par-tec / super-sast

A docker container with different testing tools.
BSD 3-Clause "New" or "Revised" License
12 stars 3 forks source link

Fix: #32. Test that semgrepignore is correctly processed. #55

Closed DrPlumcake closed 1 year ago

DrPlumcake commented 1 year ago

Semgrep now skips the files mentioned in the .semgrep file

┌─────────────┐
│ Scan Status │
└─────────────┘
  Scanning 43 files tracked by git with 1094 Code rules:

  Language      Rules   Files          Origin      Rules
 ─────────────────────────────        ───────────────────
  <multilang>      57      74          Community    1094
  yaml             28      14
  bash              4       2
  python          237       1
  dockerfile        5       1
  json              4       1

┌──────────────┐
│ Scan Summary │
└──────────────┘
Some files were skipped or only partially analyzed.
  Scan was limited to files tracked by git.
  **Scan skipped: 6 files matching .semgrepignore patterns**
  For a full list of skipped files, run semgrep with the --verbose flag.

Ran 1094 rules on 37 files: 7 findings.
ioggstream commented 1 year ago
  1. place the file under config/
  2. you can use it setting SEMGREP_CONFIG_FILE=/app/config/.semgrepignore
  3. check whether the latest version of semgrep is capable to find the file in the home directory (e.g., /code).
ioggstream commented 1 year ago

@DrPlumcake This PR is quite good, but we should not call os.chdir. Can you find a solution? :)

DrPlumcake commented 1 year ago

I used monkeypatch, a fixture that overrides systemcalls (and other functions) inside the test environment, so it doesn't disturb other tests, then:

"All modifications will be undone after the requesting test function or fixture has finished."

So it's better then use os.chdir() directly