diff --git a/pkg/result/filter.go b/pkg/result/filter.go index dc92d8aff5ec..6e92dbd3de98 100644 --- a/pkg/result/filter.go +++ b/pkg/result/filter.go @@ -303,6 +303,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e return err } if ignored { + result.ModifiedFindings = append(result.ModifiedFindings, + types.NewModifiedFinding(scrt, types.FindingStatusIgnored, "Filtered by Rego", policyFile)) continue } filteredSecrets = append(filteredSecrets, scrt) @@ -317,6 +319,8 @@ func applyPolicy(ctx context.Context, result *types.Result, policyFile string) e return err } if ignored { + result.ModifiedFindings = append(result.ModifiedFindings, + types.NewModifiedFinding(lic, types.FindingStatusIgnored, "Filtered by Rego", policyFile)) continue } filteredLicenses = append(filteredLicenses, lic) diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index d98048c6af1b..676e7b016be2 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -648,65 +648,42 @@ func TestFilter(t *testing.T) { Results: types.Results{ { Licenses: []types.DetectedLicense{ - { - Name: "GPL-3.0", - Severity: dbTypes.SeverityLow.String(), - FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py", - Category: "restricted", - Confidence: 1, - }, - { - Name: "GPL-3.0", - Severity: dbTypes.SeverityLow.String(), - FilePath: "usr/share/gcc/python/libstdcxx/v6/printers.py", - Category: "restricted", - Confidence: 1, - }, + license1, + license2, }, Secrets: []types.DetectedSecret{ - { - RuleID: "generic-passed-rule", - Severity: dbTypes.SeverityLow.String(), - Title: "Secret should pass filter", - StartLine: 1, - EndLine: 2, - Match: "*****", - }, - { - RuleID: "generic-ignored-rule", - Severity: dbTypes.SeverityLow.String(), - Title: "Secret should be ignored", - StartLine: 3, - EndLine: 4, - Match: "*****", - }, + secret1, + secret2, }, }, }, }, - severities: []dbTypes.Severity{dbTypes.SeverityLow}, + severities: []dbTypes.Severity{dbTypes.SeverityLow, dbTypes.SeverityHigh}, policyFile: "./testdata/test-ignore-policy-licenses-and-secrets.rego", }, want: types.Report{ Results: types.Results{ { Licenses: []types.DetectedLicense{ - { - Name: "GPL-3.0", - Severity: dbTypes.SeverityLow.String(), - FilePath: "usr/share/gcc/python/libstdcxx/v6/__init__.py", - Category: "restricted", - Confidence: 1, - }, + license1, }, Secrets: []types.DetectedSecret{ + secret1, + }, + ModifiedFindings: []types.ModifiedFinding{ + { + Type: types.FindingTypeSecret, + Status: types.FindingStatusIgnored, + Statement: "Filtered by Rego", + Source: "testdata/test-ignore-policy-licenses-and-secrets.rego", + Finding: secret2, + }, { - RuleID: "generic-passed-rule", - Severity: dbTypes.SeverityLow.String(), - Title: "Secret should pass filter", - StartLine: 1, - EndLine: 2, - Match: "*****", + Type: types.FindingTypeLicense, + Status: types.FindingStatusIgnored, + Statement: "Filtered by Rego", + Source: "testdata/test-ignore-policy-licenses-and-secrets.rego", + Finding: license2, }, }, }, diff --git a/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego b/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego index b53c16a11ffa..59cae4b8ca5b 100644 --- a/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego +++ b/pkg/result/testdata/test-ignore-policy-licenses-and-secrets.rego @@ -10,6 +10,6 @@ ignore { } ignore { - input.RuleID == "generic-ignored-rule" - input.Title == "Secret should be ignored" + input.RuleID == "generic-unwanted-rule" + input.Title == "Secret that should not pass filter on rule id" }