deprecate config file ignoring (#180)

* degrecate config file ignoring

* wip

* tidy

* wip

* wip

Author: tim-thacker-nullify

.github/workflows/ci-go.yml

@@ -21,7 +21,10 @@ jobs:
         run: |
           go mod tidy
           git diff --exit-code
-      - name: lint
-        run: make lint-go
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v8
+        with:
+          version: v2.4.0
+          args: ./cmd/... ./pkg/... ./tests/...
       - name: test
         run: make unit

Makefile

@@ -20,8 +20,7 @@ cov:
 lint: lint-go lint-docker
 
 lint-go:
-	docker build --quiet --target golangci-lint -t golangci-lint:latest .
-	docker run --rm -v $(shell pwd):/app -w /app golangci-lint golangci-lint run ./...
+	golangci-lint run ./cmd/... ./pkg/... ./tests/...
 
 lint-docker:
 	docker build --quiet --target hadolint -t hadolint:latest .

examples/nullify.yaml

@@ -6,94 +6,17 @@ ignore_dirs:
   - dir1
 ignore_paths:
   - data/**/*
-notifications:
-  all-events-webhook:
-    events:
-      all:
-        minimum_severity: high
-        secret_types: [ ssh_key ]
-    targets:
-      webhook:
-        urls: [ https://webhook.site/123456 ]
-  findings-to-slack-and-email:
-    events:
-      new_code_findings:
-        minimum_severity: high
-      new_secret_findings:
-        types: [ ssh_key ]
-      new_dependency_findings:
-        minimum_severity: high
-    targets:
-      slack:
-        channels: [ "123456" ]
-      email:
-        addresses: [ [email protected], [email protected] ]
-    repositories:
-      - config-file-parser
-      - dast-action
-      - cli
-scheduled_notifications:
-  new-findings:
-    schedule: "0 0 * * *"
-    timezone: "America/Los_Angeles"
-    topics:
-      all: true
-    targets:
-      slack:
-        channels: [ "123456" ]
-      email:
-        addresses: [ [email protected], [email protected] ]
-    repositories:
-      - config-file-parser
-      - dast-action
-      - cli
-code:
-  auto_fix:
-    enabled: true
-    max_pull_requests_open: 2
-    max_pull_request_creation_rate:
-      count: 1
-      days: 1
-  ignore:
-    - cwes: [ 589 ] # Potential HTTP request made with variable url
-      reason: HTTP requests with variables in tests don't matter
-      paths: [ "**/tests/*" ]
-      repositories:
-        - config-file-parser
-        - dast-action
-        - cli
-    - rule_ids: [ python-sql-injection ]
-      reason: This code won't be going live until next year but we should fix it before then
-      expiry: "2021-12-31"
-dependencies:
-  auto_fix:
-    enabled: true
-    max_pull_requests_open: 2
-    max_pull_request_creation_rate:
-      count: 1
-      days: 1
-  ignore:
-    - cves: [ CVE-2021-1234 ]
-      reason: This is a false positive
-      expiry: "2021-12-31"
-    - cves: [ CVE-2021-5678 ]
-      reason: This isn't exploitable in client applications
-      expiry: "2021-12-31"
-      repositories:
-        - dast-action
-        - cli
 secrets:
   ignore:
     - value: mocksecret123
       reason: This is a test secret, it has no access to anything
-      paths: [ "**/tests/*" ]
     - pattern: id[0-9]+
       reason: These are not secrets, they are internal identifiers
     - value: actualsecret123
       reason: We can't remove this right now but we should
       expiry: "2021-12-31"
     - sha256: 87cbebfeebc05f7c54ac9336c4b4bbec831227a641951a4bde7edd56020f8590 # this is correct-horse-battery-staple
-      reason: This was allowlisted from the Nullify dashboard
+      reason: This was ignored from the Nullify dashboard
 integrations:
   jira:
     disabled: true

go.mod

@@ -20,6 +20,5 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/robfig/cron/v3 v3.0.1
 	golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b
 )

go.sum

@@ -16,8 +16,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
-github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
 github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=

pkg/merger/merger.go

@@ -104,18 +104,10 @@ func MergeConfigFiles(
 			config.IgnorePaths = extraConfig.IgnorePaths
 		}
 
