Closed MVrachev closed 5 years ago
In your commit messages, please keep it less like a dialog and more to the point on what the PR is fixing.
s/AST three/AST
"Before we didn't check" - this sounds redundant because every bug fix could start that way.
Are we checking the exit code of the process that we spawn?
I edited the pr message.
Unfortunately, we can't use the exit code of the Bandit and Gosec processes... :(
I ran Bandit on two invalid files and checked the exit code of the command:
I did the same think with Gosec:
In your PR message
This issue is easily resolved when using Bandit but the situation with Gosec is a little more complicated. I will try to create a patch for this there.
This sounds like you're casually talking to someone and not describing the fix.
When this pr is merged
- no need to state this as this would end up in the history and read funny.
This pull request gives a solution when scanning invalid python code
- just state This fixes an issue when scanning Python code with syntax errors
I closed the pull request by accident.
I will do as you suggested. I will just create an error annotation that will show on the top of the invalid file and that way we can report the other issues we find.
Sadly, if the start line and end line in one annotation are 0 then the annotation won't show up in the "Files Changed" tab.
I tried to use start line 0 and end line 1 but the result was that the annotation showed like a mistake on line 1:
So yes, we are stuck with the "Error syntax" annotations to be shown on line 1...
Related to: https://github.com/vmware/precaution/issues/142
This pull request fixes an issue when scanning Python code with syntax errors. If there are invalid python files they will be annotated at their begging like this:
The error annotation is with high severity and confidence and that way the check run will fail because of this issue.
Signed-off-by: Martin Vrachev mvrachev@vmware.com