DevSkim CLI is case-sensitive where the VSCode extension is not

[tomwatson1024]

The Devskim CLI reports an issue that has been explicitly excluded using a Devskim: ignore comment. The VSCode extension works as expected, that is, not reporting the suppressed issue.

$ cat main.c
#include <stdio.h>
#include <string.h>

int main()
{
  char src[40];
  char dest[100];
  char dest2[100];

  gets(src);  // Devskim: ignore DS181021
}
$ devskim analyze main.c
main.c:10:3:10:12 [Important] DS181021 Banned C function detected (gets)
$ devskim --version
Microsoft DevSkim Command Line Interface
0.4.221+17272b4af9

VSCode shows no squiggles. Removing the exclusion comment causes VSCode to show the expected squiggle.

Possibly related to #70 - I've tested the snippet there with the same results as detailed in that issue.

It's also possible I'm missing something obvious here, in which case my apologies in advance.

[tomwatson1024]

Ah, the issue is suppressed on the CLI if the suppression comment reads // DevSkim: ignore DS181021, note the capitalization of Skim (The issue continues to be suppressed in VSCode). This is the documented capitalization at https://marketplace.visualstudio.com/items?itemName=MS-CST-E.MicrosoftDevSkim.

It seems that the VSCode extension is more permissive?

[tomwatson1024]

Got it - the regex here in the C# CLI tool is case-sensitive, whereas the regex here in the TS plugin is case-insensitive (note the trailing i flag).

I expect the fix is to make the C# regex case-insensitive also - I don't have an environment set up to build C# so I can't make this fix myself.

[gfs]

Thanks for identifying where the discrepancy was! I'll merge a fix for this today along with a dependency bump.