snyk-plugin: added --snyk-code-test-opts flag

Users are now able to use the introduced flag to pass new parameters to the snyk cli Resolves: https://issues.redhat.com/browse/OSH-307 csmock -t snyk --snyk-code-test-opts='--report --project-name=osbuild' -r rhel-8-x86_64 osbuild-99-1.el10+1.src.rpm
csutils · Nov 8, 2023 · eaf5dff · eaf5dff
1 parent 2e89ad7
commit eaf5dff
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/py/plugins/snyk.py b/py/plugins/snyk.py
@@ -17,7 +17,6 @@
 
 import os
 
-
 # default URL to download snyk binary executable
 SNYK_BIN_URL = "https://static.snyk.io/cli/latest/snyk-linux"
 
@@ -33,7 +32,7 @@
 FILTER_CMD = f"csgrep '%s' --mode=json --prepend-path-prefix={SNYK_SCAN_DIR}/ > '%s'"
 
 # default value for the maximum amount of time taken by invocation of Snyk (5 hours)
-DEFAULT_SNYK_TIMEOUT=18000
+DEFAULT_SNYK_TIMEOUT = 18000
 
 
 class PluginProps:
@@ -74,6 +73,9 @@ def init_parser(self, parser):
             "--snyk-timeout", type=int, default=DEFAULT_SNYK_TIMEOUT,
             help="maximum amount of time taken by invocation of Snyk [s]")
 
+        parser.add_argument(
+            "--snyk-code-test-opts",
+            help="extra parameters with to use with the snyk CLI")
 
     def handle_args(self, parser, args, props):
         if not self.enabled:
@@ -143,6 +145,7 @@ def fetch_snyk_hook(results, props):
         def copy_resolv_conf(results, mock):
             mock.copy_in_resolv_conf()
             return 0
+
         props.post_depinst_hooks += [copy_resolv_conf]
 
         def scan_hook(results, mock, props):
@@ -156,8 +159,14 @@ def scan_hook(results, mock, props):
                 return ec
 
             # command to run snyk code
-            cmd = "%s code test -d %s --sarif-file-output=%s >/dev/null 2>%s" \
-                    % (self.snyk_bin, SNYK_SCAN_DIR, SNYK_OUTPUT, SNYK_LOG)
+            cmd = "%s code test -d %s " \
+                  % (self.snyk_bin, SNYK_SCAN_DIR)
+
+            # if we use the --snyk-code-test-opts flags, we append the flags to the SNYK CLI code
+            if args.snyk_code_test_opts:
+                cmd = cmd + args.snyk_code_test_opts
+
+            cmd = cmd + " --sarif-file-output=%s >/dev/null 2>%s" % (SNYK_OUTPUT, SNYK_LOG)
 
             if args.snyk_timeout:
                 # wrap snyk invocation by timeout(1)
@@ -177,7 +186,7 @@ def scan_hook(results, mock, props):
                 props.copy_out_files.remove(SNYK_OUTPUT)
                 return 0
             if ec not in [0, 1]:
-                results.error("snyk code returned unexpected exit status: %d" % ec, ec=ec)
+                results.error(f"snyk code returned unexpected exit status: %d" % ec, ec=ec)
 
             # returning non-zero would prevent csmock from archiving SNYK_LOG
             return 0
@@ -194,4 +203,5 @@ def filter_hook(results):
             dst = "%s/snyk-results.json" % results.dbgdir_uni
             cmd = FILTER_CMD % (src, dst)
             return results.exec_cmd(cmd, shell=True)
+
         props.post_process_hooks += [filter_hook]