Skip to content

Commit

Permalink
The check for ignoring should use the resource block
Browse files Browse the repository at this point in the history 
- take the range details from the resource block rather than the result
block

- add a check for someone adding the tfsec ignore in about the result
block
  • Loading branch information
@owenrumney
owenrumney committed Jun 11, 2021
1 parent 1273691 commit fcd8948
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions internal/app/tfsec/scanner/scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func (scanner *Scanner) Scan(blocks []*block.Block) []result.Result {
}

func (scanner *Scanner) checkRangeIgnored(id string, r block.Range, b block.Range) bool {
raw, err := ioutil.ReadFile(r.Filename)
raw, err := ioutil.ReadFile(b.Filename)
if err != nil {
return false
}
Expand All @@ -110,7 +110,7 @@ func (scanner *Scanner) checkRangeIgnored(id string, r block.Range, b block.Rang
}
}

// check the line above the block
// check the line above the actual resource block
if b.StartLine-1 > 0 {
line := lines[b.StartLine-1]
if ignored := checkLineForIgnore(line, ignoreAll, ignoreCode); ignored {
Expand Down

0 comments on commit fcd8948

Please sign in to comment.