This Project has Moved to https://github.com/microsoft/devskim.
microsoft / devskim-visualstudio-extension Goto Github PK
View Code? Open in Web Editor NEWDevSkim plugin for Visual Studio.
devskim-visualstudio-extension's Introduction
devskim-visualstudio-extension's People
Contributors
Stargazers
Watchers
Forkers
dotnetgurus pkochubey hvusyslogic pavelbansky rroman81 bhaskers-blu-org2 taffywrinkle claudiusgonzo test-mass-forker-org-1devskim-visualstudio-extension's Issues
DevSkim keeps complaining about Temp.txt DS13713
Every time this comes up, I try to search for said Temp.txt file and cannot find it in side of my solution directory and my window's profile directory.
I don't store my projects off of my source folder from my windows profile directory, since file paths have a tendency to be long on legacy code. so my solution root is off of a root called c:\lcpcode{repositoryName}...
What am I missing on troubleshooting this? At the moment, I am having to disable the tool until I can find resolution.
False Positive Warning
I had a comment in my code:
// TODO: Add ECB test
The term ECB is an acronym we use for one of the features of our application. This extension is flagging this as a potential security violation:
A weak cipher mode of operation was used
Severity: Important
A potentially weak cipher mode of operation was used.
Fix Guidance: Consider using CBC, CTR, or GCM.
The acronym has nothing to do with encipherment. Maybe this extension should not be performing any matches on comments? OR, probably better, provide a way to turn off DevSkim warnings via a preprocessor directive (e.g. #warning disable ...) or special comment syntax like Resharper uses for selectively disabling some of its analyzers on a per-line/file/project basis.
Error help link goes to invalid URL using Visual Studio Extension
DevSkim issues link to ds126858.md/ instead of https://github.com/Microsoft/DevSkim/blob/master/guidance/DS126858.md or other suitable location.
Using Visual Studio Extension version 0.3.1
Repro steps:
- Click on the help link in the Error List Window
OR - Right Click on the issue in the Error List Window
- Select Show error help
Hovering over the code, selecting Show Details does work, so just the other 2 methods noted above are not working as expected.
NuGet analyzer
Please release as an analyzer package via NuGet do we can use it without any install and have it run on CI servers as well.
How to list all security issues
I'm not seeing any security issues in a large project I'm looking at with the VS extension installed.
What's the best way to get a list so that I know for sure whether the solution has any DevSkim issues?
Can't load the DevSkim extension into Visual Studio 2017
When I installed the DevSkim extension, I received the error msg "The VSPackage did not load correctly".
The error window also suggested that I look at the ActivityLog.xml file, which indicated that the "CompanyName" was missing or invalid.
From the log file: "Missing/invalid 'CompanyName' field in package registry"
Thanks for any help you can give.
Fail msbuild on security issues
Though security issues are shown as errors while using the plugin, the actual build succeeds.
Is there any way to fail the build in case of such security issues?
By default DS137138 is applied even for XML and XAML files
Rule DS137138 (Insecure URL) is applied even to XAML namespaces. I think that it is strange. Other types of XML files are also affected
SQL compare not work due to this extensions
DevSkim-VisualStudio-Extension
TFS SQL file compare not work in Microsoft Visual studio 2017 due to this extensions.
DS184626 must be checked only in Web or ASP.Net Core projects
Names like DeviceController produces false alarms
File Compare Tool in VS 2015 does not return comparing result
Running VS 2015 professional, with MS DevSkim installed and enabled
If file A is selected to "compare with latest version" in Team Explorer (using TFS), the compare window is open and the compare result never shows up when the file A is happen to opened in the VS.
If file A is not open in VS, compare result shows promptly.
If the MS DevSkim is disabled, there is no issue in the compare tool.
Deadlink in readme
The link for Tips and Known Issues wiki page doesn't exist for the DevSkim-VisualStudio-Extension repo, it does appear to exist for the DevSkim-Sublime-Plugin however.
ArgumentNullException and crashing VS
VS crashed when clicking on a file in a solution. I wasn't able to reproduce the crash, but attached is the event log stack trace.
Application: devenv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Concurrent.ConcurrentDictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryRemove(System.__Canon, System.__Canon ByRef)
at Microsoft.VisualStudio.JSON.Package.ErrorSources.JSONTableDataSink.RemoveFactory(Microsoft.VisualStudio.Shell.TableManager.ITableEntriesSnapshotFactory)
at Microsoft.VisualStudio.JSON.Package.ErrorSources.JSONTableDataSink.FactorySnapshotChanged(Microsoft.VisualStudio.Shell.TableManager.ITableEntriesSnapshotFactory)
at DevSkim.DevSkimProvider.UpdateAllSinks()
at DevSkim.SkimChecker.UpdateSecurityErrors(DevSkim.DevSkimErrorsSnapshot)
at DevSkim.SkimChecker.DoUpdate()
at DevSkim.SkimChecker.<DoUpdate>b__18_1()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
Visual Studio 2017 crashing on start up
After installing this extension, I get a crash on startup of VS2017:
Application: devenv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Microsoft.DevSkim.Language.FromFileName(System.String)
at Microsoft.DevSkim.VSExtension.SkimShim.GetLanguageList(System.String, System.String)
at Microsoft.DevSkim.VSExtension.SkimShim.Analyze(System.String, System.String, System.String)
at Microsoft.DevSkim.VSExtension.SkimChecker.DoUpdate()
at Microsoft.DevSkim.VSExtension.SkimChecker.<KickUpdate>b__17_0()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
Convert to AsyncPackage with background load
Your extension package is currently autoloading using the [ProvideAutoload] attribute on a Package class. This is deprecated and will result in a yellow bar warning users about your extension using a suboptimal loading strategy.
Read more about the deprecation in this MSDN blog post and feel free to contact me with any questions you might have.
Thank you!
Mads Kristensen
Program Manager
Visual Studio Extensibility
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.