Fix disabling and overriding rules with a remote custom ruleset
What does this MR do?
This fix is based on the work from @eurie in:
- Support remote custom configuration (report!80 - merged)
- Support remote custom config (ruleset!27 - merged)
- Support remote custom configs (command!50 - merged)
To allow using a remote custom ruleset when disabling or overriding rules similar to kics!102 (merged).
The fix works by ensuring to set the correct ruleset and path when generating the gl-secret-detection-report.json file.
Resolves gitlab-org/gitlab#425251 (closed).
Testing
Testing this locally requires to create a go workspace as outlined below.
- Check out the
fix-disabling-overriding-rules-with-remote-custom-rulesetbranch forsecrets. - Clone the test project into
qa/fixtures:git@gitlab.com:gitlab-org/secure/tests/test-issue-425251/secret-detection.git. - Run
analyzer-build && analyzer-debug qa/fixtures/secret-detection. - In the debug container, export the following environment variables:
export GITLAB_FEATURES=sast_custom_rulesetsexport SECRET_DETECTION_RULESET_GIT_REFERENCE=gitlab.com/gitlab-org/secure/tests/test-issue-425251/ruleset
- Run the analyzer:
/analyzer run. - Verify that there are no results in the resulting
/tmp/app/gl-secret-detection-report.jsonfile.
Demo
Demo was created with only ruleset module updated to v3, but should still be applicable now.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles