Hi Yiwei Can you please open an issue to discuss more? This would be a non-trivial change for ESLint, so we need to put this through our normal evaluation process.
Thanks! On Thu, Jul 8, 2021 at 2:47 AM 'Yiwei Ding' via ESLint < [email protected]> wrote: > Dear ESLint team, > > > > I am from Security Team of Microsoft 365. Our team is trying to add a new > feature for ESLint. > > > > ESLint is a great and famous tool for identifying and reporting on > patterns found in ECMAScript/JavaScript code. It helps a lot in our > development. Sometimes we developers have to suppress warnings/errors in > the code by adding `eslint-disable`, `eslint-disable-line` and > `eslint-disable-next-line` comments, according to disabling-rules > <https://github.com/eslint/eslint/blob/master/docs/user-guide/configuring/rules.md#disabling-rules>. > We can also use `.\node_modules\.bin\eslint.cmd 1.js -f > @microsoft/eslint-formatter-sarif -o 1.sarif --no-inline-config` to dump > all information including suppressed ones into a SARIF file. > > > > However in our scenarios, Security Development Lifecycle (SDL) tools, such > as ESLint, are expected to export suppression justifications when > warnings/errors are disabled. For example, a developer use > `eslint-disable-line > no-console` to suppress a warning: > > console.log('foo'); // eslint-disable-line no-console -- Just for debug. > > Then in DevOps, ESLint could record this message and dump it into file > (The highlight part below is what we are expected): > > "results": [ > > { > > "level": "warning", > > "message": { > > "text": "foobar" > > }, > > "locations": [ > > { > > "physicalLocation": { > > "artifactLocation": { > > "uri": "file:///C:/Users/test/1.js", > > "index": 0 > > }, > > "region": { > > "startLine": 1, > > "startColumn": 1 > > } > > } > > } > > ], > > "ruleId": "no-console", > > "ruleIndex": 0, > > "suppressions": [ > > { > > "kind": "inSource", > > "justification": "Just for debug." > > } > > ] > > }, > > ] > > This suppression info would trigger a signal to our team, and thus we > could judge whether the suppression is reasonable by the justification. > > > > I think this could be a useful feature not only for our team but also more > other users of ESLint. And we are willing to implement the changes, create > a related issue and a PR as necessary. > > > > What do you think about it? Look forward to your reply. > > > > Best regards, > > Yiwei Ding > > > > -- > You received this message because you are subscribed to the Google Groups > "ESLint" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/eslint/PSAP153MB0456A617760144FFD6AE40D4AE199%40PSAP153MB0456.APCP153.PROD.OUTLOOK.COM > <https://groups.google.com/d/msgid/eslint/PSAP153MB0456A617760144FFD6AE40D4AE199%40PSAP153MB0456.APCP153.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer> > . > -- ______________________________ Nicholas C. Zakas (@slicknet <https://twitter.com/slicknet>) Owner, Human Who Codes LLC humanwhocodes.com -- You received this message because you are subscribed to the Google Groups "ESLint" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/eslint/CAOkd9h%3DNkiFpsWUGmzMhRVvhRRT0e9QDv2Njpau4F70JBf77pQ%40mail.gmail.com.
