Support whitelists per check @urjitbhatia

Support whitelists per check using option -w whitelistfile.txt
2026-02-10 14:55:00 +00:00 · 2020-05-06 22:46:57 +02:00
parent 412c9c1e5a 8cdf3838a0
commit 68ad3a7461
4 changed files with 63 additions and 14 deletions
--- a/include/colors
+++ b/include/colors
@@ -47,7 +47,7 @@ else
  # Colors
  # NOTE: Your editor may NOT show the 0x1b / escape character left of the '['
  NORMAL="[0;39m"
-  WARNING="[1;33m"          # Bad (red)
+  WARNING="[0;33m"          # Warning (brown)
  SECTION="[1;33m"          # Section (yellow)
  NOTICE="[1;33m"           # Notice (yellow)
  OK="[1;32m"               # Ok (green)
@@ -68,6 +68,6 @@ fi
 printColorsCode(){
  if [[ $MONOCHROME -eq 0 ]]; then
    echo -e "\n$NORMAL Colors code for results: "
-    echo -e "$NOTICE INFO (Information)$NORMAL,$OK PASS (Recommended value)$NORMAL, $BAD FAIL (Fix required)$NORMAL, $PURPLE Not Scored $NORMAL"
+    echo -e "$NOTICE INFO (Information)$NORMAL,$OK PASS (Recommended value)$NORMAL, $WARNING WARNING (Ignored by whitelist)$NORMAL, $BAD FAIL (Fix required)$NORMAL, $PURPLE Not Scored $NORMAL"
  fi
 }
--- a/include/outputs
+++ b/include/outputs
@@ -84,34 +84,56 @@ textInfo(){
 }

 textFail(){
-  FAIL_COUNTER=$((FAIL_COUNTER+1))
-  EXITCODE=3
+  ## ignore whitelists for current check
+  level="FAIL"
+  colorcode="$BAD"
+  for i in $IGNORES; do
+    ignore_check_name="${i%:*}"
+    ignore_value="${i#*${CHECK_NAME}:}"
+    if [[ ${ignore_check_name} != "${CHECK_NAME}" ]]; then
+      # not for this check
+      continue
+    fi
+    if [[ $1 =~ ${ignore_value} ]]; then
+      level="WARNING"
+      colorcode="$WARNING"
+      break
+    fi
+  done
+
+  # only set non-0 exit code on FAIL mode, WARN is ok
+  if [[ "$level" == "FAIL" ]]; then
+    FAIL_COUNTER=$((FAIL_COUNTER+1))
+    EXITCODE=3
+  fi
+  
  if [[ $2 ]]; then
    REPREGION=$2
  else
    REPREGION=$REGION
  fi
+  
  if [[ "${MODES[@]}" =~ "csv" ]]; then
-    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}FAIL${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$1" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
+    echo "$PROFILE${SEP}$ACCOUNT_NUM${SEP}$REPREGION${SEP}$TITLE_ID${SEP}${level}${SEP}$ITEM_SCORED${SEP}$ITEM_LEVEL${SEP}$TITLE_TEXT${SEP}$1" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_CSV}
  fi
  if [[ "${MODES[@]}" =~ "json" ]]; then
-    generateJsonOutput "$1" "Fail" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
+    generateJsonOutput "$1" "${level}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_JSON}
  fi
  if [[ "${MODES[@]}" =~ "json-asff" ]]; then
-    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "FAILED" "HIGH")
+    JSON_ASFF_OUTPUT=$(generateJsonAsffOutput "$1" "${level}" "HIGH")
    echo "${JSON_ASFF_OUTPUT}" | tee -a ${OUTPUT_FILE_NAME}.${EXTENSION_ASFF}
    if [[ "${SEND_TO_SECURITY_HUB}" -eq 1 ]]; then
      sendToSecurityHub "${JSON_ASFF_OUTPUT}"
    fi
  fi
-  if is_junit_output_enabled; then
+  if is_junit_output_enabled && [[ "$level" == "FAIL" ]]; then
    output_junit_failure "$1"
  fi
  if [[ "${MODES[@]}" =~ "mono" ]]; then
-    echo "      $BAD FAIL! $1 $NORMAL" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
+    echo "      $colorcode ${level}! $1 $NORMAL" | tee -a ${OUTPUT_FILE_NAME}.$EXTENSION_TEXT
  fi
  if [[ "${MODES[@]}" =~ "text" ]]; then
-    echo "      $BAD FAIL! $1 $NORMAL"
+    echo "      $colorcode ${level}! $1 $NORMAL"
  fi
 }