-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address devskim warnings #196
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor comments. Please take a look.
As a general comment: why not fix the issues that you can right now instead of making an issue for later? For example, the clippy warning that's being ignored suggests using a struct to encapsulate all of the args which is something that can be done relatively quickly |
The short answer is that we have not decided what the future of this code is yet; it may be moved and/ or removed, so I will leave it as-is for now in its stable state. But I wanted to address most of the devskim alerts for the repo now because we have so much noise it's hard to tell what might be a real issue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved.
Addresses #190
Motivation and Context
Ignores TLS warning by adding Devskim ignore to http endpoints and localhost.
Description
Ignores TLS warning by adding Devskim ignore to http endpoints and localhost. This gets rid of some security warnings that are not truly an issue as they all point to localhost. Most of the "localhost" references are in test code, but some are in our examples, which we don't expect to be used in production. Customers would use their own endpoints for their applications. Also suppress some "TODOs" in code paths that we don't anticipate will have further development on them for now.
Note: the only remaining devskim alerts should be in files that aren't as easy to suppress (i.e. some js files that are marked "generated" and come from somewhere else)