Ignore suppressed issues by default (#964)

Author: pascalberger

docs/input/documentation/issue-providers/sarif/features.md

@@ -9,6 +9,7 @@ The [Cake.Issues.Sarif addin](https://cakebuild.net/extensions/cake-issues-sarif
 ## Basic features
 
 - [x] Reads issues from files in [SARIF](https://sarifweb.azurewebsites.net/){target="_blank"} format.
+- [x] Support for reading issues reported as suppressed by the linter
 
 ## Supported IIssue properties
 

src/Cake.Issues.Sarif.Tests/SarifIssuesProviderFixture.cs

@@ -5,12 +5,15 @@ internal class SarifIssuesProviderFixture(string fileResourceName)
 {
     public bool UseToolNameAsIssueProviderName { get; set; } = true;
 
+    public bool IgnoreSuppressedIssues { get; set; } = true;
+
     protected override string FileResourceNamespace => "Cake.Issues.Sarif.Tests.Testfiles.";
 
     protected override SarifIssuesSettings CreateIssueProviderSettings()
     {
         var settings = base.CreateIssueProviderSettings();
         settings.UseToolNameAsIssueProviderName = this.UseToolNameAsIssueProviderName;
+        settings.IgnoreSuppressedIssues = this.IgnoreSuppressedIssues;
         return settings;
     }
 

src/Cake.Issues.Sarif.Tests/SarifIssuesProviderTests.cs

@@ -94,7 +94,10 @@ public void Should_Read_Issue_Correct_For_Recommended_File_With_Source()
         public void Should_Read_Issue_Correct_For_Comprehensive_File()
         {
             // Given
-            var fixture = new SarifIssuesProviderFixture("comprehensive.sarif");
+            var fixture = new SarifIssuesProviderFixture("comprehensive.sarif")
+            {
+                IgnoreSuppressedIssues = false
+            };
 
             // When
             var issues = fixture.ReadIssues().ToList();
@@ -118,6 +121,86 @@ public void Should_Read_Issue_Correct_For_Comprehensive_File()
                     .Create());
         }
 
+        [Fact]
+        public void Should_Ignore_Suppressed_Issues_If_IgnoreSuppressedIssues_Is_Enabled()
+        {
+            // Given
+            var fixture = new SarifIssuesProviderFixture("suppression-without-status.sarif")
+            {
+                IgnoreSuppressedIssues = true
+            };
+
+            // When
+            var issues = fixture.ReadIssues().ToList();
+
+            // Then
+            issues.Count.ShouldBe(0);
+        }
+
+        [Fact]
+        public void Should_Read_Suppressed_Issues_If_IgnoreSuppressedIssues_Is_Disabled()
+        {
+            // Given
+            var fixture = new SarifIssuesProviderFixture("suppression-without-status.sarif")
+            {
+                IgnoreSuppressedIssues = false
+            };
+
+            // When
+            var issues = fixture.ReadIssues().ToList();
+
+            // Then
+            issues.Count.ShouldBe(1);
+        }
+
+        [Fact]
+        public void Should_Ignore_Suppressed_Issues_With_Status_Accepted()
+        {
+            // Given
+            var fixture = new SarifIssuesProviderFixture("suppression-accepted.sarif")
+            {
+                IgnoreSuppressedIssues = true
+            };
+
+            // When
+            var issues = fixture.ReadIssues().ToList();
+
+            // Then
+            issues.Count.ShouldBe(0);
+        }
+
+        [Fact]
+        public void Should_Read_Suppressed_Issues_With_Status_Under_Review()
+        {
+            // Given
+            var fixture = new SarifIssuesProviderFixture("suppression-under-review.sarif")
+            {
+                IgnoreSuppressedIssues = true
+            };
+
+            // When
+            var issues = fixture.ReadIssues().ToList();
+
+            // Then
+            issues.Count.ShouldBe(1);
+        }
+
+        [Fact]
+        public void Should_Read_Suppressed_Issues_With_Status_Rejected()
+        {
+            // Given
+            var fixture = new SarifIssuesProviderFixture("suppression-rejected.sarif")
+            {
+                IgnoreSuppressedIssues = true
+            };
+
+            // When
+            var issues = fixture.ReadIssues().ToList();
+
+            // Then
+            issues.Count.ShouldBe(1);
+        }
+
         [Fact]
         public void Should_Consider_UseToolNameAsIssueProviderName()
         {

