TechQA.

Snyk fails to ignore vulnerabilities when absolute file path is provided

1.2k views Asked by At

Project Root Directory: C:\src\repos\test\abc

For example, this is the Snyk issueId I'm trying to ignore. Command runs fine and .snyk YAML file is created in the project root.

C:\src\repos\test\abc> snyk ignore --id="SNYK-PYTHON-RSA-570831"

Then I perform the snyk test on the requirements.txt file providing relative path and then inspecting results1.json does confirm that it is successfully ignoring this particualr issueID

C:\src\repos\test\abc> snyk test --file='requirements.txt' --severity-threshold="medium" --skip-unresolved --json > results1.json

  "filtered": {
    "ignore": [
      {
        "CVSSv3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
        "alternativeIds": [],
        "creationTime": "2020-06-02T13:50:22.620471Z",
        "credit": [
          "Unknown"
        ],
        "cvssScore": 5.6,
        "description": "## Overview\n[rsa](https://pypi.org/project/rsa/) is a pure-Python RSA implementation.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass. It does not detect `ciphertext` modification during decryption (prepended \"0\" bytes) in `PKCS1_v1_5`.\n## Remediation\nUpgrade `rsa` to version 4.1 or higher.\n## References\n- [GitHub Commit](https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30)\n- [GitHub Issue](https://github.com/sybrenstuvel/python-rsa/issues/146)\n",
        "disclosureTime": "2020-06-02T13:45:26Z",
        "exploit": "Not Defined",
        "fixedIn": [
          "4.1"
        ],
        "functions": [],
        "functions_new": [],
        "id": "SNYK-PYTHON-RSA-570831",

But when I provide the absolute path of the file, and the .snyk file still being present in the project root, snyk test command does run fine but upon inspecting the results2.json, it fails to ignore the issue and it is listed as a vulnerability.

C:\src\repos\test\abc> snyk test --file='C:\\src\\repos\\test\\abc\\requirements.txt' --severity-threshold="medium" --skip-unresolved --json > results2.json

 "filesystemPolicy": false,
  "filtered": {
    "ignore": [],
    "patch": []
  },

Could someone please explain why this is not working for the given case?

I need the snyk ignore to work for absolute file paths as the it is a requirement of the problem.

snyk
Original Q&A
1

There are 1 answers

1
Shubh77 On

Using the flag while snyk testing to specify the ignore policy file works. e.g.,--policy-path=/path/path/file

Related Questions in SNYK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions