rule Something associated with the rules (not code related) label Feb 7, 2020

gfs assigned daalcant Feb 7, 2020

gfs closed this as completed in bb19b74 Feb 12, 2020

gfs added a commit that referenced this issue Feb 12, 2020

Merge pull request #92 from microsoft/gfs/#68

f532de2

Fix #68.

Provide feedback