Make CodeQL suppressions one line

Microsoft CodeQL analyzer's suppression format is slightly different than GitHub's, and expects the suppression comment to be one line. Signed-off-by: Hamza El-Saawy <[email protected]>
helsaawy · Aug 23, 2024 · 906449b · 906449b
1 parent e7a1be7
commit 906449b
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/pkg/ociwclayer/import.go b/pkg/ociwclayer/import.go
@@ -61,8 +61,7 @@ func ImportLayerFromTar(ctx context.Context, r io.Reader, path string, parentLay
 
 func writeLayerFromTar(ctx context.Context, r io.Reader, w wclayer.LayerWriter, root string) (int64, error) {
 	t := tar.NewReader(r)
-	// CodeQL [SM03409] False positive, `internal/safefile` package ensures tar extractions are always
-	// bound to the layer root directory.
+	// CodeQL [SM03409] `internal\wclayer` uses `internal/safefile` to bind tar extraction to the layer's root directory.
 	hdr, err := t.Next()
 	totalSize := int64(0)
 	buf := bufio.NewWriter(nil)
@@ -80,16 +79,14 @@ func writeLayerFromTar(ctx context.Context, r io.Reader, w wclayer.LayerWriter,
 			if err != nil {
 				return 0, err
 			}
-			// CodeQL [SM03409] False positive, `internal/safefile` package ensures tar extractions are always
-			// bound to the layer root directory.
+			// CodeQL [SM03409] `internal\wclayer` uses `internal/safefile` to bind tar extraction to the layer's root directory.
 			hdr, err = t.Next()
 		} else if hdr.Typeflag == tar.TypeLink {
 			err = w.AddLink(filepath.FromSlash(hdr.Name), filepath.FromSlash(hdr.Linkname))
 			if err != nil {
 				return 0, err
 			}
-			// CodeQL [SM03409] False positive, `internal/safefile` package ensures tar extractions are always
-			// bound to the layer root directory.
+			// CodeQL [SM03409] `internal\wclayer` uses `internal/safefile` to bind tar extraction to the layer's root directory.
 			hdr, err = t.Next()
 		} else {
 			var (