Giters

microsoft / ApplicationInspector

A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

-c param (confidence) is now required to get matches.

ismadirolas opened this issue · comments

commented

Describe the bug
In 1.4.x versions, -c param is optional with default value "medium,high", but we have noticed that in 1.5.x versions is mandatory to get any match (we tested it with custom rules only)

By the way, there is a breaking change between 1.4.x and 1.5.x and now the -c values must be with uppercase (before -c 'low,medium.high', now -c 'Low,Medium,High'), so maybe you should update the wiki, or accept both.

To Reproduce
Steps to reproduce the behavior:

  1. Run ApplicationInspector with ApplicationInspector.CLI analyze -s . -g **/rulesFolder/**,**/.github/actions/**,**/node_modules/**,**/.git/**,**/target/**,*.mock*,*.jpg,*.png,*.gif,*.woff,*.woff2,*.svg,*.ttf,*.jar,*.car,*.war,*.zip,*.a,*.xc*,KakaoOpenSDK,AkamaiBMP,**/dist/** -f json --processing-timeout 600000 --file-timeout 60000 -o result.json -A -u --no-show-progress -r /rulesFolder/ -i -M 20 -> 0 matches
  2. Run ApplicationInspector with ApplicationInspector.CLI analyze -s . -g **/rulesFolder/**,**/.github/actions/**,**/node_modules/**,**/.git/**,**/target/**,*.mock*,*.jpg,*.png,*.gif,*.woff,*.woff2,*.svg,*.ttf,*.jar,*.car,*.war,*.zip,*.a,*.xc*,KakaoOpenSDK,AkamaiBMP,**/dist/** -f json --processing-timeout 600000 --file-timeout 60000 -o result.json -A -u --no-show-progress -r /rulesFolder/ -i -M 20 -c Low,Medium,High -> X matches

Expected behavior
If we don't pass -c param to CLI, get matches of rules with confidence medium and high.

Operating Environment (please complete the following information):

  • Application Inspector Version: 1.5.20
  • OS: Linux Ubuntu 21.10
commented

@ismadirolas

Thanks for the report.

I have a fix for the case insensitive enums.

I also have a fix for the default behavior - I had missed adding a default value for the commandlineparser.

I believe I've identified one additional potential problem, when custom rules were specified as a folder they were not verified before running, just added to the ruleset.

I hope to merge all these fixes today. #481

This will come as 1.6.2-beta I believe. 1.6 will be in beta for a short time, I'm currently working on some of the lib APIs, but there are no changes currently planned for the CLI.

commented

Hello @gfs ,

When do you plan to release a 1.6 non-beta version with this issue?

Thanks in advance.

commented

I plan to remove the beta flag this week.

commented

@ismadirolas 1.6.17 (not beta) is now available.