Address devskim warnings #196
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
As a general comment: why not fix the issues that you can right now instead of making an issue for later? For example, the clippy warning that's being ignored suggests using a struct to encapsulate all of the args which is something that can be done relatively quickly |
The short answer is that we have not decided what the future of this code is yet; it may be moved and/ or removed, so I will leave it as-is for now in its stable state. But I wanted to address most of the devskim alerts for the repo now because we have so much noise it's hard to tell what might be a real issue |
Addresses #190
Motivation and Context
Ignores TLS warning by adding Devskim ignore to http endpoints and localhost.
Description
Ignores TLS warning by adding Devskim ignore to http endpoints and localhost. This gets rid of some security warnings that are not truly an issue as they all point to localhost. Most of the "localhost" references are in test code, but some are in our examples, which we don't expect to be used in production. Customers would use their own endpoints for their applications. Also suppress some "TODOs" in code paths that we don't anticipate will have further development on them for now.
Note: the only remaining devskim alerts should be in files that aren't as easy to suppress (i.e. some js files that are marked "generated" and come from somewhere else)