Line numbers are omitted for findings in XML files based on XPath rules

[p3pijn]

Findings from CSA that are found using any of the XPath-based rules contain no line number info. This makes it very hard for developers to understand what is actually detected and what should be fixed.

The reason for this problem is that the current xpath implementation is too basic: https://github.com/vmware-tanzu/cloud-suitability-analyzer/blob/69c8ebacab3e4e342632f3cd82cf19a4b0409826/csa-app/xpath/xpath.go#L10-L23 It only returns a boolean whether something was matched in an XML file, but does not return any info regarding line numbers.

Since this tool has 46 XPath-based rules and XPath is also determined to be the recommended practise for detecting stuff in XML files (see e.g. #14 and #15 ) I really feel this should be addressed.

[p3pijn]

@rahulkj I saw you added some great new functionality to CSA. Really enjoy using the tool. I wanted to kindly bring this ticket to your attention. It is still super hard to understand what the tool detects in Web.config files of 1000+ lines.

[rahulkj]

@p3pijn - When you open the UI, and go to the application tab, select the app, it shows the rule and also the value for which the file got flagged. We don't capture the line numbers as this is something we haven't seen anyone use in reality.

From the developer community, we have seen that developers would like to know the file in their repo that got flagged and which function or rule got triggered.

[rahulkj]

Also check the Data >> All Findings.. there are hints on the line numbers

Closing this issue