如何忽略特定文件的漏洞
如何忽略特定文件的漏洞
提问于 2022-06-24 12:12:28
运行时会报告以下Snyk漏洞
% snyk code test
Testing /mydir ...
✗ [High] Cross-Site Request Forgery (CSRF)
Path: src/com/xxx/ConfigSecurity.java, line 22
Info: CSRF protection is disabled by disable. This allows the attackers to execute requests on a user's behalf.
✔ Test completed我该怎么做才能忽略这个漏洞呢?
我的漏洞标识正在运行:
% snyk code test --json然后我可以在响应中看到漏洞标识:
{
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": [
{
"tool": {
"driver": {
"name": "SnykCode",
"semanticVersion": "1.0.0",
"version": "1.0.0",
"rules": [
{
==> "id": "java/DisablesCSRFProtection",
"name": "DisablesCSRFProtection",
...然后我创建了一个Snyk配置文件,运行:
% snyk ignore --id=java/DisablesCSRFProtection现在snyk配置文件包含:
# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
version: v1.25.0
# ignores vulnerabilities until expiry date; change duration by modifying expiry date
ignore:
java/DisablesCSRFProtection:
- '*':
reason: None Given
expires: 2022-07-24T11:41:53.787Z
created: 2022-06-24T11:41:53.791Z
patch: {}但是,当我在包含我创建的snyk配置文件的同一个目录中运行Snyk时,会报告相同的错误:
% snyk code test
Testing /Users/sergiostateri/projects/payment-notification-relay ...
✗ [High] Cross-Site Request Forgery (CSRF)
Path: src/main/java/com/xxx/ConfigSecurity.java, line 22
Info: CSRF protection is disabled by disable. This allows the attackers to execute requests on a user's behalf.
✔ Test completed
Organization: customer-retention
Test type: Static code analysis
Project path: /Users/sergiostateri/projects/payment-notification-relay
1 Code issues found
1 [High]注意,这个问题的重点不是为什么我想忽略这些漏洞(我有很好的理由),而只是如何忽略它。
回答 1
Stack Overflow用户
发布于 2022-06-24 21:14:36
我是Snyk的员工,我想提一下Snyk代码是不断发展的。目前,您可以通过CLI排除文件夹/文件,并计划在今年晚些时候增强的忽略功能。这是关于这个问题的文档。
实现您正在寻找的目标的另一种方法是使用git导入(即。在这种情况下,在检查结果时有一个忽略按钮,可以忽略特定的issues/source-sink路径。如果通过git集成启动,后续扫描也将忽略以前忽略的问题。您可以通过更改web右侧的忽略筛选器来检查忽略的问题。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72743889
复制相关文章
相似问题
腾讯云开发者
