wporg-code-analysis icon indicating copy to clipboard operation
wporg-code-analysis copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Scan ignored files anyway

Open iandunn opened this issue 3 years ago • 1 comments

Some authors add things like // phpcs:ignoreFile, or ignore files in the config. That's often done on files that were created before a standard was adopted, and need a lot of work to conform to the standard.

For the purposes of this repo, though, we probably still want to scan those files for security issues. Authors won't expect that disabling their personal code standard tooling will prevent this tool from finding security bugs.

iandunn avatar Apr 05 '22 17:04 iandunn

It's probably still good to ignore lines that the dev has marked as ignored, though, since they often are things that the dev has manually reviewed.

After a quick search, I don't see an obvious way to scan ignored files w/ PHPCS, so we may need to remove the // phpcs:ignoredFile lines from the files after downloading a local copy.

iandunn avatar Apr 06 '22 14:04 iandunn