On the first glimpse, it looks like the same suggestion. The difference is actually in the tags. One of them is Info and one is InTest. How comes?
When you run tests, you probably want to to check for unsupported conditions and when mocking environments, you will use static elements. As an example, you can test your code by providing a wrong type to a function call, or mocking by using a hard-coded password. Obviously, DeepCode’s rule would point out this problem.
While we are providing the option to exclude certain directories from a scan using
.dcignore (see here ) but what if you scan a repo for the first time. It might clutter the whole result set. So, DeepCode applies some smartness to flagging suggestions.
DeepCode tries to understand if the code is actually part of the test suite. This is done by applying some rules including scanning the path and file name. Since DeepCode cannot finally decide if you want to skip the test code analysis results. If you see the example above, it might make sense to touch the tests, too. Therefore, we add a flag that enables you to decide to have testing code in or not.
A best practice is to keep all results in but watch out for the InTest flag. If you see a security issue like a hardcoded password in a test, you can relax. But sometimes, you will find nuggets in your test code that you should have a look at because it might break your tests. Btw, simply clicking on a tag, makes it a search query. If you click on the filters in the top right corner, you can deselect InTest to suppress all suggestions in test files.
Posted on by: