Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(general): Allow skipping multiple checks in a single line #6622

Open
wants to merge 23 commits into
base: main
Choose a base branch
from
Open

feat(general): Allow skipping multiple checks in a single line #6622

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
2ce5cef
added the possibility to allow multiple skips in a single line
shoshiGit Jul 30, 2024
cda4f42
Merge branch 'main' into multiple_skips
shoshiGit Jul 30, 2024
aebaea6
Update base_parser.py
esterKoren Jul 30, 2024
cfdcc5f
add enum
shoshiGit Jul 30, 2024
43297bf
Merge remote-tracking branch 'origin/multiple_skips' into multiple_skips
shoshiGit Jul 30, 2024
a55fb47
Update enum.py
esterKoren Jul 30, 2024
71e3c71
changed folder name
shoshiGit Jul 31, 2024
2ed8228
Merge remote-tracking branch 'origin/multiple_skips' into multiple_skips
shoshiGit Jul 31, 2024
ea9da32
added the possibility to allow multiple skips in a single line
shoshiGit Jul 31, 2024
5e9c9e5
Merge branch 'main' into multiple_skips
shoshiGit Jul 31, 2024
e1fe308
added the possibility to allow multiple skips in a single line
shoshiGit Aug 1, 2024
898f628
Merge remote-tracking branch 'origin/multiple_skips' into multiple_skips
shoshiGit Aug 1, 2024
2d30cb8
Merge branch 'main' into multiple_skips
shoshiGit Aug 1, 2024
2ec21b9
Merge remote-tracking branch 'origin/multiple_skips' into multiple_skips
shoshiGit Aug 1, 2024
6bed1fa
fixed the possibility to allow multiple skips in a single line
shoshiGit Aug 1, 2024
ba4d28c
fixed the possibility to allow multiple skips in a single line
shoshiGit Aug 5, 2024
cc4b0bb
Merge branch 'main' into multiple_skips
shoshiGit Aug 5, 2024
614a82c
updated the possibility to allow multiple skips in a single line
shoshiGit Aug 8, 2024
6fe5c1f
Merge remote-tracking branch 'origin/multiple_skips' into multiple_skips
shoshiGit Aug 8, 2024
ea8df14
updated strtobool
shoshiGit Aug 8, 2024
a34645f
updated strtobool 2
shoshiGit Aug 8, 2024
1f28ea3
Merge branch 'main' into multiple_skips
esterKoren Aug 9, 2024
d91dfd5
Merge branch 'main' into multiple_skips
shoshiGit Aug 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion checkov/common/comment/enum.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
import re

COMMENT_REGEX = re.compile(r'(checkov:skip=|bridgecrew:skip=) *([A-Za-z_\d]+)(:[^\n]+)?')
COMMENT_REGEX = re.compile(r'(checkov:skip=|bridgecrew:skip=) *([A-Za-z_\d]+(?:,[A-Za-z_\d]+)*)*(:[^\n]+)?')
18 changes: 11 additions & 7 deletions checkov/terraform/context_parsers/base_parser.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ def _collect_skip_comments(self, definition_blocks: List[Dict[str, Any]]) -> Dic
"""
Collects checkov skip comments to all definition blocks
:param definition_blocks: parsed definition blocks
:return: context enriched with with skipped checks per skipped entity
:return: context enriched with skipped checks per skipped entity
"""
bc_id_mapping = metadata_integration.bc_to_ckv_id_mapping
comments = [
Expand Down Expand Up @@ -125,12 +125,16 @@ def _collect_skip_comments(self, definition_blocks: List[Dict[str, Any]]) -> Dic
if "start_line" in entity_context and "end_line" in entity_context \
and entity_context["start_line"] < skip_check_line_num < entity_context["end_line"]:
# No matter which ID was used to skip, save the pair of IDs in the appropriate fields
if bc_id_mapping and skip_check["id"] in bc_id_mapping:
skip_check["bc_id"] = skip_check["id"]
skip_check["id"] = bc_id_mapping[skip_check["id"]]
elif metadata_integration.check_metadata:
skip_check["bc_id"] = metadata_integration.get_bc_id(skip_check["id"])
skipped_checks.append(skip_check)
skip_check_ids = skip_check["id"].split(',')
for skip_check_id in skip_check_ids:
single_skip_check = {"id": skip_check_id.strip(),
"suppress_comment": skip_check["suppress_comment"]}
if bc_id_mapping and single_skip_check["id"] in bc_id_mapping:
single_skip_check["bc_id"] = single_skip_check["id"]
single_skip_check["id"] = bc_id_mapping[single_skip_check["id"]]
elif metadata_integration.check_metadata:
single_skip_check["bc_id"] = metadata_integration.get_bc_id(skip_check["id"])
skipped_checks.append(single_skip_check)
dpath.new(self.context, entity_context_path + ["skipped_checks"], skipped_checks)
return self.context

Expand Down
27 changes: 27 additions & 0 deletions tests/terraform/checks/a example skip/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@

resource "azurerm_storage_account" "default" {
#checkov:skip=CKV_AZURE_33
name = "storageaccountname"
resource_group_name = "azurerm_resource_group.example.name"
location = "azurerm_resource_group.example.location"
account_tier = "Standard"
account_replication_type = "GRS"
}

resource "azurerm_storage_account" "skip_more_than_one" {
#checkov:skip=CKV_AZURE_33,CKV_AZURE_59: Skipped by user
name = "storageaccountname"
resource_group_name = "azurerm_resource_group.example.name"
location = "azurerm_resource_group.example.location"
account_tier = "Standard"
account_replication_type = "GRS"
}

resource "azurerm_storage_account" "skip_invalid" {
#checkov:skip=CKV_AZURE_33,bla bla bla: Skipped by user
name = "storageaccountname"
resource_group_name = "azurerm_resource_group.example.name"
location = "azurerm_resource_group.example.location"
account_tier = "Standard"
account_replication_type = "GRS"
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great if you could create another resource that we are skipping multiple checks (maybe all the checks that the resource should fail on).

27 changes: 27 additions & 0 deletions tests/terraform/checks/test_multiple_skips.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
import unittest
from pathlib import Path

from checkov.runner_filter import RunnerFilter
from checkov.terraform.runner import Runner


class TestMultipleSkips(unittest.TestCase):

def test(self) -> None:
# given
test_files_dir = Path(__file__).parent / "a example skip"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
test_files_dir = Path(__file__).parent / "a example skip"
test_files_dir = Path(__file__).parent / "a_example_skip"

Please use one word in the file names.


# when
report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[]))

# then
summary = report.get_summary()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please assert the skipped part in the reports by resource -
We want to be sure default and skip_invalid are with one skip, and skip_more_than_one is with 2 skips.


self.assertEqual(summary["passed"], 12)
self.assertEqual(summary["failed"], 26)
self.assertEqual(summary["skipped"], 4)
self.assertEqual(summary["parsing_errors"], 0)


if __name__ == "__main__":
unittest.main()
Loading