feat: [DGP-789] treat ignored/pending ignore issues in line with legacy CLI

bsalomon-snyk · bsalomon-snyk · commit 0da1e9b085f0 · 2025-08-16T14:13:49.000-04:00
- pending ignores are counted as Open issues and labeled with [ PENDING IGNORE... ]
  - ignored issues are labeled [ IGNORED ] and counted in Total Issues but not Open issues
  - both are prepended with "!" instead of "X"
diff --git a/internal/presenters/funcs.go b/internal/presenters/funcs.go
@@ -248,9 +248,12 @@ func isOpenFinding() func(obj any) bool {
 		if !ok {
 			return false
 		}
-		// A finding is considered "open" if it has no suppression information.
-		// A rejected suppression is not represented as a status, but by the absence of a suppression object.
-		return finding.Attributes.Suppression == nil
+		// Treat findings as open unless they are explicitly ignored.
+		// Pending ignore approvals and other statuses remain visible as open issues.
+		if finding.Attributes == nil || finding.Attributes.Suppression == nil {
+			return true
+		}
+		return finding.Attributes.Suppression.Status != testapi.SuppressionStatusIgnored
 	}
 }
 
@@ -314,12 +317,12 @@ func isNotLicenseFindingFilter() func(obj any) bool {
 
 // hasSuppression checks if a finding has any suppression.
 func hasSuppression(finding testapi.FindingData) bool {
-	if finding.Attributes.Suppression == nil {
+	if finding.Attributes == nil || finding.Attributes.Suppression == nil {
 		return false
 	}
 
-	// If a suppression object exists, the finding is considered suppressed (either ignored or pending).
-	return true
+	// Treat as suppressed unless the suppression status is "other" (treating as rejected).
+	return finding.Attributes.Suppression.Status != testapi.SuppressionStatusOther
 }
 
 // getCliTemplateFuncMap returns the template function map for CLI rendering.
@@ -475,12 +478,12 @@ func getSummaryResultsByIssueType(issueType string, findings []testapi.FindingDa
 
 		totalBySeverity[severity]++
 
-		// Determine suppression state
+		// Determine suppression state: only explicit "ignored" should reduce open counts.
 		isIgnored := false
 		isOpen := true
 		if f.Attributes != nil && f.Attributes.Suppression != nil {
-			isOpen = false
 			isIgnored = f.Attributes.Suppression.Status == testapi.SuppressionStatusIgnored
+			isOpen = !isIgnored
 		}
 
 		if isOpen {
diff --git a/internal/presenters/presenter_unified_finding_test.go b/internal/presenters/presenter_unified_finding_test.go
@@ -332,3 +332,78 @@ func TestUnifiedFindingPresenter_CliOutput(t *testing.T) {
 		assert.NotContains(t, out, "Total security issues")
 	})
 }
+
+// TestUnifiedFindingPresenter_PendingIgnore_ShownAsOpenWithLabelAndBang verifies that pending ignores are shown as open with a label and ! marker.
+func TestUnifiedFindingPresenter_PendingIgnore_ShownAsOpenWithLabelAndBang(t *testing.T) {
+	config := configuration.New()
+	buffer := &bytes.Buffer{}
+	// Use ASCII to avoid color codes in assertions
+	lipgloss.SetColorProfile(termenv.Ascii)
+
+	pendingFinding := testapi.FindingData{
+		Id:   util.Ptr(uuid.New()),
+		Type: util.Ptr(testapi.Findings),
+		Attributes: &testapi.FindingAttributes{
+			Title:       "Pending Suppression Finding",
+			Rating:      testapi.Rating{Severity: testapi.Severity("low")},
+			Suppression: &testapi.Suppression{Status: testapi.SuppressionStatusPendingIgnoreApproval},
+		},
+	}
+
+	projectResult := &presenters.UnifiedProjectResult{
+		Findings: []testapi.FindingData{pendingFinding},
+		Summary: &json_schemas.TestSummary{
+			Type:             "open-source",
+			Path:             "test/path",
+			SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+			Results:          []json_schemas.TestSummaryResult{{Severity: "low", Open: 1, Total: 1}},
+		},
+	}
+
+	presenter := presenters.NewUnifiedFindingsRenderer([]*presenters.UnifiedProjectResult{projectResult}, config, buffer)
+	err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+	assert.NoError(t, err)
+
+	out := buffer.String()
+	// Label should be inline on the issue line (after the title) with a preceding space
+	assert.Contains(t, out, " ! [LOW] Pending Suppression Finding [ PENDING IGNORE... ]")
+}
+
+// TestUnifiedFindingPresenter_Ignored_ShownInIgnoredSectionWithBang verifies that ignored findings are shown in the ignored section with a ! marker.
+func TestUnifiedFindingPresenter_Ignored_ShownInIgnoredSectionWithBang(t *testing.T) {
+	config := configuration.New()
+	buffer := &bytes.Buffer{}
+	// Ensure ignored section is rendered
+	config.Set("include-ignores", true)
+	// Use ASCII to avoid color codes in assertions
+	lipgloss.SetColorProfile(termenv.Ascii)
+
+	ignoredFinding := testapi.FindingData{
+		Id:   util.Ptr(uuid.New()),
+		Type: util.Ptr(testapi.Findings),
+		Attributes: &testapi.FindingAttributes{
+			Title:       "Ignored Suppression Finding",
+			Rating:      testapi.Rating{Severity: testapi.Severity("medium")},
+			Suppression: &testapi.Suppression{Status: testapi.SuppressionStatusIgnored},
+		},
+	}
+
+	projectResult := &presenters.UnifiedProjectResult{
+		Findings: []testapi.FindingData{ignoredFinding},
+		Summary: &json_schemas.TestSummary{
+			Type:             "open-source",
+			Path:             "test/path",
+			SeverityOrderAsc: []string{"low", "medium", "high", "critical"},
+			Results:          []json_schemas.TestSummaryResult{{Severity: "medium", Ignored: 1, Total: 1}},
+		},
+	}
+
+	presenter := presenters.NewUnifiedFindingsRenderer([]*presenters.UnifiedProjectResult{projectResult}, config, buffer)
+	err := presenter.RenderTemplate(presenters.DefaultTemplateFiles, presenters.DefaultMimeType)
+	assert.NoError(t, err)
+
+	out := buffer.String()
+	assert.Contains(t, out, "Ignored Issues")
+	// Ignored entries appear with ! and IGNORED label
+	assert.Contains(t, out, " ! [IGNORED] [MEDIUM] Ignored Suppression Finding")
+}
diff --git a/internal/presenters/templates/finding.component.tmpl b/internal/presenters/templates/finding.component.tmpl
@@ -1,8 +1,6 @@
 {{define "finding"}}
 {{- (renderToString "severity" . | toUpperCase | renderInSeverityColor )}} {{print .Attributes.Title | bold}}
-{{- if .Attributes.Suppression }}{{if eq .Attributes.Suppression.Status "ignored" }} [ IGNORED ]
-{{- else if eq .Attributes.Suppression.Status "pending_ignore_approval" }} [ PENDING IGNORE... ] {{- else}}{{end -}}
-{{- else}}{{end}}
+{{- template "suppression_label" . -}}
 
