Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to disable particular rule by its ID from GitHub workflow? #7937

Closed
sungam3r opened this issue Feb 10, 2022 · 16 comments
Closed

How to disable particular rule by its ID from GitHub workflow? #7937

sungam3r opened this issue Feb 10, 2022 · 16 comments
Labels
enhancement New feature or request question Further information is requested

Comments

@sungam3r
Copy link

sungam3r commented Feb 10, 2022

Sorry but I did not find the answer in docs. For example, I want to disable cs/linq/missed-where.

#7937 (comment)

@sungam3r sungam3r added the question Further information is requested label Feb 10, 2022
@aeisenberg
Copy link
Contributor

There is no simple way to do this. You could create a custom query suite. In your workflow's codeql init step, you would specify a config file to use:

- uses: github/codeql-action/init@v1
  with:
    config-file: ./.github/codeql/codeql-config.yml

And then in the config file, you specify custom queries:

disable-default-queries: true
queries:
  - uses: ./github/codeql/suite.qls

And finally, you need to create the query suite itself:

- from: codeql/csharp-queries
  apply: codeql-suites/csharp-security-and-quality.qls
- exclude:
    query filename: MissedWhereOpportunity.ql

Using this, you will have control over exactly which queries you want to run.

@sungam3r
Copy link
Author

Understandable but I know the opposite - what queries I don't want to run, i.e. opt-out behavior instead of opt-in.

@sungam3r
Copy link
Author

sungam3r commented Feb 10, 2022

I see a lof of false positives (actually all results in case of aforementioned rule) and I want to disable this particular rule and continue to review security report.

@aeisenberg
Copy link
Contributor

With the above suggestion, you can choose to remove any single query from analysis.

Alternatively, if you just want to focus on security queries, you may just want to run security-extended queries. Just change: queries: security-and-quality to queries: security-extended.

@sungam3r
Copy link
Author

I understand, thanks for your explanation, but I don't want to bother with manually crafted query suites (and their combinations) and maintain them updating to be in-sync with source. Please consider adding an option in workflows to exclude particular rules.

@aeisenberg
Copy link
Contributor

Thank you for your suggestion. We will keep this under consideration.

@aeisenberg aeisenberg added the enhancement New feature or request label Feb 11, 2022
@aeisenberg
Copy link
Contributor

Will be fixed here: github/codeql-action#1098

@aeisenberg
Copy link
Contributor

Available in next release of the codeql-action. Documentation still to come.

@sungam3r
Copy link
Author

Thanks.

@scherersebastian
Copy link

scherersebastian commented Sep 12, 2022

So you have to create a separate file just to disable / exclude a query - @aeisenberg ?

@aeisenberg
Copy link
Contributor

That's correct. We might consider alternate syntaxes later, but this is the current behaviour.

titaiwangms added a commit to microsoft/onnxscript that referenced this issue Sep 28, 2022
1. Add bat version linter for Windows user
2. Add permission setting for third-party actions in lint.yaml to limit
their access
3. Did some research and discussed with @justinchuby, CodeQL **only
hints on the modified file in a PR**, and the error/warning/note are all
informative, and aligned with pylint/mypy which are included in out
lint, so I suggest we can have it for a while, and see how it goes.
(However, disable one or few rules that we don't need in CodeQL seems
doable in the next release:
github/codeql#7937)

fixes #127

Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
@sungam3r
Copy link
Author

@aeisenberg Hi, what is the current status of this issue? I see #1127 that reverts something, but I did not understand what exactly. So how can I disable particular rule for now?

@aeisenberg
Copy link
Contributor

@sungam3r
Copy link
Author

Probably I do it wrong in graphql-dotnet/parser#301.

https://github.com/graphql-dotnet/parser/actions/runs/4728548769/jobs/8390195457?pr=301 :

Error: Invalid query filter.
Query filter must have exactly one key: {"exclude":null,"id":"cs/linq/missed-where"}

https://github.com/graphql-dotnet/parser/actions/runs/4728592373/jobs/8390280163?pr=301

Error: Invalid query filter.
Query filter must have exactly one key: {"exclude":null,"id":["cs/linq/missed-where"]}

@aeisenberg
Copy link
Contributor

See my commenton your PR.

@sungam3r
Copy link
Author

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants