From 678ae05a8f61a808a59acd36ae6a4ccf4902c6bd Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 12:24:34 +0300 Subject: [PATCH 01/19] CM-53944-Fixed issue when docker file is ignored because it has no extension --- cycode/cli/consts.py | 2 ++ cycode/cli/files_collector/file_excluder.py | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cycode/cli/consts.py b/cycode/cli/consts.py index 7384e33e..59f7ff9d 100644 --- a/cycode/cli/consts.py +++ b/cycode/cli/consts.py @@ -17,6 +17,8 @@ IAC_SCAN_SUPPORTED_FILE_EXTENSIONS = ('.tf', '.tf.json', '.json', '.yaml', '.yml', '.dockerfile', '.containerfile') IAC_SCAN_SUPPORTED_FILE_PREFIXES = ('dockerfile', 'containerfile') +DOCKER_FILE_NAME = 'dockerfile' + SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = ( '.DS_Store', '.bmp', diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index e3c0b41a..7949d42c 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -69,9 +69,17 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati if scan_config.scannable_extensions: self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) + @staticmethod + def check_if_docker_file(file_path: str) -> bool: + path = Path(file_path) + file = path.name + if file == consts.DOCKER_FILE_NAME: + return True + def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: filename = filename.lower() - + if self.check_if_docker_file(filename): + return True scannable_extensions = self._scannable_extensions.get(scan_type) if scannable_extensions: return filename.endswith(scannable_extensions) From 4f7f752a509518a3eaaab69105742ea090514b6c Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 13:05:00 +0300 Subject: [PATCH 02/19] CM-53944-Fixed issue when docker file is ignored because it has no extension --- cycode/cli/files_collector/file_excluder.py | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 7949d42c..54200cdc 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -69,17 +69,9 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati if scan_config.scannable_extensions: self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) - @staticmethod - def check_if_docker_file(file_path: str) -> bool: - path = Path(file_path) - file = path.name - if file == consts.DOCKER_FILE_NAME: - return True - def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: filename = filename.lower() - if self.check_if_docker_file(filename): - return True + scannable_extensions = self._scannable_extensions.get(scan_type) if scannable_extensions: return filename.endswith(scannable_extensions) @@ -108,7 +100,8 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - if not self._is_file_extension_supported(scan_type, filename): + # We don't want to check for IAC scans, the extension is handled internally + if not scan_type == consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, From b78b66a43ba90e8878e5586c2a6a56042effb00a Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 13:07:02 +0300 Subject: [PATCH 03/19] CM-53944-Fixed issue when docker file is ignored because it has no extension --- cycode/cli/files_collector/file_excluder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 54200cdc..54ffe5a4 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -101,7 +101,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return False # We don't want to check for IAC scans, the extension is handled internally - if not scan_type == consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename): + if scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, From 7484d07edd7514d1d10f3b291d619babdd655963 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 13:08:25 +0300 Subject: [PATCH 04/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 54ffe5a4..40d52cf0 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -100,7 +100,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - # We don't want to check for IAC scans, the extension is handled internally + # We don't want to check for IAC scans, the extensions is handled internally if scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', From 84b936f3ba7f2a67ac5c16d1589bfcaddb4d1f3c Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 15:05:32 +0300 Subject: [PATCH 05/19] CM-53944-Fixed comment --- cycode/cli/consts.py | 2 -- cycode/cli/files_collector/file_excluder.py | 4 +++- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cycode/cli/consts.py b/cycode/cli/consts.py index 59f7ff9d..7384e33e 100644 --- a/cycode/cli/consts.py +++ b/cycode/cli/consts.py @@ -17,8 +17,6 @@ IAC_SCAN_SUPPORTED_FILE_EXTENSIONS = ('.tf', '.tf.json', '.json', '.yaml', '.yml', '.dockerfile', '.containerfile') IAC_SCAN_SUPPORTED_FILE_PREFIXES = ('dockerfile', 'containerfile') -DOCKER_FILE_NAME = 'dockerfile' - SECRET_SCAN_FILE_EXTENSIONS_TO_IGNORE = ( '.DS_Store', '.bmp', diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 40d52cf0..e6d7acdd 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -101,7 +101,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return False # We don't want to check for IAC scans, the extensions is handled internally - if scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename): + if self._should_check_if_extensions_are_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, @@ -110,6 +110,8 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return True + def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str): + return scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename) def _is_relevant_file_to_scan(self, scan_type: str, filename: str) -> bool: if not self._is_relevant_file_to_scan_common(scan_type, filename): return False From d076fa7397f703de6ba163b623bc04fdfe8745a6 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 15:06:30 +0300 Subject: [PATCH 06/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index e6d7acdd..0dd824f4 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -100,7 +100,6 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - # We don't want to check for IAC scans, the extensions is handled internally if self._should_check_if_extensions_are_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', @@ -110,6 +109,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return True + # We don't want to check for IAC scans, the extensions is handled internally def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str): return scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename) def _is_relevant_file_to_scan(self, scan_type: str, filename: str) -> bool: From 16b8572a97bf45c3ad8de792ffddca4be79ee986 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 15:07:02 +0300 Subject: [PATCH 07/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 0dd824f4..b8b04a97 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -13,15 +13,14 @@ from cycode.cli.utils.progress_bar import BaseProgressBar, ProgressBarSection from cycode.cyclient import models - logger = get_logger('File Excluder') def _is_subpath_of_cycode_configuration_folder(filename: str) -> bool: return ( - is_sub_path(configuration_manager.global_config_file_manager.get_config_directory_path(), filename) - or is_sub_path(configuration_manager.local_config_file_manager.get_config_directory_path(), filename) - or filename.endswith(ConfigFileManager.get_config_file_route()) + is_sub_path(configuration_manager.global_config_file_manager.get_config_directory_path(), filename) + or is_sub_path(configuration_manager.local_config_file_manager.get_config_directory_path(), filename) + or filename.endswith(ConfigFileManager.get_config_file_route()) ) @@ -112,6 +111,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo # We don't want to check for IAC scans, the extensions is handled internally def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str): return scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename) + def _is_relevant_file_to_scan(self, scan_type: str, filename: str) -> bool: if not self._is_relevant_file_to_scan_common(scan_type, filename): return False @@ -155,11 +155,11 @@ def _is_relevant_document_to_scan(self, scan_type: str, filename: str, content: return True def exclude_irrelevant_files( - self, - progress_bar: 'BaseProgressBar', - progress_bar_section: 'ProgressBarSection', - scan_type: str, - filenames: list[str], + self, + progress_bar: 'BaseProgressBar', + progress_bar_section: 'ProgressBarSection', + scan_type: str, + filenames: list[str], ) -> list[str]: relevant_files = [] for filename in filenames: @@ -172,7 +172,7 @@ def exclude_irrelevant_files( return relevant_files def exclude_irrelevant_documents_to_scan( - self, scan_type: str, documents_to_scan: list['Document'] + self, scan_type: str, documents_to_scan: list['Document'] ) -> list['Document']: logger.debug('Excluding irrelevant documents to scan') From 236840f437d6af279b586acdfda62bac5d87fb3e Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 15:07:44 +0300 Subject: [PATCH 08/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index b8b04a97..20f60647 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -13,14 +13,15 @@ from cycode.cli.utils.progress_bar import BaseProgressBar, ProgressBarSection from cycode.cyclient import models + logger = get_logger('File Excluder') def _is_subpath_of_cycode_configuration_folder(filename: str) -> bool: return ( - is_sub_path(configuration_manager.global_config_file_manager.get_config_directory_path(), filename) - or is_sub_path(configuration_manager.local_config_file_manager.get_config_directory_path(), filename) - or filename.endswith(ConfigFileManager.get_config_file_route()) + is_sub_path(configuration_manager.global_config_file_manager.get_config_directory_path(), filename) + or is_sub_path(configuration_manager.local_config_file_manager.get_config_directory_path(), filename) + or filename.endswith(ConfigFileManager.get_config_file_route()) ) @@ -155,11 +156,11 @@ def _is_relevant_document_to_scan(self, scan_type: str, filename: str, content: return True def exclude_irrelevant_files( - self, - progress_bar: 'BaseProgressBar', - progress_bar_section: 'ProgressBarSection', - scan_type: str, - filenames: list[str], + self, + progress_bar: 'BaseProgressBar', + progress_bar_section: 'ProgressBarSection', + scan_type: str, + filenames: list[str], ) -> list[str]: relevant_files = [] for filename in filenames: @@ -172,7 +173,7 @@ def exclude_irrelevant_files( return relevant_files def exclude_irrelevant_documents_to_scan( - self, scan_type: str, documents_to_scan: list['Document'] + self, scan_type: str, documents_to_scan: list['Document'] ) -> list['Document']: logger.debug('Excluding irrelevant documents to scan') From 36797b8a3a407063f3047e3c78db38f05d0cec67 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 15:51:08 +0300 Subject: [PATCH 09/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 20f60647..e9ed8570 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -110,7 +110,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return True # We don't want to check for IAC scans, the extensions is handled internally - def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str): + def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str) -> bool: return scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename) def _is_relevant_file_to_scan(self, scan_type: str, filename: str) -> bool: From 05c66bc7702793a8ea029ad8215fc8a7234c3263 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 16:57:34 +0300 Subject: [PATCH 10/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index e9ed8570..1c8b1eb6 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -69,6 +69,13 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati if scan_config.scannable_extensions: self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) + def _is_file_prefix_supported(self, scan_type: str, file_path: str): + path = Path(file_path) + file_name = path.name.lower() + scannable_prefixes = self._scannable_prefixes.get(scan_type) + if scannable_prefixes: + return file_name.startswith(scannable_prefixes) + def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: filename = filename.lower() @@ -80,10 +87,6 @@ def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: if non_scannable_extensions: return not filename.endswith(non_scannable_extensions) - scannable_prefixes = self._scannable_prefixes.get(scan_type) - if scannable_prefixes: - return filename.startswith(scannable_prefixes) - return True def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> bool: @@ -99,8 +102,10 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo 'The document is irrelevant because its path is in the ignore paths list, %s', {'filename': filename} ) return False + if self._is_file_prefix_supported(scan_type, filename): + return True - if self._should_check_if_extensions_are_supported(scan_type, filename): + if not self._is_file_extension_supported(scan_type, filename): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, @@ -109,10 +114,6 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo return True - # We don't want to check for IAC scans, the extensions is handled internally - def _should_check_if_extensions_are_supported(self, scan_type: str, filename: str) -> bool: - return scan_type != consts.IAC_SCAN_TYPE and not self._is_file_extension_supported(scan_type, filename) - def _is_relevant_file_to_scan(self, scan_type: str, filename: str) -> bool: if not self._is_relevant_file_to_scan_common(scan_type, filename): return False From 0ff51d1bfe783b93cff109ed9262326b8ae3d01e Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 16:58:30 +0300 Subject: [PATCH 11/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 1c8b1eb6..cb2f2959 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -69,7 +69,7 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati if scan_config.scannable_extensions: self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) - def _is_file_prefix_supported(self, scan_type: str, file_path: str): + def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool: path = Path(file_path) file_name = path.name.lower() scannable_prefixes = self._scannable_prefixes.get(scan_type) From 7a47a0c63be2e312c30303c19733525bf98c9341 Mon Sep 17 00:00:00 2001 From: galf Date: Wed, 8 Oct 2025 17:27:29 +0300 Subject: [PATCH 12/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index cb2f2959..90d4f932 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -75,6 +75,7 @@ def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool: scannable_prefixes = self._scannable_prefixes.get(scan_type) if scannable_prefixes: return file_name.startswith(scannable_prefixes) + return False def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: filename = filename.lower() From 317a2bbc06459b9860a455a03d6c5a9dc76d342a Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 10:37:41 +0300 Subject: [PATCH 13/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 