fix(config): rename include-successes with include-non-failures (#1107)

2025-12-22 23:26:39 -08:00 · 2021-07-11 16:55:13 +03:00
parent e6f7e556e8
commit d9883e4442
8 changed files with 73 additions and 70 deletions
--- a/pkg/commands/app.go
+++ b/pkg/commands/app.go
@@ -252,11 +252,11 @@ var (
 		EnvVars: []string{"TRIVY_POLICY_NAMESPACES"},
 	}

-	includeSuccesses = cli.BoolFlag{
-		Name:    "include-successes",
-		Usage:   "include successes of misconfigurations",
+	includeNonFailures = cli.BoolFlag{
+		Name:    "include-non-failures",
+		Usage:   "include successes and exceptions",
 		Value:   false,
-		EnvVars: []string{"TRIVY_INCLUDE_SUCCESSES"},
+		EnvVars: []string{"TRIVY_INCLUDE_NON_FAILURES"},
 	}

 	traceFlag = cli.BoolFlag{
@@ -297,8 +297,6 @@ var (
 		&cacheBackendFlag,
 		stringSliceFlag(skipFiles),
 		stringSliceFlag(skipDirs),
-		stringSliceFlag(configPolicy),
-		stringSliceFlag(policyNamespaces),
 	}

 	// deprecated options
@@ -477,7 +475,7 @@ func NewFilesystemCommand() *cli.Command {
 			stringSliceFlag(skipFiles),
 			stringSliceFlag(skipDirs),
 			stringSliceFlag(configPolicy),
-			&policyNamespaces,
+			stringSliceFlag(policyNamespaces),
 		},
 	}
 }
@@ -613,7 +611,7 @@ func NewConfigCommand() *cli.Command {
 			stringSliceFlag(configPolicyAlias),
 			stringSliceFlag(filePatterns),
 			stringSliceFlag(policyNamespaces),
-			&includeSuccesses,
+			&includeNonFailures,
 			&traceFlag,
 		},
 	}
--- a/pkg/commands/artifact/run.go
+++ b/pkg/commands/artifact/run.go
@@ -80,7 +80,7 @@ func runWithTimeout(ctx context.Context, opt Option, initializeScanner Initializ
 		Severities:         opt.Severities,
 		OutputTemplate:     opt.Template,
 		Light:              opt.Light,
-		IncludeSuccesses: opt.IncludeSuccesses,
+		IncludeNonFailures: opt.IncludeNonFailures,
 		Trace:              opt.Trace,
 	}); err != nil {
 		return xerrors.Errorf("unable to write results: %w", err)
@@ -193,7 +193,7 @@ func filter(ctx context.Context, opt Option, report pkgReport.Report) (pkgReport
 	for i := range results {
 		resultClient.FillVulnerabilityInfo(results[i].Vulnerabilities, results[i].Type)
 		vulns, misconfSummary, misconfs, err := resultClient.Filter(ctx, results[i].Vulnerabilities, results[i].Misconfigurations,
-			opt.Severities, opt.IgnoreUnfixed, opt.IncludeSuccesses, opt.IgnoreFile, opt.IgnorePolicy)
+			opt.Severities, opt.IgnoreUnfixed, opt.IncludeNonFailures, opt.IgnoreFile, opt.IgnorePolicy)
 		if err != nil {
 			return pkgReport.Report{}, xerrors.Errorf("unable to filter vulnerabilities: %w", err)
 		}
--- a/pkg/commands/client/run.go
+++ b/pkg/commands/client/run.go
@@ -71,7 +71,7 @@ func runWithTimeout(ctx context.Context, opt Option) error {
 	results := report.Results
 	for i := range results {
 		vulns, misconfSummary, misconfs, err := resultClient.Filter(ctx, results[i].Vulnerabilities, results[i].Misconfigurations,
-			opt.Severities, opt.IgnoreUnfixed, opt.IncludeSuccesses, opt.IgnoreFile, opt.IgnorePolicy)
+			opt.Severities, opt.IgnoreUnfixed, opt.IncludeNonFailures, opt.IgnoreFile, opt.IgnorePolicy)
 		if err != nil {
 			return xerrors.Errorf("filter error: %w", err)
 		}
@@ -86,7 +86,7 @@ func runWithTimeout(ctx context.Context, opt Option) error {
 		Severities:         opt.Severities,
 		OutputTemplate:     opt.Template,
 		Light:              false,
-		IncludeSuccesses: opt.IncludeSuccesses,
+		IncludeNonFailures: opt.IncludeNonFailures,
 		Trace:              opt.Trace,
 	}); err != nil {
 		return xerrors.Errorf("unable to write results: %w", err)
--- a/pkg/commands/option/config.go
+++ b/pkg/commands/option/config.go
@@ -7,7 +7,7 @@ import (
 // ConfigOption holds the options for config scanning
 type ConfigOption struct {
 	FilePatterns       []string
-	IncludeSuccesses bool
+	IncludeNonFailures bool
 	SkipPolicyUpdate   bool
 	Trace              bool

@@ -20,7 +20,7 @@ type ConfigOption struct {
 // NewConfigOption is the factory method to return config scanning options
 func NewConfigOption(c *cli.Context) ConfigOption {
 	return ConfigOption{
-		IncludeSuccesses: c.Bool("include-successes"),
+		IncludeNonFailures: c.Bool("include-non-failures"),
 		SkipPolicyUpdate:   c.Bool("skip-policy-update"),
 		Trace:              c.Bool("trace"),
 		FilePatterns:       c.StringSlice("file-patterns"),
--- a/pkg/report/table.go
+++ b/pkg/report/table.go
@@ -24,7 +24,7 @@ type TableWriter struct {
 	Light bool

 	// For misconfigurations
-	IncludeSuccesses bool
+	IncludeNonFailures bool
 	Trace              bool
 }

@@ -125,7 +125,7 @@ func (tw TableWriter) writeMisconfigurations(table *tablewriter.Table, misconfs
 		tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_LEFT}
 	header := []string{"Type", "Misconf ID", "Check", "Severity", "Status", "Message"}

-	if !tw.IncludeSuccesses {
+	if !tw.IncludeNonFailures {
 		// Remove status
 		statusPos := 4
 		alignment = append(alignment[:statusPos], alignment[statusPos+1:]...)
@@ -185,20 +185,24 @@ func (tw TableWriter) setMisconfRows(table *tablewriter.Table, misconfs []types.
 			}
 		}

-		var row []string
+		severity := misconf.Severity
+		status := string(misconf.Status)
 		if tw.Output == os.Stdout {
-			if misconf.Status == types.StatusPassed {
-				row = []string{misconf.Type, misconf.ID, misconf.Title, color.New(color.FgGreen).Sprint(misconf.Severity),
-					color.New(color.FgGreen).Sprint(misconf.Status), misconf.Message}
-			} else {
-				row = []string{misconf.Type, misconf.ID, misconf.Title, dbTypes.ColorizeSeverity(misconf.Severity),
-					color.New(color.FgRed).Sprint(misconf.Status), misconf.Message}
+			switch misconf.Status {
+			case types.StatusPassed:
+				severity = color.New(color.FgGreen).Sprint(misconf.Severity)
+				status = color.New(color.FgGreen).Sprint(misconf.Status)
+			case types.StatusException:
+				severity = color.New(color.FgMagenta).Sprint(misconf.Severity)
+				status = color.New(color.FgMagenta).Sprint(misconf.Status)
+			case types.StatusFailure:
+				severity = dbTypes.ColorizeSeverity(severity)
+				status = color.New(color.FgRed).Sprint(misconf.Status)
 			}
-		} else {
-			row = []string{misconf.Type, misconf.ID, misconf.Title, misconf.Severity, string(misconf.Status), misconf.Message}
 		}

-		if !tw.IncludeSuccesses {
+		row := []string{misconf.Type, misconf.ID, misconf.Title, severity, status, misconf.Message}
+		if !tw.IncludeNonFailures {
 			// Remove status
 			row = append(row[:4], row[5:]...)
 		}
--- a/pkg/report/table_test.go
+++ b/pkg/report/table_test.go
@@ -17,7 +17,7 @@ func TestReportWriter_Table(t *testing.T) {
 		results            report.Results
 		expectedOutput     string
 		light              bool
-		includeSuccesses bool
+		includeNonFailures bool
 	}{
 		{
 			name: "happy path full",
@@ -170,7 +170,7 @@ func TestReportWriter_Table(t *testing.T) {
 		},
 		{
 			name:               "happy path misconfigurations with successes",
-			includeSuccesses: true,
+			includeNonFailures: true,
 			results: report.Results{
 				{
 					Target: "test",
@@ -219,7 +219,7 @@ func TestReportWriter_Table(t *testing.T) {
 				Format:             "table",
 				Output:             &tableWritten,
 				Light:              tc.light,
-				IncludeSuccesses: tc.includeSuccesses,
+				IncludeNonFailures: tc.includeNonFailures,
 			})
 			assert.NoError(t, err)
 			assert.Equal(t, tc.expectedOutput, tableWritten.String(), tc.name)
--- a/pkg/report/writer.go
+++ b/pkg/report/writer.go
@@ -88,7 +88,7 @@ type Option struct {
 	Light          bool

 	// For misconfigurations
-	IncludeSuccesses bool
+	IncludeNonFailures bool
 	Trace              bool
 }

@@ -101,7 +101,7 @@ func Write(report Report, option Option) error {
 			Output:             option.Output,
 			Severities:         option.Severities,
 			Light:              option.Light,
-			IncludeSuccesses: option.IncludeSuccesses,
+			IncludeNonFailures: option.IncludeNonFailures,
 			Trace:              option.Trace,
 		}
 	case "json":
--- a/pkg/result/result.go
+++ b/pkg/result/result.go
@@ -140,12 +140,12 @@ func (c Client) getPrimaryURL(vulnID string, refs []string, source string) strin

 // Filter filter out the vulnerabilities
 func (c Client) Filter(ctx context.Context, vulns []types.DetectedVulnerability, misconfs []types.DetectedMisconfiguration,
-	severities []dbTypes.Severity, ignoreUnfixed, includeSuccesses bool, ignoreFile, policyFile string) (
+	severities []dbTypes.Severity, ignoreUnfixed, includeNonFailures bool, ignoreFile, policyFile string) (
 	[]types.DetectedVulnerability, *report.MisconfSummary, []types.DetectedMisconfiguration, error) {
 	ignoredIDs := getIgnoredIDs(ignoreFile)

 	filteredVulns := filterVulnerabilities(vulns, severities, ignoreUnfixed, ignoredIDs)
-	misconfSummary, filteredMisconfs := filterMisconfigurations(misconfs, severities, includeSuccesses, ignoredIDs)
+	misconfSummary, filteredMisconfs := filterMisconfigurations(misconfs, severities, includeNonFailures, ignoredIDs)

 	if policyFile != "" {
 		var err error
@@ -192,7 +192,7 @@ func filterVulnerabilities(vulns []types.DetectedVulnerability, severities []dbT
 }

 func filterMisconfigurations(misconfs []types.DetectedMisconfiguration, severities []dbTypes.Severity,
-	includeSuccesses bool, ignoredIDs []string) (*report.MisconfSummary, []types.DetectedMisconfiguration) {
+	includeNonFailures bool, ignoredIDs []string) (*report.MisconfSummary, []types.DetectedMisconfiguration) {
 	var filtered []types.DetectedMisconfiguration
 	summary := new(report.MisconfSummary)

@@ -204,9 +204,10 @@ func filterMisconfigurations(misconfs []types.DetectedMisconfiguration, severiti
 					continue
 				}

+				// Count successes, failures, and exceptions
 				summarize(misconf.Status, summary)

-				if misconf.Status != types.StatusFailure && !includeSuccesses {
+				if misconf.Status != types.StatusFailure && !includeNonFailures {
 					continue
 				}
 				filtered = append(filtered, misconf)