feat(report): Include licenses and secrets filtered by rego to Modifi…

…edFindings (#6483)
aquasecurity · May 14, 2024 · fa3cf99 · fa3cf99
1 parent 26faf8f
commit fa3cf99
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 46 deletions.
diff --git a/pkg/result/filter.go b/pkg/result/filter.go
@@ -303,6 +303,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e
  return err
  }
  if ignored {
+ result.ModifiedFindings = append(result.ModifiedFindings,
+ types.NewModifiedFinding(scrt, types.FindingStatusIgnored, "Filtered by Rego", policyFile))
  continue
  }
  filteredSecrets = append(filteredSecrets, scrt)
@@ -317,6 +319,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e
  return err
  }
  if ignored {
+ result.ModifiedFindings = append(result.ModifiedFindings,
+ types.NewModifiedFinding(lic, types.FindingStatusIgnored, "Filtered by Rego", policyFile))
  continue
  }
  filteredLicenses = append(filteredLicenses, lic)

diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go
@@ -648,65 +648,42 @@ func TestFilter(t *testing.T) {
  Results: types.Results{
  {
  Licenses: []types.DetectedLicense{
- {
- Name: "GPL-3.0",
- Severity: dbTypes.SeverityLow.String(),
- FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py",
- Category: "restricted",
- Confidence: 1,
- },
- {
- Name: "GPL-3.0",
- Severity: dbTypes.SeverityLow.String(),
- FilePath: "usr/share/gcc/python/libstdcxx/v6/printers.py",
- Category: "restricted",
- Confidence: 1,
- },
+ license1,
+ license2,
  },
  Secrets: []types.DetectedSecret{
- {
- RuleID: "generic-passed-rule",
- Severity: dbTypes.SeverityLow.String(),
- Title: "Secret should pass filter",
- StartLine: 1,
- EndLine: 2,
- Match: "*****",
- },
- {
- RuleID: "generic-ignored-rule",
- Severity: dbTypes.SeverityLow.String(),
- Title: "Secret should be ignored",
- StartLine: 3,
- EndLine: 4,
- Match: "*****",
- },
+ secret1,
+ secret2,
  },
  },
  },
  },
- severities: []dbTypes.Severity{dbTypes.SeverityLow},
+ severities: []dbTypes.Severity{dbTypes.SeverityLow, dbTypes.SeverityHigh},
  policyFile: "./testdata/test-ignore-policy-licenses-and-secrets.rego",
  },
  want: types.Report{
  Results: types.Results{
  {
  Licenses: []types.DetectedLicense{
- {
- Name: "GPL-3.0",
- Severity: dbTypes.SeverityLow.String(),
- FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py",
- Category: "restricted",
- Confidence: 1,
- },
+ license1,
  },
  Secrets: []types.DetectedSecret{
+ secret1,
+ },
+ ModifiedFindings: []types.ModifiedFinding{
+ {
+ Type: types.FindingTypeSecret,
+ Status: types.FindingStatusIgnored,
+ Statement: "Filtered by Rego",
+ Source: "testdata/test-ignore-policy-licenses-and-secrets.rego",
+ Finding: secret2,
+ },
  {
- RuleID: "generic-passed-rule",
- Severity: dbTypes.SeverityLow.String(),
- Title: "Secret should pass filter",
- StartLine: 1,
- EndLine: 2,
- Match: "*****",
+ Type: types.FindingTypeLicense,
+ Status: types.FindingStatusIgnored,
+ Statement: "Filtered by Rego",
+ Source: "testdata/test-ignore-policy-licenses-and-secrets.rego",
+ Finding: license2,
  },
  },
  },

diff --git a/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego b/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego
@@ -10,6 +10,6 @@ ignore {
 }
 
 ignore {
- input.RuleID == "generic-ignored-rule"
- input.Title == "Secret should be ignored"
+ input.RuleID == "generic-unwanted-rule"
+ input.Title == "Secret that should not pass filter on rule id"
 }