-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to disable particular rule by its ID from GitHub workflow? #7937
Comments
There is no simple way to do this. You could create a custom query suite. In your workflow's codeql init step, you would specify a config file to use: - uses: github/codeql-action/init@v1
with:
config-file: ./.github/codeql/codeql-config.yml And then in the config file, you specify custom queries: disable-default-queries: true
queries:
- uses: ./github/codeql/suite.qls And finally, you need to create the query suite itself: - from: codeql/csharp-queries
apply: codeql-suites/csharp-security-and-quality.qls
- exclude:
query filename: MissedWhereOpportunity.ql Using this, you will have control over exactly which queries you want to run. |
Understandable but I know the opposite - what queries I don't want to run, i.e. opt-out behavior instead of opt-in. |
I see a lof of false positives (actually all results in case of aforementioned rule) and I want to disable this particular rule and continue to review security report. |
With the above suggestion, you can choose to remove any single query from analysis. Alternatively, if you just want to focus on security queries, you may just want to run |
I understand, thanks for your explanation, but I don't want to bother with manually crafted query suites (and their combinations) and maintain them updating to be in-sync with source. Please consider adding an option in workflows to exclude particular rules. |
Thank you for your suggestion. We will keep this under consideration. |
Will be fixed here: github/codeql-action#1098 |
Available in next release of the codeql-action. Documentation still to come. |
Thanks. |
So you have to create a separate file just to disable / exclude a query - @aeisenberg ? |
That's correct. We might consider alternate syntaxes later, but this is the current behaviour. |
1. Add bat version linter for Windows user 2. Add permission setting for third-party actions in lint.yaml to limit their access 3. Did some research and discussed with @justinchuby, CodeQL **only hints on the modified file in a PR**, and the error/warning/note are all informative, and aligned with pylint/mypy which are included in out lint, so I suggest we can have it for a while, and see how it goes. (However, disable one or few rules that we don't need in CodeQL seems doable in the next release: github/codeql#7937) fixes #127 Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
@aeisenberg Hi, what is the current status of this issue? I see #1127 that reverts something, but I did not understand what exactly. So how can I disable particular rule for now? |
This has been implemented using a feature called query filters. See the docs. https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/customizing-code-scanning#excluding-specific-queries-from-analysis |
Probably I do it wrong in graphql-dotnet/parser#301. https://github.com/graphql-dotnet/parser/actions/runs/4728548769/jobs/8390195457?pr=301 :
https://github.com/graphql-dotnet/parser/actions/runs/4728592373/jobs/8390280163?pr=301
|
See my commenton your PR. |
Thanks. |
Sorry but I did not find the answer in docs. For example, I want to disable
cs/linq/missed-where
.#7937 (comment)
The text was updated successfully, but these errors were encountered: