[New Feature] Confidence level for the issues

[MVrachev]

There are different issues - some are more concrete others are problems only in specific situations and easily can produce many false-positives.

Like tsr-detect-non-literal-fs-filename rule is a problem when there is a user input which is not checked. This is a narrow case from all possible uses of fs.open/fs.read/fs.write and can easily produce many false-positives.

Having a confidence level will give an understanding of how possible is a false-positive from a concrete rule.

Many static code analysis tools for security vulnerabilities like Bandit and Gosec are using "confidence" level in their output.

[MVrachev]

Is it possible to do that or TSLint doesn't provide us confidence level?

[webschik]

TSLint allows to configure a severity level (https://palantir.github.io/tslint/usage/configuration/), but currently, all rules from tslint-config-security have a severity error.

As a quick solution you may use

// tslint:disable-next-line tsr-detect-non-literal-fs-filename
fs.open(myTrustedVariable)

[MVrachev]

When I say "confidence level" I mean how sure is the linter that what it gives you is a problem.
As an example in Bandit in a typical output you have:

[webschik]

TSLint doesn't provide API for that.