C/C++ rule supression #11787

MFaisalZaki · 2022-12-24T15:42:40Z

MFaisalZaki
Dec 24, 2022

Is there a way to suppress the alerts on the c/c++ code base like the one presented in LGTM?
I don't know the status of this issue.

And if I have sarif file how can I remove entries from it in case I don't use codeql-actions

jketema · 2022-12-24T18:23:00Z

jketema
Dec 24, 2022
Maintainer

Hi @MFaisalZaki,

Thanks for your question.

Is there a way to suppress the alerts on the c/c++ code base like the one presented in LGTM?
I don't know the status of this issue.

For the latest discussion regarding alert suppression via code comments see #11427.

To suppress alerts in a code scanning context, you can dismiss them as explained in the issue you linked to. Alternatively, you could use the filter sarif action from https://github.com/advanced-security/filter-sarif.

And if I have sarif file how can I remove entries from it in case I don't use codeql-actions

Sarif is an open standard based on JSON for which tools and libraries are available: https://sarifweb.azurewebsites.net/. So it should be straightforward to write your own scripts that remove entries. For an example see the python script that is part of the filter sarif action that I linked above.

5 replies

aibaars Dec 25, 2022
Maintainer

You can also use the https://github.com/advanced-security/dismiss-alerts Action .

MFaisalZaki Jan 9, 2023
Author

@jketema, thanks for this, but I tried it, and I do receive this error:

usage: filter-sarif [-h] --input INPUT --output OUTPUT [--split-lines] patterns [patterns ...]
filter-sarif: error: unrecognized arguments: -**/unzip.*:**

when trying to pass this pattern -**/unzip.*:** Also I have tried the pattern -/**/unzip*:** and it gets interpreted as positive.

Please advice.

jketema Jan 9, 2023
Maintainer

Could you share how you invoked filter-sarif, or share the action workflow that invokes it? It's a bit difficult from only the error message to tell what is going on.

MFaisalZaki Jan 29, 2023
Author

@jketema, I invoke filter-sarif using the following:

filter-sarif.py --input scan_results.sarif --output filtered_scan_results.sarif **/unzip.*:**

aibaars Jan 29, 2023
Maintainer

I think the problem is that the argument parser treats values starting with - as a flag instead of a positional argument. You could try to separate the flags from the positional arguments using -- ?

filter-sarif.py --input scan_results.sarif --output filtered_scan_results.sarif -- "-**/unzip.*:**"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

C/C++ rule supression #11787

{{title}}

Replies: 1 comment 5 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

{{title}}

Select a reply

C/C++ rule supression #11787

MFaisalZaki Dec 24, 2022

Replies: 1 comment · 5 replies

jketema Dec 24, 2022 Maintainer

aibaars Dec 25, 2022 Maintainer

MFaisalZaki Jan 9, 2023 Author

jketema Jan 9, 2023 Maintainer

MFaisalZaki Jan 29, 2023 Author

aibaars Jan 29, 2023 Maintainer

MFaisalZaki
Dec 24, 2022

Replies: 1 comment 5 replies

jketema
Dec 24, 2022
Maintainer

aibaars Dec 25, 2022
Maintainer

MFaisalZaki Jan 9, 2023
Author

jketema Jan 9, 2023
Maintainer

MFaisalZaki Jan 29, 2023
Author

aibaars Jan 29, 2023
Maintainer