Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for severity threshold [CFG-1991] #3451

Merged
merged 1 commit into from
Jul 13, 2022
Merged

feat: Add support for severity threshold [CFG-1991] #3451

merged 1 commit into from
Jul 13, 2022

Conversation

ofekatr
Copy link
Contributor

@ofekatr ofekatr commented Jul 12, 2022
edited
Loading

What does this PR do?

  • Adds support for the --severity-threshold flag, so that if the user specifies a value, the results returned by the Policy Engine filtered according to the specified severity.

Where should the reviewer start?

src/cli/commands/test/iac/v2/index.ts

Notes

  • This PR should be merged after this PR.

How should this be manually tested?

  • Prepare a snyk-iac-test binary that includes the functionality from this PR.
  • Run SNYK_IAC_POLICY_ENGINE_PATH=<path-to-binary> snyk-dev iac test --experimental --severity-threshold=medium
  • Ensure all of the displayed issues are with severity of medium or above.
  • Run SNYK_IAC_POLICY_ENGINE_PATH=<path-to-binary> snyk-dev iac test --experimental --severity-threshold=critical
  • Ensure all of the displayed issues are with severity of critical
  • Run SNYK_IAC_POLICY_ENGINE_PATH=<path-to-binary> snyk-dev iac test --experimental --severity-threshold=wrong -d
  • Ensure the Test Engine responded with an error for the invalid severity threshold value, and did not return any results.

Any background context you want to provide?

Once the new iac test command is able to produce output based on the results of the Policy Engine, the user might want to see only issues of a certain severity. Similarly to the current implementation, the Policy Engine defines four levels of severity. The iac test command should support the --severity-threshold flag, read the value provided by the user (if any), and filter out the results generated by the Policy Engine to only include the vulnerabilities with the specified severity or higher.

What are the relevant tickets?

Screenshots

image

image

image

@github-actions
Copy link
Contributor

github-actions bot commented Jul 12, 2022
edited
Loading

Warnings
⚠️

You've modified files in src/ directory, but haven't updated anything in test folder. Is there something that could be tested?

Generated by 🚫 dangerJS against 6833389

@ofekatr ofekatr requested a review from YairZ101 July 12, 2022 07:49
@ofekatr ofekatr marked this pull request as ready for review July 12, 2022 07:49
@ofekatr ofekatr requested a review from a team as a code owner July 12, 2022 07:49
YairZ101
YairZ101 approved these changes Jul 12, 2022
View reviewed changes
Copy link
Contributor

@YairZ101 YairZ101 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

notice that if your PR will get merged after this one, you'll also need to add the errors you've added to the relevant places.

@ofekatr
Copy link
Contributor Author

ofekatr commented Jul 12, 2022

@YairZ101 Could you elaborate on where the errors should be added to?

@YairZ101
Copy link
Contributor

Could you elaborate on where the errors should be added to?

src/cli/commands/test/iac/local-execution/types.ts - to add the error code (similar to what we did up until now)
src/lib/iac/test/v2/errors.ts - to add the user message to the relevant error (this part is new)

@ofekatr ofekatr force-pushed the feat/add-support-for-severity-threshold branch from b78f1d4 to 94e99c0 Compare July 13, 2022 07:42
@ofekatr
Copy link
Contributor Author

ofekatr commented Jul 13, 2022

@YairZ101 The user error was added 👍

@ofekatr ofekatr force-pushed the feat/add-support-for-severity-threshold branch from 94e99c0 to fc48852 Compare July 13, 2022 07:44
@ofekatr ofekatr enabled auto-merge July 13, 2022 07:45
@ofekatr ofekatr force-pushed the feat/add-support-for-severity-threshold branch from fc48852 to 6833389 Compare July 13, 2022 07:48
@ofekatr ofekatr merged commit 187f079 into master Jul 13, 2022
@ofekatr ofekatr deleted the feat/add-support-for-severity-threshold branch July 13, 2022 07:58
This was referenced Nov 28, 2023
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YairZ101 YairZ101 YairZ101 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ofekatr @YairZ101