checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

feat(general): Allow skipping multiple checks in a single line

Open shoshiGit opened this issue 1 year ago • 1 comments

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

This pull request enhances Checkov to support skipping multiple checks in a single line for Terraform configurations. Currently, individual skip comments are required for each check, which can be cumbersome. This enhancement allows specifying multiple checks to skip in a single line.

Fixes # #5381

Changes made:

Added functionality to parse multiple checks in the checkov:skip comment. Updated documentation to reflect the new capability.

Checklist:

  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [x] I have added tests that prove my feature, policy, or fix is effective and works
  • [x] New and existing tests pass locally with my changes

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Enhance the Checkov tool to support skipping multiple checks in a single line within Terraform configurations. This update modifies the BaseContextParser class to parse multiple checks from a single checkov:skip comment, utilizing a new regex pattern from get_comment_regex. The TestMultipleSkips class is introduced to verify this functionality, ensuring that multiple checks can be skipped as expected. Documentation and test cases are updated to reflect these changes.

TopicDetails
Testing Multi-Skip Verify the new multi-check skip functionality by adding test cases in TestMultipleSkips to ensure correct behavior.
Modified files (2)
  • tests/terraform/checks/a_example_skip/main.tf
  • tests/terraform/checks/test_multiple_skips.py
Latest Contributors(0)
EmailCommitDate
Multi-Check Skip Enable skipping multiple checks in a single line by updating the BaseContextParser class to use a new regex pattern for parsing skip comments.
Modified files (2)
  • checkov/common/comment/enum.py
  • checkov/terraform/context_parsers/base_parser.py
Latest Contributors(2)
EmailCommitDate
[email protected]...feat-terraform-Remove-...August 16, 2023
49649760+lirshindalman...feat-general-enrich-te...July 24, 2023
This pull request is reviewed by Baz. Join @shoshiGit and the rest of your team on (Baz).

shoshiGit avatar Jul 30 '24 13:07 shoshiGit

Another point - Please do the new regex and comment extraction behind an environment variable -

should_allow_multi_checks_skip = strtobool(os.getenv('CHECKOV_ALLOW_SKIP_MULTIPLE_ONE_LINE', 'False'))

And do every change by condition if should_allow_multi_checks_skip is True.

ChanochShayner avatar Jul 31 '24 06:07 ChanochShayner

Hey @shoshiGit, Could you please solve the conflicts so we can move on with this PR? Thanks!

MaryArmaly avatar Jan 13 '25 14:01 MaryArmaly

Hey @shoshiGit, We noticed that this PR has already been resolved by: https://github.com/bridgecrewio/checkov/pull/6860 Could you please close this PR if that's the case? Thank you!

MaryArmaly avatar Jan 14 '25 09:01 MaryArmaly