feat(cloudformation): inline ignore support for YAML templates #6358
Conversation
nikpivkin
force-pushed
the
iac-inline-ignore
branch
from
239e279 to
ee694a8
Compare
nikpivkin
force-pushed
the
iac-inline-ignore
branch
from
6a4228a to
5b80a0e
Compare
nikpivkin
force-pushed
the
iac-inline-ignore
branch
from
5b80a0e to
51eae13
Compare
nikpivkin
changed the title
| func NewCFReferenceWithValue(resourceRange iacTypes.Range, resolvedValue Property, logicalId string) CFReference { | ||
| return CFReference{ | ||
| resourceRange: resourceRange, | ||
| resolvedValue: resolvedValue, | ||
| logicalId: logicalId, | ||
| } | ||
| } | ||
|
|
||
| func (cf CFReference) String() string { | ||
| return cf.resourceRange.String() |
There was a problem hiding this comment.
The resolvedValue field was used in methods that were not used anywhere else, so this constructor was not needed.
| ignored int | ||
| }{ | ||
| { | ||
| name: "without ignored", |
There was a problem hiding this comment.
| name: "without ignored", | |
| name: "without ignore", |
| func ScannerWithAlternativeIDProvider(f func(string) []string) options.ScannerOption { | ||
| return func(s options.ConfigurableScanner) { | ||
| if tf, ok := s.(ConfigurableTerraformScanner); ok { | ||
| tf.AddExecutorOptions(executor.OptionWithAlternativeIDProvider(f)) | ||
| } | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
were alternativeIDProviders not in use? I'm not sure of the original motivation behind them but just want to be sure they weren't part of any use case that we might have missed.
There was a problem hiding this comment.
This is not used in the Trivy. I think it's a legacy from tfsec.
There was a problem hiding this comment.
I have noticed that there is a lot of logic in the Terraform scanner to process the scan results and a lot of it is not being used.
There was a problem hiding this comment.
I have noticed that there is a lot of logic in the Terraform scanner to process the scan results and a lot of it is not being used.
We should remove such logic, in a separate PR.
| // tfsec:ignore:*[secure=false] | ||
| // trivy:ignore:*[secure=false] |
There was a problem hiding this comment.
I would still keep the old tfsec tests in so that we remain backwards compatible but add another test case for the trivy ignores.
There was a problem hiding this comment.
I seem to have renamed it by accident, fixed it dd26943
| @@ -1,131 +0,0 @@ | |||
| package parser | |||
There was a problem hiding this comment.
where's this logic been moved to?
There was a problem hiding this comment.
I put the parsing of comments with ignore rules in a separate package https://github.com/aquasecurity/trivy/pull/6358/files#diff-c1fe13f24e97f852991501a2535948a2ff13ef4e36564313e85754d8f9c6f35eR20.
github-merge-queue
bot
removed this pull request from the merge queue due to a conflict with the base branch
Description
Moved inline ignore handling from terraform to a separate package, which will allow to add support for ignore by inline comments to other iac scanners. Added ignore support for CloudFormation (yaml only).
Related issues
Checklist