90d4f932..d3013746 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -70,10 +70,10 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions) def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool: - path = Path(file_path) - file_name = path.name.lower() scannable_prefixes = self._scannable_prefixes.get(scan_type) if scannable_prefixes: + path = Path(file_path) + file_name = path.name.lower() return file_name.startswith(scannable_prefixes) return False From f9f0e955141755774792935c1aacfe25942909a1 Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 10:50:54 +0300 Subject: [PATCH 14/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 1 + 1 file changed, 1 insertion(+) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index d3013746..427f458c 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -103,6 +103,7 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo 'The document is irrelevant because its path is in the ignore paths list, %s', {'filename': filename} ) return False + if self._is_file_prefix_supported(scan_type, filename): return True From fba41bb9e0ff114ab3fa689428b78b3c1096a288 Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 10:57:08 +0300 Subject: [PATCH 15/19] CM-53944-Fixed comment --- cycode/cli/files_collector/file_excluder.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 427f458c..d9b09f34 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -104,10 +104,8 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - if self._is_file_prefix_supported(scan_type, filename): - return True - - if not self._is_file_extension_supported(scan_type, filename): + if (not self._is_file_extension_supported(scan_type, filename) + and not self._is_file_prefix_supported(scan_type, filename)): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, From d7e510470e4c3701effa1cafc044295e4413b45d Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 14:37:14 +0300 Subject: [PATCH 16/19] CM-53944-Simplified the extension exclude logic and added tests --- cycode/cli/files_collector/file_excluder.py | 6 +++--- tests/cli/files_collector/test_file_excluder.py | 17 ++++++++++++++++- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index d9b09f34..82d346d8 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -74,7 +74,7 @@ def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool: if scannable_prefixes: path = Path(file_path) file_name = path.name.lower() - return file_name.startswith(scannable_prefixes) + return file_name in scannable_prefixes return False def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool: @@ -104,8 +104,8 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - if (not self._is_file_extension_supported(scan_type, filename) - and not self._is_file_prefix_supported(scan_type, filename)): + if not (self._is_file_extension_supported(scan_type, filename) + or self._is_file_prefix_supported(scan_type, filename)): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, diff --git a/tests/cli/files_collector/test_file_excluder.py b/tests/cli/files_collector/test_file_excluder.py index 4ac623e3..77e48fcc 100644 --- a/tests/cli/files_collector/test_file_excluder.py +++ b/tests/cli/files_collector/test_file_excluder.py @@ -2,7 +2,7 @@ from cycode.cli import consts from cycode.cli.files_collector.file_excluder import _is_file_relevant_for_sca_scan - +from cycode.cli.files_collector.file_excluder import Excluder class TestIsFileRelevantForScaScan: """Test the SCA path exclusion logic.""" @@ -38,6 +38,21 @@ def test_files_with_excluded_names_in_filename_should_be_included(self) -> None: assert _is_file_relevant_for_sca_scan('utils/pycache_cleaner.py') is True assert _is_file_relevant_for_sca_scan('config/gradle_config.xml') is True + def test_files_with_excluded_extensions_in_should_be_included(self) -> None: + """Test that files containing excluded directory names in their filename are NOT excluded.""" + # These should be INCLUDED because the excluded terms are in the filename, not directory path + excluder = Excluder() + assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/Dockerfile') is True + assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build.tf') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf.json') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.json') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yaml') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yml') is True + assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile.txt') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.ini') is False + def test_files_in_regular_directories_should_be_included(self) -> None: """Test that files in regular directories (not excluded) are included.""" From b814f7fb459348fa894b3a94687179990d732aea Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 14:44:52 +0300 Subject: [PATCH 17/19] CM-53944-Fixed tests import format --- tests/cli/files_collector/test_file_excluder.