diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index e3c0b41a..11fd3410 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -69,6 +69,14 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati if scan_config.scannable_extensions: self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) + def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool: + scannable_prefixes = self._scannable_prefixes.get(scan_type) + if scannable_prefixes: + path = Path(file_path) + file_name = path.name.lower() + return file_name in scannable_prefixes + return False + def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: filename = filename.lower() @@ -80,10 +88,6 @@ def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: if non_scannable_extensions: return not filename.endswith(non_scannable_extensions) - scannable_prefixes = self._scannable_prefixes.get(scan_type) - if scannable_prefixes: - return filename.startswith(scannable_prefixes) - return True def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> bool: @@ -100,7 +104,10 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - if not self._is_file_extension_supported(scan_type, filename): + if not ( + self._is_file_extension_supported(scan_type, filename) + or self._is_file_prefix_supported(scan_type, filename) + ): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, diff --git a/tests/cli/files_collector/test_file_excluder.py b/tests/cli/files_collector/test_file_excluder.py index 4ac623e3..31a52f55 100644 --- a/tests/cli/files_collector/test_file_excluder.py +++ b/tests/cli/files_collector/test_file_excluder.py @@ -1,7 +1,7 @@ import pytest from cycode.cli import consts -from cycode.cli.files_collector.file_excluder import _is_file_relevant_for_sca_scan +from cycode.cli.files_collector.file_excluder import Excluder, _is_file_relevant_for_sca_scan class TestIsFileRelevantForScaScan: @@ -38,6 +38,22 @@ def test_files_with_excluded_names_in_filename_should_be_included(self) -> None: assert _is_file_relevant_for_sca_scan('utils/pycache_cleaner.py') is True assert _is_file_relevant_for_sca_scan('config/gradle_config.xml') is True + def test_files_with_excluded_extensions_in_should_be_included(self) -> None: + """Test that files containing excluded extensions are NOT excluded.""" + excluder = Excluder() + # These should be INCLUDED because the excluded terms are in the filename + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf.json') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.json') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yaml') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yml') is True + # These should be EXCLUDED because the excluded terms are not in the filename + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile.txt') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.ini') is False + def test_files_in_regular_directories_should_be_included(self) -> None: """Test that files in regular directories (not excluded) are included."""