Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(general): escape default ignored directories #6738

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

fix(general): escape default ignored directories #6738

wants to merge 13 commits into from

Conversation

tpvasconcelos
Copy link

@tpvasconcelos tpvasconcelos commented Sep 28, 2024
edited by baz-review bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

See #6737 for more details and context:

While trying to run checkov's test suit on my local machine I noticed that some files were being (unexpectedly) ignored. After a little digging, I realised that this is because I cloned the repo under a path that looks something like: ~/my_git_forks/checkov.

The reason this is a problem is because the following patterns are treated as regular expressions by checkov:

checkov/checkov/secrets/utils.py

Line 10 in 42d3178

EXCLUDED_PATHS = [*ignored_directories, DEFAULT_EXTERNAL_MODULES_DIR, ".idea", ".git", "venv"]

and the .git pattern obviously excludes any paths that include the word 'git' (incl. at least one preceding character)

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Enhance the handling of ignored directories by introducing a regex-based approach to match paths containing specific directories at any level. This change affects the IGNORED_DIRECTORIES_ENV in base_runner.py and updates the EXCLUDED_PATHS in utils.py to use the new re_dir function. Additionally, tests are added in test_base_runner.py to verify the regex pattern matching for directory paths.

TopicDetails
Regex Directory Matching Implement a regex-based approach to match paths containing specific directories at any level.
Modified files (2)
  • checkov/secrets/utils.py
  • checkov/common/runners/base_runner.py
Latest Contributors(2)
EmailCommitDate
16597193+omryMen@users...chore-secrets-update-d...October 15, 2024
49649760+lirshindalman...platform-general-remov...January 28, 2024
Regex Pattern Tests Add tests to verify the regex pattern matching for directory paths.
Modified files (1)
  • tests/common/runners/test_base_runner.py
Latest Contributors(2)
EmailCommitDate
86768411+YaaraVerner@u...fix-general-fix-exclud...December 26, 2022
[email protected]add-file-types-for-all...April 23, 2022
This pull request is reviewed by Baz. Join @tpvasconcelos and the rest of your team on (Baz).

@tpvasconcelos tpvasconcelos mentioned this pull request Sep 28, 2024
Open
@tpvasconcelos tpvasconcelos marked this pull request as ready for review September 28, 2024 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tpvasconcelos