Merge pull request #1286 from Checkmarx/other/remove-filepath-from-secrets-ignore

Remove file path from secrets ignore flow (AST-00000)

Author: cx-daniel-greenspan

go.mod

@@ -139,7 +139,7 @@ require (
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
-	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect

go.sum

@@ -421,8 +421,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
-github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM=

internal/services/realtimeengine/secretsrealtime/config.go

@@ -13,6 +13,5 @@ type SecretsRealtimeResult struct {
 
 type IgnoredSecret struct {
 	Title       string `json:"Title"`
-	FilePath    string `json:"FilePath"`
 	SecretValue string `json:"SecretValue"`
 }

internal/services/realtimeengine/secretsrealtime/secrets-realtime.go

@@ -45,7 +45,7 @@ func NewSecretsRealtimeService(
 func filterIgnoredSecrets(results []SecretsRealtimeResult, ignoreMap map[string]bool) []SecretsRealtimeResult {
 	filtered := make([]SecretsRealtimeResult, 0, len(results))
 	for _, r := range results {
-		key := fmt.Sprintf("%s_%s_%s", r.Title, r.FilePath, r.SecretValue)
+		key := fmt.Sprintf("%s_%s", r.Title, r.SecretValue)
 		if !ignoreMap[key] {
 			filtered = append(filtered, r)
 		}
@@ -56,7 +56,7 @@ func filterIgnoredSecrets(results []SecretsRealtimeResult, ignoreMap map[string]
 func buildIgnoreMap(ignored []IgnoredSecret) map[string]bool {
 	m := make(map[string]bool)
 	for _, s := range ignored {
-		key := fmt.Sprintf("%s_%s_%s", s.Title, s.FilePath, s.SecretValue)
+		key := fmt.Sprintf("%s_%s", s.Title, s.SecretValue)
 		m[key] = true
 	}
 	return m

internal/services/realtimeengine/secretsrealtime/secrets-realtime_test.go

@@ -78,7 +78,7 @@ func TestRunSecretsRealtimeScan_WithIgnoreFile_FiltersResult(t *testing.T) {
 
 	ignoreFile := filepath.Join(tempDir, "ignored.json")
 	ignored := []IgnoredSecret{
-		{Title: "github-pat", FilePath: testFile, SecretValue: "ghp_1234567890abcdef123"},
+		{Title: "github-pat", SecretValue: "ghp_1234567890abcdef123"},
 	}
 	data, _ := json.Marshal(ignored)
 	assert.NoError(t, os.WriteFile(ignoreFile, data, 0644))