From e219eec6a3352cf680471c7c132376f10a44d4b8 Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Tue, 21 Jun 2022 15:38:39 +0100 Subject: [PATCH 1/7] consider .gitignore file by default --- .../metadata.json | 0 .../query.rego | 0 .../test/negative.yaml | 0 .../test/positive.yaml | 0 .../test/positive_expected_result.json | 0 go.mod | 1 + go.sum | 2 + pkg/analyzer/analyzer.go | 26 ++++- pkg/analyzer/analyzer_test.go | 102 ++++++++++++------ pkg/scan/utils.go | 2 +- test/fixtures/gitignore/gitignore | 3 + test/fixtures/gitignore/positive.dockerfile | 9 ++ test/fixtures/gitignore/positive1.yaml | 13 +++ test/fixtures/gitignore/secrets.tf | 20 ++++ 14 files changed, 144 insertions(+), 34 deletions(-) rename assets/queries/ansible/aws/{aws_passord_policy_with_unchangeable_passwords => aws_password_policy_with_unchangeable_passwords}/metadata.json (100%) rename assets/queries/ansible/aws/{aws_passord_policy_with_unchangeable_passwords => aws_password_policy_with_unchangeable_passwords}/query.rego (100%) rename assets/queries/ansible/aws/{aws_passord_policy_with_unchangeable_passwords => aws_password_policy_with_unchangeable_passwords}/test/negative.yaml (100%) rename assets/queries/ansible/aws/{aws_passord_policy_with_unchangeable_passwords => aws_password_policy_with_unchangeable_passwords}/test/positive.yaml (100%) rename assets/queries/ansible/aws/{aws_passord_policy_with_unchangeable_passwords => aws_password_policy_with_unchangeable_passwords}/test/positive_expected_result.json (100%) create mode 100644 test/fixtures/gitignore/gitignore create mode 100644 test/fixtures/gitignore/positive.dockerfile create mode 100644 test/fixtures/gitignore/positive1.yaml create mode 100644 test/fixtures/gitignore/secrets.tf diff --git a/assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/metadata.json b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/metadata.json similarity index 100% rename from assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/metadata.json rename to assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/metadata.json diff --git a/assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/query.rego b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/query.rego similarity index 100% rename from assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/query.rego rename to assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/query.rego diff --git a/assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/negative.yaml b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/negative.yaml similarity index 100% rename from assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/negative.yaml rename to assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/negative.yaml diff --git a/assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/positive.yaml b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive.yaml similarity index 100% rename from assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/positive.yaml rename to assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive.yaml diff --git a/assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/positive_expected_result.json b/assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json similarity index 100% rename from assets/queries/ansible/aws/aws_passord_policy_with_unchangeable_passwords/test/positive_expected_result.json rename to assets/queries/ansible/aws/aws_password_policy_with_unchangeable_passwords/test/positive_expected_result.json diff --git a/go.mod b/go.mod index 3b23d37c8ea..7faf8d058da 100644 --- a/go.mod +++ b/go.mod @@ -355,6 +355,7 @@ require ( github.com/russross/blackfriday v1.5.2 // indirect github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect + github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 github.com/shopspring/decimal v1.2.0 // indirect github.com/sirupsen/logrus v1.8.1 // indirect github.com/sourcegraph/jsonrpc2 v0.0.0-20210201082850-366fbb520750 // indirect diff --git a/go.sum b/go.sum index dbf3f3e2b78..3e701d7c760 100644 --- a/go.sum +++ b/go.sum @@ -1545,6 +1545,8 @@ github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfF github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= +github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 1ad1a658efe..a994aa568ef 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -14,6 +14,7 @@ import ( "github.com/Checkmarx/kics/pkg/utils" "github.com/pkg/errors" "github.com/rs/zerolog/log" + ignore "github.com/sabhiram/go-gitignore" yamlParser "gopkg.in/yaml.v3" ) @@ -195,7 +196,7 @@ var types = map[string]regexSlice{ // Analyze will go through the slice paths given and determine what type of queries should be loaded // should be loaded based on the extension of the file and the content -func Analyze(paths, types, exc []string) (model.AnalyzedPaths, error) { +func Analyze(paths, types, exc []string, gitIgnoreFileName string) (model.AnalyzedPaths, error) { // start metrics for file analyzer metrics.Metric.Start("file_type_analyzer") returnAnalyzedPaths := model.AnalyzedPaths{ @@ -207,6 +208,8 @@ func Analyze(paths, types, exc []string) (model.AnalyzedPaths, error) { var wg sync.WaitGroup // results is the channel shared by the workers that contains the types found results := make(chan string) + ignoreFiles := make([]string, 0) + hasGitIgnoreFile, gitIgnore := shouldConsiderGitIgnoreFile(paths[0], gitIgnoreFileName, exc) // get all the files inside the given paths for _, path := range paths { @@ -220,6 +223,11 @@ func Analyze(paths, types, exc []string) (model.AnalyzedPaths, error) { ext := utils.GetExtension(path) + if hasGitIgnoreFile && gitIgnore.MatchesPath(path) { + ignoreFiles = append(ignoreFiles, path) + exc = append(exc, path) + } + if _, ok := possibleFileTypes[ext]; ok && !isExcludedFile(path, exc) { files = append(files, path) } @@ -258,6 +266,7 @@ func Analyze(paths, types, exc []string) (model.AnalyzedPaths, error) { availableTypes := createSlice(results) unwantedPaths := createSlice(unwanted) + unwantedPaths = append(unwantedPaths, ignoreFiles...) returnAnalyzedPaths.Types = availableTypes returnAnalyzedPaths.Exc = unwantedPaths // stop metrics for file analyzer @@ -478,3 +487,18 @@ func isExcludedFile(path string, exc []string) bool { } return false } + +// shouldConsiderGitIgnoreFile verifies if the scan should exclude the files according to the .gitignore file +func shouldConsiderGitIgnoreFile(path, gitIgnore string, exc []string) (bool, *ignore.GitIgnore) { + gitIgnorePath := filepath.ToSlash(filepath.Join(path, gitIgnore)) + _, err := os.Stat(gitIgnorePath) + + if !utils.Contains("withoutGitIgnore", exc) && err == nil { + gitIgnore, _ := ignore.CompileIgnoreFile(gitIgnorePath) + if gitIgnore != nil { + log.Info().Msgf(".gitignore file was found in '%s' and it will be used to automatically exclude paths", path) + return true, gitIgnore + } + } + return false, nil +} diff --git a/pkg/analyzer/analyzer_test.go b/pkg/analyzer/analyzer_test.go index 4e0e6fc7390..c2333ef4be2 100644 --- a/pkg/analyzer/analyzer_test.go +++ b/pkg/analyzer/analyzer_test.go @@ -10,77 +10,115 @@ import ( func TestAnalyzer_Analyze(t *testing.T) { tests := []struct { - name string - paths []string - wantTypes []string - wantExclude []string - wantErr bool + name string + paths []string + wantTypes []string + wantExclude []string + wantErr bool + gitIgnoreFileName string + exc []string }{ { - name: "analyze_test_dir_single_path", - paths: []string{filepath.FromSlash("../../test/fixtures/analyzer_test")}, - wantTypes: []string{"dockerfile", "googledeploymentmanager", "cloudformation", "kubernetes", "openapi", "terraform", "ansible", "azureresourcemanager", "dockercompose"}, - wantExclude: []string{}, - wantErr: false, + name: "analyze_test_dir_single_path", + paths: []string{filepath.FromSlash("../../test/fixtures/analyzer_test")}, + wantTypes: []string{"dockerfile", "googledeploymentmanager", "cloudformation", "kubernetes", "openapi", "terraform", "ansible", "azureresourcemanager", "dockercompose"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, }, { - name: "analyze_test_helm_single_path", - paths: []string{filepath.FromSlash("../../test/fixtures/analyzer_test/helm")}, - wantTypes: []string{"kubernetes"}, - wantExclude: []string{}, - wantErr: false, + name: "analyze_test_helm_single_path", + paths: []string{filepath.FromSlash("../../test/fixtures/analyzer_test/helm")}, + wantTypes: []string{"kubernetes"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, }, { name: "analyze_test_multiple_path", paths: []string{ filepath.FromSlash("../../test/fixtures/analyzer_test/Dockerfile"), filepath.FromSlash("../../test/fixtures/analyzer_test/terraform.tf")}, - wantTypes: []string{"dockerfile", "terraform"}, - wantExclude: []string{}, - wantErr: false, + wantTypes: []string{"dockerfile", "terraform"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, }, { name: "analyze_test_multi_checks_path", paths: []string{ filepath.FromSlash("../../test/fixtures/analyzer_test/openAPI_test")}, - wantTypes: []string{"openapi"}, - wantExclude: []string{}, - wantErr: false, + wantTypes: []string{"openapi"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, }, { name: "analyze_test_error_path", paths: []string{ filepath.FromSlash("../../test/fixtures/analyzer_test/Dockserfile"), filepath.FromSlash("../../test/fixtures/analyzer_test/terraform.tf")}, - wantTypes: []string{}, - wantExclude: []string{}, - wantErr: true, + wantTypes: []string{}, + wantExclude: []string{}, + wantErr: true, + gitIgnoreFileName: "", + exc: []string{}, }, { name: "analyze_test_unwanted_path", paths: []string{ filepath.FromSlash("../../test/fixtures/type-test01/template01/metadata.json"), }, - wantTypes: []string{}, - wantExclude: []string{filepath.FromSlash("../../test/fixtures/type-test01/template01/metadata.json")}, - wantErr: false, + wantTypes: []string{}, + wantExclude: []string{filepath.FromSlash("../../test/fixtures/type-test01/template01/metadata.json")}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, }, { name: "analyze_test_tfplan", paths: []string{ filepath.FromSlash("../../test/fixtures/tfplan"), }, - wantTypes: []string{"terraform"}, - wantExclude: []string{}, - wantErr: false, + wantTypes: []string{"terraform"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "", + exc: []string{}, + }, + { + name: "analyze_test_considering_ignore_file", + paths: []string{ + filepath.FromSlash("../../test/fixtures/gitignore"), + }, + wantTypes: []string{"kubernetes"}, + wantExclude: []string{filepath.FromSlash("../../test/fixtures/gitignore/positive.dockerfile"), + filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf")}, + wantErr: false, + gitIgnoreFileName: "gitignore", + exc: []string{}, + }, + { + name: "analyze_test_not_considering_ignore_file", + paths: []string{ + filepath.FromSlash("../../test/fixtures/gitignore"), + }, + wantTypes: []string{"dockerfile", "kubernetes", "terraform"}, + wantExclude: []string{}, + wantErr: false, + gitIgnoreFileName: "gitignore", + exc: []string{"withoutGitIgnore"}, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { types := []string{""} - exc := []string{""} - got, err := Analyze(tt.paths, types, exc) + got, err := Analyze(tt.paths, types, tt.exc, tt.gitIgnoreFileName) if (err != nil) != tt.wantErr { t.Errorf("Analyze = %v, wantErr = %v", err, tt.wantErr) } diff --git a/pkg/scan/utils.go b/pkg/scan/utils.go index 79e9aa4b094..e05bd25b815 100644 --- a/pkg/scan/utils.go +++ b/pkg/scan/utils.go @@ -147,7 +147,7 @@ func analyzePaths(paths, types, exclude []string) (model.AnalyzedPaths, error) { var pathsFlag model.AnalyzedPaths excluded := make([]string, 0) - pathsFlag, err = analyzer.Analyze(paths, types, exclude) + pathsFlag, err = analyzer.Analyze(paths, types, exclude, ".gitignore") if err != nil { log.Err(err) return model.AnalyzedPaths{}, err diff --git a/test/fixtures/gitignore/gitignore b/test/fixtures/gitignore/gitignore new file mode 100644 index 00000000000..3843825707d --- /dev/null +++ b/test/fixtures/gitignore/gitignore @@ -0,0 +1,3 @@ +*.dockerfile + +*.tf diff --git a/test/fixtures/gitignore/positive.dockerfile b/test/fixtures/gitignore/positive.dockerfile new file mode 100644 index 00000000000..a3f00f140d0 --- /dev/null +++ b/test/fixtures/gitignore/positive.dockerfile @@ -0,0 +1,9 @@ +FROM openjdk:10-jdk +VOLUME /tmp +ADD http://source.file/package.file.tar.gz /temp +RUN tar -xjf /temp/package.file.tar.gz \ + && make -C /tmp/package.file \ + && rm /tmp/ package.file.tar.gz +ARG JAR_FILE +ADD ${JAR_FILE} app.jar +ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] diff --git a/test/fixtures/gitignore/positive1.yaml b/test/fixtures/gitignore/positive1.yaml new file mode 100644 index 00000000000..34eec73647d --- /dev/null +++ b/test/fixtures/gitignore/positive1.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Pod +metadata: + name: command-demo + labels: + purpose: demonstrate-command +spec: + containers: + - name: command-demo-container + image: gcr.io/google_containers/kube-apiserver-amd64:v1.6.0 + command: ["kube-apiserver"] + args: ["--enable-admission-plugins=AlwaysAdmit", "--admission-control-config-file=path/to/plugin/config/file.yaml"] + restartPolicy: OnFailure diff --git a/test/fixtures/gitignore/secrets.tf b/test/fixtures/gitignore/secrets.tf new file mode 100644 index 00000000000..14c2322412f --- /dev/null +++ b/test/fixtures/gitignore/secrets.tf @@ -0,0 +1,20 @@ +#this is a problematic code where the query should report a result(s) +resource "google_container_cluster" "primary1" { + name = "marcellus-wallace" + location = "us-central1-a" + initial_node_count = 3 + + master_auth { + username = "" + password = "root" + + client_certificate_config { + issue_client_certificate = true + } + } + + timeouts { + create = "30m" + update = "40m" + } +} From 8ff6cfdedcf2e7dfe4b73b1b28664bf4e521a3e6 Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Tue, 21 Jun 2022 15:46:42 +0100 Subject: [PATCH 2/7] update commands.md --- docs/commands.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/commands.md b/docs/commands.md index 5c0a65ba46c..74aca81b3ad 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -106,6 +106,9 @@ Global Flags: The other commands have no further options. +## Exclude Paths +By default, KICS now automatically excludes paths according to the .gitignore file. If you want to disable this behavior, you should set "withoutGitIgnore" in the -e flag (`-e "withoutGitIgnore"`). + ## Library Flag Usage As mentioned above, the library flag (`-b` or `--libraries-path`) refers to the directory with libraries. The functions need to be grouped by platform and the library file name should follow the format: `.rego` to be loaded by KICS. It doesn't matter your directory structure. In other words, for example, if you want to indicate a directory that contains a library for your terraform queries, you should group your functions (used in your terraform queries) in a file named `terraform.rego` wherever you want. From 3986be257a7a9f427dd61dc83ec762f23c2e35c7 Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Wed, 22 Jun 2022 09:33:35 +0100 Subject: [PATCH 3/7] changed approach: flag --add-gitignore addition --- docs/commands.md | 3 ++- docs/dockerhub.md | 1 + e2e/fixtures/assets/scan_help | 1 + internal/console/assets/scan-flags.json | 6 +++++ internal/console/flags/scan_flags.go | 1 + internal/console/scan.go | 1 + pkg/analyzer/analyzer.go | 29 ++++++++++++++-------- pkg/analyzer/analyzer_test.go | 32 ++++++++++++++++--------- pkg/scan/client.go | 1 + pkg/scan/utils.go | 26 +++++++++++--------- 10 files changed, 68 insertions(+), 33 deletions(-) diff --git a/docs/commands.md b/docs/commands.md index 74aca81b3ad..881238f4a83 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -42,6 +42,7 @@ Usage: kics scan [flags] Flags: + --add-gitignore disables the usage of .gitignore file to automatically exclude paths -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file @@ -107,7 +108,7 @@ Global Flags: The other commands have no further options. ## Exclude Paths -By default, KICS now automatically excludes paths according to the .gitignore file. If you want to disable this behavior, you should set "withoutGitIgnore" in the -e flag (`-e "withoutGitIgnore"`). +By default, KICS now automatically excludes paths according to the .gitignore file. If you want to disable this behavior, you use the flag `--add-gitignore`. ## Library Flag Usage diff --git a/docs/dockerhub.md b/docs/dockerhub.md index e40748af1e7..933c5dc3015 100644 --- a/docs/dockerhub.md +++ b/docs/dockerhub.md @@ -53,6 +53,7 @@ Usage: kics scan [flags] Flags: + --add-gitignore disables the usage of .gitignore file to automatically exclude paths -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file diff --git a/e2e/fixtures/assets/scan_help b/e2e/fixtures/assets/scan_help index 5ef96edc14d..dd0e8bc2c3b 100644 --- a/e2e/fixtures/assets/scan_help +++ b/e2e/fixtures/assets/scan_help @@ -2,6 +2,7 @@ Usage: kics scan [flags] Flags: + --add-gitignore disables the usage of .gitignore file to automatically exclude paths -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file diff --git a/internal/console/assets/scan-flags.json b/internal/console/assets/scan-flags.json index e344404b570..9f91c8a96d4 100644 --- a/internal/console/assets/scan-flags.json +++ b/internal/console/assets/scan-flags.json @@ -185,5 +185,11 @@ "defaultValue": "", "usage": "case insensitive list of platform types to scan\n(${supportedPlatforms})", "validation": "validateMultiStrEnum" + }, + "add-gitignore": { + "flagType": "bool", + "shorthandFlag": "", + "defaultValue": "false", + "usage": "disables the usage of .gitignore file to automatically exclude paths" } } diff --git a/internal/console/flags/scan_flags.go b/internal/console/flags/scan_flags.go index 58523ccb390..ec5b46e6334 100644 --- a/internal/console/flags/scan_flags.go +++ b/internal/console/flags/scan_flags.go @@ -31,4 +31,5 @@ const ( LineInfoPayloadFlag = "payload-lines" DisableSecretsFlag = "disable-secrets" SecretsRegexesPathFlag = "secrets-regexes-path" //nolint:gosec + AddGitIgnore = "add-gitignore" ) diff --git a/internal/console/scan.go b/internal/console/scan.go index f82aea7e6b3..99048f12ca2 100644 --- a/internal/console/scan.go +++ b/internal/console/scan.go @@ -136,6 +136,7 @@ func getScanParameters(changedDefaultQueryPath, changedDefaultLibrariesPath bool ChangedDefaultLibrariesPath: changedDefaultLibrariesPath, ChangedDefaultQueryPath: changedDefaultQueryPath, BillOfMaterials: flags.GetBoolFlag(flags.BomFlag), + AddGitIgnore: flags.GetBoolFlag(flags.AddGitIgnore), } return &scanParams diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index a994aa568ef..0d0b7f76fba 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -110,6 +110,15 @@ type analyzerInfo struct { filePath string } +// Analyzer keeps all the relevant info for the function Analyze +type Analyzer struct { + Paths []string + Types []string + Exc []string + GitIgnoreFileName string + AddGitIgnore bool +} + // types is a map that contains the regex by type var types = map[string]regexSlice{ "openapi": { @@ -196,7 +205,7 @@ var types = map[string]regexSlice{ // Analyze will go through the slice paths given and determine what type of queries should be loaded // should be loaded based on the extension of the file and the content -func Analyze(paths, types, exc []string, gitIgnoreFileName string) (model.AnalyzedPaths, error) { +func Analyze(a *Analyzer) (model.AnalyzedPaths, error) { // start metrics for file analyzer metrics.Metric.Start("file_type_analyzer") returnAnalyzedPaths := model.AnalyzedPaths{ @@ -209,10 +218,10 @@ func Analyze(paths, types, exc []string, gitIgnoreFileName string) (model.Analyz // results is the channel shared by the workers that contains the types found results := make(chan string) ignoreFiles := make([]string, 0) - hasGitIgnoreFile, gitIgnore := shouldConsiderGitIgnoreFile(paths[0], gitIgnoreFileName, exc) + hasGitIgnoreFile, gitIgnore := shouldConsiderGitIgnoreFile(a.Paths[0], a.GitIgnoreFileName, a.AddGitIgnore) // get all the files inside the given paths - for _, path := range paths { + for _, path := range a.Paths { if _, err := os.Stat(path); err != nil { return returnAnalyzedPaths, errors.Wrap(err, "failed to analyze path") } @@ -225,10 +234,10 @@ func Analyze(paths, types, exc []string, gitIgnoreFileName string) (model.Analyz if hasGitIgnoreFile && gitIgnore.MatchesPath(path) { ignoreFiles = append(ignoreFiles, path) - exc = append(exc, path) + a.Exc = append(a.Exc, path) } - if _, ok := possibleFileTypes[ext]; ok && !isExcludedFile(path, exc) { + if _, ok := possibleFileTypes[ext]; ok && !isExcludedFile(path, a.Exc) { files = append(files, path) } @@ -241,15 +250,15 @@ func Analyze(paths, types, exc []string, gitIgnoreFileName string) (model.Analyz // unwanted is the channel shared by the workers that contains the unwanted files that the parser will ignore unwanted := make(chan string, len(files)) - for i := range types { - types[i] = strings.ToLower(types[i]) + for i := range a.Types { + a.Types[i] = strings.ToLower(a.Types[i]) } for _, file := range files { wg.Add(1) // analyze the files concurrently a := &analyzerInfo{ - typesFlag: types, + typesFlag: a.Types, filePath: file, } go a.worker(results, unwanted, &wg) @@ -489,11 +498,11 @@ func isExcludedFile(path string, exc []string) bool { } // shouldConsiderGitIgnoreFile verifies if the scan should exclude the files according to the .gitignore file -func shouldConsiderGitIgnoreFile(path, gitIgnore string, exc []string) (bool, *ignore.GitIgnore) { +func shouldConsiderGitIgnoreFile(path, gitIgnore string, addGitIgnoreFile bool) (bool, *ignore.GitIgnore) { gitIgnorePath := filepath.ToSlash(filepath.Join(path, gitIgnore)) _, err := os.Stat(gitIgnorePath) - if !utils.Contains("withoutGitIgnore", exc) && err == nil { + if !addGitIgnoreFile && err == nil { gitIgnore, _ := ignore.CompileIgnoreFile(gitIgnorePath) if gitIgnore != nil { log.Info().Msgf(".gitignore file was found in '%s' and it will be used to automatically exclude paths", path) diff --git a/pkg/analyzer/analyzer_test.go b/pkg/analyzer/analyzer_test.go index c2333ef4be2..09e95a78206 100644 --- a/pkg/analyzer/analyzer_test.go +++ b/pkg/analyzer/analyzer_test.go @@ -16,7 +16,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude []string wantErr bool gitIgnoreFileName string - exc []string + addGitIgnore bool }{ { name: "analyze_test_dir_single_path", @@ -25,7 +25,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_helm_single_path", @@ -34,7 +34,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_multiple_path", @@ -45,7 +45,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_multi_checks_path", @@ -55,7 +55,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_error_path", @@ -66,7 +66,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: true, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_unwanted_path", @@ -77,7 +77,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{filepath.FromSlash("../../test/fixtures/type-test01/template01/metadata.json")}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_tfplan", @@ -88,7 +88,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_considering_ignore_file", @@ -100,7 +100,7 @@ func TestAnalyzer_Analyze(t *testing.T) { filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf")}, wantErr: false, gitIgnoreFileName: "gitignore", - exc: []string{}, + addGitIgnore: false, }, { name: "analyze_test_not_considering_ignore_file", @@ -111,14 +111,24 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "gitignore", - exc: []string{"withoutGitIgnore"}, + addGitIgnore: true, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { types := []string{""} - got, err := Analyze(tt.paths, types, tt.exc, tt.gitIgnoreFileName) + exc := []string{""} + + analyzer := &Analyzer{ + Paths: tt.paths, + Types: types, + Exc: exc, + AddGitIgnore: tt.addGitIgnore, + GitIgnoreFileName: tt.gitIgnoreFileName, + } + + got, err := Analyze(analyzer) if (err != nil) != tt.wantErr { t.Errorf("Analyze = %v, wantErr = %v", err, tt.wantErr) } diff --git a/pkg/scan/client.go b/pkg/scan/client.go index a59740437a8..1239361e2ec 100644 --- a/pkg/scan/client.go +++ b/pkg/scan/client.go @@ -41,6 +41,7 @@ type Parameters struct { ChangedDefaultLibrariesPath bool ScanID string BillOfMaterials bool + AddGitIgnore bool } // Client represents a scan client diff --git a/pkg/scan/utils.go b/pkg/scan/utils.go index e05bd25b815..1be81ea4b38 100644 --- a/pkg/scan/utils.go +++ b/pkg/scan/utils.go @@ -41,12 +41,16 @@ func (c *Client) prepareAndAnalyzePaths() (provider.ExtractedPath, error) { log.Info().Msgf("Total files in the project: %d", getTotalFiles(allPaths.Path)) - pathTypes, errAnalyze := - analyzePaths( - allPaths.Path, - c.ScanParams.Platform, - c.ScanParams.ExcludePaths, - ) + a := &analyzer.Analyzer{ + Paths: allPaths.Path, + Types: c.ScanParams.Platform, + Exc: c.ScanParams.ExcludePaths, + GitIgnoreFileName: ".gitignore", + AddGitIgnore: c.ScanParams.AddGitIgnore, + } + + pathTypes, errAnalyze := analyzePaths(a) + if errAnalyze != nil { return provider.ExtractedPath{}, errAnalyze } @@ -142,25 +146,25 @@ func resolvePath(flagContent, flagName string) (string, error) { // analyzePaths will analyze the paths to scan to determine which type of queries to load // and which files should be ignored, it then updates the types and exclude flags variables // with the results found -func analyzePaths(paths, types, exclude []string) (model.AnalyzedPaths, error) { +func analyzePaths(a *analyzer.Analyzer) (model.AnalyzedPaths, error) { var err error var pathsFlag model.AnalyzedPaths excluded := make([]string, 0) - pathsFlag, err = analyzer.Analyze(paths, types, exclude, ".gitignore") + pathsFlag, err = analyzer.Analyze(a) if err != nil { log.Err(err) return model.AnalyzedPaths{}, err } // flag -t was passed but KICS did not find any matching file - if types[0] != "" && len(pathsFlag.Types) == 0 { - pathsFlag.Types = append(pathsFlag.Types, types...) + if a.Types[0] != "" && len(pathsFlag.Types) == 0 { + pathsFlag.Types = append(pathsFlag.Types, a.Types...) } logLoadingQueriesType(pathsFlag.Types) - excluded = append(excluded, exclude...) + excluded = append(excluded, a.Exc...) excluded = append(excluded, pathsFlag.Exc...) pathsFlag.Exc = excluded return pathsFlag, nil From bf69c44121764b0c3ce1afa13147cd3e04cfc9d6 Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Tue, 19 Jul 2022 10:00:03 +0100 Subject: [PATCH 4/7] requested changes --- docs/commands.md | 4 ++-- docs/dockerhub.md | 2 +- e2e/fixtures/assets/scan_help | 2 +- internal/console/assets/scan-flags.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/commands.md b/docs/commands.md index 881238f4a83..0161028a712 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -42,7 +42,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the usage of .gitignore file to automatically exclude paths + --add-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file @@ -108,7 +108,7 @@ Global Flags: The other commands have no further options. ## Exclude Paths -By default, KICS now automatically excludes paths according to the .gitignore file. If you want to disable this behavior, you use the flag `--add-gitignore`. +By default, KICS excludes paths specified in the .gitignore file in the root of the repository. To disable this behavior, use flag `--add-gitignore`. ## Library Flag Usage diff --git a/docs/dockerhub.md b/docs/dockerhub.md index 933c5dc3015..272aaf140fd 100644 --- a/docs/dockerhub.md +++ b/docs/dockerhub.md @@ -53,7 +53,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the usage of .gitignore file to automatically exclude paths + --add-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file diff --git a/e2e/fixtures/assets/scan_help b/e2e/fixtures/assets/scan_help index dd0e8bc2c3b..6cec7d3d600 100644 --- a/e2e/fixtures/assets/scan_help +++ b/e2e/fixtures/assets/scan_help @@ -2,7 +2,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the usage of .gitignore file to automatically exclude paths + --add-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (aws, azure, gcp) --config string path to configuration file diff --git a/internal/console/assets/scan-flags.json b/internal/console/assets/scan-flags.json index 9f91c8a96d4..b31a80881ac 100644 --- a/internal/console/assets/scan-flags.json +++ b/internal/console/assets/scan-flags.json @@ -190,6 +190,6 @@ "flagType": "bool", "shorthandFlag": "", "defaultValue": "false", - "usage": "disables the usage of .gitignore file to automatically exclude paths" + "usage": "disables the exclusion of paths specified within .gitignore file" } } From b75b5c2e172def8ae1b685223815dfdf2e3c99e6 Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Tue, 19 Jul 2022 10:57:29 +0100 Subject: [PATCH 5/7] correcting tests --- pkg/analyzer/analyzer_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/analyzer/analyzer_test.go b/pkg/analyzer/analyzer_test.go index 09e95a78206..f7782e4b0e4 100644 --- a/pkg/analyzer/analyzer_test.go +++ b/pkg/analyzer/analyzer_test.go @@ -97,7 +97,8 @@ func TestAnalyzer_Analyze(t *testing.T) { }, wantTypes: []string{"kubernetes"}, wantExclude: []string{filepath.FromSlash("../../test/fixtures/gitignore/positive.dockerfile"), - filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf")}, + filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf"), + filepath.FromSlash("../../test/fixtures/gitignore/gitignore")}, wantErr: false, gitIgnoreFileName: "gitignore", addGitIgnore: false, @@ -108,7 +109,7 @@ func TestAnalyzer_Analyze(t *testing.T) { filepath.FromSlash("../../test/fixtures/gitignore"), }, wantTypes: []string{"dockerfile", "kubernetes", "terraform"}, - wantExclude: []string{}, + wantExclude: []string{filepath.FromSlash("../../test/fixtures/gitignore/gitignore")}, wantErr: false, gitIgnoreFileName: "gitignore", addGitIgnore: true, From 670c267764e7458687d8d8a5afe9719b8cb3de1a Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Thu, 28 Jul 2022 16:42:57 +0100 Subject: [PATCH 6/7] "--add-gitignore" to "--exclude-gitignore" --- docs/commands.md | 4 ++-- docs/dockerhub.md | 2 +- e2e/fixtures/assets/scan_help | 2 +- internal/console/assets/scan-flags.json | 2 +- internal/console/flags/scan_flags.go | 2 +- internal/console/scan.go | 2 +- pkg/analyzer/analyzer.go | 8 ++++---- pkg/analyzer/analyzer_test.go | 22 +++++++++++----------- pkg/scan/client.go | 2 +- pkg/scan/utils.go | 2 +- 10 files changed, 24 insertions(+), 24 deletions(-) diff --git a/docs/commands.md b/docs/commands.md index 287705c7d0b..7c1fc482e2a 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -43,7 +43,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the exclusion of paths specified within .gitignore file + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file @@ -109,7 +109,7 @@ Global Flags: The other commands have no further options. ## Exclude Paths -By default, KICS excludes paths specified in the .gitignore file in the root of the repository. To disable this behavior, use flag `--add-gitignore`. +By default, KICS excludes paths specified in the .gitignore file in the root of the repository. To disable this behavior, use flag `--exclude-gitignore`. ## Library Flag Usage diff --git a/docs/dockerhub.md b/docs/dockerhub.md index 9b85857e215..462c80f29e9 100644 --- a/docs/dockerhub.md +++ b/docs/dockerhub.md @@ -53,7 +53,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the exclusion of paths specified within .gitignore file + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file diff --git a/e2e/fixtures/assets/scan_help b/e2e/fixtures/assets/scan_help index a65705c7e1d..e2a7a76104d 100644 --- a/e2e/fixtures/assets/scan_help +++ b/e2e/fixtures/assets/scan_help @@ -2,7 +2,7 @@ Usage: kics scan [flags] Flags: - --add-gitignore disables the exclusion of paths specified within .gitignore file + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file diff --git a/internal/console/assets/scan-flags.json b/internal/console/assets/scan-flags.json index b31a80881ac..744272eaf6b 100644 --- a/internal/console/assets/scan-flags.json +++ b/internal/console/assets/scan-flags.json @@ -186,7 +186,7 @@ "usage": "case insensitive list of platform types to scan\n(${supportedPlatforms})", "validation": "validateMultiStrEnum" }, - "add-gitignore": { + "exclude-gitignore": { "flagType": "bool", "shorthandFlag": "", "defaultValue": "false", diff --git a/internal/console/flags/scan_flags.go b/internal/console/flags/scan_flags.go index ec5b46e6334..75383b7b311 100644 --- a/internal/console/flags/scan_flags.go +++ b/internal/console/flags/scan_flags.go @@ -31,5 +31,5 @@ const ( LineInfoPayloadFlag = "payload-lines" DisableSecretsFlag = "disable-secrets" SecretsRegexesPathFlag = "secrets-regexes-path" //nolint:gosec - AddGitIgnore = "add-gitignore" + ExcludeGitIgnore = "exclude-gitignore" ) diff --git a/internal/console/scan.go b/internal/console/scan.go index 99048f12ca2..ea30258b635 100644 --- a/internal/console/scan.go +++ b/internal/console/scan.go @@ -136,7 +136,7 @@ func getScanParameters(changedDefaultQueryPath, changedDefaultLibrariesPath bool ChangedDefaultLibrariesPath: changedDefaultLibrariesPath, ChangedDefaultQueryPath: changedDefaultQueryPath, BillOfMaterials: flags.GetBoolFlag(flags.BomFlag), - AddGitIgnore: flags.GetBoolFlag(flags.AddGitIgnore), + ExcludeGitIgnore: flags.GetBoolFlag(flags.ExcludeGitIgnore), } return &scanParams diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 4d76a6e2dac..4a5dbcebb43 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -116,7 +116,7 @@ type Analyzer struct { Types []string Exc []string GitIgnoreFileName string - AddGitIgnore bool + ExcludeGitIgnore bool } // types is a map that contains the regex by type @@ -218,7 +218,7 @@ func Analyze(a *Analyzer) (model.AnalyzedPaths, error) { // results is the channel shared by the workers that contains the types found results := make(chan string) ignoreFiles := make([]string, 0) - hasGitIgnoreFile, gitIgnore := shouldConsiderGitIgnoreFile(a.Paths[0], a.GitIgnoreFileName, a.AddGitIgnore) + hasGitIgnoreFile, gitIgnore := shouldConsiderGitIgnoreFile(a.Paths[0], a.GitIgnoreFileName, a.ExcludeGitIgnore) // get all the files inside the given paths for _, path := range a.Paths { @@ -500,11 +500,11 @@ func isExcludedFile(path string, exc []string) bool { } // shouldConsiderGitIgnoreFile verifies if the scan should exclude the files according to the .gitignore file -func shouldConsiderGitIgnoreFile(path, gitIgnore string, addGitIgnoreFile bool) (bool, *ignore.GitIgnore) { +func shouldConsiderGitIgnoreFile(path, gitIgnore string, excludeGitIgnoreFile bool) (bool, *ignore.GitIgnore) { gitIgnorePath := filepath.ToSlash(filepath.Join(path, gitIgnore)) _, err := os.Stat(gitIgnorePath) - if !addGitIgnoreFile && err == nil { + if !excludeGitIgnoreFile && err == nil { gitIgnore, _ := ignore.CompileIgnoreFile(gitIgnorePath) if gitIgnore != nil { log.Info().Msgf(".gitignore file was found in '%s' and it will be used to automatically exclude paths", path) diff --git a/pkg/analyzer/analyzer_test.go b/pkg/analyzer/analyzer_test.go index f7782e4b0e4..02893d7595f 100644 --- a/pkg/analyzer/analyzer_test.go +++ b/pkg/analyzer/analyzer_test.go @@ -16,7 +16,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude []string wantErr bool