Skip to content

Commit

Permalink
fix: account for severity flag in fail-on-severity logic (#1354)
Browse files Browse the repository at this point in the history
  • Loading branch information
@didroe
didroe authored Oct 26, 2023
1 parent e8e7b96 commit 335b311
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 11 deletions.
8 changes: 4 additions & 4 deletions internal/report/output/security/security.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,11 +228,11 @@ func evaluateRules(
ignoredOutputFindings[severity] = append(ignoredOutputFindings[severity], types.IgnoredFinding{Finding: finding, IgnoreMeta: ignoredFingerprint})
} else {
outputFindings[severity] = append(outputFindings[severity], finding)
}
}

if config.Report.FailOnSeverity.Has(severity) && !ignored {
failed = true
if config.Report.FailOnSeverity.Has(severity) {
failed = true
}
}
}
}
}
Expand Down
23 changes: 16 additions & 7 deletions internal/report/output/security/security_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,21 +133,30 @@ func TestAddReportDataWithSeverity(t *testing.T) {

func TestAddReportDataWithFailOnSeverity(t *testing.T) {
for _, test := range []struct {
FailOnSeverity,
Severity string
Expected bool
}{
{Severity: globaltypes.LevelCritical, Expected: true},
{Severity: globaltypes.LevelHigh, Expected: true},
{Severity: globaltypes.LevelMedium, Expected: false},
{Severity: globaltypes.LevelLow, Expected: false},
{Severity: globaltypes.LevelWarning, Expected: false},
{FailOnSeverity: globaltypes.LevelCritical, Expected: true},
{FailOnSeverity: globaltypes.LevelHigh, Expected: true},
{FailOnSeverity: globaltypes.LevelHigh, Severity: globaltypes.LevelCritical, Expected: false},
{FailOnSeverity: globaltypes.LevelMedium, Expected: false},
{FailOnSeverity: globaltypes.LevelLow, Expected: false},
{FailOnSeverity: globaltypes.LevelWarning, Expected: false},
} {
t.Run(test.Severity, func(tt *testing.T) {
t.Run(test.FailOnSeverity, func(tt *testing.T) {
failOnSeverity := set.New[string]()
failOnSeverity.Add(test.Severity)
failOnSeverity.Add(test.FailOnSeverity)

var severity set.Set[string]
if test.Severity != "" {
severity = set.New[string]()
severity.Add(test.Severity)
}

config, err := generateConfig(flag.ReportOptions{
Report: "security",
Severity: severity,
FailOnSeverity: failOnSeverity,
})

Expand Down

0 comments on commit 335b311

Please sign in to comment.