Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An option to whitelist certain words for the javascript_lang_observable_timing rule #471

Open
lukaszjaskowski opened this issue Jan 17, 2025 · 1 comment
Open

An option to whitelist certain words for the javascript_lang_observable_timing rule #471

lukaszjaskowski opened this issue Jan 17, 2025 · 1 comment
Labels
enhancement New feature or request

Comments

@lukaszjaskowski
Copy link

lukaszjaskowski commented Jan 17, 2025
edited
Loading

The javascript_lang_observable_timing rule reports any two values comparison in case one of two values matches the following regex: (?i)\A(password)|hash|(api|auth)?.?(token|secret)\z.

This rule reports many false positives in case there is a special word used in the given codebase that also matches this regex. A good example of that may be a common hashtag word. To reduce the number of false positives, it would be convenient to add an option to whitelist certain words for this rule.
@lukaszjaskowski lukaszjaskowski added the enhancement New feature or request label Jan 17, 2025
@akwodkiewicz
Copy link

Alternatively allow to provide a custom regex

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akwodkiewicz @lukaszjaskowski