feat(action): add skip_audited and verbose options to baseline2rdf

reviewdog · Jan 15, 2024 · 6d57692 · 6d57692
1 parent f9d3255
commit 6d57692
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 14 deletions.
diff --git a/action.yml b/action.yml
@@ -34,6 +34,12 @@ inputs:
   baseline_path:
     description: The baseline path to update. If not provided, a new baseline will be created.
     default: ""
+  skip_audited:
+    description: Whether to skip secrets that have been audited. [true,false]
+    default: "false"
+  verbose:
+    description: Whether to print verbose output. [true,false]
+    default: "false"
 runs:
   using: docker
   image: Dockerfile

diff --git a/baseline2rdf.py b/baseline2rdf.py
@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 import sys
 import json
+import argparse
 
 rdjson = {
     'source': {
@@ -13,29 +14,33 @@
 }
 
 
-def main():
+def main(skip_audited: bool = False, verbose: bool = False):
     baseline = json.load(sys.stdin)
     if not baseline['results']:
         baseline['results'] = {}
 
     results = {}
     for detects in baseline['results'].values():
         for item in detects:
-            key = '%s:%s' % (item['filename'], item['line_number'])
-            if key in results:
-                results[key]['message'] += '\n* ' + item['type']
+            if skip_audited and 'is_secret' in item and not item['is_secret']:
+                if verbose:
+                    print('Skipping verified secret in : %s' % item['filename'])
             else:
-                results[key] = {
-                    'message': '\n* ' + item['type'],
-                    'location': {
-                        'path': item['filename'],
-                        'range': {
-                            'start': {
-                                'line': item['line_number']
+                key = '%s:%s' % (item['filename'], item['line_number'])
+                if key in results:
+                    results[key]['message'] += '\n* ' + item['type']
+                else:
+                    results[key] = {
+                        'message': '\n* ' + item['type'],
+                        'location': {
+                            'path': item['filename'],
+                            'range': {
+                                'start': {
+                                    'line': item['line_number']
+                                }
                             }
                         }
                     }
-                }
 
     for result in results.values():
         rdjson['diagnostics'].append(result)
@@ -50,4 +55,12 @@ def main():
 
 
 if __name__ == '__main__':
-    sys.exit(main())
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--skip-audited', dest='skip_audited', action='store_true')
+    parser.add_argument('--no-skip-audited', dest='skip_audited', action='store_false')
+    parser.set_defaults(skip_audited=False)
+    parser.add_argument('--verbose', dest='verbose', action='store_true')
+    parser.set_defaults(verbose=False)
+    args = parser.parse_args()
+
+    sys.exit(main(skip_audited=args.skip_audited, verbose=args.verbose))
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -16,7 +16,14 @@ else
     detect-secrets scan ${INPUT_DETECT_SECRETS_FLAGS} ${INPUT_WORKDIR} > /tmp/.secrets.baseline
 fi
 
-cat /tmp/.secrets.baseline | baseline2rdf \
+if [ "${INPUT_SKIP_AUDITED}" = "true" ]; then
+    SKIP_VERIFIED_FLAG="--skip-verified"
+fi
+if [ "${INPUT_VERBOSE}" = "true" ]; then
+    VERBOSE_FLAG="--verbose"
+fi
+
+cat /tmp/.secrets.baseline | baseline2rdf ${SKIP_VERIFIED_FLAG} ${VERBOSE_FLAG} \
     | reviewdog -f=rdjson \
         -name="${INPUT_NAME:-detect-secrets}" \
         -filter-mode="${INPUT_FILTER_MODE:-added}" \