jasonforal
commented
3 months ago Rebasing on main to get https://github.com/DataDog/datadog-static-analyzer/pull/448
Closed jasonforal closed 3 months ago
jasonforal
commented
3 months ago Rebasing on main to get https://github.com/DataDog/datadog-static-analyzer/pull/448
What problem are you trying to solve?
The ddsa runtime solves numerous performance issues, as well as enabling functionality that will allow more powerful and accurate rules to be written.
This was a complete re-write of our existing JavaScript runtime, and so for caution, we implemented it as a feature flag so that we could test it internally to ensure parity across a larger sample size of files and usage (https://github.com/DataDog/datadog-static-analyzer/pull/428).
Running for two weeks confirmed parity (and where not 100%, it is due to false positives/negatives that this PR fixes)
What is your solution?
--ddsa-runtimeas a CLI flag for both the analyzer and the server. Our binaries throw an error upon receiving an unexpected CLI flag, and so to give time for users to change existing usage, we "deprecate" the flag now via a printed warning. We will remove this flag in a future release. (we already clarified the flag was for "internal" use, so this method of deprecating is appropriate)Alternatives considered
What the reviewer should know