The patch tab's purpose in the detailed issue view is to help the user fix the found issue.
The patch tab is divided into two parts:
- Generated Patch: An automatically generated patch based on the scanned code.
- Patch Guide: A generic guide with examples of how the detected issue type can be prevented.
Automatically Generated Patches
With RIPS version 3.2 a new feature was introduced that automatically generates patches based on the scanned code. This functionality was introduced as a preview feature and, in future versions, might not be available in the standard version of RIPS.
The availability of an automatically generated patch depends on the issue type and on the presence of sufficient data the patch generator can use to synthesize a patch. The exclamation mark on the patch () tab indicates that a patch was generated for the issue. Another thing to take into account here is that automatically generated patches for PHP scans are fully available only when the scan has finished, whereas for Java scans the patches are available as soon as the issue is visible in the RIPS interface.
Generated patches are accompanied by a confidence value between 0 and 100. The higher the value, the higher the probability that the patch can be integrated as it is without needing further code modifications from the user. Note: Checking the patch is always recommended before usage no matter the confidence value.
The actual patches are presented in a diff-like manner demonstrating the changes that have to be made to the source code.
If a patch does require some modifications by the user, which is the case mainly for whitelisting patches, the awaited modifications are depicted in the form of comments in the presented patch code:
The patch guide section is available for every issue and issue type. It contains an explanation of how issues of the detected type are usually prevented and gives code examples in the scanned project's language.