Currently if you want to scan a folder for terraform code (for example) it only works with .tf files. To support .hcl files, it requires making a patch upstream to semgrep and waiting for a new release. Could we make this overridable without having to edit code?
Describe the solution you'd like
Validate test commands arguments before Run. This pattern will allow us to governance behaviors such as flags/arguments validation in all commands. Additionally, this should make the code easier to understand and maintain.
Requirements
Golang basic level.
“How to Implement” suggestion
See [issue](datreeio/datree#4
Many repositories need to fix, so please help if you like.
If you could help, it would be helpful if you could comment before starting the work not to overlapping.
Run exit command after lint.
echo '::group:: Running golangci-lint with reviewdog 🐶 ...'
go
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
.bandit file with content:[bandit]
tests: B101,B102,B301
bandit -c .bandit -r module/[main] ERROR .bandit : Error parsing file.Expected behavior
working as described in readme
Bandit version
ba
We sometimes see code like this:
def foo(*, left=None, right=None):
""" ... """
if (left is None) != (right is None):
raise ValueError('Either both left= and right= need to be provided or none should.')It is very easy to make the mistake of writing the check as:
def foo(*, left=None, right=None):
""" ... """
if left is No
Affects PMD Version:
6.45.0
Description:
UseCollectionIsEmptyRule fails with NPE if:
Is your feature request related to a problem? Please describe.
When one is using the method "WriteString" of the type "strings::Builder" and does not handle the error it is flagged because all errors must be handled. However, This method never returns an error. Hence, it makes sense to ignore it (even by default).
The problem with revive is, that it does not allow to ignore methods with
This would allow for more localized suppressions. Say we have a method foo(Object o) in an annotated third-party library where o has no type annotation, but o really should be @Nullable, as foo() can handle being passed null as a parameter. In code checked by NullAway, say you write:
void bigMethod() {
...
foo(null); // NullAway reports an error
...
}I beli
[spotbugs] Running SpotBugs...
[spotbugs] Unexpected problem occured during version sanity check
[spotbugs] Reported exception:
[spotbugs] java.lang.AbstractMethodError: Receiver class org.slf4j.nop.NOPServiceProvider does not define or inherit an implementation of the resolved method 'abstract java.lang.String getRequesteApiVersion()' of interface org.slf4j.
I wrote some of the code to do this in a branch https://github.com/python-security/pyt/compare/class_based_views, but since I'm working on other things and this feature seems cool and important I'm making this issue
Let me know if you would like any help in implementing.
Rubberduck version information
The info below can be copy-paste-completed from the first lines of Rubberduck's log or the About box:
Rubberduck version [Version 2.5.2.6030
OS: Microsoft Windows NT 10.0.22000.0, x64
Host Product: Microsoft Office x64
Host Version: 16.0.14701.20226
Host Executable: WINWORD.EXE
Description
Language inspection for assignment of LCase suggests usi
Add a description, image, and links to the static-code-analysis topic page so that developers can more easily learn about it.
To associate your repository with the static-code-analysis topic, visit your repo's landing page and select "manage topics."
There are some annoying warnings when building the documentation site: