Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): Handle empty ignore files more gracefully #7962

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix(cli): Handle empty ignore files more gracefully #7962

wants to merge 4 commits into from

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Nov 20, 2024
edited
Loading

Description

Also adds a log message to the debug stream when such a case occurs.

trivy --debug config --ignorefile ./invalid-file.yaml  /tmp
<snip>
2024-11-19T23:55:01-07:00       DEBUG   Specified ignore file does not exist        file="./invalid-file.yaml"
</snip>

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@simar7 simar7 marked this pull request as ready for review November 20, 2024 19:00
knqyf263
knqyf263 reviewed Nov 21, 2024
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good! I left small comments.

pkg/result/ignore.go
log.Debug("Found an ignore yaml", log.FilePath(ignoreFile))

// Parse the YAML content
var ignoreConfig IgnoreConfig
if err = yaml.NewDecoder(f).Decode(&ignoreConfig); err != nil {
if err = yaml.Unmarshal(b, &ignoreConfig); err != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decode is better in terms of memory efficiency. We should leave a comment explaining why we use Unmarshal here. Otherwise, someone may change it back in the future for performance reasons.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added b304f64

pkg/result/ignore.go Outdated Show resolved Hide resolved
@simar7 @knqyf263
Update pkg/result/ignore.go
7b341b9 
Co-authored-by: Teppei Fukuda <knqyf263@gmail.com>
knqyf263
knqyf263 reviewed Nov 22, 2024
View reviewed changes
pkg/result/ignore_test.go
})

// TODO(simar7): This test currently fails as we don't validate
// the correctness of ignore file when not in YAML format
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the test file ends with .yaml, does this test work as expected?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I added a test for it

trivy/pkg/result/ignore_test.go

Lines 45 to 54 in e12cb88

t.Run("invalid YAML file passed", func(t *testing.T) {
f, err := os.CreateTemp("", "TestParseIgnoreFile-*.yaml")
require.NoError(t, err)
defer os.Remove(f.Name())
_, _ = f.WriteString("this file is not a yaml file")
got, err := ParseIgnoreFile(context.TODO(), f.Name())
assert.Contains(t, err.Error(), "yaml decode error")
assert.Empty(t, got)
})

We don't validate the correctness of non yaml ignore files. We silently return with no error.

@simar7 simar7 requested a review from knqyf263 November 23, 2024 00:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikpivkin nikpivkin nikpivkin approved these changes

@knqyf263 knqyf263 Awaiting requested review from knqyf263 knqyf263 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(cli): Don't error out on empty trivy config yaml file
3 participants
@simar7 @knqyf263 @nikpivkin