feat(engine): ignore terraform cache folders #6240
Conversation
|
You have successfully added a new gosec configuration |
|
@dim-ops don't forget to remove the draft status for this PR so we can review it. If you need any help before that - ping me. |
dim-ops
force-pushed
the
feat/ignore-terraform-cahce-files
branch
from
2fc3f90 to
c7dd33a
Compare
|
It works for me, it ignores all .terra folders in current path or in subdirectories. I setup |
dim-ops
force-pushed
the
feat/ignore-terraform-cahce-files
branch
from
0b2902b to
d4f77d5
Compare
|
Hi @dim-ops, |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
dim-ops
force-pushed
the
feat/ignore-terraform-cahce-files
branch
from
6944800 to
307353c
Compare
| @@ -310,7 +315,7 @@ func TestFileSystemSourceProvider_checkConditions(t *testing.T) { | |||
| path: filepath.FromSlash("assets/queries"), | |||
| }, | |||
| want: want{ | |||
| got: true, | |||
There was a problem hiding this comment.
I changed this test because I didn't understand why "true" was expected. During the test I passed in this line:
_, err := os.Stat(filepath.Join(path, "Chart.yaml"))
Which returned true, nil because I had no Chart.yaml file in my path, so I understood if there is no Chart.yaml file it should be ignored and I don't understand why.
Can you explain me? @cxMiguelSilva
There was a problem hiding this comment.
Hi @dim-ops,
That check is in place to ignore all folders of Helm Charts to later make a scan to the Helm templates
There was a problem hiding this comment.
Yes I understand the interest of _, err := os.Stat(filepath.Join(path, "Chart.yaml"))but I don't understand why true is returned when Chart.yaml doesn't exist. If I understand well true is when folder must be skipped, if Chart.yaml is not present folder should be parsed.
It's why I modify this check
_, err := os.Stat(filepath.Join(path, "Chart.yaml"))
if errors.Is(err, os.ErrNotExist) {
return false, nil
} else if err != nil || resolved {
log.Error().Msgf("failed to check helm: %s", err)
return true, nil
}
f16217e to
371eb3e
Compare
kaplanlior
requested review from
cxMiguelSilva
and removed request for
kaplanlior
|
Can I have more information @gabriel-cx ? |
|
Up @gabriel-cx please 🙏 |
|
Hi @dim-ops , Sorry for the late reply! |
github-actions
bot
added
feature request
gabriel-cx
changed the title
There was a problem hiding this comment.
Hi @dim-ops , how are you?
So I was looking into your code and made some changes,
first I changed the detection of .terra* to use regex, to cover all the cases present on the issue;
second I removed the logic that you put for the chart.yaml, because I ran regressions, and the files that should scanned with the helm resolver were being treated by the normal yaml resolver and were giving exceptions with this we were losing results.
Let me know what you think.
Br,
Joao Martins
|
Thanks @JoaoCxMartins it seems better 👍 |
TY for your help improving Kics :) |
Closes #6217
Proposed Changes
I submit this contribution under the Apache-2.0 license.