-		if extraConfig.Code.AutoFix != nil {
-			config.Code.AutoFix = extraConfig.Code.AutoFix
-		}
-
 		if len(extraConfig.Code.Ignore) > 0 {
 			config.Code.Ignore = extraConfig.Code.Ignore
 		}
 
-		if extraConfig.Dependencies.AutoFix != nil {
-			config.Dependencies.AutoFix = extraConfig.Dependencies.AutoFix
-		}
-
 		if len(extraConfig.Dependencies.Ignore) > 0 {
 			config.Dependencies.Ignore = extraConfig.Dependencies.Ignore
 		}
@@ -142,21 +134,6 @@ func MergeConfigFiles(
 			}
 		}
 
-		if len(extraConfig.Notifications) > 0 && config.Notifications == nil {
-			config.Notifications = map[string]models.Notification{}
-		}
-
-		for k, v := range extraConfig.Notifications {
-			config.Notifications[k] = v
-		}
-
-		if len(extraConfig.ScheduledNotifications) > 0 && config.ScheduledNotifications == nil {
-			config.ScheduledNotifications = extraConfig.ScheduledNotifications
-		}
-
-		for k, v := range extraConfig.ScheduledNotifications {
-			config.ScheduledNotifications[k] = v
-		}
 	}
 
 	return &config

pkg/merger/merger_test.go

@@ -34,19 +34,13 @@ func TestMergeConfigFiles(t *testing.T) {
 				IgnoreDirs:        []string{"dir1", "dir2"},
 				IgnorePaths:       []string{"path1", "path2"},
 				Code: models.Code{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.CodeIgnore{
 						{
 							CWEs: []int{123},
 						},
 					},
 				},
 				Dependencies: models.Dependencies{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.DependenciesIgnore{
 						{
 							CVEs: []string{"CVE-2021-1234"},
@@ -60,20 +54,6 @@ func TestMergeConfigFiles(t *testing.T) {
 						},
 					},
 				},
-				Notifications: map[string]models.Notification{
-					"slack": {
-						Events: models.NotificationEvents{
-							All: &models.NotificationEventAll{
-								MinimumSeverity: models.SeverityHigh,
-							},
-						},
-					},
-				},
-				ScheduledNotifications: map[string]models.ScheduledNotification{
-					"slack": {
-						Schedule: "0 0 * * *",
-					},
-				},
 				Integrations: models.Integrations{
 					Jira: &models.Jira{
 						ProjectKey:        "JIRINT",
@@ -92,19 +72,13 @@ func TestMergeConfigFiles(t *testing.T) {
 				IgnoreDirs:               []string{"dir1", "dir2"},
 				IgnorePaths:              []string{"path1", "path2"},
 				Code: models.Code{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.CodeIgnore{
 						{
 							CWEs: []int{123},
 						},
 					},
 				},
 				Dependencies: models.Dependencies{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.DependenciesIgnore{
 						{
 							CVEs: []string{"CVE-2021-1234"},
@@ -118,20 +92,6 @@ func TestMergeConfigFiles(t *testing.T) {
 						},
 					},
 				},
-				Notifications: map[string]models.Notification{
-					"slack": {
-						Events: models.NotificationEvents{
-							All: &models.NotificationEventAll{
-								MinimumSeverity: models.SeverityHigh,
-							},
-						},
-					},
-				},
-				ScheduledNotifications: map[string]models.ScheduledNotification{
-					"slack": {
-						Schedule: "0 0 * * *",
-					},
-				},
 				Integrations: models.Integrations{
 					Jira: &models.Jira{
 						ProjectKey:        "JIRINT",
@@ -150,19 +110,13 @@ func TestMergeConfigFiles(t *testing.T) {
 				IgnoreDirs:        []string{"dir1", "dir2"},
 				IgnorePaths:       []string{"path1", "path2"},
 				Code: models.Code{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.CodeIgnore{
 						{
 							CWEs: []int{123},
 						},
 					},
 				},
 				Dependencies: models.Dependencies{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.DependenciesIgnore{
 						{
 							CVEs: []string{"CVE-2021-1234"},
@@ -176,20 +130,6 @@ func TestMergeConfigFiles(t *testing.T) {
 						},
 					},
 				},
-				Notifications: map[string]models.Notification{
-					"slack": {
-						Events: models.NotificationEvents{
-							All: &models.NotificationEventAll{
-								MinimumSeverity: models.SeverityHigh,
-							},
-						},
-					},
-				},
-				ScheduledNotifications: map[string]models.ScheduledNotification{
-					"slack": {
-						Schedule: "0 0 * * *",
-					},
-				},
 				Integrations: models.Integrations{
 					Jira: &models.Jira{
 						ProjectKey:        "JIRINT",
@@ -215,19 +155,13 @@ func TestMergeConfigFiles(t *testing.T) {
 				IgnoreDirs:               []string{"dir1", "dir2"},
 				IgnorePaths:              []string{"path1", "path2"},
 				Code: models.Code{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.CodeIgnore{
 						{
 							CWEs: []int{123},
 						},
 					},
 				},
 				Dependencies: models.Dependencies{
-					AutoFix: &models.AutoFix{
-						Enabled: true,
-					},
 					Ignore: []models.DependenciesIgnore{
 						{
 							CVEs: []string{"CVE-2021-1234"},
@@ -241,20 +175,6 @@ func TestMergeConfigFiles(t *testing.T) {
 						},
 					},
 				},
-				Notifications: map[string]models.Notification{
-					"slack": {
-						Events: models.NotificationEvents{
-							All: &models.NotificationEventAll{
-								MinimumSeverity: models.SeverityHigh,
-							},
-						},
-					},
-				},
-				ScheduledNotifications: map[string]models.ScheduledNotification{
-					"slack": {
-						Schedule: "0 0 * * *",
-					},
-				},
 				Integrations: models.Integrations{
 					Jira: &models.Jira{
 						ProjectKey:        "JIRINT",

