add global only repository list for all relevant settings (#55)

tim-thacker-nullify · web-flow · commit 68b85539ad2f · 2023-10-09T02:25:23.000Z
* add global only repository list for all relevant settings

* update examples
diff --git a/cmd/main.go b/cmd/main.go
@@ -8,7 +8,7 @@ import (
 )
 
 func main() {
-	config, err := parser.LoadFromFile("data/nullify.yaml")
+	config, err := parser.LoadFromFile("examples/nullify.yaml")
 	if err != nil {
 		panic(err)
 	}
diff --git a/examples/nullify.yaml b/examples/nullify.yaml
@@ -1,14 +1,14 @@
 severity_threshold: medium
 ignore_dirs:
-  - data
+  - dir1
 ignore_paths:
   - data/**/*
 notifications:
   all-events-webhook:
     events:
       all:
         minimum_severity: high
-        secret_types: [ssh_key]
+        secret_types: [ ssh_key ]
     targets:
       webhook:
         urls: [ https://webhook.site/123456 ]
@@ -17,30 +17,41 @@ notifications:
       new_code_findings:
         minimum_severity: high
       new_secret_findings:
-        types: [ssh_key]
+        types: [ ssh_key ]
       new_dependency_findings:
         minimum_severity: high
     targets:
       slack:
         channels: [ "123456" ]
       email:
-        emails: [ notifications@nullify.ai, noreply@nullify.ai ]
+        addresses: [ notifications@nullify.ai, noreply@nullify.ai ]
+    repositories:
+      - config-file-parser
+      - dast-action
+      - cli
 scheduled_notifications:
   new-findings:
-    schedule: "* * * * *"
+    schedule: "0 0 * * *"
     topics:
       all: true
     targets:
-      email:
-        addresses:
-          - monitoring@nullify.ai
       slack:
-        channel: "123456"
+        channels: [ "123456" ]
+      email:
+        addresses: [ notifications@nullify.ai, noreply@nullify.ai ]
+    repositories:
+      - config-file-parser
+      - dast-action
+      - cli
 code:
   ignore:
     - cwes: [ 589 ] # Potential HTTP request made with variable url
       reason: HTTP requests with variables in tests don't matter
-      paths: "**/tests/*"
+      paths: [ "**/tests/*" ]
+      repositories:
+        - config-file-parser
+        - dast-action
+        - cli
     - rule_ids: [ python-sql-injection ]
       reason: This code won't be going live until next year but we should fix it before then
       expiry: "2021-12-31"
@@ -49,6 +60,12 @@ dependencies:
     - cve: CVE-2021-1234
       reason: This is a false positive
       expiry: "2021-12-31"
+    - cve: CVE-2021-5678
+      reason: This isn't exploitable in client applications
+      expiry: "2021-12-31"
+      repositories:
+        - dast-action
+        - cli
 secrets:
   ignore:
     - value: mocksecret123
diff --git a/pkg/models/code.go b/pkg/models/code.go
@@ -11,4 +11,7 @@ type CodeIgnore struct {
 	Dirs    []string `yaml:"dirs,omitempty"`
 	Paths   []string `yaml:"paths,omitempty"`
 	Expiry  string   `yaml:"expiry,omitempty"`
+
+	// global config only
+	Repositories []string `yaml:"repositories,omitempty"`
 }
diff --git a/pkg/models/dependencies.go b/pkg/models/dependencies.go
@@ -10,4 +10,7 @@ type DependenciesIgnore struct {
 	Expiry string   `yaml:"expiry,omitempty"`
 	Dirs   []string `yaml:"dirs,omitempty"`
 	Paths  []string `yaml:"paths,omitempty"`
+
+	// global config only
+	Repositories []string `yaml:"repositories,omitempty"`
 }
diff --git a/pkg/models/notifications.go b/pkg/models/notifications.go
@@ -3,4 +3,7 @@ package models
 type Notification struct {
 	Events  NotificationEvents  `yaml:"events,omitempty"`
 	Targets NotificationTargets `yaml:"targets,omitempty"`
+
+	// global config only
+	Repositories []string `yaml:"repositories,omitempty"`
 }
diff --git a/pkg/models/scheduled_notifications.go b/pkg/models/scheduled_notifications.go
@@ -13,6 +13,9 @@ type ScheduledNotification struct {
 	Schedule string                       `yaml:"schedule,omitempty"`
 	Topics   ScheduledNotificationTopics  `yaml:"topics,omitempty"`
 	Targets  ScheduledNotificationTargets `yaml:"targets,omitempty"`
+
+	// global config only
+	Repositories []string `yaml:"repositories,omitempty"`
 }
 