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/cli/files_collector/test_file_excluder.py b/tests/cli/files_collector/test_file_excluder.py index 77e48fcc..166964f5 100644 --- a/tests/cli/files_collector/test_file_excluder.py +++ b/tests/cli/files_collector/test_file_excluder.py @@ -1,8 +1,7 @@ import pytest from cycode.cli import consts -from cycode.cli.files_collector.file_excluder import _is_file_relevant_for_sca_scan -from cycode.cli.files_collector.file_excluder import Excluder +from cycode.cli.files_collector.file_excluder import Excluder, _is_file_relevant_for_sca_scan class TestIsFileRelevantForScaScan: """Test the SCA path exclusion logic.""" @@ -39,15 +38,16 @@ def test_files_with_excluded_names_in_filename_should_be_included(self) -> None: assert _is_file_relevant_for_sca_scan('config/gradle_config.xml') is True def test_files_with_excluded_extensions_in_should_be_included(self) -> None: - """Test that files containing excluded directory names in their filename are NOT excluded.""" - # These should be INCLUDED because the excluded terms are in the filename, not directory path + """Test that files containing excluded extensions are NOT excluded.""" excluder = Excluder() + # These should be INCLUDED because the excluded terms are in the filename assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/Dockerfile') is True assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build.tf') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf.json') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.json') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yaml') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yml') is True + # These should be EXCLUDED because the excluded terms are not in the filename assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build') is False assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile.txt') is False From 68a8627aed4edabee399697eff681b471780c90c Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 14:52:13 +0300 Subject: [PATCH 18/19] CM-53944-Fixed tests import ruff format --- tests/cli/files_collector/test_file_excluder.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/cli/files_collector/test_file_excluder.py b/tests/cli/files_collector/test_file_excluder.py index 166964f5..1037a36c 100644 --- a/tests/cli/files_collector/test_file_excluder.py +++ b/tests/cli/files_collector/test_file_excluder.py @@ -3,6 +3,7 @@ from cycode.cli import consts from cycode.cli.files_collector.file_excluder import Excluder, _is_file_relevant_for_sca_scan + class TestIsFileRelevantForScaScan: """Test the SCA path exclusion logic.""" From 0d9c221ad498d57e43fb30b54cc4aa913373ed2d Mon Sep 17 00:00:00 2001 From: galf Date: Thu, 9 Oct 2025 17:17:19 +0300 Subject: [PATCH 19/19] CM-53944-Fixed tests import ruff format --- cycode/cli/files_collector/file_excluder.py | 6 ++++-- tests/cli/files_collector/test_file_excluder.py | 6 +++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/cycode/cli/files_collector/file_excluder.py b/cycode/cli/files_collector/file_excluder.py index 82d346d8..11fd3410 100644 --- a/cycode/cli/files_collector/file_excluder.py +++ b/cycode/cli/files_collector/file_excluder.py @@ -104,8 +104,10 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo ) return False - if not (self._is_file_extension_supported(scan_type, filename) - or self._is_file_prefix_supported(scan_type, filename)): + if not ( + self._is_file_extension_supported(scan_type, filename) + or self._is_file_prefix_supported(scan_type, filename) + ): logger.debug( 'The document is irrelevant because its extension is not supported, %s', {'scan_type': scan_type, 'filename': filename}, diff --git a/tests/cli/files_collector/test_file_excluder.py b/tests/cli/files_collector/test_file_excluder.py index 1037a36c..31a52f55 100644 --- a/tests/cli/files_collector/test_file_excluder.py +++ b/tests/cli/files_collector/test_file_excluder.py @@ -42,14 +42,14 @@ def test_files_with_excluded_extensions_in_should_be_included(self) -> None: """Test that files containing excluded extensions are NOT excluded.""" excluder = Excluder() # These should be INCLUDED because the excluded terms are in the filename - assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/Dockerfile') is True - assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build.tf') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile') is True + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf.json') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.json') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yaml') is True assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yml') is True # These should be EXCLUDED because the excluded terms are not in the filename - assert excluder._is_relevant_file_to_scan_common('iac','project/cfg/build') is False + assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile.txt') is False assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.ini') is False