使用flawfinder 静态扫描C++代码,使用变量 SEARCH_IGNORED_DIRS尝试忽略部分源代码,不生效
Summary
使用flawfinder 静态扫描C++代码,使用变量 SEARCH_IGNORED_DIRS尝试忽略部分源代码,不生效,被忽略的代码仍然被扫描
Steps to reproduce
- CI配置如下:
flawfinder-sast:
variables:
SEARCH_IGNORED_DIRS: "bundle,node_modules,vendor,tmp,test,tests,third_party"
SECURE_LOG_LEVEL: debug
rules:
- exists:
- '**/*.c'
- '**/*.cc'
- '**/*.cpp'
- '**/*.c++'
- '**/*.cp'
- '**/*.cxx'- 结果如下:
Example Project
客户真实代码,不方便给出
GitLab版本:JiHu GitLab 15.11.2-jh
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)