fix ignore-block

Checkmarx · Feb 5, 2024 · 0ddf08b · 0ddf08b
1 parent 7c36587
commit 0ddf08b
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 12 deletions.
diff --git a/pkg/kics/resolver_sink.go b/pkg/kics/resolver_sink.go
@@ -1,6 +1,7 @@
 package kics
 
 import (
+	"bytes"
 	"context"
 	"encoding/json"
 	"fmt"
@@ -38,19 +39,19 @@ func (s *Service) resolverSink(ctx context.Context, filename, scanID string, ope
 			log.Err(err).Msgf("failed to parse file content")
 			return []string{}, nil
 		}
-		/*
-			if kind == model.KindHELM {
-				ignoreList, errorIL := s.getOriginalIgnoreLines(rfile.FileName, rfile.OriginalData, openAPIResolveReferences, isMinified)
-				if errorIL == nil {
-					documents.IgnoreLines = ignoreList
 
-					// Need to ignore #KICS_HELM_ID Line
-					documents.CountLines = bytes.Count(rfile.OriginalData, []byte{'\n'})
-				}
-			} else {
-				documents.CountLines = bytes.Count(rfile.OriginalData, []byte{'\n'}) + 1
+		if kind == model.KindHELM {
+			ignoreList, errorIL := s.getOriginalIgnoreLines(rfile.FileName, rfile.OriginalData, openAPIResolveReferences, isMinified)
+			if errorIL == nil {
+				documents.IgnoreLines = ignoreList
+
+				// Need to ignore #KICS_HELM_ID Line
+				documents.CountLines = bytes.Count(rfile.OriginalData, []byte{'\n'})
 			}
-		*/
+		} else {
+			documents.CountLines = bytes.Count(rfile.OriginalData, []byte{'\n'}) + 1
+		}
+
 		fileCommands := s.Parser.CommentsCommands(rfile.FileName, rfile.OriginalData)
 
 		for _, document := range documents.Docs {

diff --git a/pkg/model/comment_yaml.go b/pkg/model/comment_yaml.go
@@ -196,6 +196,12 @@ func getNodeLastLine(node *yaml.Node) (lastLine int) {
 // value returns the value of the comment
 func (c *comment) value() (value CommentCommand) {
 	comment := strings.ToLower(string(*c))
+	if isHelm(comment) {
+		res := mytest.FindString(comment)
+		if len(res) > 0 {
+			comment = res
+		}
+	}
 	// check if we are working with kics command
 	if KICSCommentRgxp.MatchString(comment) {
 		comment = KICSCommentRgxp.ReplaceAllString(comment, "")
@@ -206,3 +212,7 @@ func (c *comment) value() (value CommentCommand) {
 	}
 	return CommentCommand(comment)
 }
+
+func isHelm(comment string) bool {
+	return strings.Contains(comment, "helm")
+}
diff --git a/pkg/model/comment_yaml_test.go b/pkg/model/comment_yaml_test.go
@@ -1,6 +1,7 @@
 package model
 
 import (
+	"github.com/stretchr/testify/assert"
 	"sort"
 	"testing"
 
@@ -671,3 +672,29 @@ func Test_ignoreCommentsYAML(t *testing.T) {
 		})
 	}
 }
+
+func Test_value(t *testing.T) {
+	tests := []struct {
+		name  string
+		input comment
+		want  string
+	}{
+		{
+			name:  "Should return ignore-block",
+			input: comment("# source: test/templates/deployment.yaml\n# kics-scan ignore-block\n# kics_helm_id_2:"),
+			want:  "ignore-block",
+		},
+		{
+			name:  "Should Not return ignore-block",
+			input: comment("# source: test/templates/deployment.yaml\n# kics ignore-block\n# kics_helm_id_2:"),
+			want:  "# source: test/templates/deployment.yaml\n# kics ignore-block\n# kics_helm_id_2:",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			res := tt.input.value()
+			assert.Equal(t, string(res), tt.want)
+		})
+	}
+}
diff --git a/pkg/model/model.go b/pkg/model/model.go
@@ -67,7 +67,8 @@ var (
 
 var (
 	// KICSCommentRgxp is the regexp to identify if a comment is a KICS comment
-	KICSCommentRgxp = regexp.MustCompile(`^((/{2})|#|;)*\s*kics-scan\s*`)
+	KICSCommentRgxp = regexp.MustCompile(`(^|\n)((/{2})|#|;)+\s*kics-scan\s*`)
+	mytest          = regexp.MustCompile(`(^|\n)((/{2})|#|;)+\s*kics-scan([^\n]*)\n`)
 	// KICSCommentRgxpYaml is the regexp to identify if the comment has KICS comment at the end of the comment in YAML
 	KICSCommentRgxpYaml = regexp.MustCompile(`((/{2})|#)*\s*kics-scan\s*(ignore-line|ignore-block)\s*\n*$`)
 )