fix: filter code quality and security issues based on config (#728)

snyk · Dec 6, 2024 · 2533da8 · 2533da8
1 parent 4ba08ea
commit 2533da8
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 1 deletion.
diff --git a/infrastructure/code/code.go b/infrastructure/code/code.go
@@ -204,7 +204,7 @@ func (sc *Scanner) Scan(ctx context.Context, path string, folderPath string) (is
 	if err != nil {
 		return nil, err
 	}
-
+	results = filterCodeIssues(c, results)
 	// Populate HTML template
 	sc.enhanceIssuesDetails(results, folderPath)
 
@@ -213,6 +213,24 @@ func (sc *Scanner) Scan(ctx context.Context, path string, folderPath string) (is
 	return results, err
 }
 
+func filterCodeIssues(c *config.Config, issues []snyk.Issue) []snyk.Issue {
+	if c.IsSnykCodeSecurityEnabled() && c.IsSnykCodeQualityEnabled() {
+		return issues
+	}
+	var result []snyk.Issue
+	for _, issue := range issues {
+		additionalData, ok := issue.AdditionalData.(snyk.CodeIssueData)
+		if !ok {
+			continue
+		}
+		shouldAdd := additionalData.IsSecurityType && c.IsSnykCodeSecurityEnabled() || !additionalData.IsSecurityType && c.IsSnykCodeQualityEnabled()
+		if shouldAdd {
+			result = append(result, issue)
+		}
+	}
+	return result
+}
+
 func internalScan(ctx context.Context, sc *Scanner, folderPath string, logger zerolog.Logger, filesToBeScanned map[string]bool) (results []snyk.Issue, err error) {
 	span := sc.BundleUploader.instrumentor.StartSpan(ctx, "code.ScanWorkspace")
 	defer sc.BundleUploader.instrumentor.Finish(span)

diff --git a/infrastructure/code/code_test.go b/infrastructure/code/code_test.go
@@ -891,6 +891,65 @@ func TestNormalizeBranchName(t *testing.T) {
 	assert.Equal(t, expectedBranchName, normaliedBranchName)
 }
 
+func TestFilterCodeIssues(t *testing.T) {
+	c := testutil.UnitTest(t)
+	securityIssue := snyk.Issue{
+		AdditionalData: snyk.CodeIssueData{IsSecurityType: true},
+		ID:             "security-1",
+	}
+	qualityIssue := snyk.Issue{
+		AdditionalData: snyk.CodeIssueData{IsSecurityType: false},
+		ID:             "quality-1",
+	}
+
+	testCases := []struct {
+		name                   string
+		isSnykCodeEnabled      bool
+		isCodeSecurityEnabled  bool
+		isCodeQualityEnabled   bool
+		inputIssues            []snyk.Issue
+		expectedFilteredIssues []snyk.Issue
+	}{
+		{
+			name:                   "only security enabled",
+			isCodeSecurityEnabled:  true,
+			isCodeQualityEnabled:   false,
+			inputIssues:            []snyk.Issue{securityIssue, qualityIssue},
+			expectedFilteredIssues: []snyk.Issue{securityIssue},
+		},
+		{
+			name:                   "only quality enabled",
+			isCodeSecurityEnabled:  false,
+			isCodeQualityEnabled:   true,
+			inputIssues:            []snyk.Issue{securityIssue, qualityIssue},
+			expectedFilteredIssues: []snyk.Issue{qualityIssue},
+		},
+		{
+			name:                   "both quality and security enabled",
+			isCodeSecurityEnabled:  true,
+			isCodeQualityEnabled:   true,
+			inputIssues:            []snyk.Issue{securityIssue, qualityIssue},
+			expectedFilteredIssues: []snyk.Issue{securityIssue, qualityIssue},
+		},
+		{
+			name:                   "both disabled",
+			isCodeSecurityEnabled:  false,
+			isCodeQualityEnabled:   false,
+			inputIssues:            []snyk.Issue{securityIssue, qualityIssue},
+			expectedFilteredIssues: []snyk.Issue{},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			c.EnableSnykCodeQuality(tc.isCodeQualityEnabled)
+			c.EnableSnykCodeSecurity(tc.isCodeSecurityEnabled)
+			result := filterCodeIssues(c, tc.inputIssues)
+			assert.ElementsMatch(t, tc.expectedFilteredIssues, result)
+		})
+	}
+}
+
 func getInterfileTestCodeIssueData() snyk.CodeIssueData {
 	return snyk.CodeIssueData{
 		DataFlow: []snyk.DataFlowElement{