Skip to content

Commit

Permalink
break(general): switch from black-list to block-list (#3581)
Browse files Browse the repository at this point in the history 
switch from black-list to block-list
  • Loading branch information
@tsmithv11
tsmithv11 committed Sep 29, 2022
1 parent 45562b6 commit f2fae75
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 18 deletions.
8 changes: 4 additions & 4 deletions checkov/main.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,7 @@ def run(banner: str = checkov_banner, argv: List[str] = sys.argv[1:]) -> Optiona
use_enforcement_rules=config.use_enforcement_rules,
run_image_referencer=run_image_referencer,
enable_secret_scan_all_files=bool(convert_str_to_bool(config.enable_secret_scan_all_files)),
black_list_secret_scan=config.black_list_secret_scan)
block_list_secret_scan=config.block_list_secret_scan)

if outer_registry:
runner_registry = outer_registry
Expand Down Expand Up @@ -577,11 +577,11 @@ def add_parser_args(parser: ArgumentParser) -> None:
env_var='CKV_SECRETS_SCAN_ENABLE_ALL',
action='store_true',
help='enable secret scan for all files')
parser.add('--black-list-secret-scan',
parser.add('--block-list-secret-scan',
default=[],
env_var='CKV_SECRETS_SCAN_BLACK_LIST',
env_var='CKV_SECRETS_SCAN_BLOCK_LIST',
action='append',
help='black file list to filter out from the secret scanner')
help='List of files to filter out from the secret scanner')
parser.add('--summary-position', default='top', choices=SUMMARY_POSITIONS,
help='Chose whether the summary will be appended on top (before the checks results) or on bottom '
'(after check results), default is on top.')
Expand Down
8 changes: 4 additions & 4 deletions checkov/runner_filter.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def __init__(
show_progress_bar: Optional[bool] = True,
run_image_referencer: bool = False,
enable_secret_scan_all_files: bool = False,
black_list_secret_scan: Optional[List[str]] = None
block_list_secret_scan: Optional[List[str]] = None
) -> None:

checks = convert_csv_string_arg_to_list(checks)
Expand Down Expand Up @@ -98,7 +98,7 @@ def __init__(
self.filtered_policy_ids = filtered_policy_ids or []
self.run_image_referencer = run_image_referencer
self.enable_secret_scan_all_files = enable_secret_scan_all_files
self.black_list_secret_scan = black_list_secret_scan
self.block_list_secret_scan = block_list_secret_scan

def apply_enforcement_rules(self, enforcement_rule_configs: Dict[str, CodeCategoryConfiguration]) -> None:
self.enforcement_rule_configs = {}
Expand Down Expand Up @@ -247,10 +247,10 @@ def from_dict(obj: Dict[str, Any]) -> RunnerFilter:
if run_image_referencer is None:
run_image_referencer = False
enable_secret_scan_all_files = bool(obj.get('enable_secret_scan_all_files'))
black_list_secret_scan = obj.get('black_list_secret_scan')
block_list_secret_scan = obj.get('block_list_secret_scan')
runner_filter = RunnerFilter(framework, checks, skip_checks, include_all_checkov_policies,
download_external_modules, external_modules_download_path, evaluate_variables,
runners, skip_framework, excluded_paths, all_external, var_files,
skip_cve_package, use_enforcement_rules, filtered_policy_ids, show_progress_bar,
run_image_referencer, enable_secret_scan_all_files, black_list_secret_scan)
run_image_referencer, enable_secret_scan_all_files, block_list_secret_scan)
return runner_filter
8 changes: 4 additions & 4 deletions checkov/secrets/runner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,17 +152,17 @@ def run(
excluded_paths = (runner_filter.excluded_paths or []) + ignored_directories + [DEFAULT_EXTERNAL_MODULES_DIR]
if root_folder:
enable_secret_scan_all_files = runner_filter.enable_secret_scan_all_files
black_list_secret_scan = runner_filter.black_list_secret_scan or []
black_list_secret_scan_lower = [file_type.lower() for file_type in black_list_secret_scan]
block_list_secret_scan = runner_filter.block_list_secret_scan or []
block_list_secret_scan_lower = [file_type.lower() for file_type in block_list_secret_scan]
for root, d_names, f_names in os.walk(root_folder):
filter_ignored_paths(root, d_names, excluded_paths)
filter_ignored_paths(root, f_names, excluded_paths)
for file in f_names:
if enable_secret_scan_all_files:
if is_docker_file(file):
if 'dockerfile' not in black_list_secret_scan_lower:
if 'dockerfile' not in block_list_secret_scan_lower:
files_to_scan.append(os.path.join(root, file))
elif f".{file.split('.')[-1]}" not in black_list_secret_scan_lower:
elif f".{file.split('.')[-1]}" not in block_list_secret_scan_lower:
files_to_scan.append(os.path.join(root, file))
elif file not in PROHIBITED_FILES and f".{file.split('.')[-1]}" in SUPPORTED_FILE_EXTENSIONS or is_docker_file(file):
files_to_scan.append(os.path.join(root, file))
Expand Down
12 changes: 6 additions & 6 deletions tests/secrets/test_runner.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ def test_runner_requested_file_type_only_ts(self):
report = runner.run(root_folder=valid_dir_path,
external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'],
black_list_secret_scan=['.py', 'Dockerfile', '.tf', '.yml'],
block_list_secret_scan=['.py', 'Dockerfile', '.tf', '.yml'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 2)

Expand All @@ -237,7 +237,7 @@ def test_runner_requested_file_type_only_py(self):
valid_dir_path = current_dir + "/resources"
runner = Runner()
report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.ts', 'Dockerfile', '.tf', '.yml'],
runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.ts', 'Dockerfile', '.tf', '.yml'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 2)

Expand All @@ -246,7 +246,7 @@ def test_runner_requested_file_type_only_yml(self):
valid_dir_path = current_dir + "/resources"
runner = Runner()
report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', 'Dockerfile', '.tf', '.ts'],
runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', 'Dockerfile', '.tf', '.ts'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 2)

Expand All @@ -256,7 +256,7 @@ def test_runner_requested_file_type_only_tf(self):
runner = Runner()
report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'],
black_list_secret_scan=['.py', 'Dockerfile', '.ts', '.yml'],
block_list_secret_scan=['.py', 'Dockerfile', '.ts', '.yml'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 3)

Expand All @@ -265,7 +265,7 @@ def test_runner_requested_file_type_only_tf_yml(self):
valid_dir_path = current_dir + "/resources"
runner = Runner()
report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', 'Dockerfile', '.ts'],
runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', 'Dockerfile', '.ts'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 5)

Expand All @@ -282,7 +282,7 @@ def test_runner_requested_file_only_dockerfile(self):
valid_dir_path = current_dir + "/resources"
runner = Runner()
report = runner.run(root_folder=valid_dir_path, external_checks_dir=None,
runner_filter=RunnerFilter(framework=['secrets'], black_list_secret_scan=['.py', '.tf', '.ts', '.yml'],
runner_filter=RunnerFilter(framework=['secrets'], block_list_secret_scan=['.py', '.tf', '.ts', '.yml'],
enable_secret_scan_all_files=True))
self.assertEqual(len(report.failed_checks), 4)

Expand Down

0 comments on commit f2fae75

Please sign in to comment.