Merge branch 'csutils:main' into code-refactoring-move-function-handl…

…e_known_fp_list-to-csmock-common--OSH-151
csutils · Sep 7, 2023 · a4f417b · a4f417b
2 parents 00ea91c + 0671e2a
commit a4f417b
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 18 deletions.
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Coverity scan
         uses: vapier/coverity-scan-action@v1

diff --git a/.github/workflows/differential-pylint.yml b/.github/workflows/differential-pylint.yml
@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Repository checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - id: PyLint
         name: Differential PyLint

diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps: 
       - name: Repository checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 

diff --git a/make-srpm.sh b/make-srpm.sh
@@ -124,10 +124,13 @@ Tool for plugging static analyzers into the build process, free of mock.
 
 %package -n csmock-common
 Summary: Core of csmock (a mock wrapper for Static Analysis tools)
-Requires: csdiff > 3.0.2
+Requires: csdiff > 3.0.3
 Requires: csgcca
 Requires: cswrap
 Requires: mock
+%if 0%{?rhel} != 7
+Recommends: modulemd-tools
+%endif
 
 %description -n csmock-common
 This package contains the csmock tool that allows to scan SRPMs by Static

diff --git a/py/csmock b/py/csmock
@@ -55,9 +55,6 @@ PATCH_RAWBUILD = CSMOCK_SCRIPTS + "/patch-rawbuild.sh"
 
 DEFAULT_KNOWN_FALSE_POSITIVES = CSMOCK_DATADIR + "/known-false-positives.js"
 
-# original name of the file, which could have sounded offensive to people
-DEFAULT_KNOWN_FALSE_POSITIVES_FALLBACK = CSMOCK_DATADIR + "/defect-blacklist.err"
-
 # how long should we wait before checking mock profile availability again
 MOCK_WAITING_TICK = 60
 
@@ -866,18 +863,14 @@ key event (defaults to 3).")
         help="use shell command to build the given tarball (instead of SRPM)")
 
     # --known-false-positives
-    if os.path.exists(DEFAULT_KNOWN_FALSE_POSITIVES):
-        default_kfp = DEFAULT_KNOWN_FALSE_POSITIVES
-        default_kfp_text = " (defaults to \"%s\")" % default_kfp
-    elif os.path.exists(DEFAULT_KNOWN_FALSE_POSITIVES_FALLBACK):
-        default_kfp = DEFAULT_KNOWN_FALSE_POSITIVES_FALLBACK
-        default_kfp_text = " (defaults to \"%s\")" % default_kfp
-    else:
+    default_kfp = DEFAULT_KNOWN_FALSE_POSITIVES
+    default_kfp_text = f'defaults to "{default_kfp}"'
+    if not os.path.exists(default_kfp):
         default_kfp = ""
-        default_kfp_text = " (defaults to \"%s\" if available)" % DEFAULT_KNOWN_FALSE_POSITIVES
+        default_kfp_text += " if available"
     parser.add_argument(
         "--known-false-positives", default=default_kfp,
-        help=("suppress known false positives loaded from the given file" + default_kfp_text))
+        help=f"suppress known false positives loaded from the given file ({default_kfp_text})")
 
     csmock.common.util.add_paired_flag(
         parser, "use-login-shell",

diff --git a/py/plugins/gitleaks.py b/py/plugins/gitleaks.py
@@ -34,7 +34,7 @@
 
 GITLEAKS_LOG = "/builddir/gitleaks-capture.log"
 
-FILTER_CMD = "csgrep '%s' --mode=json --warning-rate-limit=%i > '%s'"
+FILTER_CMD = "csgrep '%s' --mode=json --warning-rate-limit=%i --limit-msg-len=%i > '%s'"
 
 
 class PluginProps:
@@ -72,6 +72,10 @@ def init_parser(self, parser):
             "--gitleaks-rate-limit", type=int, default=1024,
             help="drop warnings if their count exceeds the specified limit")
 
+        parser.add_argument(
+            "--gitleaks-limit-msg-len", type=int, default=512,
+            help="trim message if it exceeds max message length")
+
         parser.add_argument(
             "--gitleaks-refresh", action="store_true",
             help="force download of gitleaks binary executable (in a .tar.gz) from")
@@ -145,7 +149,7 @@ def fetch_gitleaks_hook(results, props):
         def filter_hook(results):
             src = results.dbgdir_raw + GITLEAKS_OUTPUT
             dst = "%s/gitleaks-capture.js" % results.dbgdir_uni
-            cmd = FILTER_CMD % (src, args.gitleaks_rate_limit, dst)
+            cmd = FILTER_CMD % (src, args.gitleaks_rate_limit, args.gitleaks_limit_msg_len, dst)
             return results.exec_cmd(cmd, shell=True)
 
         props.post_process_hooks += [filter_hook]