Adding fields to Policy struct to support skip not applicable (#1067)

jfrog · Jan 6, 2025 · de902d8 · de902d8
1 parent e342ed5
commit de902d8
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 15 deletions.
diff --git a/tests/xraypolicy_test.go b/tests/xraypolicy_test.go
@@ -17,6 +17,7 @@ func TestXrayPolicy(t *testing.T) {
 	t.Run("create2Priorities", create2Priorities)
 	t.Run("createPolicyActions", createPolicyActions)
 	t.Run("createUpdatePolicy", createUpdatePolicy)
+	t.Run("createSkipNonApplicablePolicy", createSkipNonApplicable)
 }
 
 func deletePolicy(t *testing.T, policyName string) {
@@ -30,7 +31,7 @@ func createMinSeverity(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "min-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule)
@@ -78,12 +79,12 @@ func create2Priorities(t *testing.T) {
 
 	policyRule1 := utils.PolicyRule{
 		Name:     "priority-1" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	policyRule2 := utils.PolicyRule{
 		Name:     "priority-2" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 		Priority: 2,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule1, policyRule2)
@@ -95,7 +96,7 @@ func createPolicyActions(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "policy-actions" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.High),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.High, false),
 		Priority: 1,
 		Actions: &utils.PolicyAction{
 			BlockDownload: utils.PolicyBlockDownload{
@@ -118,20 +119,32 @@ func createUpdatePolicy(t *testing.T) {
 
 	policyRule := utils.PolicyRule{
 		Name:     "low-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, false),
 		Priority: 1,
 	}
 	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule)
 
 	policyRule = utils.PolicyRule{
 		Name:     "medium-severity" + getRunId(),
-		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 		Priority: 1,
 	}
 
 	createAndCheckPolicy(t, policyName, false, utils.Security, policyRule)
 }
 
+func createSkipNonApplicable(t *testing.T) {
+	policyName := "skip-non-applicable" + getRunId()
+	defer deletePolicy(t, policyName)
+
+	policyRule := utils.PolicyRule{
+		Name:     "skip-non-applicable-rule" + getRunId(),
+		Criteria: *utils.CreateSeverityPolicyCriteria(utils.Low, true),
+		Priority: 1,
+	}
+	createAndCheckPolicy(t, policyName, true, utils.Security, policyRule)
+}
+
 func createPolicy(t *testing.T, policyName string, policyType utils.PolicyType, policyRules ...utils.PolicyRule) *utils.PolicyParams {
 	policyParams := utils.PolicyParams{
 		Name:        policyName,

diff --git a/tests/xraywatch_test.go b/tests/xraywatch_test.go
@@ -364,7 +364,7 @@ func createDummyPolicy(policyName string) error {
 		Type:        utils.Security,
 		Rules: []utils.PolicyRule{{
 			Name:     "sec_rule",
-			Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium),
+			Criteria: *utils.CreateSeverityPolicyCriteria(utils.Medium, false),
 			Actions: &utils.PolicyAction{
 				Webhooks: []string{},
 				BlockDownload: utils.PolicyBlockDownload{

diff --git a/xray/services/scan.go b/xray/services/scan.go
@@ -320,8 +320,11 @@ type JfrogResearchSeverityReason struct {
 }
 
 type Policy struct {
-	Policy string `json:"policy,omitempty"`
-	Rule   string `json:"rule,omitempty"`
+	Policy            string `json:"policy,omitempty"`
+	Rule              string `json:"rule,omitempty"`
+	IsBlocking        bool   `json:"is_blocking,omitempty"`
+	IgnoreRuleId      string `json:"ignore_rule_id,omitempty"`
+	SkipNotApplicable bool   `json:"is_skip_not_applicable,omitempty"`
 }
 
 func (gp *XrayGraphScanParams) GetProjectKey() string {

diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go
@@ -56,10 +56,11 @@ type PolicyRule struct {
 
 type PolicyCriteria struct {
 	// Security
-	MinSeverity Severity                `json:"min_severity,omitempty"`
-	CvssRange   *PolicyCvssRange        `json:"cvss_range,omitempty"`
-	Exposures   *PolicyExposureCriteria `json:"exposures,omitempty"`
-	Sast        *PolicySastCriteria     `json:"sast,omitempty"`
+	MinSeverity           Severity                `json:"min_severity,omitempty"`
+	CvssRange             *PolicyCvssRange        `json:"cvss_range,omitempty"`
+	Exposures             *PolicyExposureCriteria `json:"exposures,omitempty"`
+	Sast                  *PolicySastCriteria     `json:"sast,omitempty"`
+	SkipNotApplicableCVEs bool                    `json:"applicable_cves_only,omitempty"`
 
 	// License
 	AllowedLicenses        []string `json:"allowed_licenses,omitempty"`
@@ -102,9 +103,10 @@ type PolicyBlockDownload struct {
 }
 
 // Create security policy criteria with min severity
-func CreateSeverityPolicyCriteria(minSeverity Severity) *PolicyCriteria {
+func CreateSeverityPolicyCriteria(minSeverity Severity, skipNotApplicableCves bool) *PolicyCriteria {
 	return &PolicyCriteria{
-		MinSeverity: minSeverity,
+		MinSeverity:           minSeverity,
+		SkipNotApplicableCVEs: skipNotApplicableCves,
 	}
 }