nosemgrep comments not honored by extension in python

[forana]

Anonymized python:

class MyClass (
    ABadClass,  # nosemgrep: myrule
    AnotherClass,
    ADifferentClass,
): ...

Anonymized rule:

  - id: myrule
    languages:
      - python
    severity: ERROR
    message: Do not use ABadClass
    pattern-regex: .*ABadClass.*

Via CLI, the nosemgrep line correctly ignores the error. Via the plugin, the error is not ignored.

[forana]

Interestingly, when the useJS setting is enabled - the nosemgrep comments are honored. nevermind, the extension took abnormally long to update.

[ajbt200128]

thanks for the report, we'll look into this! Can you try running the cli with the --experimental flag as the first flag, and see if semgrep still ignores it?

[forana]

@ajbt200128 via semgrep scan --experimental -f path/to/my/config --include=path/to/example/file, I see that all of my rules are scanned and no findings are found - so, looks like semgrep still honors it there.

[ajbt200128]

thanks, that's super useful, looks like it's definitely a bug on the extension side then

[forana]

Suppose I should add: semgrep version = 1.81.0

[forana]

Noting that this still occurs on version 1.101.0

[forana]

FWIW @ajbt200128 this may be an upstream issue with the LSP - per the nosemgrep docs:

Ignoring code through this method still generates a finding. The finding is automatically set to the Ignored triage state.

If the LSP is sending these through and ignoring that state change, that would explain it.