gitIgnoreFileName string - addGitIgnore bool + excludeGitIgnore bool }{ { name: "analyze_test_dir_single_path", @@ -25,7 +25,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_helm_single_path", @@ -34,7 +34,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_multiple_path", @@ -45,7 +45,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_multi_checks_path", @@ -55,7 +55,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_error_path", @@ -66,7 +66,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: true, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_unwanted_path", @@ -77,7 +77,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{filepath.FromSlash("../../test/fixtures/type-test01/template01/metadata.json")}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_tfplan", @@ -88,7 +88,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{}, wantErr: false, gitIgnoreFileName: "", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_considering_ignore_file", @@ -101,7 +101,7 @@ func TestAnalyzer_Analyze(t *testing.T) { filepath.FromSlash("../../test/fixtures/gitignore/gitignore")}, wantErr: false, gitIgnoreFileName: "gitignore", - addGitIgnore: false, + excludeGitIgnore: false, }, { name: "analyze_test_not_considering_ignore_file", @@ -112,7 +112,7 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{filepath.FromSlash("../../test/fixtures/gitignore/gitignore")}, wantErr: false, gitIgnoreFileName: "gitignore", - addGitIgnore: true, + excludeGitIgnore: true, }, } @@ -125,7 +125,7 @@ func TestAnalyzer_Analyze(t *testing.T) { Paths: tt.paths, Types: types, Exc: exc, - AddGitIgnore: tt.addGitIgnore, + ExcludeGitIgnore: tt.excludeGitIgnore, GitIgnoreFileName: tt.gitIgnoreFileName, } diff --git a/pkg/scan/client.go b/pkg/scan/client.go index 1239361e2ec..1b4c26521d1 100644 --- a/pkg/scan/client.go +++ b/pkg/scan/client.go @@ -41,7 +41,7 @@ type Parameters struct { ChangedDefaultLibrariesPath bool ScanID string BillOfMaterials bool - AddGitIgnore bool + ExcludeGitIgnore bool } // Client represents a scan client diff --git a/pkg/scan/utils.go b/pkg/scan/utils.go index bfe795c3e8c..b799f09d8fe 100644 --- a/pkg/scan/utils.go +++ b/pkg/scan/utils.go @@ -46,7 +46,7 @@ func (c *Client) prepareAndAnalyzePaths() (provider.ExtractedPath, error) { Types: c.ScanParams.Platform, Exc: c.ScanParams.ExcludePaths, GitIgnoreFileName: ".gitignore", - AddGitIgnore: c.ScanParams.AddGitIgnore, + ExcludeGitIgnore: c.ScanParams.ExcludeGitIgnore, } pathTypes, errAnalyze := analyzePaths(a) From 13f4a0724a462c3d244b626a6898aaaa341d98ca Mon Sep 17 00:00:00 2001 From: rafaela-soares Date: Fri, 29 Jul 2022 10:42:37 +0100 Subject: [PATCH 7/7] fixing --- docs/commands.md | 2 +- docs/dockerhub.md | 2 +- e2e/fixtures/assets/scan_help | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/commands.md b/docs/commands.md index d1ee60ee4c8..e229929b434 100644 --- a/docs/commands.md +++ b/docs/commands.md @@ -43,7 +43,6 @@ Usage: kics scan [flags] Flags: - --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file @@ -53,6 +52,7 @@ Flags: cannot be provided with query inclusion flags can be provided multiple times or as a comma separated string example: 'Access control,Best practices' + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -e, --exclude-paths strings exclude paths from scan supports glob and can be provided multiple times or as a quoted comma separated string example: './shouldNotScan/*,somefile.txt' diff --git a/docs/dockerhub.md b/docs/dockerhub.md index 33aba2ecdfe..d5c6c7def0b 100644 --- a/docs/dockerhub.md +++ b/docs/dockerhub.md @@ -53,7 +53,6 @@ Usage: kics scan [flags] Flags: - --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file @@ -63,6 +62,7 @@ Flags: cannot be provided with query inclusion flags can be provided multiple times or as a comma separated string example: 'Access control,Best practices' + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -e, --exclude-paths strings exclude paths from scan supports glob and can be provided multiple times or as a quoted comma separated string example: './shouldNotScan/*,somefile.txt' diff --git a/e2e/fixtures/assets/scan_help b/e2e/fixtures/assets/scan_help index e9a2e7bdb29..133a3932f11 100644 --- a/e2e/fixtures/assets/scan_help +++ b/e2e/fixtures/assets/scan_help @@ -2,7 +2,6 @@ Usage: kics scan [flags] Flags: - --exclude-gitignore disables the exclusion of paths specified within .gitignore file -m, --bom include bill of materials (BoM) in results output --cloud-provider strings list of cloud providers to scan (alicloud, aws, azure, gcp) --config string path to configuration file @@ -12,6 +11,7 @@ Flags: cannot be provided with query inclusion flags can be provided multiple times or as a comma separated string example: 'Access control,Best practices' + --exclude-gitignore disables the exclusion of paths specified within .gitignore file -e, --exclude-paths strings exclude paths from scan supports glob and can be provided multiple times or as a quoted comma separated string example: './shouldNotScan/*,somefile.txt'