Support a fix mode? #28
Comments
|
Thinking out loud: it wouldn't be too hard to add some kind of |
|
#136 and #129 are continuing to reveal that there are a lot of false positives with template injection, since the A fix mode could help a little bit here by offloading the work of identifying many of these: GitHub provides default environment variables that cover many common context accesses, and we could suggest/autofix users into those. |
|
I would love to see a fix mode similar to e.g. ruff. We developed a simple tool to do action pinning, see: https://github.com/eclipse-csi/octopin, but ultimately, we would like to do other fixes that your tool detects as well. So I could work on a PR to add some action pinning as initial fix. Though I have not used rust before, so that might require some iterations. |
Please feel free! The main challenge here (I think) will be doing this at the AST level, and not with regular expressions or other string patching techniques. My plan was to look into doing that with |
|
So I looked into tree-sitter for another usecase (to modify jsonnet AST), but apparently, tree-sitter does not support editing the AST it generates: tree-sitter/tree-sitter#2667 There are workarounds that I found, but that is not what you wanna do imho as they are very hacky afaict. go-yaml seems to have some support to preserve whitespace and comments when you do a roundtrip, not sure if something like this exists for rust as well. Having a full blown AST parser that supports source preserving roundtrips would be preferred ofc. |
Many findings are trivially fixable and insert-only, e.g. inserting
persist-credentials: false. It would be nice to expose a--fixflag or similar that could apply these.Implementation-wise, this should probably happen at tree-sitter level, since tree-sitter has mature support for modifying trees.
The text was updated successfully, but these errors were encountered: