JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
This page describes the CodeSonar warning classes that are assigned to JavaScript warnings imported from a SARIF file produced by ESLint.
For TypeScript warnings, see TypeScript Warning Classes Corresponding to typescript-eslint Rules.
See also the table of CodeSonar warning classes that are supported for all languages. If these classes are enabled, the corresponding CodeSonar checks will include all JavaScript source files that were imported into the project with codesonar es_scan.py, codesonar import_sarif.py, or codesonar add_source_files.py.
This page describes the CodeSonar warning classes that are assigned to JavaScript warnings imported from a SARIF file produced by ESLint.
For information on setting up your CodeSonar project to incorporate JavaScript source code and the corresponding ESLint results, see Including JavaScript and TypeScript Components in a CodeSonar Project.
When CodeSonar imports a SARIF file, it determines a corresponding CodeSonar warning class for each rule object in the SARIF rules. If a given warning class does not already exist, the SARIF importer creates it.
There is special handling for SARIF files produced by ESLint.
| CodeSonar Warning Property | Value |
|---|---|
| Name |
Generated from the id property
of the rule object.
The general form of the id is [plugin_name/]rule_identifier. Built-in ESLint rules do not have the plugin_name/ component. The CodeSonar warning class name is generated from this id as follows.
|
| Categories |
When a warning class is based on an ESLint rule, its categories
depend on whether the warning class is built in to CodeSonar or
created by the SARIF importer.
|
| otherwise | Other warning class properties are not set by the SARIF importer. |
Suppose the imported SARIF file includes rule objects like the following.
# ... "rules":[ # ... { "id": "@typescript-eslint/no-unused-vars", # ... }, { "id": "no-empty", # ... }, # ... ], # ...
CodeSonar identifies the first of these rules ("id": "@typescript-eslint/no-unused-vars") as originating from a typescript-eslint rule, and handles it as described for TypeScript Warning Classes Corresponding to typescript-eslint Rules.
The id for the second rule
("id":
"no-empty") does not start with a [plugin_name/] component, so
CodeSonar identifies it as originating from a built-in ESLint
rule.
(It corresponds to the ESLint no-empty rule.)
CodeSonar will consider a SARIF file to be produced by ESLint in the following cases.
In these cases, the SARIF importer determines a corresponding CodeSonar warning class for each rule object in the SARIF rules. The properties for this warning class are shown in the following table.
These warning classes correspond to built-in rules from ESLint version v8.56.0.
You have multiple degrees of control over reporting for the warnings issued by ESLint.
See the ESLint documentation for details: Configure ESLint .
You can also specify a combination of WARNING_FILTER discard and WARNING_FILTER allow rules, if that is the most convenient way to characterize a specific set. When you specify warning class names (or parts of names) in your WARNING_FILTER rules, make sure you are using the generated CodeSonar warning class name as described above.
To report problems with this documentation, please visit https://support.codesecure.com/.