More robust triage mode

[mds1]

Describe the desired feature

There are two ways to triage an issue:

1. Using // slither-disable comments
2. Using triage mode to save findings to a database

I prefer (2) because (1) can get noisy and result in many source code comments.

In crytic/slither-action#70 (comment) @elopez helped me notice that the triage database isn't robust to unrelated to source code changes. In that example, a contract had 8 incorrect-return findings ignored via triage, and after removing 2 unused error declarations in that contract, those resurfaced.

It seems this happens because the ID of the finding changed. I'm not sure how IDs are determined, but my guess is they are a function of line number.

I'm not sure of the best way to implement this feature, but it would be very helpful if the database findings were most robust to source code changes.

[0xalpharush]

This doesn't really address the issue but would it be helpful to only show results from the current diff so that the CI and local results match up (#1954)?

[mds1]

Oh yes that would be very helpful! One of the issues with code scanning integration is that the local DB doesn't sync with what's been triaged in github, so running slither . locally stays noisy. Being able to run slither . --diff {baseBranchName} and have CI behavior match that would be great.

I think that would be sufficient for me to not need this issue's feature anytime soon

[mds1]

Any updates on #1954?

[montyly]

Thanks for the reminder @mds1.

I definitely see that this is an important usability issue. We are going to brainstorm internally to see what we can do