This Project has Moved to https://github.com/microsoft/devskim.
microsoft / devskim-visualstudio-extension Goto Github PK
View Code? Open in Web Editor NEWDevSkim plugin for Visual Studio.
DevSkim plugin for Visual Studio.
This Project has Moved to https://github.com/microsoft/devskim.
Every time this comes up, I try to search for said Temp.txt file and cannot find it in side of my solution directory and my window's profile directory.
I don't store my projects off of my source folder from my windows profile directory, since file paths have a tendency to be long on legacy code. so my solution root is off of a root called c:\lcpcode{repositoryName}...
What am I missing on troubleshooting this? At the moment, I am having to disable the tool until I can find resolution.
I had a comment in my code:
// TODO: Add ECB test
The term ECB
is an acronym we use for one of the features of our application. This extension is flagging this as a potential security violation:
A weak cipher mode of operation was used
Severity: Important
A potentially weak cipher mode of operation was used.
Fix Guidance: Consider using CBC, CTR, or GCM.
The acronym has nothing to do with encipherment. Maybe this extension should not be performing any matches on comments? OR, probably better, provide a way to turn off DevSkim warnings via a preprocessor directive (e.g. #warning disable ...
) or special comment syntax like Resharper uses for selectively disabling some of its analyzers on a per-line/file/project basis.
DevSkim issues link to ds126858.md/ instead of https://github.com/Microsoft/DevSkim/blob/master/guidance/DS126858.md or other suitable location.
Using Visual Studio Extension version 0.3.1
Repro steps:
Hovering over the code, selecting Show Details does work, so just the other 2 methods noted above are not working as expected.
Please release as an analyzer package via NuGet do we can use it without any install and have it run on CI servers as well.
I'm not seeing any security issues in a large project I'm looking at with the VS extension installed.
What's the best way to get a list so that I know for sure whether the solution has any DevSkim issues?
When I installed the DevSkim extension, I received the error msg "The VSPackage did not load correctly".
The error window also suggested that I look at the ActivityLog.xml file, which indicated that the "CompanyName" was missing or invalid.
From the log file: "Missing/invalid 'CompanyName' field in package registry"
Thanks for any help you can give.
Though security issues are shown as errors while using the plugin, the actual build succeeds.
Is there any way to fail the build in case of such security issues?
Rule DS137138 (Insecure URL) is applied even to XAML namespaces. I think that it is strange. Other types of XML files are also affected
DevSkim-VisualStudio-Extension
TFS SQL file compare not work in Microsoft Visual studio 2017 due to this extensions.
Names like DeviceController produces false alarms
Running VS 2015 professional, with MS DevSkim installed and enabled
If file A is selected to "compare with latest version" in Team Explorer (using TFS), the compare window is open and the compare result never shows up when the file A is happen to opened in the VS.
If file A is not open in VS, compare result shows promptly.
If the MS DevSkim is disabled, there is no issue in the compare tool.
The link for Tips and Known Issues wiki page doesn't exist for the DevSkim-VisualStudio-Extension repo, it does appear to exist for the DevSkim-Sublime-Plugin however.
VS crashed when clicking on a file in a solution. I wasn't able to reproduce the crash, but attached is the event log stack trace.
Application: devenv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentNullException
at System.Collections.Concurrent.ConcurrentDictionary`2[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].TryRemove(System.__Canon, System.__Canon ByRef)
at Microsoft.VisualStudio.JSON.Package.ErrorSources.JSONTableDataSink.RemoveFactory(Microsoft.VisualStudio.Shell.TableManager.ITableEntriesSnapshotFactory)
at Microsoft.VisualStudio.JSON.Package.ErrorSources.JSONTableDataSink.FactorySnapshotChanged(Microsoft.VisualStudio.Shell.TableManager.ITableEntriesSnapshotFactory)
at DevSkim.DevSkimProvider.UpdateAllSinks()
at DevSkim.SkimChecker.UpdateSecurityErrors(DevSkim.DevSkimErrorsSnapshot)
at DevSkim.SkimChecker.DoUpdate()
at DevSkim.SkimChecker.<DoUpdate>b__18_1()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
After installing this extension, I get a crash on startup of VS2017:
Application: devenv.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at Microsoft.DevSkim.Language.FromFileName(System.String)
at Microsoft.DevSkim.VSExtension.SkimShim.GetLanguageList(System.String, System.String)
at Microsoft.DevSkim.VSExtension.SkimShim.Analyze(System.String, System.String, System.String)
at Microsoft.DevSkim.VSExtension.SkimChecker.DoUpdate()
at Microsoft.DevSkim.VSExtension.SkimChecker.<KickUpdate>b__17_0()
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
Your extension package is currently autoloading using the [ProvideAutoload] attribute on a Package class. This is deprecated and will result in a yellow bar warning users about your extension using a suboptimal loading strategy.
Read more about the deprecation in this MSDN blog post and feel free to contact me with any questions you might have.
Thank you!
Mads Kristensen
Program Manager
Visual Studio Extensibility
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.