Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow inline ignore directives to disable rule(s) for a snippet of code #16

Open
klutchell opened this issue Nov 19, 2024 · 3 comments
Open

Comments

@klutchell
Copy link

Similar to other linters, we would like the option exclude a line of code from having a rule applied if we have deemed them to be not problematic in context.

e.g.

So something like...

run: |
   # octoscan ignore=unsecure-commands
   echo "echo "::set-env name=ENV_NAME::value"

or

# octoscan ignore=unsecure-commands
run: |
   echo "##[set-env name=ENV_NAME;]value"
   # or
   echo "echo "::set-env name=ENV_NAME::value"
@hugo-syn
Copy link
Collaborator

Hi @klutchell, this would be a great feature, however it seems a bit complicated to implement. The tool is based on https://github.com/rhysd/actionlint for all the YAML parsing and core logic, and to my knowledge this tool does not support this feature. I can try to look at this, but it does not seem easy

@klutchell
Copy link
Author

That's fair, and what I expected the answer might be. We use actionlint as well so we could benefit in multiple ways if they implemented this feature request.

@hugo-syn
Copy link
Collaborator

If he implements it I'll do the same here, but I don't want to spend time doing a PR, I already have one opened since 2023 and there are also other really interesting ones that are still waiting for merging or comments from the author.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants