From f0d051d11b7805124043550dbe8d9e0ce2ae3071 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Mon, 30 Sep 2024 23:41:19 +0200 Subject: [PATCH 1/2] feat(cli): error out when ignore file cannot be found --- pkg/result/filter_test.go | 17 ++++++++++++++++- pkg/result/ignore.go | 3 +++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 0298cd0d9582..2e20234fa7ba 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -1016,15 +1016,30 @@ func TestFilter(t *testing.T) { }) } + ignoreFile := tt.args.ignoreFile + if ignoreFile == "" { + ignoreFile = result.DefaultIgnoreFile + } err := result.Filter(ctx, tt.args.report, result.FilterOptions{ Severities: tt.args.severities, VEXSources: vexSources, IgnoreStatuses: tt.args.ignoreStatuses, - IgnoreFile: tt.args.ignoreFile, + IgnoreFile: ignoreFile, PolicyFile: tt.args.policyFile, }) require.NoError(t, err) assert.Equal(t, tt.want, tt.args.report) }) } + + t.Run("Error on existent ignore file", func(t *testing.T) { + fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) + ctx := clock.With(context.Background(), fakeTime) + test := tests[0] + + err := result.Filter(ctx, test.args.report, result.FilterOptions{ + IgnoreFile: "invalid", + }) + assert.ErrorContains(t, err, "invalid error: invalid does not exist") + }) } diff --git a/pkg/result/ignore.go b/pkg/result/ignore.go index dbd1cab83db9..771c1ffc3f8e 100644 --- a/pkg/result/ignore.go +++ b/pkg/result/ignore.go @@ -184,6 +184,9 @@ func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding { func ParseIgnoreFile(ctx context.Context, ignoreFile string) (IgnoreConfig, error) { var conf IgnoreConfig if _, err := os.Stat(ignoreFile); errors.Is(err, fs.ErrNotExist) { + if ignoreFile != DefaultIgnoreFile { + return IgnoreConfig{}, xerrors.Errorf("%s does not exist", ignoreFile) + } // .trivyignore doesn't necessarily exist return IgnoreConfig{}, nil } else if filepath.Ext(ignoreFile) == ".yml" || filepath.Ext(ignoreFile) == ".yaml" { From cc2e22af22d5958d753332083040626ab6f4e727 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Wed, 2 Oct 2024 20:45:53 +0200 Subject: [PATCH 2/2] refactor: move ignore file check to report flag handler --- pkg/flag/report_flags.go | 6 ++++++ pkg/flag/report_flags_test.go | 12 ++++++++++++ pkg/result/filter_test.go | 17 +---------------- pkg/result/ignore.go | 3 --- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/pkg/flag/report_flags.go b/pkg/flag/report_flags.go index 67d553b65553..d69443e89547 100644 --- a/pkg/flag/report_flags.go +++ b/pkg/flag/report_flags.go @@ -6,6 +6,7 @@ import ( "github.com/mattn/go-shellwords" "github.com/samber/lo" + "github.com/spf13/viper" "golang.org/x/xerrors" dbTypes "github.com/aquasecurity/trivy-db/pkg/types" @@ -14,6 +15,7 @@ import ( "github.com/aquasecurity/trivy/pkg/log" "github.com/aquasecurity/trivy/pkg/result" "github.com/aquasecurity/trivy/pkg/types" + "github.com/aquasecurity/trivy/pkg/utils/fsutils" xstrings "github.com/aquasecurity/trivy/pkg/x/strings" ) @@ -238,6 +240,10 @@ func (f *ReportFlagGroup) ToOptions() (ReportOptions, error) { } } + if viper.IsSet(f.IgnoreFile.ConfigName) && !fsutils.FileExists(f.IgnoreFile.Value()) { + return ReportOptions{}, xerrors.Errorf("ignore file not found: %s", f.IgnoreFile.Value()) + } + return ReportOptions{ Format: format, ReportFormat: f.ReportFormat.Value(), diff --git a/pkg/flag/report_flags_test.go b/pkg/flag/report_flags_test.go index 9440bf373905..b113d7c62f97 100644 --- a/pkg/flag/report_flags_test.go +++ b/pkg/flag/report_flags_test.go @@ -209,4 +209,16 @@ func TestReportFlagGroup_ToOptions(t *testing.T) { assert.Equal(t, tt.wantLogs, out.Messages(), tt.name) }) } + + t.Run("Error on non existing ignore file", func(t *testing.T) { + t.Cleanup(viper.Reset) + + setValue(flag.IgnoreFileFlag.ConfigName, string("doesntexist")) + f := &flag.ReportFlagGroup{ + IgnoreFile: flag.IgnoreFileFlag.Clone(), + } + + _, err := f.ToOptions() + assert.ErrorContains(t, err, "ignore file not found: doesntexist") + }) } diff --git a/pkg/result/filter_test.go b/pkg/result/filter_test.go index 2e20234fa7ba..0298cd0d9582 100644 --- a/pkg/result/filter_test.go +++ b/pkg/result/filter_test.go @@ -1016,30 +1016,15 @@ func TestFilter(t *testing.T) { }) } - ignoreFile := tt.args.ignoreFile - if ignoreFile == "" { - ignoreFile = result.DefaultIgnoreFile - } err := result.Filter(ctx, tt.args.report, result.FilterOptions{ Severities: tt.args.severities, VEXSources: vexSources, IgnoreStatuses: tt.args.ignoreStatuses, - IgnoreFile: ignoreFile, + IgnoreFile: tt.args.ignoreFile, PolicyFile: tt.args.policyFile, }) require.NoError(t, err) assert.Equal(t, tt.want, tt.args.report) }) } - - t.Run("Error on existent ignore file", func(t *testing.T) { - fakeTime := time.Date(2020, 8, 10, 7, 28, 17, 958601, time.UTC) - ctx := clock.With(context.Background(), fakeTime) - test := tests[0] - - err := result.Filter(ctx, test.args.report, result.FilterOptions{ - IgnoreFile: "invalid", - }) - assert.ErrorContains(t, err, "invalid error: invalid does not exist") - }) } diff --git a/pkg/result/ignore.go b/pkg/result/ignore.go index 771c1ffc3f8e..dbd1cab83db9 100644 --- a/pkg/result/ignore.go +++ b/pkg/result/ignore.go @@ -184,9 +184,6 @@ func (c *IgnoreConfig) MatchLicense(licenseID, filePath string) *IgnoreFinding { func ParseIgnoreFile(ctx context.Context, ignoreFile string) (IgnoreConfig, error) { var conf IgnoreConfig if _, err := os.Stat(ignoreFile); errors.Is(err, fs.ErrNotExist) { - if ignoreFile != DefaultIgnoreFile { - return IgnoreConfig{}, xerrors.Errorf("%s does not exist", ignoreFile) - } // .trivyignore doesn't necessarily exist return IgnoreConfig{}, nil } else if filepath.Ext(ignoreFile) == ".yml" || filepath.Ext(ignoreFile) == ".yaml" {