Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cli): Handle empty ignore files more gracefully #7962

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(cli): Handle empty ignore files more gracefully #7962

wants to merge 2 commits into from

Conversation

simar7
Copy link
Member

@simar7 simar7 commented Nov 20, 2024
edited
Loading

Description

Also adds a log message to the debug stream when such a case occurs.

trivy --debug config --ignorefile ./invalid-file.yaml  /tmp
<snip>
2024-11-19T23:55:01-07:00       DEBUG   Specified ignore file does not exist        file="./invalid-file.yaml"
</snip>

Related issues

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options)
  • I've included a "before" and "after" example to the description (if the PR is a user interface change).

@simar7 simar7 marked this pull request as ready for review November 20, 2024 19:00
knqyf263
knqyf263 reviewed Nov 21, 2024
View reviewed changes
Copy link
Collaborator

@knqyf263 knqyf263 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good! I left small comments.

pkg/result/ignore.go
log.Debug("Found an ignore yaml", log.FilePath(ignoreFile))

// Parse the YAML content
var ignoreConfig IgnoreConfig
if err = yaml.NewDecoder(f).Decode(&ignoreConfig); err != nil {
if err = yaml.Unmarshal(b, &ignoreConfig); err != nil {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decode is better in terms of memory efficiency. We should leave a comment explaining why we use Unmarshal here. Otherwise, someone may change it back in the future for performance reasons.

pkg/result/ignore.go
@@ -184,7 +184,8 @@ func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding {
func ParseIgnoreFile(ctx context.Context, ignoreFile string) (IgnoreConfig, error) {
var conf IgnoreConfig
if _, err := os.Stat(ignoreFile); errors.Is(err, fs.ErrNotExist) {
// .trivyignore doesn't necessarily exist
// .trivyignore doesn't necessarily exist or maybe empty
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty files are not handled here now.

Suggested change
// .trivyignore doesn't necessarily exist or maybe empty
// .trivyignore doesn't necessarily exist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@knqyf263 knqyf263 knqyf263 left review comments

@nikpivkin nikpivkin Awaiting requested review from nikpivkin

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

bug(cli): Don't error out on empty trivy config yaml file
2 participants
@simar7 @knqyf263