degrecate config file ignoring

Author: tim-thacker-nullify

Makefile

@@ -20,8 +20,7 @@ cov:
 lint: lint-go lint-docker
 
 lint-go:
-	docker build --quiet --target golangci-lint -t golangci-lint:latest .
-	docker run --rm -v $(shell pwd):/app -w /app golangci-lint golangci-lint run ./...
+	golangci-lint run ./cmd/... ./pkg/... ./tests/...
 
 lint-docker:
 	docker build --quiet --target hadolint -t hadolint:latest .

examples/nullify.yaml

@@ -47,53 +47,17 @@ scheduled_notifications:
       - config-file-parser
       - dast-action
       - cli
-code:
-  auto_fix:
-    enabled: true
-    max_pull_requests_open: 2
-    max_pull_request_creation_rate:
-      count: 1
-      days: 1
-  ignore:
-    - cwes: [ 589 ] # Potential HTTP request made with variable url
-      reason: HTTP requests with variables in tests don't matter
-      paths: [ "**/tests/*" ]
-      repositories:
-        - config-file-parser
-        - dast-action
-        - cli
-    - rule_ids: [ python-sql-injection ]
-      reason: This code won't be going live until next year but we should fix it before then
-      expiry: "2021-12-31"
-dependencies:
-  auto_fix:
-    enabled: true
-    max_pull_requests_open: 2
-    max_pull_request_creation_rate:
-      count: 1
-      days: 1
-  ignore:
-    - cves: [ CVE-2021-1234 ]
-      reason: This is a false positive
-      expiry: "2021-12-31"
-    - cves: [ CVE-2021-5678 ]
-      reason: This isn't exploitable in client applications
-      expiry: "2021-12-31"
-      repositories:
-        - dast-action
-        - cli
 secrets:
   ignore:
     - value: mocksecret123
       reason: This is a test secret, it has no access to anything
-      paths: [ "**/tests/*" ]
     - pattern: id[0-9]+
       reason: These are not secrets, they are internal identifiers
     - value: actualsecret123
       reason: We can't remove this right now but we should
       expiry: "2021-12-31"
     - sha256: 87cbebfeebc05f7c54ac9336c4b4bbec831227a641951a4bde7edd56020f8590 # this is correct-horse-battery-staple
-      reason: This was allowlisted from the Nullify dashboard
+      reason: This was ignored from the Nullify dashboard
 integrations:
   jira:
     disabled: true

pkg/models/code.go

@@ -2,8 +2,10 @@ package models
 
 type Code struct {
 	EnableFailBuilds *bool        `yaml:"enable_fail_builds,omitempty"`
-	AutoFix          *AutoFix     `yaml:"auto_fix,omitempty"`
 	Ignore           []CodeIgnore `yaml:"ignore,omitempty"`
+
+	// TODO deprecate
+	AutoFix *AutoFix `yaml:"auto_fix,omitempty"`
 }
 
 type CodeIgnore struct {
@@ -14,8 +16,10 @@ type CodeIgnore struct {
 	CWEs    []int    `yaml:"cwes,omitempty"`
 	RuleIDs []string `yaml:"rule_ids,omitempty"`
 	Dirs    []string `yaml:"dirs,omitempty"`
-	Paths   []string `yaml:"paths,omitempty"`
 
 	// global config only
 	Repositories []string `yaml:"repositories,omitempty"`
+
+	// TODO deprecate
+	Paths []string `yaml:"paths,omitempty"`
 }

pkg/models/dependencies.go

@@ -2,19 +2,23 @@ package models
 
 type Dependencies struct {
 	EnableFailBuilds *bool                `yaml:"enable_fail_builds,omitempty"`
-	AutoFix          *AutoFix             `yaml:"auto_fix,omitempty"`
 	Ignore           []DependenciesIgnore `yaml:"ignore,omitempty"`
+
+	// TODO deprecate
+	AutoFix *AutoFix `yaml:"auto_fix,omitempty"`
 }
 
 type DependenciesIgnore struct {
 	Reason string `yaml:"reason,omitempty"`
 	Expiry string `yaml:"expiry,omitempty"`
 
 	// matchers
-	CVEs  []string `yaml:"cves,omitempty"`
-	Dirs  []string `yaml:"dirs,omitempty"`
-	Paths []string `yaml:"paths,omitempty"`
+	CVEs []string `yaml:"cves,omitempty"`
+	Dirs []string `yaml:"dirs,omitempty"`
 
 	// global config only
 	Repositories []string `yaml:"repositories,omitempty"`
+
+	// TODO deprecate
+	Paths []string `yaml:"paths,omitempty"`
 }

pkg/models/secrets.go

@@ -18,6 +18,9 @@ type SecretsIgnore struct {
 
 	// global config only
 	Repositories []string `yaml:"repositories,omitempty"`
+
+	// TODO deprecate
+	Paths []string `yaml:"paths,omitempty"`
 }
 
 type SecretsCustomPattern struct {

tests/empty_fail_build.yaml

@@ -43,34 +43,10 @@ scheduled_notifications:
       - config-file-parser
       - dast-action
       - cli
-code:
-  ignore:
-    - cwes: [ 589 ] # Potential HTTP request made with variable url
-      reason: HTTP requests with variables in tests don't matter
-      paths: [ "**/tests/*" ]
-      repositories:
-        - config-file-parser
-        - dast-action
-        - cli
-    - rule_ids: [ python-sql-injection ]
-      reason: This code won't be going live until next year but we should fix it before then
-      expiry: "2021-12-31"
-dependencies:
-  ignore:
-    - cves: [ CVE-2021-1234 ]
-      reason: This is a false positive
-      expiry: "2021-12-31"
-    - cves: [ CVE-2021-5678 ]
-      reason: This isn't exploitable in client applications
-      expiry: "2021-12-31"
-      repositories:
-        - dast-action
-        - cli
 secrets:
   ignore:
     - value: mocksecret123
       reason: This is a test secret, it has no access to anything
-      paths: [ "**/tests/*" ]
     - pattern: id[0-9]+
       reason: These are not secrets, they are internal identifiers
     - value: actualsecret123

tests/integration_test.go

@@ -107,43 +107,6 @@ func TestIntegration(t *testing.T) {
 				},
 			},
 		},
-		Code: models.Code{
-			Ignore: []models.CodeIgnore{
-				{
-					CWEs:   []int{589},
-					Reason: "HTTP requests with variables in tests don't matter",
-					Paths:  []string{"**/tests/*"},
-					Repositories: []string{
-						"config-file-parser",
-						"dast-action",
-						"cli",
-					},
-				},
-				{
-					RuleIDs: []string{"python-sql-injection"},
-					Reason:  "This code won't be going live until next year but we should fix it before then",
-					Expiry:  "2021-12-31",
-				},
-			},
-		},
-		Dependencies: models.Dependencies{
-			Ignore: []models.DependenciesIgnore{
-				{
-					CVEs:   []string{"CVE-2021-1234"},
-					Reason: "This is a false positive",
-					Expiry: "2021-12-31",
-				},
-				{
-					CVEs:   []string{"CVE-2021-5678"},
-					Reason: "This isn't exploitable in client applications",
-					Expiry: "2021-12-31",
-					Repositories: []string{
-						"dast-action",
-						"cli",
-					},
-				},
-			},
-		},
 		Integrations: models.Integrations{
 			Jira: &models.Jira{
 				Disabled:          false,
@@ -248,43 +211,6 @@ func TestEmptyFailsBuildField(t *testing.T) {
 				},
 			},
 		},
-		Code: models.Code{
-			Ignore: []models.CodeIgnore{
-				{
-					CWEs:   []int{589},
-					Reason: "HTTP requests with variables in tests don't matter",
-					Paths:  []string{"**/tests/*"},
-					Repositories: []string{
-						"config-file-parser",
-						"dast-action",
-						"cli",
-					},
-				},
-				{
-					RuleIDs: []string{"python-sql-injection"},
-					Reason:  "This code won't be going live until next year but we should fix it before then",
-					Expiry:  "2021-12-31",
-				},
-			},
-		},
-		Dependencies: models.Dependencies{
-			Ignore: []models.DependenciesIgnore{
-				{
-					CVEs:   []string{"CVE-2021-1234"},
-					Reason: "This is a false positive",
-					Expiry: "2021-12-31",
-				},
-				{
-					CVEs:   []string{"CVE-2021-5678"},
-					Reason: "This isn't exploitable in client applications",
-					Expiry: "2021-12-31",
-					Repositories: []string{
-						"dast-action",
-						"cli",
-					},
-				},
-			},
-		},
 	}
 
 	config, err := parser.LoadFromFile("empty_fail_build.yaml")

tests/nullify.yaml

@@ -47,34 +47,10 @@ scheduled_notifications:
       - config-file-parser
       - dast-action
       - cli
-code:
-  ignore:
-    - cwes: [ 589 ] # Potential HTTP request made with variable url
-      reason: HTTP requests with variables in tests don't matter
-      paths: [ "**/tests/*" ]
-      repositories:
-        - config-file-parser
-        - dast-action
-        - cli
-    - rule_ids: [ python-sql-injection ]
-      reason: This code won't be going live until next year but we should fix it before then
-      expiry: "2021-12-31"
-dependencies:
-  ignore:
-    - cves: [ CVE-2021-1234 ]
-      reason: This is a false positive
-      expiry: "2021-12-31"
-    - cves: [ CVE-2021-5678 ]
-      reason: This isn't exploitable in client applications
-      expiry: "2021-12-31"
-      repositories:
-        - dast-action
-        - cli
 secrets:
   ignore:
     - value: mocksecret123
       reason: This is a test secret, it has no access to anything
-      paths: [ "**/tests/*" ]
     - pattern: id[0-9]+
       reason: These are not secrets, they are internal identifiers
     - value: actualsecret123