pkg/models/autofix.go

@@ -2,7 +2,6 @@ package models
 
 type Code struct {
 	EnableFailBuilds *bool        `yaml:"enable_fail_builds,omitempty"`
-	AutoFix          *AutoFix     `yaml:"auto_fix,omitempty"`
 	Ignore           []CodeIgnore `yaml:"ignore,omitempty"`
 }
 
@@ -14,8 +13,10 @@ type CodeIgnore struct {
 	CWEs    []int    `yaml:"cwes,omitempty"`
 	RuleIDs []string `yaml:"rule_ids,omitempty"`
 	Dirs    []string `yaml:"dirs,omitempty"`
-	Paths   []string `yaml:"paths,omitempty"`
 
 	// global config only
 	Repositories []string `yaml:"repositories,omitempty"`
+
+	// TODO deprecate
+	Paths []string `yaml:"paths,omitempty"`
 }

pkg/models/code.go

@@ -2,7 +2,6 @@ package models
 
 type Dependencies struct {
 	EnableFailBuilds *bool                `yaml:"enable_fail_builds,omitempty"`
-	AutoFix          *AutoFix             `yaml:"auto_fix,omitempty"`
 	Ignore           []DependenciesIgnore `yaml:"ignore,omitempty"`
 }
 
@@ -11,10 +10,12 @@ type DependenciesIgnore struct {
 	Expiry string `yaml:"expiry,omitempty"`
 
 	// matchers
-	CVEs  []string `yaml:"cves,omitempty"`
-	Dirs  []string `yaml:"dirs,omitempty"`
-	Paths []string `yaml:"paths,omitempty"`
+	CVEs []string `yaml:"cves,omitempty"`
+	Dirs []string `yaml:"dirs,omitempty"`
 
 	// global config only
 	Repositories []string `yaml:"repositories,omitempty"`
+
+	// TODO deprecate
+	Paths []string `yaml:"paths,omitempty"`
 }