New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MRG] Work around LGTM errors: Clear-text logging of sensitive information #681
[MRG] Work around LGTM errors: Clear-text logging of sensitive information #681
Conversation
Disable false positives that cannot be fixed by LGTM, because their heuristic detects strings such "id" that are actually very common in DICOM, for example in "UID".
Codecov Report
@@ Coverage Diff @@
## master #681 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 28 28
Lines 8620 8620
=========================================
Hits 8620 8620 |
Was this pull request closed on purpose? I suspect it wasn't closed on purpose in #717, but of course it's OK if that's the case - but I would humbly ask for a chance to explain why I find this pull request useful. |
Ah, sorry, got the numbers mixed up, it was meant to be #677 But yeah, I wasn't really convinced of the worth of adding another config file anyway. Explain away! |
The output of the LGTM.com static analyser is visible to anyone. It is associated to GitHub and is not opt-in: You could of course decide you don't care. Another course of action would be to have a look at the output of static analysis tools and fix the actual real positives (probably a minority) and silence the false positives. The purpose of this config file is to silence the false positives. The valid names for the config file are either |
Fair enough, you've convinced me |
Hopefully I will now be able to fix a few more real positives and find a way to silence false positives in a way that doesn't hide future real positives. |
Because Semmle has joined GitHub, LGTM.com will be deprecated and replaced by GitHub code scanning. The next step for LGTM.com: GitHub code scanning! As far as I can understand, in simple cases such as this one, automated pull requests will be created to help us migrate:
|
Disable false positives that cannot be fixed by LGTM, because their heuristic detects strings such "
id
" that are actually very common in DICOM, for example in "UID
".Tasks