Add ignore file option #27
Conversation
Co-authored-by: Stefano Gessa <[email protected]>
|
🦀 Requesting reviewers for this pull request:
🦀 Mentionning users for this pull request:
|
lib/mix_audit/cli/audit.ex
Outdated
| defp ignored_ids_from_file(opts) do | ||
| opts | ||
| |> Keyword.get(:ignore_file, ".mix-audit-skips") | ||
| |> File.read!() |
There was a problem hiding this comment.
If the user doesn’t specify the --ignore-file option, it will still try to read the .mix-audit-skips file. But if it doesn’t exist, it will raise an error?
There was a problem hiding this comment.
Maybe should read from file only if the option if specified...
There was a problem hiding this comment.
I copied bundle audit system.
the file will be evaluated only if the option is passed
see a92312e
what do you think?
|
Awesome idea 🙌 I just left a small comment regarding the backward-compatibility (ie. what if the |
You’re right, tests for the CLI part are non-existent. I should get on that 🙂 So no tests is fine for this PR. |
📖 Description and reason
Add an option to use a file for ignoring CVEs
Similar to bundler audit config file
https://github.com/rubysec/bundler-audit?tab=readme-ov-file#configuration-file
👷 Work done
[x] add option to get
ignore-filepath[x] default file (if found) in
.mix-audit-skips, similar to to sobelow lib (feel free to propose a better name)[ ] tests
[x] Documentation
Additional notes
I would like to add some tests, but as far as I understood there are not so many covering the cli. Do you think is important to add some tests?
🎉 Result
Correctly ignoring CVEs stored in
.mix-audit-skipsfile (if correctly formatted)🦀 Dispatch
#dispatch/elixir