Remove baseDir from IsSkippableDir #39

j0nnyr0berts · 2022-03-15T17:12:03Z

I would expect that if "{sep}var{sep}lib{sep}docker" is included in
blacklisted_paths that the contents of /var/lib/docker will not be
scanned
However, when scanning docker images, baseDir =
/tmp/Deepfence/SecretScanning/df_<image_name><imagetag>/ExtractedFiles
which means that /var/lib/docker is not skipped
Removing baseDir from the IsSkippableDir check also allows for
matching multiple directories with one pattern
- If this is seen as undesirable then we could always use strings.HasPrefix

Love the software and am keen to use it in CI pipelines but need to be able to effectively
ignore directories to control false positives 🙂

ramanan-ravi · 2022-03-23T12:07:27Z

@j0nnyr0berts Thanks for your contribution.

But following use case should also be handled:

Current code handles this.

Can you make this new behaviour optional based on a configuration parameter here?

j0nnyr0berts · 2022-03-23T12:09:24Z

@ramanan-ravi good point! How about using if strings.HasPrefix(path, skippablePathIndicator) instead?

ramanan-ravi · 2022-03-23T17:28:18Z

@ramanan-ravi good point! How about using if strings.HasPrefix(path, skippablePathIndicator) instead?

That works

j0nnyr0berts · 2022-03-24T16:33:11Z

@ramanan-ravi good point! How about using if strings.HasPrefix(path, skippablePathIndicator) instead?

That works

Updated! 🙂

Remove baseDir from skippable path check

d0e1e82

j0nnyr0berts force-pushed the remove_basedir_from_isskippabledir branch from 7255bbf to d0e1e82 Compare March 24, 2022 16:32

ramanan-ravi merged commit 2df7217 into deepfence:master Mar 24, 2022

Provide feedback