Merge pull request #3055 from snyk/feature/add-excluded-paths-to-igno…

…re-command-as-objects feat: support metadata for excluded paths
snyk · Apr 1, 2022 · 69dc4b3 · 69dc4b3
2 parents 5506d59 + 034c638
commit 69dc4b3
Show file tree

Hide file tree

Showing 8 changed files with 103 additions and 13 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -119,7 +119,7 @@
     "snyk-nodejs-lockfile-parser": "1.38.0",
     "snyk-nuget-plugin": "1.23.4",
     "snyk-php-plugin": "1.9.2",
-    "snyk-policy": "^1.24.0",
+    "snyk-policy": "^1.25.0",
     "snyk-python-plugin": "1.23.1",
     "snyk-resolve-deps": "4.7.3",
     "snyk-sbt-plugin": "2.14.0",

diff --git a/src/cli/commands/ignore.ts b/src/cli/commands/ignore.ts
@@ -113,10 +113,20 @@ export async function excludeFilePathPattern(options): Promise<MethodResult> {
   const group = options['file-path-group'] || 'global';
   const policyPath = options['policy-path'];
 
+  const excludeOptions = {};
+
+  if (options.reason !== undefined) {
+    excludeOptions['reason'] = options.reason;
+  }
+
+  if (options.expiry !== undefined) {
+    excludeOptions['expires'] = new Date(options.expiry);
+  }
+
   debug(`changing policy: ignore "%s" added to "%s"`, pattern, policyPath);
 
   const pol = await load(policyPath);
-  pol.addExclude(pattern, group);
+  pol.addExclude(pattern, group, excludeOptions);
 
   return policy.save(pol, policyPath);
 }

diff --git a/test/acceptance/workspaces/npm-package-policy/.snyk b/test/acceptance/workspaces/npm-package-policy/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.24.0
+version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:marked:20170907':

diff --git a/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk b/test/acceptance/workspaces/npm-package-policy/custom-location/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.24.0
+version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   'npm:marked:20170907':

diff --git a/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk b/test/acceptance/workspaces/npm-with-dep-missing-policy/.snyk
@@ -1,5 +1,5 @@
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.24.0
+version: v1.25.0
 ignore: {}
 # patches apply the minimum changes required to fix a vulnerability
 patch:

diff --git a/test/jest/acceptance/snyk-ignore/snyk-ignore.spec.ts b/test/jest/acceptance/snyk-ignore/snyk-ignore.spec.ts
@@ -124,6 +124,86 @@ describe('snyk ignore', () => {
     });
   });
 
+  it('write a policy file for exclude by providing group, expiry and reason', async () => {
+    const project = await createProjectFromWorkspace('empty');
+
+    const {
+      code,
+    } = await runSnykCLI(
+      `ignore --file-path=**/deps/**/*.ts --file-path-group=code --reason=unknown-reason --expiry=2099-12-24  --policy-path=${project.path()}`,
+      { cwd: project.path(), env: env },
+    );
+
+    expect(code).toEqual(0);
+
+    const policy = await loadPolicy(project.path());
+
+    expect(policy.exclude.code).toHaveLength(1);
+    expect(!!policy.exclude.code[0]['**/deps/**/*.ts']).toBeTruthy();
+
+    // Fake creation date
+    policy.exclude.code[0]['**/deps/**/*.ts'].created = new Date(
+      '2089-12-24T00:00:00.000Z',
+    );
+
+    expect(policy.exclude).toMatchObject({
+      code: [
+        {
+          '**/deps/**/*.ts': {
+            reason: 'unknown-reason',
+            expires: new Date('2099-12-24T00:00:00.000Z'),
+            created: new Date('2089-12-24T00:00:00.000Z'),
+          },
+        },
+      ],
+    });
+  });
+
+  it('updates a policy file for exclude by providing group, expiry and reason', async () => {
+    const project = await createProjectFromWorkspace('empty');
+    await runSnykCLI(
+      `ignore --file-path=**/deps/**/*.ts --file-path-group=code`,
+      { cwd: project.path(), env: env },
+    );
+
+    const policyBefore = await loadPolicy(project.path());
+
+    expect(policyBefore.exclude).toMatchObject({
+      code: ['**/deps/**/*.ts'],
+    });
+
+    const {
+      code,
+    } = await runSnykCLI(
+      `ignore --file-path=**/deps/**/*.ts --file-path-group=code --reason=unknown-reason --expiry=2099-12-24`,
+      { cwd: project.path(), env: env },
+    );
+
+    expect(code).toEqual(0);
+
+    const policyAfter = await loadPolicy(project.path());
+
+    expect(policyAfter.exclude.code).toHaveLength(1);
+    expect(!!policyAfter.exclude.code[0]['**/deps/**/*.ts']).toBeTruthy();
+
+    // Fake creation date
+    policyAfter.exclude.code[0]['**/deps/**/*.ts'].created = new Date(
+      '2089-12-24T00:00:00.000Z',
+    );
+
+    expect(policyAfter.exclude).toMatchObject({
+      code: [
+        {
+          '**/deps/**/*.ts': {
+            reason: 'unknown-reason',
+            expires: new Date('2099-12-24T00:00:00.000Z'),
+            created: new Date('2089-12-24T00:00:00.000Z'),
+          },
+        },
+      ],
+    });
+  });
+
   it('creates a policy file using minimal options', async () => {
     const project = await createProjectFromWorkspace('empty');
     const { code } = await runSnykCLI(`ignore --id=ID`, {

diff --git a/test/jest/unit/iac/cli-share-results.fixtures.ts b/test/jest/unit/iac/cli-share-results.fixtures.ts
@@ -173,7 +173,7 @@ export const expectedEnvelopeFormatterResultsWithPolicy = expectedEnvelopeFormat
     return {
       ...result,
       policy: `# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
-version: v1.24.0
+version: v1.25.0
 # ignores vulnerabilities until expiry date; change duration by modifying expiry date
 ignore:
   SNYK-CC-TF-4: