Merge pull request #30 from aquasecurity/owenr-add-ignore-folder-support

feat: support ignores of files and FOLDERS

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to the "tfsec" extension will be documented in this file.
 
+### 1.10.0
+- Fix issue with file path names in the explorer
+- Add context support for locally ignoring files and directories
+
 ### 1.9.0
 - Support new tfsec filesystem (relative path resolution)
   - Maintain support older versions of tfsec

Makefile

@@ -0,0 +1,4 @@
+.PHONY: build
+
+build:
+	npm run-script esbuild

README.md

@@ -22,8 +22,18 @@ Ignore codes will be automatically resolved and the description of the error wil
 
 ![ignoredesc](ignoredesc.gif)
 
+### Ignoring filepaths
+
+In the Explorer view, you can right click on a folder or .tf file and select `Ignore path during tfsec runs`. This will pass the path to `--exclude-path` when running tfsec and is only applicable to this workspace on this machine.
+
+To remove ignores, edit the `tfsec.excludedPath` in the `.vscode/settings.json` file of the current workspace.
+
 ## Release Notes
 
+### 1.10.0
+- Fix issue with file path names in the explorer
+- Add context support for locally ignoring files and directories
+
 ### 1.9.0
 - Support new tfsec filesystem (relative path resolution)
   - Maintain support older versions of tfsec

package.json

@@ -3,7 +3,7 @@
   "displayName": "tfsec",
   "publisher": "tfsec",
   "description": "tfsec integration for Visual Studio Code",
-  "version": "1.9.0",
+  "version": "1.10.0",
   "engines": {
     "vscode": "^1.54.0"
   },
@@ -27,7 +27,8 @@
   "activationEvents": [
     "onView:tfsec.issueview",
     "onLanguage:terraform",
-    "onCommand:tfsec.run"
+    "onCommand:tfsec.run",
+    "workspaceContains:**/*.tf"
   ],
   "main": "./out/main.js",
   "contributes": {
@@ -63,6 +64,11 @@
           "type": "boolean",
           "default": "false",
           "description": "Run tfsec with vebose flag to get more information"
+        },
+        "tfsec.excludedPaths": {
+          "type": "array",
+          "default": [],
+          "description": "Run tfsec but exclude these folders"
         }
       }
     },
@@ -91,6 +97,10 @@
         "command": "tfsec.ignore",
         "title": "Ignore this issue instance"
       },
+      {
+        "command": "tfsec.ignorePath",
+        "title": "Ignore path during tfsec runs"
+      },
       {
         "command": "tfsec.ignoreAll",
         "title": "Ignore all instances"
@@ -144,6 +154,12 @@
       }
     ],
     "menus": {
+      "explorer/context": [
+        {
+          "command": "tfsec.ignorePath",
+          "when": "resourceExtname == .tf || explorerResourceIsFolder"
+        }
+      ],
       "commandPalette": [
         {
           "command": "tfsec.ignore",

src/explorer/issues_treeview.ts

@@ -11,7 +11,7 @@ export class TfsecIssueProvider implements vscode.TreeDataProvider<TfsecTreeItem
 	readonly onDidChangeTreeData: vscode.Event<TfsecTreeItem | undefined | void> = this._onDidChangeTreeData.event;
 	public resultData: CheckResult[] = [];
 	private taintResults: boolean = true;
-	private rootpath: string = "";
+	public rootpath: string = "";
 	private storagePath: string = "";
 	public readonly resultsStoragePath: string = "";
 
@@ -91,10 +91,6 @@ export class TfsecIssueProvider implements vscode.TreeDataProvider<TfsecTreeItem
 		var results: TfsecTreeItem[] = [];
 		var resolvedSeverities: string[] = [];
 
-		// if (this.taintResults) {
-		// 	Promise.resolve(this.loadResultData());
-		// }
-
 		for (let index = 0; index < this.resultData.length; index++) {
 			const result = this.resultData[index];
 			if (result === undefined) {
@@ -116,10 +112,6 @@ export class TfsecIssueProvider implements vscode.TreeDataProvider<TfsecTreeItem
 		var resolvedCodes: string[] = [];
 
 
-		// if (this.taintResults) {
-		// 	this.loadResultData();
-		// }
-
 		for (let index = 0; index < this.resultData.length; index++) {
 			const result = this.resultData[index];
 
@@ -148,36 +140,35 @@ export class TfsecIssueProvider implements vscode.TreeDataProvider<TfsecTreeItem
 			if (result.code !== code) {
 				continue;
 			}
-			let filename = this.relativizePath(result.filename);
+			const filename = this.relativizePath(result.filename);
 			const cmd = this.createFileOpenCommand(result);
 			var item = new TfsecTreeItem(`${filename}:${result.startLine}`, result, vscode.TreeItemCollapsibleState.None, cmd);
 			results.push(item);
 		}
 		return uniqueLocations(results);
 	}
 
-	private absolutizePath(incomingPath: string): string {
-		if (path.isAbsolute(incomingPath)) {
-			return incomingPath;
-		}
-		return path.join(this.rootpath, incomingPath);
-	}
 
 	private relativizePath(incomingPath: string): string {
-		if (path.isAbsolute(incomingPath)) {
-			return path.relative(this.rootpath, incomingPath);
-		}
-		return incomingPath;
+		const pathParts = path.parse(this.rootpath);
+		const workingIncomingPath = pathParts.root + incomingPath;
+		return path.relative(this.rootpath, workingIncomingPath);
+	}
+
+	private absolutizePath(incomingPath: string): string {
+		const pathParts = path.parse(this.rootpath);
+		return path.join(pathParts.root, incomingPath);
 	}
 
 	private createFileOpenCommand(result: CheckResult) {
 		const issueRange = new vscode.Range(new vscode.Position(result.startLine - 1, 0), new vscode.Position(result.endLine, 0));
 
+		const pathToOpen = this.absolutizePath(result.filename);
 		return {
 			command: "vscode.open",
 			title: "",
 			arguments: [
-				vscode.Uri.file(this.absolutizePath(result.filename)),
+				vscode.Uri.file(pathToOpen),
 				{
 					selection: issueRange,
 				}

src/extension.ts

@@ -1,5 +1,5 @@
 import * as vscode from 'vscode';
-import { ignoreAllInstances, ignoreInstance, triggerDecoration } from './ignore';
+import { ignoreAllInstances, ignoreInstance, ingorePath, triggerDecoration } from './ignore';
 import { TfsecIssueProvider } from './explorer/issues_treeview';
 import { TfsecTreeItem } from './explorer/tfsec_treeitem';
 import { TfsecHelpProvider } from './explorer/check_helpview';
@@ -37,6 +37,7 @@ export function activate(context: vscode.ExtensionContext) {
 	context.subscriptions.push(vscode.commands.registerCommand('tfsec.ignoreSeverity', (element: TfsecTreeItem) => ignoreAllInstances(element, issueProvider, outputChannel)));
 	context.subscriptions.push(vscode.commands.registerCommand("tfsec.run", () => tfsecWrapper.run()));
 	context.subscriptions.push(vscode.commands.registerCommand("tfsec.updatebinary", () => tfsecWrapper.updateBinary()));
+	context.subscriptions.push(vscode.commands.registerCommand('tfsec.ignorePath', (element: any) => ingorePath(element)));
 
 	context.subscriptions.push(vscode.window.onDidChangeActiveTextEditor(editor => {
 		// only act if this is a terraform file

src/ignore.ts

@@ -5,6 +5,7 @@ import { TfsecTreeItem, TfsecTreeItemType } from './explorer/tfsec_treeitem';
 
 let timeout: NodeJS.Timer | undefined = undefined;
 let activeEditor = vscode.window.activeTextEditor;
+import * as path from 'path';
 
 class IgnoreDetails {
     public readonly code: string;
@@ -143,6 +144,23 @@ const ignoreInstance = (element: TfsecTreeItem, outputChannel: vscode.OutputChan
 };
 
 
+const ingorePath = (element: any) => {
+
+    if (vscode.workspace && vscode.workspace.workspaceFolders && vscode.workspace.workspaceFolders[0]) {
+        const rootpath = vscode.workspace.workspaceFolders[0].uri.fsPath;
+        const config = vscode.workspace.getConfiguration("tfsec");
+        let excludedPaths = config.get<string[]>("excludedPaths");
+
+        var filepath = element.fsPath;
+        filepath = path.relative(rootpath, filepath);
+
+        excludedPaths?.push(filepath);
+        excludedPaths = [...new Set(excludedPaths?.map(obj => obj))];
+
+        config.update("excludedPaths", excludedPaths, false);
+    }
+};
+
 const ignoreAllInstances = async (element: TfsecTreeItem, issueProvider: TfsecIssueProvider, outputChannel: vscode.OutputChannel) => {
     outputChannel.show();
     outputChannel.appendLine("\nSetting ignores - ");
@@ -189,4 +207,4 @@ const ignoreAllInstances = async (element: TfsecTreeItem, issueProvider: TfsecIs
 };
 
 
-export { ignoreAllInstances, ignoreInstance, triggerDecoration, IgnoreDetails, FileIgnores };
+export { ignoreAllInstances, ignoreInstance, ingorePath, triggerDecoration, IgnoreDetails, FileIgnores };

src/tfsec_wrapper.ts

@@ -166,6 +166,14 @@ export class TfsecWrapper {
             command.push('--verbose');
         }
 
+        const excludes = config.get<string[]>("excludedPaths");
+        if (excludes && excludes.length > 0) {
+            excludes.forEach((element: string) => {
+                command.push(`--exclude-path=${element}`);
+            });
+        }
+
+
         // add soft fail for exit code
         command.push('--soft-fail');
         command.push('--format=json');