Ignore inline whitelist comments, pass checkid to filter ignores spec…

…ifically for checks
prowler-cloud · Apr 15, 2020 · bf72025 · bf72025
1 parent 56a4fd8
commit bf72025
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/include/outputs b/include/outputs
@@ -107,7 +107,12 @@ textFail(){
   ## ignore whitelists for current check
   level="FAIL"
   for i in $IGNORES; do
+    ignore_check_name="${i%:*}"
     ignore_value="${i#*${CHECK_NAME}:}"
+    if [[ ${ignore_check_name} != "${CHECK_NAME}" ]]; then
+      # not for this check
+      continue
+    fi
     if [[ $1 =~ ${ignore_value} ]]; then
       level="WARNING"
       break

diff --git a/prowler b/prowler
@@ -218,7 +218,8 @@ REGIONS=$($AWSCLI ec2 describe-regions --query 'Regions[].RegionName' \
 # Pre-process whitelist file if supplied
 if [[ -n "$WHITELIST_FILE" ]]; then
   # ignore lines starting with # (comments)
-  WHITELIST=$(awk   '!/^[[:space:]]*#/{print }' <(cat "$WHITELIST_FILE"))
+  # ignore inline comments: check1:foo # inline comment
+  WHITELIST=$(awk '!/^[[:space:]]*#/{print }' <(cat "$WHITELIST_FILE") | sed 's/[[:space:]]*#.*$//g')
 fi
 
 # Load all of the groups of checks inside groups folder named as "groupNumber*"
@@ -288,7 +289,7 @@ execute_check() {
       show_check_title "$1"
       ignores=$(awk '/${1}/{print}' <(echo "${WHITELIST}"))
       # set the custom ignores list for this check
-      IGNORES="${ignores}" $1
+      IGNORES="${ignores}" CHECK_NAME="$1" $1
     else
       textFail "ERROR! Use a valid check name (i.e. check41 or extra71)";
       exit $EXITCODE