Development to Main #73
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
git add . git commit -m "Fix CI test failures: Add jq dependency and TTY availability check - Install jq in GitHub Actions workflow - Add TTY availability check to prevent /dev/tty errors in CI - Improve test suite with trace mode and error handling - Add CI environment emulator for local testing - Remove dead text parsing fallback - Fix indentation inconsistencies Tests now pass 10/10 in both local and CI environments."
Co-authored-by: noelsaw1 <[email protected]>
Co-authored-by: noelsaw1 <[email protected]>
Fix Required Change: Add quotes around $PATHS β "$PATHS" in 3 locations Lines to modify: Line 4164: $PATHS β "$PATHS" Line 4940: $PATHS β "$PATHS" Line 4945: $PATHS β "$PATHS" Line 5009: $PATHS β "$PATHS" Total changes: 4 lines (literally adding 2 characters per line)
Phase 1: Comment/docblock filtering Phase 1: HTML/REST config exclusions Test on Health Check plugin (should drop from 75 β 61 findings) Scanner no longer flags PHPDoc/comment-only matches Avoids POST-method false positives in HTML/REST config Test fixtures created for regression testing Documentation updated with results Moved to Shared Library Created: dist/bin/lib/false-positive-filters.sh Benefits: β Centralized location for all false positive detection β Versioned library (v1.0.0) for future scanner scripts β Documented API and known limitations β Removed 140+ lines of duplicate code from main script β Ready for Phase 2 and future enhancements
β¦sitive-2026-01-11 Rules/reduce false positive and shared library to Development
β Guard heuristics (nearby checks) β Sanitizer/caster detection on superglobal reads β Refine $wpdb->prepare() finding severity β JSON output augmented with guard/sanitizer hints β Severity downgrade rules for "guarded" findings β Regression fixtures for guarded vs unguarded superglobal reads
Phase 2.1 significantly improves accuracy and reduces false confidence. The scanner is now ready for production use with documented limitations. All critical quality issues have been addressed.
MCP Phase / Tier 1 support to Development
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Type of Change
Related Issue
Fixes #(issue number)
Changes Made
Testing
dist/tests/run-fixture-tests.sh- All tests passdist/tests/fixtures/clean-code.phpChecklist
CLA Signature
For first-time contributors: Please comment below with:
This is a one-time requirement. Once signed, you can contribute to all future PRs without re-signing.
Questions about the CLA? See CLA.md or email [email protected]
Additional Notes