Add ability to ignore HasModifiedFiles for a given prefix and suffix

There are some classes of files that should be excluded based on the prefix and suffix of their path. For now, this is the only entry: Prefix: usr/lib64/ Suffix: .cache There are multiple reports of these causing false negatives. This fixes the two known cases at the moment. Signed-off-by: Brad P. Crochet <[email protected]>
redhat-openshift-ecosystem · May 30, 2023 · 14dfc9d · 14dfc9d
1 parent f22c46c
commit 14dfc9d
Showing 1 changed file with 21 additions and 1 deletion.
diff --git a/internal/policy/container/has_modified_files.go b/internal/policy/container/has_modified_files.go
@@ -345,6 +345,26 @@ func pathIsExcluded(ctx context.Context, s string) bool {
 	return found
 }
 
+// prefixAndSuffixIsExcluded will check both start and end of path
+func prefixAndSuffixIsExcluded(ctx context.Context, s string) bool {
+	excl := []struct {
+		Prefix string
+		Suffix string
+	}{
+		{Prefix: "usr/lib64/", Suffix: ".cache"},
+	}
+
+	for _, v := range excl {
+		if strings.HasPrefix(s, v.Prefix) && strings.HasSuffix(s, v.Suffix) {
+			logger := logr.FromContextOrDiscard(ctx)
+			logger.V(log.TRC).Info("prefix and suffix excluded", "filename", s, "prefix", v.Prefix, "suffix", v.Suffix)
+			return true
+		}
+	}
+
+	return false
+}
+
 // normalize will clean a filepath of extraneous characters like ./, //, etc.
 // and strip a leading slash. E.g. /foo/../baz --> baz
 func normalize(s string) string {
@@ -376,7 +396,7 @@ func installedFileMapWithExclusions(ctx context.Context, pkglist []*rpmdb.Packag
 				continue
 			}
 			normalized := normalize(file.Path)
-			if pathIsExcluded(ctx, normalized) || directoryIsExcluded(ctx, normalized) {
+			if pathIsExcluded(ctx, normalized) || directoryIsExcluded(ctx, normalized) || prefixAndSuffixIsExcluded(ctx, normalized) {
 				// It is either an explicitly excluded path or directory. Skip it.
 				continue
 			}