 type ScheduledNotificationTopics struct {
diff --git a/pkg/models/secrets.go b/pkg/models/secrets.go
@@ -11,4 +11,7 @@ type SecretsIgnore struct {
 	Expiry  string   `yaml:"expiry,omitempty"`
 	Dirs    []string `yaml:"dirs,omitempty"`
 	Paths   []string `yaml:"paths,omitempty"`
+
+	// global config only
+	Repositories []string `yaml:"repositories,omitempty"`
 }
diff --git a/tests/integration_test.go b/tests/integration_test.go
@@ -65,6 +65,11 @@ func TestIntegration(t *testing.T) {
 						Addresses: []string{"notifications@nullify.ai", "noreply@nullify.ai"},
 					},
 				},
+				Repositories: []string{
+					"config-file-parser",
+					"dast-action",
+					"cli",
+				},
 			},
 		},
 		ScheduledNotifications: map[string]models.ScheduledNotification{
@@ -81,6 +86,11 @@ func TestIntegration(t *testing.T) {
 						Channels: []string{"123456"},
 					},
 				},
+				Repositories: []string{
+					"config-file-parser",
+					"dast-action",
+					"cli",
+				},
 			},
 		},
 		Code: models.Code{
@@ -89,6 +99,11 @@ func TestIntegration(t *testing.T) {
 					CWEs:   []int{589},
 					Reason: "HTTP requests with variables in tests don't matter",
 					Paths:  []string{"**/tests/*"},
+					Repositories: []string{
+						"config-file-parser",
+						"dast-action",
+						"cli",
+					},
 				},
 				{
 					RuleIDs: []string{"python-sql-injection"},
@@ -104,6 +119,15 @@ func TestIntegration(t *testing.T) {
 					Reason: "This is a false positive",
 					Expiry: "2021-12-31",
 				},
+				{
+					CVE:    "CVE-2021-5678",
+					Reason: "This isn't exploitable in client applications",
+					Expiry: "2021-12-31",
+					Repositories: []string{
+						"dast-action",
+						"cli",
+					},
+				},
 			},
 		},
 	}
diff --git a/tests/nullify.yaml b/tests/nullify.yaml
@@ -8,7 +8,7 @@ notifications:
     events:
       all:
         minimum_severity: high
-        secret_types: [ssh_key]
+        secret_types: [ ssh_key ]
     targets:
       webhook:
         urls: [ https://webhook.site/123456 ]
@@ -25,6 +25,10 @@ notifications:
         channels: [ "123456" ]
       email:
         addresses: [ notifications@nullify.ai, noreply@nullify.ai ]
+    repositories:
+      - config-file-parser
+      - dast-action
+      - cli
 scheduled_notifications:
   new-findings:
     schedule: "0 0 * * *"
@@ -35,11 +39,19 @@ scheduled_notifications:
         channels: [ "123456" ]
       email:
         addresses: [ notifications@nullify.ai, noreply@nullify.ai ]
+    repositories:
+      - config-file-parser
+      - dast-action
+      - cli
 code:
   ignore:
     - cwes: [ 589 ] # Potential HTTP request made with variable url
       reason: HTTP requests with variables in tests don't matter
       paths: [ "**/tests/*" ]
+      repositories:
+        - config-file-parser
+        - dast-action
+        - cli
     - rule_ids: [ python-sql-injection ]
       reason: This code won't be going live until next year but we should fix it before then
       expiry: "2021-12-31"
@@ -48,6 +60,12 @@ dependencies:
     - cve: CVE-2021-1234
       reason: This is a false positive
       expiry: "2021-12-31"
+    - cve: CVE-2021-5678
+      reason: This isn't exploitable in client applications
+      expiry: "2021-12-31"
+      repositories:
+        - dast-action
+        - cli
 secrets:
   ignore:
     - value: mocksecret123

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ import (`
`8`	`8`	`)`
`9`	`9`
`10`	`10`	`func main() {`
`11`		`- config, err := parser.LoadFromFile("data/nullify.yaml")`
	`11`	`+ config, err := parser.LoadFromFile("examples/nullify.yaml")`
`12`	`12`	`if err != nil {`
`13`	`13`	`panic(err)`
`14`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,7 @@ type CodeIgnore struct {`
`11`	`11`	Dirs []string `yaml:"dirs,omitempty"`
`12`	`12`	Paths []string `yaml:"paths,omitempty"`
`13`	`13`	Expiry string `yaml:"expiry,omitempty"`
	`14`	`+`
	`15`	`+ // global config only`
	`16`	+ Repositories []string `yaml:"repositories,omitempty"`
`14`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,4 +10,7 @@ type DependenciesIgnore struct {`
`10`	`10`	Expiry string `yaml:"expiry,omitempty"`
`11`	`11`	Dirs []string `yaml:"dirs,omitempty"`
`12`	`12`	Paths []string `yaml:"paths,omitempty"`
	`13`	`+`
	`14`	`+ // global config only`
	`15`	+ Repositories []string `yaml:"repositories,omitempty"`
`13`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,4 +3,7 @@ package models`
`3`	`3`	`type Notification struct {`
`4`	`4`	Events NotificationEvents `yaml:"events,omitempty"`
`5`	`5`	Targets NotificationTargets `yaml:"targets,omitempty"`
	`6`	`+`
	`7`	`+ // global config only`
	`8`	+ Repositories []string `yaml:"repositories,omitempty"`
`6`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,9 @@ type ScheduledNotification struct {`
`13`	`13`	Schedule string `yaml:"schedule,omitempty"`
`14`	`14`	Topics ScheduledNotificationTopics `yaml:"topics,omitempty"`
`15`	`15`	Targets ScheduledNotificationTargets `yaml:"targets,omitempty"`
	`16`	`+`
	`17`	`+ // global config only`
	`18`	+ Repositories []string `yaml:"repositories,omitempty"`
`16`	`19`	`}`
`17`	`20`
`18`	`21`	`type ScheduledNotificationTopics struct {`
Original file line number	Diff line number	Diff line change
`@@ -11,4 +11,7 @@ type SecretsIgnore struct {`
`11`	`11`	Expiry string `yaml:"expiry,omitempty"`
`12`	`12`	Dirs []string `yaml:"dirs,omitempty"`
`13`	`13`	Paths []string `yaml:"paths,omitempty"`
	`14`	`+`
	`15`	`+ // global config only`
	`16`	+ Repositories []string `yaml:"repositories,omitempty"`
`14`	`17`	`}`