You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 6, 2021. It is now read-only.
There are different issues - some are more concrete others are problems only in specific situations and easily can produce many false-positives.
Like tsr-detect-non-literal-fs-filename rule is a problem when there is a user input which is not checked. This is a narrow case from all possible uses of fs.open/fs.read/fs.write and can easily produce many false-positives.
Having a confidence level will give an understanding of how possible is a false-positive from a concrete rule.
Many static code analysis tools for security vulnerabilities like Bandit and Gosec are using "confidence" level in their output.
The text was updated successfully, but these errors were encountered:
There are different issues - some are more concrete others are problems only in specific situations and easily can produce many false-positives.
Like tsr-detect-non-literal-fs-filename rule is a problem when there is a user input which is not checked. This is a narrow case from all possible uses of fs.open/fs.read/fs.write and can easily produce many false-positives.
Having a confidence level will give an understanding of how possible is a false-positive from a concrete rule.
Many static code analysis tools for security vulnerabilities like Bandit and Gosec are using "confidence" level in their output.
The text was updated successfully, but these errors were encountered: