Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sca): skip old CVE suppressions (without 'accountIds') #3503

Merged
merged 3 commits into from
Sep 14, 2022
Merged

fix(sca): skip old CVE suppressions (without 'accountIds') #3503

merged 3 commits into from
Sep 14, 2022

Conversation

NoaAzoulay
Copy link
Contributor

@NoaAzoulay NoaAzoulay commented Sep 13, 2022
edited
Loading

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

New/Edited policies (Delete if not relevant)

Description

Include a description of what makes it a violation and any relevant external links.

Fix

How does someone fix the issue in code and/or in runtime?

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@NoaAzoulay NoaAzoulay changed the title fix(sca):skip old suppressions (without 'accountIds') fix(sca): skip old suppressions (without 'accountIds') Sep 13, 2022
ayajbara
ayajbara reviewed Sep 13, 2022
View reviewed changes
checkov/common/bridgecrew/integration_features/features/suppressions_integration.py
if record.vulnerability_details and record.vulnerability_details['id'] == cve['cve']:
return True
return False
return any(record.vulnerability_details and record.vulnerability_details['id'] == cve['cve']
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep :)

Saarett
Saarett requested changes Sep 13, 2022
View reviewed changes
Copy link
Contributor

@Saarett Saarett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! Added 1 comment :)

checkov/common/bridgecrew/integration_features/features/suppressions_integration.py Outdated Show resolved Hide resolved
checkov/common/bridgecrew/integration_features/features/suppressions_integration.py
if record.vulnerability_details and record.vulnerability_details['id'] == cve['cve']:
return True
return False
return any(record.vulnerability_details and record.vulnerability_details['id'] == cve['cve']
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yep :)

@NoaAzoulay NoaAzoulay changed the title fix(sca): skip old suppressions (without 'accountIds') fix(sca): skip old CVE suppressions (without 'accountIds') Sep 14, 2022
@Saarett Saarett merged commit 047e49b into master Sep 14, 2022
@Saarett Saarett deleted the bug_fix_ignore_old_suppressions branch September 14, 2022 07:22
nijdarshan pushed a commit to nijdarshan/checkov that referenced this pull request Sep 15, 2022
@NoaAzoulay @schosterbarak
fix(sca): skip old CVE suppressions (without 'accountIds') (bridgecre…
0a4aab6 
…wio#3503)

* skip old suppressions (without 'accountIds') + tests

* skip old suppressions (without 'accountIds') + tests

* /
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ayajbara ayajbara ayajbara approved these changes

@Saarett Saarett Saarett approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@NoaAzoulay @Saarett @ayajbara