diff options
author | lhinds <lhinds@redhat.com> | 2017-10-10 14:13:55 +0100 |
---|---|---|
committer | lhinds <lhinds@redhat.com> | 2017-10-10 14:20:48 +0100 |
commit | 1d191aa05617587f889880bb5344c84a422706e5 (patch) | |
tree | a9f9dcdbc0a87186ae01aa2f08e364b1f1458d07 /anteater/src/project_scan.py | |
parent | 3cae5dfd7bbcb64f1ac6fb2263043b251a15ebc0 (diff) |
Implements master ignore list
This change introduces a master ignore list, to save having
to repeat ignore strings in every project exception file.
This is achieved via a new ignore_list.yaml file that is
merged with the project exception list and then used for the
re.search ignore statement in both patch_scan.py and
project_scan.py
Change-Id: Ifb60b8ba3091603182c2025dbbbfd1a88a72439b
Signed-off-by: lhinds <lhinds@redhat.com>
Diffstat (limited to 'anteater/src/project_scan.py')
-rw-r--r-- | anteater/src/project_scan.py | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/anteater/src/project_scan.py b/anteater/src/project_scan.py index 12e9a97..9bb3539 100644 --- a/anteater/src/project_scan.py +++ b/anteater/src/project_scan.py @@ -30,6 +30,7 @@ config = six.moves.configparser.RawConfigParser() config.read('anteater.conf') reports_dir = config.get('config', 'reports_dir') master_list = config.get('config', 'master_list') +ignore_list = config.get('config', 'master_list') ignore_dirs = ['.git'] hasher = hashlib.sha256() @@ -47,7 +48,7 @@ def prepare_project(project, project_dir): file_audit_list, file_audit_project_list = lists.file_audit_list(project) # Get file content black list and project waivers - master_list, project_list = lists.file_content_list(project) + master_list, ignore_list = lists.file_content_list(project) # Get File Ignore Lists file_ignore = lists.file_ignore() @@ -58,8 +59,8 @@ def prepare_project(project, project_dir): # Perform rudimentary scans scan_file(project_dir, project, binary_list,file_audit_list, - file_audit_project_list, master_list, file_ignore, - project_list) + file_audit_project_list, master_list, ignore_list, + file_ignore) # Perform licence header checks licence_check(licence_ext, licence_ignore, project, project_dir) @@ -67,8 +68,8 @@ def prepare_project(project, project_dir): def scan_file(project_dir, project, binary_list, file_audit_list, - file_audit_project_list, master_list, file_ignore, - project_list): + file_audit_project_list, master_list, ignore_list, + file_ignore): """Searches for banned strings and files that are listed """ for root, dirs, files in os.walk(project_dir): # Filter out ignored directories from list. @@ -90,9 +91,10 @@ def scan_file(project_dir, project, binary_list, file_audit_list, write('Matched String: {0}'. format(match.group())) - # Check if Binary is whitelisted + # Check if Binary is whitelisted hashlist = get_lists.GetLists() binary_hash = hashlist.binary_hash(project, full_path) + if is_binary(full_path) and not binary_list.search(full_path): with open(full_path, 'rb') as afile: buf = afile.read() @@ -124,7 +126,7 @@ def scan_file(project_dir, project, binary_list, file_audit_list, regex = value['regex'] desc = value['desc'] if re.search(regex, line) and not re.search( - project_list, line): + ignore_list, line): logger.error('File contains violation: %s', full_path) logger.error('Flagged Content: %s', |