    Finding ID: {{ getFindingId . }}
 {{- range $location := .Attributes.Locations}}
@@ -26,4 +24,12 @@
 {{- define "severity"}}
   {{- if not (hasSuppression .) }} ✗ {{ else }} ! {{ end -}}
   [{{.Attributes.Rating.Severity}}]
-{{- end}}
+{{- end}}
+
+{{- define "suppression_label" -}}
+  {{- if .Attributes.Suppression -}}
+    {{- if eq .Attributes.Suppression.Status "ignored" }} [ IGNORED ]
+    {{- else if eq .Attributes.Suppression.Status "pending_ignore_approval" }} [ PENDING IGNORE... ]
+    {{- else }}{{- end -}}
+  {{- end -}}
+{{- end -}}
diff --git a/internal/presenters/templates/unified_finding.tmpl b/internal/presenters/templates/unified_finding.tmpl
@@ -42,7 +42,12 @@
 		{{- range $finding := $openFindings }}
 			{{- $severity := getFieldValueFrom $finding "Attributes.Rating.Severity" -}}
 			{{- $title := getFieldValueFrom $finding "Attributes.Title" -}}
-			{{- printf " ✗ %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- if not (hasSuppression $finding) -}}
+				{{- printf " ✗ %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- else -}}
+				{{- printf " ! %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- end -}}
+			{{- template "suppression_label" $finding -}}
 			{{- template "finding_details" $finding -}}
 		{{- end }}
     {{- end }}
@@ -51,15 +56,12 @@
 		{{- range $finding := $licenseFindings }}
 			{{- $severity := getFieldValueFrom $finding "Attributes.Rating.Severity" -}}
 			{{- $title := getFieldValueFrom $finding "Attributes.Title" -}}
-			{{- printf " ✗ %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
-			{{- template "finding_details" $finding -}}
-		{{- end }}
-    {{- end }}
-    {{- if $hasPendingIgnoreFindings }}
-		{{- range $finding := $pendingIgnoreFindings }}
-			{{- $severity := getFieldValueFrom $finding "Attributes.Rating.Severity" -}}
-			{{- $title := getFieldValueFrom $finding "Attributes.Title" -}}
-			{{- printf " ! [PENDING] %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- if not (hasSuppression $finding) -}}
+				{{- printf " ✗ %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- else -}}
+				{{- printf " ! %s %s" (printf "[%s]" ($severity | toUpperCase) | renderInSeverityColor) ($title | bold) -}}
+			{{- end -}}
+			{{- template "suppression_label" $finding -}}
 			{{- template "finding_details" $finding -}}
 		{{- end }}
     {{- end }}
