-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEC0112 false positive #31
Comments
Correct, the rule in its current state is more of a dangerous function. We'll add this to the list of rules to improve the taint analysis within the new code block once this is ready. FYI - You can suppress the rule by right clicking the warning and adding it to a suppression file. |
Thanks for the explanation. I'll leave it up to you if you want to close the issue or use it to track the enhancement you were discussing. |
No problem. Thanks for the feedback, there are a couple of rules that are similar to this that we can't "fix" in their current state via code changes. This is not ideal. I will leave this issue open so we remember to enhance this rule when the code block analyzer is ready. |
Any use of a variable in the File API appears to trigger this warning. The only way I can find to satisfy the analyzer is to use a hard coded string for the file path. Even the secure example code from the documentation triggers the warning:
Is the only way prevent this warning hard coding the path or manual suppression?
The text was updated successfully, but these errors were encountered: