DevSkim icon indicating copy to clipboard operation
DevSkim copied to clipboard

Published 20 hours ago verified publisher icon microsoft

skip DS440000 for shell scripts

Open chipitsine opened this issue 4 years ago • 2 comments

we do not benefits from issues like this

image

chipitsine avatar Nov 03 '21 02:11 chipitsine

I came to an idea how to test it. let me test (I'll convert after that)

chipitsine avatar Nov 03 '21 09:11 chipitsine

@scovetta is the rule intended to catch this in shell scripts?

gfs avatar Nov 09 '21 18:11 gfs

After additional review, I don't think that the correct solution here would be to not surface this at all in shell scripts. DevSkim provides levers to ignore specific instances of rule matches you believe are not relevant to you - for example suppression comments.

DevSkim doesn't do AST parsing, so we cannot know where the variable here flowed from - it might be hardcoded at some point or it may be flowing from an argument to the script. For a solution with data flow that can automatically make such a distinction I can recommend CodeQL.

I believe devskim already has a mechanism to ignore a specific rule by ID, but in this case you only want to ignore certain file types, so I'll add an issue to track adding this for DevSkim 0.7. #406

gfs avatar Oct 17 '22 22:10 gfs