Filter fixable #94
Open
Filter fixable #94
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Carolina Almirola seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
pavel-snyk
reviewed
Feb 22, 2021
| @@ -79,6 +79,9 @@ | |||
| @Parameter | |||
| private boolean failOnAuthError = false; | |||
|
|
|||
| @Parameter | |||
| private boolean onlyFailFixable = false; | |||
There was a problem hiding this comment.
@caroalmirola, let's keep parameter naming consistent (failOnSeverity, failOnAuthError).
How about failOnFixableOnly.
pavel-snyk
reviewed
Feb 22, 2021
Comment on lines
+300
to
+310
| private boolean isIssueFixable(JSONObject vuln) { | ||
| boolean upgradable = | ||
| (vuln.get("isUpgradable") != null && (boolean) vuln.get("isUpgradable")); | ||
| boolean fixable = false; | ||
| if (vuln.get("fixedIn") != null) { | ||
| JSONArray fixedIn = (JSONArray) vuln.get("fixedIn"); | ||
| fixable = (!fixedIn.isEmpty()); | ||
| } | ||
| return upgradable || fixable; | ||
| } | ||
|
|
There was a problem hiding this comment.
An issue is fixable if it can be eliminated with an upgrade ("isUpgradable") or patch ("isPatchable").
pavel-snyk
reviewed
Feb 22, 2021
|
|
||
| Iterator<JSONObject> iterator = vulns.iterator(); | ||
| while (iterator.hasNext()) { | ||
| JSONObject vuln = iterator.next(); | ||
| vulnIdSet.add((String)vuln.get("id")); | ||
| Integer severityInt = severityMap.get(vuln.get("severity")); | ||
| if(severityInt != null && severityInt > highestSeverity) { | ||
| highestSeverity = severityInt; | ||
| if (!onlyFailFixable || (onlyFailFixable && isIssueFixable(vuln))) { |
There was a problem hiding this comment.
This statement can be simplified. Atm second onlyFailFixable is always true.
pavel-snyk
requested changes
Feb 22, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds configuration flag for only failing on non-fixable issues. That is, don't fail if the only issues that pass the severity threshold do not have a fix.
Initialize highestSeverity to Integer.MIN_VALUE in processVulns(). Previously, in the case that user defined failOnSeverity to low (or left it to default=low) and no vulnerabilities met the threshold, this would always fail.
Where should the reviewer start?
Logic added in SnykTest processVulns() to handle non-fixable issues.
How should this be manually tested?
By executing the plugin with the configuration flag onlyFailFixable set to true.
Any background context you want to provide?
N/A
What are the relevant tickets?
N/A
Screenshots
N/A
Additional questions
N/A