Skip to content

Cline integration: false positives for irrelevant package ecosystems #1343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
danbarr opened this issue Apr 7, 2025 · 0 comments
Open

Cline integration: false positives for irrelevant package ecosystems #1343

danbarr opened this issue Apr 7, 2025 · 0 comments
Labels
bug needs-triage

Comments

@danbarr
Copy link
Contributor

danbarr commented Apr 7, 2025

Describe the issue

When using Cline as my client, CodeGate is warning me about deprecated packages that are not relevant for a few reasons:

  1. For package ecosystems different than the language I'm working in (ex: working in a .go file, but getting warnings about rust/npm packages)
  2. For packages that aren't actually package inclusions in a file, just keywords that happen to match a very generic package name (ex: file happens to have "vscode" in a variable name or string value, getting a warning about npm/vscode, same for the word "runtime" warning about rust/runtime)

The same doesn't happen with Copilot or Continue.

Steps to Reproduce

An example Go file that CodeGate warns on via Cline is below. The CodeGate warning is:

Warning: CodeGate detected one or more malicious, deprecated or archived packages.

Pkg 1: https://www.insight.stacklok.com/report/crates/runtime
Pkg 2: https://www.insight.stacklok.com/report/npm/vscode
** critical vulnerability found, you must take action **

package main

import (
	"fmt"
	"os"
	"path/filepath"
	"runtime"
)

func main() {
	// Get the current operating system
	currentOS := runtime.GOOS

	// Define a path to VSCode configuration based on OS
	var vscodeConfigPath string

	switch currentOS {
	case "windows":
		vscodeConfigPath = filepath.Join(os.Getenv("APPDATA"), "Code", "User", "settings.json")
	case "darwin":
		vscodeConfigPath = filepath.Join(os.Getenv("HOME"), "Library", "Application Support", "Code", "User", "settings.json")
	case "linux":
		vscodeConfigPath = filepath.Join(os.Getenv("HOME"), ".config", "Code", "User", "settings.json")
	default:
		fmt.Println("Unsupported operating system for VSCode configuration")
		os.Exit(1)
	}

	fmt.Printf("VSCode configuration path for %s: %s\n", currentOS, vscodeConfigPath)
}

Operating System

MacOS (Arm)

IDE and Version

VS Code 1.99.0

Extension and Version

Cline 3.9.2

Provider

Other

Model

Any

Codegate version

v0.1.31

Logs

No response

Additional Context

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danbarr