diff --git a/docs/_data/bearer_ignore_add.yaml b/docs/_data/bearer_ignore_add.yaml index a90167ec0..0d38dda9c 100644 --- a/docs/_data/bearer_ignore_add.yaml +++ b/docs/_data/bearer_ignore_add.yaml @@ -36,6 +36,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info @@ -44,7 +45,7 @@ options: default_value: "false" usage: Disable color in output example: |- - # Add an ignored fingerprint to your bearer.ignore file + # Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive" see_also: - ' ignore - Manage ignored fingerprints' diff --git a/docs/_data/bearer_ignore_migrate.yaml b/docs/_data/bearer_ignore_migrate.yaml index 6ff48939c..4fbd873a6 100644 --- a/docs/_data/bearer_ignore_migrate.yaml +++ b/docs/_data/bearer_ignore_migrate.yaml @@ -1,6 +1,5 @@ name: ' ignore migrate' -synopsis: | - Migrate ignored fingerprints from bearer.yml to bearer.ignore +synopsis: Migrate ignored fingerprints from bearer.yml to ignore file usage: ' ignore migrate [flags]' options: - name: api-key @@ -28,6 +27,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info @@ -36,7 +36,7 @@ options: default_value: "false" usage: Disable color in output example: |- - # Migrate existing ignored (excluded) fingerprints from bearer.yml file to bearer.ignore + # Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate see_also: - ' ignore - Manage ignored fingerprints' diff --git a/docs/_data/bearer_ignore_pull.yaml b/docs/_data/bearer_ignore_pull.yaml index 47906b721..b50b200d8 100644 --- a/docs/_data/bearer_ignore_pull.yaml +++ b/docs/_data/bearer_ignore_pull.yaml @@ -24,6 +24,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info diff --git a/docs/_data/bearer_ignore_remove.yaml b/docs/_data/bearer_ignore_remove.yaml index 140f38d63..80afe1334 100644 --- a/docs/_data/bearer_ignore_remove.yaml +++ b/docs/_data/bearer_ignore_remove.yaml @@ -24,6 +24,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info @@ -32,7 +33,7 @@ options: default_value: "false" usage: Disable color in output example: |- - # Remove an ignored fingerprint from your bearer.ignore file + # Remove an ignored fingerprint from your ignore file $ bearer ignore remove see_also: - ' ignore - Manage ignored fingerprints' diff --git a/docs/_data/bearer_ignore_show.yaml b/docs/_data/bearer_ignore_show.yaml index f42d9691b..ce3b74b5f 100644 --- a/docs/_data/bearer_ignore_show.yaml +++ b/docs/_data/bearer_ignore_show.yaml @@ -27,6 +27,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info @@ -35,7 +36,7 @@ options: default_value: "false" usage: Disable color in output example: |- - # Show the details of an ignored fingerprint from your bearer.ignore file + # Show the details of an ignored fingerprint from your ignore file $ bearer ignore show see_also: - ' ignore - Manage ignored fingerprints' diff --git a/docs/_data/bearer_scan.yaml b/docs/_data/bearer_scan.yaml index b061a2fc9..2c19e749a 100644 --- a/docs/_data/bearer_scan.yaml +++ b/docs/_data/bearer_scan.yaml @@ -60,6 +60,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: internal-domains default_value: '[]' diff --git a/docs/_data/bearer_version.yaml b/docs/_data/bearer_version.yaml index aca9ebaa4..d5cb87411 100644 --- a/docs/_data/bearer_version.yaml +++ b/docs/_data/bearer_version.yaml @@ -24,6 +24,7 @@ options: default_value: my.bearer.sh usage: Specify the Host for sending the report. - name: ignore-file + default_value: bearer.ignore usage: Load ignore file from the specified path. - name: log-level default_value: info diff --git a/docs/guides/bearer-cloud.md b/docs/guides/bearer-cloud.md index 812ed53ac..837b9ea40 100644 --- a/docs/guides/bearer-cloud.md +++ b/docs/guides/bearer-cloud.md @@ -95,19 +95,19 @@ Bearer Cloud automatically captures any scans run with a valid `api-key`. Subseq ### Ignored findings in Bearer Cloud -When a valid `api-key` is present, the very first scan of a project reads ignored fingerprints from the bearer.ignore file and subsequently creates ignored findings for these in the Cloud, including status and comments (if present). A finding has "False Positive" status in the Cloud if its corresponding bearer.ignore entry is a false positive (`false_positive: true`); otherwise, it has the status "Allowed". +When a valid `api-key` is present, the very first scan of a project reads ignored fingerprints from the ignore file and subsequently creates ignored findings for these in the Cloud, including status and comments (if present). A finding has "False Positive" status in the Cloud if its corresponding ignore file entry is a false positive (`false_positive: true`); otherwise, it has the status "Allowed". -After the initial scan, the Cloud is taken as the source of truth for ignored fingerprints. If there are new entries added to the bearer.ignore file, in most cases, these are sent to the Cloud on subsequent scans, and the corresponding Cloud findings are updated to "False Positive" or "Allowed" status accordingly. +After the initial scan, the Cloud is taken as the source of truth for ignored fingerprints. If there are new entries added to the ignore file, in most cases, these are sent to the Cloud on subsequent scans, and the corresponding Cloud findings are updated to "False Positive" or "Allowed" status accordingly. -However, it is important to note that the Cloud state is always prioritized over the contents of the bearer.ignore file. If a finding is already ignored in the Cloud, and then added to the bearer.ignore file, its Cloud status and comments are unchanged by subsequent scans. Similarly, if an ignored finding is re-opened in the Cloud, and then added to the bearer.ignore file, its Cloud status remains "Open". That is, re-opened findings can only be re-ignored again from the Cloud. +However, it is important to note that the Cloud state is always prioritized over the contents of the ignore file. If a finding is already ignored in the Cloud, and then added to the ignore file, its Cloud status and comments are unchanged by subsequent scans. Similarly, if an ignored finding is re-opened in the Cloud, and then added to the ignore file, its Cloud status remains "Open". That is, re-opened findings can only be re-ignored again from the Cloud. -Furthermore, if an ignored finding is later re-opened in the Cloud, any corresponding bearer.ignore entry is not automatically removed. Over time, then, the bearer.ignore file may become out-of-sync with the Cloud state. To remedy this, and align the bearer.ignore file with what is in the Cloud, use the following action: +Furthermore, if an ignored finding is later re-opened in the Cloud, any corresponding ignore entry is not automatically removed. Over time, then, the ignore file may become out-of-sync with the Cloud state. To remedy this, and align the ignore file with what is in the Cloud, use the following action: ```bash bearer ignore pull project-folder --api-key=XXXXXXXX ``` -This action overwrites the current bearer.ignore file (including any new additions not yet sent to the Cloud) with all ignored findings from the Cloud, including status, comments, and author information. +This action overwrites the current ignore file (including any new additions not yet sent to the Cloud) with all ignored findings from the Cloud, including status, comments, and author information. ## Jira integration @@ -124,7 +124,7 @@ You have two ways to use the Jira Integration: 2. Link a finding to an existing Jira ticket. ![Link Jira Ticket](/assets/img/jira-integration/link.png) -Once a finding is associated with a Jira ticket, you can quickly see it in the interface, view the ticket status and go to the ticket. +Once a finding is associated with a Jira ticket, you can quickly see it in the interface, view the ticket status and go to the ticket. ![View Jira Ticket](/assets/img/jira-integration/view.png) diff --git a/docs/guides/configure-scan.md b/docs/guides/configure-scan.md index 39cedad6c..f0c7f4ccb 100644 --- a/docs/guides/configure-scan.md +++ b/docs/guides/configure-scan.md @@ -59,7 +59,7 @@ To ignore this finding, run: bearer ignore add 4b0883d52334dfd9a4acce2fcf810121_ ... ``` -If a finding is not relevant, you can ignore it automatically from future scans using the ```bearer ignore add``` command. This adds the finding's fingerprint to your bearer.ignore file. You can also provide optional author information or a comment: +If a finding is not relevant, you can ignore it automatically from future scans using the ```bearer ignore add``` command. This adds the finding's fingerprint to your ignore file. You can also provide optional author information or a comment: ```bash bearer ignore add 4b0883d52334dfd9a4acce2fcf810121_0 \ diff --git a/e2e/flags/.snapshots/TestMetadataFlags-help-scan b/e2e/flags/.snapshots/TestMetadataFlags-help-scan index d2b3865bb..903421dbb 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-help-scan +++ b/e2e/flags/.snapshots/TestMetadataFlags-help-scan @@ -38,7 +38,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/e2e/flags/.snapshots/TestMetadataFlags-scan-help b/e2e/flags/.snapshots/TestMetadataFlags-scan-help index d2b3865bb..903421dbb 100644 --- a/e2e/flags/.snapshots/TestMetadataFlags-scan-help +++ b/e2e/flags/.snapshots/TestMetadataFlags-scan-help @@ -38,7 +38,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag index d513e438e..524002220 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-context-flag @@ -39,7 +39,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy index 0a309de2f..fe7f87d13 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-privacy @@ -39,7 +39,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security index 3c49bf7de..1ce405a64 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-format-flag-security @@ -39,7 +39,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag index 50081ecdf..e0635c44e 100644 --- a/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag +++ b/e2e/flags/.snapshots/TestReportFlagsShouldFail-invalid-report-flag @@ -39,7 +39,7 @@ General Flags --config-file string Load configuration from the specified path. (default "bearer.yml") --debug Enable debug logs. Equivalent to --log-level=debug --disable-version-check Disable Bearer version checking - --ignore-file string Load ignore file from the specified path. + --ignore-file string Load ignore file from the specified path. (default "bearer.ignore") --log-level string Set log level (error, info, debug, trace) (default "info") --no-color Disable color in output diff --git a/internal/commands/artifact/run.go b/internal/commands/artifact/run.go index 858e51717..7538d60f8 100644 --- a/internal/commands/artifact/run.go +++ b/internal/commands/artifact/run.go @@ -219,7 +219,7 @@ func getIgnoredFingerprints(client *api.API, settings settings.Config) ( staleIgnoredFingerprintIds []string, err error, ) { - localIgnoredFingerprints, _, err := ignore.GetIgnoredFingerprints(settings.IgnoreFile, &settings.Target) + localIgnoredFingerprints, _, _, err := ignore.GetIgnoredFingerprints(settings.IgnoreFile, &settings.Target) if err != nil { return useCloudIgnores, ignoredFingerprints, staleIgnoredFingerprintIds, err } diff --git a/internal/commands/ignore.go b/internal/commands/ignore.go index 031956910..4aba16573 100644 --- a/internal/commands/ignore.go +++ b/internal/commands/ignore.go @@ -31,20 +31,19 @@ Available Commands: migrate Migrate ignored fingerprints Examples: - # Add an ignored fingerprint to your bearer.ignore file + # Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "investigate this" - # Show the details of an ignored fingerprint from your bearer.ignore file + # Show the details of an ignored fingerprint from your ignore file $ bearer ignore show - # Remove an ignored fingerprint from your bearer.ignore file + # Remove an ignored fingerprint from your ignore file $ bearer ignore remove # Pull ignored fingerprints from the Cloud (requires API key) $ bearer ignore pull /path/to/your_project --api-key=XXXXX # Migrate existing ignored (excluded) fingerprints from bearer.yml file - # to bearer.ignore $ bearer ignore migrate ` @@ -78,7 +77,7 @@ func newIgnoreShowCommand() *cobra.Command { cmd := &cobra.Command{ Use: "show ", Short: "Show an ignored fingerprint", - Example: `# Show the details of an ignored fingerprint from your bearer.ignore file + Example: `# Show the details of an ignored fingerprint from your ignore file $ bearer ignore show `, RunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreShowFlags.Bind(cmd); err != nil { @@ -96,13 +95,13 @@ $ bearer ignore show `, return cmd.Help() } - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) + ignoredFingerprints, ignoreFilepath, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) if err != nil { - cmd.Printf("Issue loading ignored fingerprints from bearer.ignore file: %s", err) + cmd.Printf("Issue loading ignored fingerprints from %s: %s", err, ignoreFilepath) return nil } if !fileExists { - cmd.Printf("bearer.ignore file not found. Perhaps you need to use --bearer-ignore-file to specify the path to bearer.ignore?\n") + cmd.Printf("Ignore file not found. Perhaps you need to use --ignore-file to specify the path to ignore?\n") return nil } @@ -118,7 +117,7 @@ $ bearer ignore show `, fingerprintId := args[0] selectedIgnoredFingerprint, ok := ignoredFingerprints[fingerprintId] if !ok { - cmd.Printf("Ignored fingerprint '%s' was not found in bearer.ignore file\n", fingerprintId) + cmd.Printf("Ignored fingerprint '%s' was not found in ignore file\n", fingerprintId) return nil } cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, selectedIgnoredFingerprint, options.GeneralOptions.NoColor)) @@ -143,7 +142,7 @@ func newIgnoreAddCommand() *cobra.Command { cmd := &cobra.Command{ Use: "add ", Short: "Add an ignored fingerprint", - Example: `# Add an ignored fingerprint to your bearer.ignore file + Example: `# Add an ignored fingerprint to your ignore file $ bearer ignore add --author Mish --comment "Possible false positive"`, RunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreAddFlags.Bind(cmd); err != nil { @@ -168,14 +167,14 @@ $ bearer ignore add --author Mish --comment "Possible false positi fingerprintId: fingerprintEntry, } - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) + ignoredFingerprints, ignoreFilepath, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) if err != nil { return fmt.Errorf("error retrieving existing ignores: %s", err) } // check for merge conflicts if mergeErr := ignore.MergeIgnoredFingerprints(fingerprintsToIgnore, ignoredFingerprints, options.IgnoreAddOptions.Force); mergeErr != nil { - // handle expected error (duplicate entry in bearer.ignore) + // handle expected error (duplicate entry in ignore) cmd.Printf("Error: %s\n", mergeErr.Error()) return nil } @@ -214,14 +213,14 @@ $ bearer ignore add --author Mish --comment "Possible false positi ignoredFingerprints[fingerprintId] = fingerprintEntry if !fileExists { - cmd.Printf("\nCreating bearer.ignore file...\n") + cmd.Printf("\nCreating ignore file...