From 7dbdcfd779cab13c0800bba4f13ee17960889150 Mon Sep 17 00:00:00 2001
From: Victor Nicolet <victornl@amazon.com>
Date: Thu, 24 Oct 2024 09:52:30 -0400
Subject: [PATCH] Adding documentation for argot:ignore in taint analysis.

---
 analysis/annotations/annotations.go |  1 +
 doc/01_taint.md                     | 11 +++++++++++
 2 files changed, 12 insertions(+)

diff --git a/analysis/annotations/annotations.go b/analysis/annotations/annotations.go
index 40bc5b1b..e7180e80 100644
--- a/analysis/annotations/annotations.go
+++ b/analysis/annotations/annotations.go
@@ -102,6 +102,7 @@ func (a Annotation) IsMatchingAnnotation(kind AnnotationKind, tag string) bool {
 	return a.Kind == kind && (tag == AnyTag || (len(a.Tags) > 0 && a.Tags[0] == AnyTag) || slices.Contains(a.Tags, tag))
 }
 
+// LinePos is a simple line-file position indicator.
 type LinePos struct {
 	Line int
 	File string
diff --git a/doc/01_taint.md b/doc/01_taint.md
index 8ef77dd6..f132ec17 100644
--- a/doc/01_taint.md
+++ b/doc/01_taint.md
@@ -202,6 +202,17 @@ options:
     max-alarms: 2
 ```
 
+#### Finding Suppression
+
+You may encounter false positives in the taint analysis, some of which cannot be easily resolved by making the configuration more precise or by changing the code.
+When you are confident the finding is a false positive, you can suppress the findings of the taint analysis on a specific line by using the `//argot:ignore problem-tag` annotation. 
+For example:
+```go
+...
+   callSink(notReaalyTaintedData) //argot:ignore _ 
+```
+Will suppress findings for all taint problems. Taint problems can be associated with a `tag: tagName` in the configuration, and you can suppress findings specifically for `tagName` by using `//argot:ignore tagName`. 
+
 #### Warning Suppression 
 The use can set the setting `warn: false` to suppress warnings during the analysis. This means that if the analysis encounters program constructs that make it unsound, those will not be reported. This setting does not affect the soundness of the analysis, but it will cause the tool to not report when your program falls beyond the soundness guarantees.