Skip to content

Commit

Permalink
feat(report): Include licenses and secrets filtered by rego to Modifi…
Browse files Browse the repository at this point in the history
…edFindings (#6483)
  • Loading branch information
kristyko authored May 14, 2024
1 parent 26faf8f commit fa3cf99
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 46 deletions.
4 changes: 4 additions & 0 deletions pkg/result/filter.go
Original file line number Diff line number Diff line change
Expand Up @@ -303,6 +303,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e
return err
}
if ignored {
result.ModifiedFindings = append(result.ModifiedFindings,
types.NewModifiedFinding(scrt, types.FindingStatusIgnored, "Filtered by Rego", policyFile))
continue
}
filteredSecrets = append(filteredSecrets, scrt)
Expand All @@ -317,6 +319,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e
return err
}
if ignored {
result.ModifiedFindings = append(result.ModifiedFindings,
types.NewModifiedFinding(lic, types.FindingStatusIgnored, "Filtered by Rego", policyFile))
continue
}
filteredLicenses = append(filteredLicenses, lic)
Expand Down
65 changes: 21 additions & 44 deletions pkg/result/filter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -648,65 +648,42 @@ func TestFilter(t *testing.T) {
Results: types.Results{
{
Licenses: []types.DetectedLicense{
{
Name: "GPL-3.0",
Severity: dbTypes.SeverityLow.String(),
FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py",
Category: "restricted",
Confidence: 1,
},
{
Name: "GPL-3.0",
Severity: dbTypes.SeverityLow.String(),
FilePath: "usr/share/gcc/python/libstdcxx/v6/printers.py",
Category: "restricted",
Confidence: 1,
},
license1,
license2,
},
Secrets: []types.DetectedSecret{
{
RuleID: "generic-passed-rule",
Severity: dbTypes.SeverityLow.String(),
Title: "Secret should pass filter",
StartLine: 1,
EndLine: 2,
Match: "*****",
},
{
RuleID: "generic-ignored-rule",
Severity: dbTypes.SeverityLow.String(),
Title: "Secret should be ignored",
StartLine: 3,
EndLine: 4,
Match: "*****",
},
secret1,
secret2,
},
},
},
},
severities: []dbTypes.Severity{dbTypes.SeverityLow},
severities: []dbTypes.Severity{dbTypes.SeverityLow, dbTypes.SeverityHigh},
policyFile: "./testdata/test-ignore-policy-licenses-and-secrets.rego",
},
want: types.Report{
Results: types.Results{
{
Licenses: []types.DetectedLicense{
{
Name: "GPL-3.0",
Severity: dbTypes.SeverityLow.String(),
FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py",
Category: "restricted",
Confidence: 1,
},
license1,
},
Secrets: []types.DetectedSecret{
secret1,
},
ModifiedFindings: []types.ModifiedFinding{
{
Type: types.FindingTypeSecret,
Status: types.FindingStatusIgnored,
Statement: "Filtered by Rego",
Source: "testdata/test-ignore-policy-licenses-and-secrets.rego",
Finding: secret2,
},
{
RuleID: "generic-passed-rule",
Severity: dbTypes.SeverityLow.String(),
Title: "Secret should pass filter",
StartLine: 1,
EndLine: 2,
Match: "*****",
Type: types.FindingTypeLicense,
Status: types.FindingStatusIgnored,
Statement: "Filtered by Rego",
Source: "testdata/test-ignore-policy-licenses-and-secrets.rego",
Finding: license2,
},
},
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ ignore {
}

ignore {
input.RuleID == "generic-ignored-rule"
input.Title == "Secret should be ignored"
input.RuleID == "generic-unwanted-rule"
input.Title == "Secret that should not pass filter on rule id"
}

0 comments on commit fa3cf99

Please sign in to comment.