\n") } - if err := writeIgnoreFile(ignoredFingerprints, options.GeneralOptions.IgnoreFile); err != nil { + if err := writeIgnoreFile(ignoredFingerprints, ignoreFilepath); err != nil { return err } - cmd.Print("Fingerprint added to bearer.ignore:\n\n") + cmd.Print("Fingerprint added to ignore file:\n\n") cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, ignoredFingerprints[fingerprintId], options.GeneralOptions.NoColor)) cmd.Print("\n\n") return nil @@ -242,7 +241,7 @@ func newIgnoreRemoveCommand() *cobra.Command { cmd := &cobra.Command{ Use: "remove ", Short: "Remove an ignored fingerprint", - Example: `# Remove an ignored fingerprint from your bearer.ignore file + Example: `# Remove an ignored fingerprint from your ignore file $ bearer ignore remove `, RunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreRemoveFlags.Bind(cmd); err != nil { @@ -260,28 +259,28 @@ $ bearer ignore remove `, return fmt.Errorf("flag error: %s", err) } - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) + ignoredFingerprints, ignoreFilepath, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) if err != nil { return fmt.Errorf("error retrieving existing ignores: %s", err) } if !fileExists { - cmd.Printf("bearer.ignore file not found. Perhaps you need to use --bearer-ignore-file to specify the path to bearer.ignore?\n") + cmd.Printf("Ignore file not found. Perhaps you need to use --ignore-file to specify the path?\n") return nil } fingerprintId := args[0] removedFingerprint, ok := ignoredFingerprints[fingerprintId] if !ok { - cmd.Printf("Ignored fingerprint '%s' was not found in bearer.ignore file\n", fingerprintId) + cmd.Printf("Ignored fingerprint '%s' was not found in ignore file\n", fingerprintId) return nil } delete(ignoredFingerprints, fingerprintId) - if err := writeIgnoreFile(ignoredFingerprints, options.GeneralOptions.IgnoreFile); err != nil { + if err := writeIgnoreFile(ignoredFingerprints, ignoreFilepath); err != nil { return err } - cmd.Print("Fingerprint successfully removed from bearer.ignore:\n\n") + cmd.Print("Fingerprint successfully removed from ignore file:\n\n") cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, removedFingerprint, options.GeneralOptions.NoColor)) cmd.Print("\n\n") return nil @@ -322,23 +321,14 @@ $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, options.Target = args[0] } - // confirm overwrite if bearer.ignore file exists - bearerIgnoreFilePath := options.GeneralOptions.IgnoreFile - fileExists := true - info, err := os.Stat(bearerIgnoreFilePath) - if os.IsNotExist(err) { - fileExists = false - } else { - if info.IsDir() { - return fmt.Errorf("bearer-ignore-file path %s is a dir not a file", bearerIgnoreFilePath) - } - } - if err != nil && fileExists { + // confirm overwrite if ignore file exists + ignoreFilePath, _, fileExists, err := ignore.GetIgnoreFilePath(options.GeneralOptions.IgnoreFile, &options.Target) + if err != nil { return fmt.Errorf("file error: %s", err) } if fileExists { - overwriteApproved := requestConfirmation("Warning: this action will overwrite your current bearer.ignore file. Continue?") + overwriteApproved := requestConfirmation("Warning: this action will overwrite your current ignore file. Continue?") cmd.Printf("\n") if !overwriteApproved { cmd.Printf("Okay, pull cancelled!\n") @@ -370,7 +360,7 @@ $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, return nil } - // project found and we have ignores - write to bearer.ignore + // project found and we have ignores - write to ignore cmd.Printf("Pulling %d ignores from the Cloud:\n", cloudIgnoresCount) for fingerprintId, fingerprint := range data.CloudIgnoredFingerprints { if fingerprint.Comment == nil { @@ -381,7 +371,7 @@ $ bearer ignore pull /path/to/your_project --api-key=XXXXX`, } cmd.Printf("\n") - if err = writeIgnoreFile(data.CloudIgnoredFingerprints, bearerIgnoreFilePath); err != nil { + if err = writeIgnoreFile(data.CloudIgnoredFingerprints, ignoreFilePath); err != nil { return fmt.Errorf("error writing to file: %s", err) } @@ -404,8 +394,8 @@ func newIgnoreMigrateCommand() *cobra.Command { } cmd := &cobra.Command{ Use: "migrate", - Short: "Migrate ignored fingerprints from bearer.yml to bearer.ignore", - Example: `# Migrate existing ignored (excluded) fingerprints from bearer.yml file to bearer.ignore + Short: "Migrate ignored fingerprints from bearer.yml to ignore file", + Example: `# Migrate existing ignored (excluded) fingerprints from bearer.yml file to ignore file $ bearer ignore migrate`, RunE: func(cmd *cobra.Command, args []string) error { if err := IgnoreMigrateFlags.Bind(cmd); err != nil { @@ -425,7 +415,7 @@ $ bearer ignore migrate`, } fingerprintsToMigrate := getIgnoredFingerprintsFromConfig(configFilePath) - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) + ignoredFingerprints, ignoreFilepath, fileExists, err := ignore.GetIgnoredFingerprints(options.GeneralOptions.IgnoreFile, nil) if err != nil { return fmt.Errorf("error retrieving existing ignores: %s", err) } @@ -435,7 +425,7 @@ $ bearer ignore migrate`, cmd.Printf("Found %d ignores in:\n\t%s\n", migratedIgnoredCount, configFilePath) if !fileExists { - cmd.Printf("\nCreating bearer.ignore file...\n") + cmd.Printf("\nCreating ignore file...\n") } if !options.IgnoreMigrateOptions.Force { @@ -448,17 +438,17 @@ $ bearer ignore migrate`, } } - cmd.Printf("Added %d ignores to:\n\t%s\n", migratedIgnoredCount, options.GeneralOptions.IgnoreFile) + cmd.Printf("Added %d ignores to:\n\t%s\n", migratedIgnoredCount, ignoreFilepath) if skippedIgnoresToMigrate != "" { - cmd.Printf("\nThe following ignores already exist in the bearer.ignore file:\n") + cmd.Printf("\nThe following ignores already exist in the ignore file:\n") cmd.Printf(skippedIgnoresToMigrate) cmd.Printf("\nTo overwrite these entries, use --force\n") } // either no duplicate entries at this point or --force is true so we can ignore merge error _ = ignore.MergeIgnoredFingerprints(fingerprintsToMigrate, ignoredFingerprints, options.IgnoreMigrateOptions.Force) - return writeIgnoreFile(ignoredFingerprints, options.GeneralOptions.IgnoreFile) + return writeIgnoreFile(ignoredFingerprints, ignoreFilepath) }, SilenceErrors: false, SilenceUsage: false, @@ -479,18 +469,14 @@ func setLogLevel(cmd *cobra.Command) { }) } -func writeIgnoreFile(ignoredFingerprints map[string]ignoretypes.IgnoredFingerprint, bearerIgnoreFilePath string) error { - if bearerIgnoreFilePath == "" { - bearerIgnoreFilePath = ignore.DefaultIgnoreFilepath - } - +func writeIgnoreFile(ignoredFingerprints map[string]ignoretypes.IgnoredFingerprint, ignoreFilePath string) error { data, err := json.MarshalIndent(ignoredFingerprints, "", " ") if err != nil { // failed to marshall data return err } - return os.WriteFile(bearerIgnoreFilePath, data, 0644) + return os.WriteFile(ignoreFilePath, data, 0644) } func getIgnoredFingerprintsFromConfig(configPath string) (ignoredFingerprintsFromConfig map[string]ignoretypes.IgnoredFingerprint) { diff --git a/internal/commands/process/settings/settings.go b/internal/commands/process/settings/settings.go index 0e8164af6..326fddb0e 100644 --- a/internal/commands/process/settings/settings.go +++ b/internal/commands/process/settings/settings.go @@ -336,7 +336,7 @@ func FromOptions(opts flag.Options, versionMeta *version_check.VersionMeta) (Con } } - ignoredFingerprints, _, err := ignore.GetIgnoredFingerprints(opts.GeneralOptions.IgnoreFile, &opts.ScanOptions.Target) + ignoredFingerprints, _, _, err := ignore.GetIgnoredFingerprints(opts.GeneralOptions.IgnoreFile, &opts.ScanOptions.Target) if err != nil { return Config{}, err } diff --git a/internal/flag/general_flags.go b/internal/flag/general_flags.go index 63ba77296..13f60e23b 100644 --- a/internal/flag/general_flags.go +++ b/internal/flag/general_flags.go @@ -54,7 +54,7 @@ var ( IgnoreFileFlag = Flag{ Name: "ignore-file", ConfigName: "ignore-file", - Value: "", + Value: "bearer.ignore", Usage: "Load ignore file from the specified path.", DisableInConfig: true, } diff --git a/internal/report/output/security/security.go b/internal/report/output/security/security.go index cf5a0577f..8abe64b15 100644 --- a/internal/report/output/security/security.go +++ b/internal/report/output/security/security.go @@ -278,11 +278,11 @@ func fingerprintOutput( } if len(staleFingerprints) > 0 { - // bearer.ignore entries that have been e.g. re-opened in the Cloud - output.StdErrLog(fmt.Sprintf("%d fingerprints present in your bearer.ignore are stale and have not been applied", len(staleFingerprints))) + // ignore file entries that have been e.g. re-opened in the Cloud + output.StdErrLog(fmt.Sprintf("%d fingerprints present in your ignore file are stale and have not been applied", len(staleFingerprints))) for _, fingerprintId := range staleFingerprints { output.StdErrLog(fmt.Sprintf(" - %s", fingerprintId)) - output.StdErrLog(color.HiBlackString("\tTo remove this fingerprint from your bearer.ignore file, run: bearer ignore remove " + fingerprintId)) + output.StdErrLog(color.HiBlackString("\tTo remove this fingerprint from your ignore file, run: bearer ignore remove " + fingerprintId)) } } output.StdErrLog("\n=====================================\n") @@ -298,7 +298,7 @@ func fingerprintOutput( output.StdErrLog("\n=====================================\n") // legacy if len(legacyExcludedFingerprints) > 0 { - output.StdErrLog(color.HiYellowString("Note: exclude-fingerprints is being replaced by bearer.ignore. To use the new ignore functionality, run bearer ignore migrate. See https://docs.bearer.com/reference/commands/#ignore_migrate.")) + output.StdErrLog(color.HiYellowString("Note: exclude-fingerprints is being replaced by bearer ignore. To use the new ignore functionality, run bearer ignore migrate. See https://docs.bearer.com/reference/commands/#ignore_migrate.")) } if !diffScan { // stale ignored fingerprint warning is misleading for diff scans @@ -312,7 +312,7 @@ func fingerprintOutput( // end legacy if len(unusedFingerprints) > 0 { - output.StdErrLog(fmt.Sprintf("%d ignored fingerprints present in your bearer.ignore file are no longer detected:", len(unusedFingerprints))) + output.StdErrLog(fmt.Sprintf("%d ignored fingerprints present in your ignore file are no longer detected:", len(unusedFingerprints))) for _, fingerprintId := range unusedFingerprints { fingerprint, ok := ignoredFingerprints[fingerprintId] if !ok { @@ -325,7 +325,7 @@ func fingerprintOutput( } else { output.StdErrLog(fmt.Sprintf(" - %s (%s)", fingerprintId, *fingerprint.Comment)) } - output.StdErrLog(color.HiBlackString("\tTo remove this fingerprint from your bearer.ignore file, run: bearer ignore remove " + fingerprintId)) + output.StdErrLog(color.HiBlackString("\tTo remove this fingerprint from your ignore file, run: bearer ignore remove " + fingerprintId)) } } } diff --git a/internal/util/ignore/ignore.go b/internal/util/ignore/ignore.go index d37ec0787..8d0a9d5b5 100644 --- a/internal/util/ignore/ignore.go +++ b/internal/util/ignore/ignore.go @@ -20,25 +20,30 @@ import ( const DefaultIgnoreFilepath = "bearer.ignore" -func GetIgnoredFingerprints(ignoreFilePath string, target *string) (ignoredFingerprints map[string]types.IgnoredFingerprint, fileExists bool, err error) { - ignorePath, isDefaultPath, fileExists, err := getIgnoreFilePath(ignoreFilePath, target) +func GetIgnoredFingerprints(filePath string, target *string) (ignoredFingerprints map[string]types.IgnoredFingerprint, ignoreFilePath string, fileExists bool, err error) { + if filePath == "" { + // nothing to do here + return map[string]types.IgnoredFingerprint{}, filePath, false, nil + } + + ignoreFilePath, isDefaultPath, fileExists, err := GetIgnoreFilePath(filePath, target) if err != nil { if isDefaultPath && !fileExists { - // bearer.ignore file does not exist: expected scenario - return map[string]types.IgnoredFingerprint{}, false, nil + // default bearer.ignore file does not exist: expected scenario + return map[string]types.IgnoredFingerprint{}, ignoreFilePath, false, nil } - return ignoredFingerprints, fileExists, err + return ignoredFingerprints, ignoreFilePath, fileExists, err } // file exists - content, err := os.ReadFile(ignorePath) + content, err := os.ReadFile(ignoreFilePath) if err != nil { - return ignoredFingerprints, true, err + return ignoredFingerprints, ignoreFilePath, true, err } err = json.Unmarshal(content, &ignoredFingerprints) - return ignoredFingerprints, true, err + return ignoredFingerprints, ignoreFilePath, true, err } func GetIgnoredFingerprintsFromCloud( @@ -77,7 +82,7 @@ func MergeIgnoredFingerprints(fingerprintsToIgnore map[string]types.IgnoredFinge if !force { if _, ok := ignoredFingerprints[key]; ok { return fmt.Errorf( - "fingerprint '%s' already exists in the bearer.ignore file. To view this entry run:\n\n$ bearer ignore show %s\n\nTo overwrite this entry, use --force", + "fingerprint '%s' already exists in your ignore file. To view this entry run:\n\n$ bearer ignore show %s\n\nTo overwrite this entry, use --force", key, key, ) @@ -140,17 +145,13 @@ func GetAuthor() (*string, error) { return pointer.String(strings.TrimSuffix(string(nameBytes), "\n")), nil } -func getIgnoreFilePath(ignoreFilePath string, target *string) ( - ignorePath string, +func GetIgnoreFilePath(ignoreFilePath string, target *string) ( + path string, isDefaultPath bool, fileExists bool, err error, ) { - if ignoreFilePath == "" { - // use default ignore file path - isDefaultPath = true - ignoreFilePath = DefaultIgnoreFilepath - } + isDefaultPath = ignoreFilePath == DefaultIgnoreFilepath _, err = os.Stat(ignoreFilePath) if err == nil { @@ -170,17 +171,17 @@ func getIgnoreFilePath(ignoreFilePath string, target *string) ( // append default path to target path and try again targetPath, targetErr := targetPath(target) if targetErr != nil { - return "", isDefaultPath, fileExists, targetErr + return ignoreFilePath, isDefaultPath, fileExists, targetErr } ignoreFilePath = filepath.Join(targetPath, ignoreFilePath) info, err := os.Stat(ignoreFilePath) if err != nil { - return "", isDefaultPath, fileExists, err + return ignoreFilePath, isDefaultPath, fileExists, err } if info.IsDir() { - return "", isDefaultPath, fileExists, fmt.Errorf("ignore file path %s is a dir not a file", ignoreFilePath) + return ignoreFilePath, isDefaultPath, fileExists, fmt.Errorf("ignore file path %s is a dir not a file", ignoreFilePath) } return ignoreFilePath, isDefaultPath, fileExists, nil diff --git a/internal/util/ignore/ignore_test.go b/internal/util/ignore/ignore_test.go index 310f086da..21645ba29 100644 --- a/internal/util/ignore/ignore_test.go +++ b/internal/util/ignore/ignore_test.go @@ -13,15 +13,17 @@ import ( func TestGetIgnoredFingerprints(t *testing.T) { t.Run("Default bearer.ignore does not exist", func(t *testing.T) { - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints("", nil) + ignoredFingerprints, ignoreFilePath, fileExists, err := ignore.GetIgnoredFingerprints("bearer.ignore", nil) assert.Equal(t, map[string]types.IgnoredFingerprint{}, ignoredFingerprints) + assert.Equal(t, "bearer.ignore", ignoreFilePath) assert.Equal(t, false, fileExists) assert.Equal(t, nil, err) }) t.Run("Custom ignore file does not exist", func(t *testing.T) { - ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints("my-own-ignore-file.ignore", nil) + ignoredFingerprints, ignoreFilePath, fileExists, err := ignore.GetIgnoredFingerprints("my-own-ignore-file.ignore", nil) assert.Equal(t, map[string]types.IgnoredFingerprint(nil), ignoredFingerprints) + assert.Equal(t, "my-own-ignore-file.ignore", ignoreFilePath) assert.Equal(t, false, fileExists) assert.NotEqual(t, nil, err) })