Fix bug in --ignore-paths option on Windows

[bigfish43tor]

Bug description

The implementation of the --ignore-paths option is not working correctly on Windows. Let’s assume our working directory is C:\Users\Administrator\Documents\project and includes the following directories and files:

• rules\test.yaml
• src\to_ignore\file_to_ignore.txt

Contents of test.yaml:

- id: test_rule
  message: >-
    test message
  type: Regex
  pattern: test
  severity: INFO
  input_case: exact

Contents of file_to_ignore.txt:

test

Libsast command executed in in powershell:

libsast -p .\rules\test.yaml .\src\ --ignore-paths src\to_ignore

Expected behavior

Libsast should ignore the path and not display any output.

Actual behavior

Libsast does not ignore the path and outputs the following:

{
  "pattern_matcher": {
    "test_rule": {
      "files": [
        {
          "file_path": "src/to_ignore/file_to_ignore.txt",
          "match_lines": [
            1,
            1
          ],
          "match_position": [
            1,
            4
          ],
          "match_string": "test"
        }
      ],
      "metadata": {
        "description": "test message",
        "severity": "INFO"
      }
    }
  }
}

Solution

The validate_file() function within scanner.py is implemented in the following way:

ignore_paths = any(pp in path.as_posix() for pp in self.ignore_paths)

As a result, you check if an ignored path (=string) is found in a posix representation of the file path. This check will work on *nix systems, but not on Windows because backslashes are used to separate directories and files within the path.

Please consider converting the pp variable to a Path and using the posix representation for pp as well so you compare the same path representations with each other.

[ajinabraham]

Good catch! Took me a while to take a look at this. You could do the following to make it work. libsast -p .\rules\test.yaml .\src\ --ignore-paths src/to_ignore Nevertheless this will be fixed in the next release.