This program is specifically for filtering issues in the JUnit XML
report generated by GoASTScanner. The scanner only allows for whitelisting of entire rules and it is not recommended to whitelist an entire rule just for a few false positives.
Therefore, this program will allow for more granular whitelisting by filtering out the issues that are false positives.
go get -u github.com/moexmen/gas-report-filter
This program will take in the JUnit XML
report from stdin
and output the filtered results to stdout
. An example is given here:
gas -fmt=junit-xml ./... | gas-report-filter -whitelist whitelist.json > /log/report.xml
A whitelist file has to be given, the format is given below.
{
"Issues": [
{
"details": "<<details>>",
"file": "<<filename>>",
"code": "<<offending code>>",
"reason": "This is a false positive."
}
]
}
For code
, copy whatever that comes after >
in the Jenkins test result. You'll also need to make sure that these characters: <, >, &, ' and "
are escaped.