fix: include code quality issues #19
Conversation
teodora-sandu
force-pushed
the
fix/code-quality-issues
branch
from
c349980 to
6b765f4
Compare
teodora-sandu
force-pushed
the
fix/code-quality-issues
branch
from
6b765f4 to
54dbf6d
Compare
| "id": "java/DontUsePrintStackTrace", | ||
| "name": "DontUsePrintStackTrace", | ||
| "id": "javascript/HardcodedNonCryptoSecret", | ||
| "name": "HardcodedNonCryptoSecret", |
There was a problem hiding this comment.
Question: when we render the converted SARIF, we use IsSecurityType to identify if an issue is Vulnerability or Quality Issue. This IsSecurityType attribute is defined in the CodeIssueData struct where Message and ExampleCommitFixes are defined too. I can see Message and ExampleCommitFixes represented here in this fake.json file.
In this change what makes an issue to be identified as "Quality Issue"? The id?
https://github.com/snyk/snyk-ls/blob/main/infrastructure/code/code_html_test.go#L39-L45
There was a problem hiding this comment.
Good question! So this is the SARIF that gets returned, then the issue type is computed when we convert the SARIF to a snyk-ls issue based on the categories field in the SARIF: https://github.com/snyk/snyk-ls/blob/9d7d19ca1a7851b7b5ed363d2fb807245976f59b/infrastructure/code/convert.go#L100
Adds code quality issues to the mock data returned by
code-client-go.Tested in VSCode with snyk/vscode-extension#449
I will use it to test snyk/snyk-intellij-plugin#496 more comprehensively.
