ericwb
commented
2 years ago Could you please give me some more insight into the problem this PR is fixing? Seems like a good one to open as a feature enhancement first. Thanks!
Open mayblo opened 2 years ago
ericwb
commented
2 years ago Could you please give me some more insight into the problem this PR is fixing? Seems like a good one to open as a feature enhancement first. Thanks!
sigmavirus24
commented
2 years ago Also bandit doesn't offer fingerprinting
rotem-cider
commented
2 years ago Also bandit doesn't offer fingerprinting
We encountered problems when other tools using sarif use fingerprinting and use the code area, every time there is a change in a line the fingerprint changes. This is why we added internally the option to remove line numbers and thought it will be a good idea to contribute back to bandit
rotem-cider
commented
2 years ago The environment isn't where we store these values as that's not preserved in multiprocessing
We investigated and saw it is complicated and need more time to understand how to propagate the flag to the issues function.
I agree env is not the ideal solution, If you have any good suggestions how to propogate the data we will be happy to talk and make the changes
Because of fingerprinting algorithms the line numbers may change the fingerprints.