Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Script to print xsslint violations is missing #35965

Open
kdmccormick opened this issue Dec 4, 2024 · 1 comment
Open

Script to print xsslint violations is missing #35965

kdmccormick opened this issue Dec 4, 2024 · 1 comment
Labels
code health Proactive technical investment via refactorings, removals, etc. help wanted Ready to be picked up by anyone in the community

Comments

@kdmccormick
Copy link
Member

kdmccormick commented Dec 4, 2024
edited
Loading

This was discovered as an existing issue while working on #35159

When xsslint detects a violation beyond the forgiven thresholds, rather than printing anything helpful, it fails with:

python scripts/xsslint/xss_linter.py \
--rule-totals \
--config=scripts.xsslint_config \
--thresholds=scripts/xsslint_thresholds.json
xsslint
FAILURE: XSSLinter Failed.
Too many violations total (65).
The limit is 64.
Too many python-concat-html violations (1).
The python-concat-html limit is 0.
run the following command to hone in on the problem:
./scripts/xss-commit-linter.sh -h
make: *** [Makefile:176: xsslint] Error 1

The script it tells you to run, ./scripts/xss-commit-linter.sh -h, does not exist.

We should provide the dev some way of seeing violations. Or, maybe we just print the violations every single time, like eslint does.
@kdmccormick kdmccormick added the code health Proactive technical investment via refactorings, removals, etc. label Jan 7, 2025
kdmccormick added a commit to kdmccormick/edx-platform that referenced this issue Jan 27, 2025
@kdmccormick
fix: Print xsslint violations (WIP)
ae6d769 
Related to: openedx#35965
@kdmccormick kdmccormick mentioned this issue Jan 27, 2025
Draft
@kdmccormick
Copy link
Member Author

I am not actively working on this, but this draft PR demonstrates how we could print out every single violation: #36178

@kdmccormick kdmccormick added the help wanted Ready to be picked up by anyone in the community label Jan 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code health Proactive technical investment via refactorings, removals, etc. help wanted Ready to be picked up by anyone in the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kdmccormick