Skip to content

docs(ubs): add --only flag guidance to prevent cross-language false positives #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlexMikhalev wants to merge 2 commits into from
Closed

docs(ubs): add --only flag guidance to prevent cross-language false positives #504

AlexMikhalev wants to merge 2 commits into from
+45 −147

Conversation

@AlexMikhalev
Copy link
Contributor

@AlexMikhalev AlexMikhalev commented Jan 31, 2026

Summary

Updates the UBS (Ultimate Bug Scanner) documentation to emphasize the importance of using the --only flag when scanning files.

Problem

UBS auto-detects all 8 languages (js, python, cpp, rust, golang, java, ruby, swift) and scans every file with every scanner. This causes false positives:

  • Python scanner reports "invalid-syntax" errors on Rust files
  • JavaScript scanner flags "loose equality" in Rust code (false critical)
  • Wasted time (8x slower) scanning files with wrong language parsers

Solution

Updated .cursor/rules/ubs.md with:

Changes

  • Golden Rule: Now emphasizes --only=<lang> flag usage
  • Why --only is Critical: New section explaining the false positive issues
  • Language-specific commands: Added examples for rust, python, and js
  • Language Flags Quick Reference: Table with all 8 language flags and file extensions
  • Anti-patterns: Added "Scan without --only" anti-pattern

Impact

Prevents Python/JavaScript scanners from producing false positives when scanning Rust files (e.g., 'invalid-syntax' errors, 'loose equality' warnings on OsString comparisons).

Testing

  • Verified documentation renders correctly in markdown
  • Tested --only=rust flag works as expected on Rust files
  • No functional code changes - documentation only

Checklist

  • Documentation updated
  • No breaking changes
  • Pre-commit checks passed
  • Conventional commit format used

Terraphim CI added 2 commits January 30, 2026 17:16
fix(ci): address four failing CI checks
47f8ff3 
- terraphim_automata: add #[allow(dead_code)] for read_url (Quick Rust Validation)
- deploy-docs.yml: pre-checkout cleanup of target/ on self-hosted (Build Documentation)
- python-bindings.yml: pre-checkout cleanup of target/ on self-hosted (Lint Python Code)
- deploy-website.yml: skip deploy job on pull_request (1password/setup not found on PRs)
docs(ubs): add --only flag guidance to prevent cross-language false p…
9f5a2e2 
…ositives

- Update Golden Rule to emphasize --only=<lang> flag usage
- Add 'Why --only is Critical' section explaining false positive issues
- Add language-specific command examples (rust, python, js)
- Add Language Flags Quick Reference table for all 8 languages
- Add anti-pattern: scanning without --only flag

This prevents Python/JavaScript scanners from producing false positives
when scanning Rust files (e.g., 'invalid-syntax' errors, 'loose equality'
warnings on OsString comparisons).
@AlexMikhalev
Copy link
Contributor Author

AlexMikhalev commented Jan 31, 2026

Merged documentation updates for UBS --only flag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AlexMikhalev