Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CM-42882 - Fix SCA table printing (severity weights) #273

Merged
merged 2 commits into from
Dec 12, 2024
Merged

CM-42882 - Fix SCA table printing (severity weights) #273

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4634765
CM-42882 - Fix SCA table printing (severity weights)
MarshalX Dec 11, 2024
4245542
simplify fix
MarshalX Dec 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 11 additions & 7 deletions cycode/cli/commands/scan/code_scanner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -455,7 +455,7 @@ def create_local_scan_result(
documents_to_scan: List[Document],
command_scan_type: str,
scan_type: str,
severity_threshold: str,
severity_threshold: Optional[str],
) -> LocalScanResult:
document_detections = get_document_detections(scan_result, documents_to_scan)
relevant_document_detections_list = exclude_irrelevant_document_detections(
Expand Down Expand Up @@ -627,7 +627,10 @@ def get_document_detections(


def exclude_irrelevant_document_detections(
document_detections_list: List[DocumentDetections], scan_type: str, command_scan_type: str, severity_threshold: str
document_detections_list: List[DocumentDetections],
scan_type: str,
command_scan_type: str,
severity_threshold: Optional[str],
) -> List[DocumentDetections]:
relevant_document_detections_list = []
for document_detections in document_detections_list:
Expand Down Expand Up @@ -709,17 +712,18 @@ def try_get_git_remote_url(path: str) -> Optional[str]:


def exclude_irrelevant_detections(
detections: List[Detection], scan_type: str, command_scan_type: str, severity_threshold: str
detections: List[Detection], scan_type: str, command_scan_type: str, severity_threshold: Optional[str]
) -> List[Detection]:
relevant_detections = _exclude_detections_by_exclusions_configuration(detections, scan_type)
relevant_detections = _exclude_detections_by_scan_type(relevant_detections, scan_type, command_scan_type)
return _exclude_detections_by_severity(relevant_detections, severity_threshold)

if severity_threshold:
return _exclude_detections_by_severity(relevant_detections, severity_threshold)

return relevant_detections

def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
if severity_threshold is None:
return detections

def _exclude_detections_by_severity(detections: List[Detection], severity_threshold: str) -> List[Detection]:
relevant_detections = []
for detection in detections:
severity = detection.detection_details.get('advisory_severity')
Expand Down
4 changes: 2 additions & 2 deletions cycode/cli/commands/scan/scan_command.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import sys
from typing import List
from typing import List, Optional

import click

Expand Down Expand Up @@ -117,7 +117,7 @@ def scan_command(
client_id: str,
show_secret: bool,
soft_fail: bool,
severity_threshold: str,
severity_threshold: Optional[str],
sca_scan: List[str],
monitor: bool,
report: bool,
Expand Down
12 changes: 8 additions & 4 deletions cycode/cli/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ def __repr__(self) -> str:
return 'document:{0}, detections:{1}'.format(self.document, self.detections)


SEVERITY_UNKNOWN_WEIGHT = -2


class Severity(Enum):
INFO = -1
LOW = 0
Expand All @@ -42,18 +45,19 @@ class Severity(Enum):
CRITICAL = 3

@staticmethod
def try_get_value(name: str) -> any:
def try_get_value(name: str) -> Optional[int]:
name = name.upper()
if name not in Severity.__members__:
return None

return Severity[name].value

@staticmethod
def get_member_weight(name: str) -> any:
def get_member_weight(name: str) -> int:
weight = Severity.try_get_value(name)
if weight is None: # if License Compliance
return -2
if weight is None: # unknown severity
return SEVERITY_UNKNOWN_WEIGHT

return weight


Expand Down
7 changes: 5 additions & 2 deletions cycode/cli/printers/tables/sca_table_printer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import click

from cycode.cli.consts import LICENSE_COMPLIANCE_POLICY_ID, PACKAGE_VULNERABILITY_POLICY_ID
from cycode.cli.models import Detection, Severity
from cycode.cli.models import SEVERITY_UNKNOWN_WEIGHT, Detection, Severity
from cycode.cli.printers.tables.table import Table
from cycode.cli.printers.tables.table_models import ColumnInfoBuilder, ColumnWidths
from cycode.cli.printers.tables.table_printer_base import TablePrinterBase
Expand Down Expand Up @@ -73,7 +73,10 @@ def __group_by(detections: List[Detection], details_field_name: str) -> Dict[str
@staticmethod
def __severity_sort_key(detection: Detection) -> int:
severity = detection.detection_details.get('advisory_severity')
return Severity.get_member_weight(severity)
if severity:
return Severity.get_member_weight(severity)

return SEVERITY_UNKNOWN_WEIGHT

def _sort_detections_by_severity(self, detections: List[Detection]) -> List[Detection]:
return sorted(detections, key=self.__severity_sort_key, reverse=True)
Expand Down
Loading