src/Cake.Issues.Sarif.Tests/Testfiles/suppression-accepted.sarif

@@ -0,0 +1,66 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Checkov",
+          "version": "3.2.351",
+          "informationUri": "https://checkov.io",
+          "rules": [
+            {
+              "id": "CKV_DOCKER_3",
+              "name": "Ensure that a user for the container has been created",
+              "shortDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "fullDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "help": {
+                "text": "Ensure that a user for the container has been created\nResource: /TenantInstance/TenantInstance.Frontend/Dockerfile."
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "helpUri": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created"
+            }
+          ],
+          "organization": "bridgecrew"
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CKV_DOCKER_3",
+          "ruleIndex": 0,
+          "level": "warning",
+          "attachments": [],
+          "message": {
+            "text": "Ensure that a user for the container has been created"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "src/Dockerfile"
+                },
+                "region": {
+                  "startLine": 1,
+                  "endLine": 24
+                }
+              }
+            }
+          ],
+          "suppressions": [
+            {
+              "kind": "external",
+              "status": "accepted",
+              "justification": " Is not used in production and therefore is OK to run as root user"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

src/Cake.Issues.Sarif.Tests/Testfiles/suppression-rejected.sarif

@@ -0,0 +1,66 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Checkov",
+          "version": "3.2.351",
+          "informationUri": "https://checkov.io",
+          "rules": [
+            {
+              "id": "CKV_DOCKER_3",
+              "name": "Ensure that a user for the container has been created",
+              "shortDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "fullDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "help": {
+                "text": "Ensure that a user for the container has been created\nResource: /TenantInstance/TenantInstance.Frontend/Dockerfile."
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "helpUri": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created"
+            }
+          ],
+          "organization": "bridgecrew"
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CKV_DOCKER_3",
+          "ruleIndex": 0,
+          "level": "warning",
+          "attachments": [],
+          "message": {
+            "text": "Ensure that a user for the container has been created"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "src/Dockerfile"
+                },
+                "region": {
+                  "startLine": 1,
+                  "endLine": 24
+                }
+              }
+            }
+          ],
+          "suppressions": [
+            {
+              "kind": "external",
+              "status": "rejected",
+              "justification": " Is not used in production and therefore is OK to run as root user"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

src/Cake.Issues.Sarif.Tests/Testfiles/suppression-under-review.sarif

@@ -0,0 +1,66 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Checkov",
+          "version": "3.2.351",
+          "informationUri": "https://checkov.io",
+          "rules": [
+            {
+              "id": "CKV_DOCKER_3",
+              "name": "Ensure that a user for the container has been created",
+              "shortDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "fullDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "help": {
+                "text": "Ensure that a user for the container has been created\nResource: /TenantInstance/TenantInstance.Frontend/Dockerfile."
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "helpUri": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created"
+            }
+          ],
+          "organization": "bridgecrew"
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CKV_DOCKER_3",
+          "ruleIndex": 0,
+          "level": "warning",
+          "attachments": [],
+          "message": {
+            "text": "Ensure that a user for the container has been created"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "src/Dockerfile"
+                },
+                "region": {
+                  "startLine": 1,
+                  "endLine": 24
+                }
+              }
+            }
+          ],
+          "suppressions": [
+            {
+              "kind": "external",
+              "status": "underReview",
+              "justification": " Is not used in production and therefore is OK to run as root user"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

src/Cake.Issues.Sarif.Tests/Testfiles/suppression-without-status.sarif

@@ -0,0 +1,65 @@
+{
+  "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
+  "version": "2.1.0",
+  "runs": [
+    {
+      "tool": {
+        "driver": {
+          "name": "Checkov",
+          "version": "3.2.351",
+          "informationUri": "https://checkov.io",
+          "rules": [
+            {
+              "id": "CKV_DOCKER_3",
+              "name": "Ensure that a user for the container has been created",
+              "shortDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "fullDescription": {
+                "text": "Ensure that a user for the container has been created"
+              },
+              "help": {
+                "text": "Ensure that a user for the container has been created\nResource: /TenantInstance/TenantInstance.Frontend/Dockerfile."
+              },
+              "defaultConfiguration": {
+                "level": "error"
+              },
+              "helpUri": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/docker-policies/docker-policy-index/ensure-that-a-user-for-the-container-has-been-created"
+            }
+          ],
+          "organization": "bridgecrew"
+        }
+      },
+      "results": [
+        {
+          "ruleId": "CKV_DOCKER_3",
+          "ruleIndex": 0,
+          "level": "warning",
+          "attachments": [],
+          "message": {
+            "text": "Ensure that a user for the container has been created"
+          },
+          "locations": [
+            {
+              "physicalLocation": {
+                "artifactLocation": {
+                  "uri": "src/Dockerfile"
+                },
+                "region": {
+                  "startLine": 1,
+                  "endLine": 24
+                }
+              }
+            }
+          ],
+          "suppressions": [
+            {
+              "kind": "inSource",
+              "justification": " Is not used in production and therefore is OK to run as root user"
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}