DevSkim icon indicating copy to clipboard operation
DevSkim copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Add setting to disable rules per language

Open gerane opened this issue 8 years ago • 7 comments

I primarily write PowerShell, and some of the rules do not translate well and create a flood of false positives. It would be nice to be able to disable Rules in an array in the extension settings. Something like this would be helpful

"devskim.disableRulesLanguage": {
    "PowerShell":  [
        "DS104456",
        "DS176209"
    ]
},
"devskim.disableRules": [
    "DS176209"
]

I am not sure if part of this would be an issue for the main repository or this one.

gerane avatar Mar 29 '17 15:03 gerane

Hi Gerane - I'll work on spec'ing something like that out. It might also make sense to add an explicit exclusion to some of our catch all rules for areas where they don't work well, so that folks don't need to manually adjust those settings. Are the rule IDs above examples of ones that work poorly in Powershell?

joshbw avatar Apr 01 '17 10:04 joshbw

@gerane, @scovetta - working on this now (the last couple months have been nuts, sorry for the delay), and a question for you. We have a couple of rules that override other rules. For example, we might have a catch all rule that looks for the string MD5 in everything, since it probably refers to the ill advised MD5 hashing algorithm, but then for C# we might have a specific rule for MD5CryptoServiceProvider so that we can target that API specifically (and offer an appropriate Fix It). The rule for MD5CryptoServiceProvider would have a value that says it supersedes the generic MD5 check, and that the MD5 check shouldn't also be reported.

My instinct is that if someone suppresses the rule for MD5CryptoServiceProvider they also want the generic check for MD5 suppressed, even if they didn't explicitly list it. Do you think that's a fair assumption?

joshbw avatar Jun 09 '17 16:06 joshbw

@gerane - v0.1.3 was just uploaded to the marketplace and has an ignorerule setting, though it isn't per language

joshbw avatar Jun 13 '17 16:06 joshbw

@joshbw To answer your earlier question about PowerShell specific rules DS104456 also works poorly for PowerShell. This triggers highlighting on all instances of the word Invoke, which is a PowerShell approved verb. Example: Invoke-Expression.

kevinkabatra avatar Jul 28 '17 15:07 kevinkabatra

@daalcant please provide an update when this is closed.

gfs avatar Feb 07 '20 22:02 gfs

I noticed this is an issue with DS137138 which detects "insecure URLs" in .csproj files. I'm not sure that we should care about that.

gfs avatar Mar 01 '20 18:03 gfs

Per previous conversation consider this resolved on VSCode.

The Visual Studio Extension needs a new setting in the GUI that allows providing a list of rules to ignore. This needs to somehow be a list of Key Value Pairs of languages and then the rules to ignore.

Need to add the setting here: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Settings.cs

Need to add CS logic here to load it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPage.cs

Need to add the XAML entries here to display it: https://github.com/microsoft/DevSkim/blob/main/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Options/OptionsDialogPageControl.xaml.cs

The settings are then fetched here:

https://github.com/microsoft/DevSkim/blob/b6fa91e86ad334bded5ffda90b249118052f021d/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Shim/SkimShim.cs#L32

And you'll need to filter out the rules that are filtered based on the settings before here:

https://github.com/microsoft/DevSkim/blob/b6fa91e86ad334bded5ffda90b249118052f021d/DevSkim-DotNet/Microsoft.DevSkim.VSExtension/Shim/SkimShim.cs#L41

gfs avatar Aug 03 '20 17:08 gfs