Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: move secret ignoring logic inside the scanner #1016

Merged
merged 7 commits into from
Nov 28, 2024
Merged

chore: move secret ignoring logic inside the scanner #1016

merged 7 commits into from
Nov 28, 2024

Conversation

gg-mmill
Copy link
Contributor

@gg-mmill gg-mmill commented Nov 20, 2024
edited
Loading

Context

Currently, there are logic related to ignoring secrets in two places:

  • in the secret scanner
  • in the output handlers

What has been done

Move all the logic to the scanner:

  • "ignore known issues" now works in the same way than other ignore featues
  • Result objects now contain the list of PolicyBreaks (instead of ScanResult), as well as a dictionary containing the counts of ignored PolicyBreak by reason
  • As a result, there is no more result filtering in output handlers - they can still access the options and count of ignored issues if needed

Validation

Need to add tests for the scanner Done
Will also perform some manual validation

PR check list

  • As much as possible, the changes include tests (unit and/or functional)
  • If the changes affect the end user (new feature, behavior change, bug fix) then the PR has a changelog entry (see doc/dev/getting-started.md). If the changes do not affect the end user, then the skip-changelog label has been added to the PR.

@gg-mmill gg-mmill requested a review from a team as a code owner November 20, 2024 16:35
@gg-mmill gg-mmill self-assigned this Nov 20, 2024
@gg-mmill gg-mmill changed the title chore: move secret ignoring logic inside the scans chore: move secret ignoring logic inside the scanner Nov 20, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 20, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 98.36066% with 1 line in your changes missing coverage. Please review.

Project coverage is 92.03%. Comparing base (eb51582) to head (4fb68d1).
Report is 11 commits behind head on main.

Files with missing lines Patch % Lines
...ticals/secret/output/secret_text_output_handler.py 90.90% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1016      +/-   ##
==========================================
- Coverage   92.08%   92.03%   -0.05%     
==========================================
  Files         181      181              
  Lines        7728     7706      -22     
==========================================
- Hits         7116     7092      -24     
- Misses        612      614       +2
Flag Coverage Δ
unittests 92.03% <98.36%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@gg-mmill gg-mmill force-pushed the mmillet/-/refactor_secret_ignoring branch 6 times, most recently from 00144cd to 00dc593 Compare November 22, 2024 09:46
agateau-gg
agateau-gg requested changes Nov 22, 2024
View reviewed changes
Copy link
Collaborator

@agateau-gg agateau-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor remarks, but this looks much cleaner! ✨

tests/unit/core/test_filter.py Outdated Show resolved Hide resolved
tests/unit/utils/test_os.py Show resolved Hide resolved
ggshield/core/filter.py Outdated Show resolved Hide resolved
ggshield/verticals/secret/secret_scan_collection.py Outdated Show resolved Hide resolved
ggshield/verticals/secret/secret_scan_collection.py Outdated Show resolved Hide resolved
@gg-mmill gg-mmill force-pushed the mmillet/-/refactor_secret_ignoring branch 4 times, most recently from 58e2ed4 to f63ed44 Compare November 22, 2024 16:42
@gg-mmill gg-mmill force-pushed the mmillet/-/refactor_secret_ignoring branch from f50e7a2 to 5d11cb0 Compare November 27, 2024 11:15
agateau-gg
agateau-gg requested changes Nov 28, 2024
View reviewed changes
Copy link
Collaborator

@agateau-gg agateau-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor remarks.

tests/unit/verticals/secret/test_secret_scanner.py Outdated Show resolved Hide resolved
tests/unit/verticals/secret/test_secret_scanner.py Outdated Show resolved Hide resolved
ggshield/verticals/secret/secret_scan_collection.py Outdated Show resolved Hide resolved
ggshield/verticals/secret/output/secret_json_output_handler.py Show resolved Hide resolved
gg-mmill
gg-mmill commented Nov 28, 2024
View reviewed changes
Copy link
Contributor Author

@gg-mmill gg-mmill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review !
About the ignoring, I had to change what I did here when implementing the all-secrets option (future MR, not ready yet): separate the computation of the ignore reason, and the actual ignoring, see https://github.com/GitGuardian/ggshield/pull/1024/files#diff-37638c3845d9f616b7031dec851a57324bec777285097c841b887d2a1f9dd34eR236

ggshield/verticals/secret/output/secret_json_output_handler.py Show resolved Hide resolved
ggshield/verticals/secret/secret_scan_collection.py Outdated Show resolved Hide resolved
@gg-mmill gg-mmill force-pushed the mmillet/-/refactor_secret_ignoring branch from e57e9cf to d41e7ec Compare November 28, 2024 14:36
@Walz Walz mentioned this pull request Nov 28, 2024
Open
2 tasks
@gg-mmill gg-mmill force-pushed the mmillet/-/refactor_secret_ignoring branch from 27cbe61 to 4fb68d1 Compare November 28, 2024 16:01
agateau-gg
agateau-gg approved these changes Nov 28, 2024
View reviewed changes
Copy link
Collaborator

@agateau-gg agateau-gg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks better now, thanks for this work!

@agateau-gg agateau-gg merged commit bb6af65 into main Nov 28, 2024
33 checks passed
@agateau-gg agateau-gg deleted the mmillet/-/refactor_secret_ignoring branch November 28, 2024 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agateau-gg agateau-gg agateau-gg approved these changes

Assignees

@gg-mmill gg-mmill

Labels
skip-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gg-mmill @agateau-gg