Add suppression information in the output of ESLint #14784
Description
The version of ESLint you are using.
v7.29.0
The problem you want to solve.
ESLint is a great and famous tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. It helps a lot in our development. Sometimes we developers have to suppress warnings/errors in the code by adding eslint-disable, eslint-disable-line and eslint-disable-next-line comments, according to disabling-rules. We can also use .\node_modules\.bin\eslint.cmd 1.js -f @microsoft/eslint-formatter-sarif -o 1.sarif --no-inline-config to dump all information including suppressed ones into a SARIF file.
However in our scenarios, Security Development Lifecycle (SDL) tools, such as ESLint, are expected to export suppression justifications when warnings/errors are disabled. For example, a developer use eslint-disable-line no-console to suppress a warning:
console.log('foo'); // eslint-disable-line no-console -- Just for debug.Then in DevOps, ESLint could record this message and dump it into file:
"results": [
{
"level": "warning",
"message": {
"text": "foobar"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "file:///C:/Users/test/1.js",
"index": 0
},
"region": {
"startLine": 1,
"startColumn": 1
}
}
}
],
"ruleId": "no-console",
"ruleIndex": 0,
"suppressions": [ //
{ //
"kind": "inSource", //
"justification": "Just for debug." // <-- This is what we are expected.
} //
] //
},
]This suppression info would trigger a signal to our team, and thus we could judge whether the suppression is reasonable by the justification.
Your take on the correct solution to problem.
Since it might be a non-trivial change, I think we could have a discussion first.
Are you willing to submit a pull request to implement this change?
Yes.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status