chore(iac): remove ignore_shas

ggshield/iac/models/iac_vulnerability.py

@@ -14,7 +14,6 @@ class IaCVulnerability(Base):
  documentation_url: str
  component: str = ""
  severity: str = ""
- ignore_sha: str = ""
 
 
 IaCVulnerabilitySchema = marshmallow_dataclass.class_schema(

ggshield/output/text/message.py

@@ -217,14 +217,13 @@ def iac_vulnerability_header(issue_n: int, vulnerability: IaCVulnerability) -> s
  """
  Build a header for the iac policy break.
  """
- return "\n{} Incident {} ({}): {}: {} ({}) (Ignore with SHA: {})\n".format(
+ return "\n{} Incident {} ({}): {}: {} ({})\n".format(
  format_text(">>>", STYLE["detector_line_start"]),
  issue_n,
  format_text("IaC", STYLE["detector"]),
  format_text(vulnerability.component, STYLE["detector"]),
  format_text(vulnerability.policy, STYLE["policy"]),
  format_text(vulnerability.policy_id, STYLE["policy"]),
- format_text(vulnerability.ignore_sha, STYLE["ignore_sha"]),
  )
 
 

tests/iac/test_models.py

@@ -38,7 +38,6 @@ class TestModel:
  "documentation_url": "mydoc",
  "component": "mycomponent",
  "severity": "myseverity",
- "ignore_sha": "mysha",
  "some_extra_field": "extra",
  }
  ],
@@ -63,7 +62,6 @@ class TestModel:
  "documentation_url": "mydoc",
  "component": "mycomponent",
  "severity": "myseverity",
- "ignore_sha": "mysha",
  "some_extra_field": "extra",
  },
  ),
@@ -82,7 +80,6 @@ class TestModel:
  "documentation_url": "mydoc",
  "component": "mycomponent",
  "severity": "myseverity",
- "ignore_sha": "mysha",
  "some_extra_field": "extra",
  }
  ],

tests/output/test_iac_json_output.py

@@ -130,7 +130,6 @@ def assert_file_single_vulnerability_displayed(json_result: Dict[str, Any]):
  "documentation_url": "https://gitguardian.com",
  "component": "aws_alb_listener.bad_example",
  "severity": "HIGH",
- "ignore_sha": "shasha",
  }
  ],
  "total_incidents": 1,
@@ -156,7 +155,6 @@ def assert_file_multiple_vulnerabilities_displayed(json_result: Dict[str, Any]):
  "documentation_url": "https://gitguardian.com",
  "component": "aws_security_group.bad_example",
  "severity": "HIGH",
- "ignore_sha": "shasha",
  },
  {
  "policy": "Unrestricted ingress traffic leaves assets exposed to remote attacks.",
@@ -167,7 +165,6 @@ def assert_file_multiple_vulnerabilities_displayed(json_result: Dict[str, Any]):
  "documentation_url": "https://gitguardian.com",
  "component": "aws_security_group_rule.bad_example",
  "severity": "HIGH",
- "ignore_sha": "shasha",
  },
  ],
  "total_incidents": 2,

tests/output/test_iac_text_output.py

@@ -107,7 +107,7 @@ def assert_file_single_vulnerability_displayed(result: Result):
  in result.stdout
  )
  assert (
- ">>> Incident 1 (IaC): aws_alb_listener.bad_example: Plain HTTP is used (GG_IAC_0001) (Ignore with SHA: shasha)" # noqa: E501
+ ">>> Incident 1 (IaC): aws_alb_listener.bad_example: Plain HTTP is used (GG_IAC_0001)" # noqa: E501
  in result.stdout
  )
  assert '2 | resource "aws_alb_listener" "bad_example" {' in result.stdout
@@ -119,12 +119,12 @@ def assert_file_multiple_vulnerabilities_displayed(result: Result):
  in result.stdout
  )
  assert (
- ">>> Incident 1 (IaC): aws_security_group.bad_example: Unrestricted egress traffic might lead to remote code execution. (GG_IAC_0002) (Ignore with SHA: shasha)" # noqa: E501
+ ">>> Incident 1 (IaC): aws_security_group.bad_example: Unrestricted egress traffic might lead to remote code execution. (GG_IAC_0002)" # noqa: E501
  in result.stdout
  )
  assert '2 | resource "aws_security_group" "bad_example" {' in result.stdout
  assert (
- ">>> Incident 2 (IaC): aws_security_group_rule.bad_example: Unrestricted ingress traffic leaves assets exposed to remote attacks. (GG_IAC_0003) (Ignore with SHA: shasha)" # noqa: E501
+ ">>> Incident 2 (IaC): aws_security_group_rule.bad_example: Unrestricted ingress traffic leaves assets exposed to remote attacks. (GG_IAC_0003)" # noqa: E501
  in result.stdout
  )
  assert '8 | resource "aws_security_group_rule" "bad_example" {' in result.stdout