cflintexclude.json not being used

[timbeadle]

[
    {
        "function": "init",
        "code": "MISSING_VAR"
    },
    {
        "file": ".*WEB-INF.*"
    },
    {
        "file": ".*frameworks.*"
    },
    {
        "file": ".*org/corfield.*"
    },
    {
        "file": ".*org/mandel.*"
    },
    {
        "file": ".*org/nadel.*"
    },
    {
        "file": ".*org/muracms.*"
    },
    {
        "file": ".*openday.cfm"
    },
    {
        "file": ".*[Aa]pplication.cfc",
        "code": "AVOID_USING_CFINCLUDE_TAG"
    },
    {
        "file": ".*[Aa]pplication.cfc",
        "code": "GLOBAL_VAR"
    }
]

We use cflintignore.json to, among other things, ignore all files in WEB-INF, plus certain third-party components in the component hierarchy.

These are correctly ignored in v1.2.3, but incorrectly included in v1.3.0.

[ryaneberly]

Good catch.

As a workaround: rename CFLint-1.3.0-all.jar to CFLint-1.3.0-all.zip open the zip file and put your cflintexclude.json in the root folder rename back to jar and you will be good to go.

[ryaneberly]

fixed in https://github.com/cflint/CFLint/tree/526_cfparserupgrade. Is this a big deal that merits a 1.3.1?

[TheRealAgentK]

@ryaneberly I think it's a good and useful fix that could go into a 1.3.1 together with some other stuff we've done and fixed over the last 10 days or so.

But the real blocker in my opinion is #517. All of a sudden getting tens or hundreds of new false positives (and then build failures occurring) is just difficult to deal with in a CI environment.

That problem is currently stopping me personally from rolling out 1.3 to production.

[timbeadle]

@ryaneberly @TheRealAgentK I'm still seeing results from directories that are in cflintexlcude.json in my cflint-results.xml file, when using CFLint 1.4.1 Is this definitely fixed?