fix lint issues

also tweak output to mention making rules expire
mykter · Mar 1, 2021 · 2548639 · 2548639
1 parent 8e7f2cf
commit 2548639
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -7,7 +7,8 @@ define
 [triage rules](https://docs.twistlock.com/docs/compute_edition/vulnerability_management/vuln_management_rules.html) to
 ignore findings. There are a number of [example integrations](https://github.com/twistlock/sample-code/blob/master/CI/)
 into CI pipelines, which all follow the same pattern: scan a specific docker image that is present in the pipeline,
-report any issues found, and optionally fail if a certain 'badness' threshold is met. These are useful, but limited.
+report any issues found, and optionally fail if a certain 'badness' threshold is met. These integrations are useful, but
+limited.
 
 The motivation for this project is to get _all_ findings closer to developers, not just findings for a specific
 container, and integrate the entire process with existing project CI pipelines. All findings (for specified collections)

diff --git a/prisma_cloud_pipeline/lib.py b/prisma_cloud_pipeline/lib.py
@@ -45,9 +45,9 @@ class TriageRules(TypedDict, total=False):  # pylint: disable=E0239,R0903 # fals
 class RuleType(Enum):
     """ what a rule filters """
 
-    Container = 1
-    Vuln = 2
-    Compliance = 3
+    CONTAINER = 1
+    VULN = 2
+    COMPLIANCE = 3
 
 
 class MatchedFindings(TypedDict, total=False):  # pylint: disable=E0239,R0903 # false positive
@@ -260,7 +260,7 @@ def triage(self) -> None:
             assert container_count - new_container_count == len(matched)
             self._rule_stats.append(
                 RuleStat(
-                    RuleType.Container,
+                    RuleType.CONTAINER,
                     rule,
                     container_count - new_container_count,
                     vuln_count - new_vuln_count,
@@ -275,12 +275,12 @@ def triage(self) -> None:
             container_count, vuln_count, compliance_count = self.count()
 
             if "complianceFilter" in rule:
-                rule_type = RuleType.Compliance
+                rule_type = RuleType.COMPLIANCE
                 compliance_filter = rule["complianceFilter"]
                 # Treat the unspecified one as if it matches nothing
                 vuln_filter = "false"
             else:
-                rule_type = RuleType.Vuln
+                rule_type = RuleType.VULN
                 vuln_filter = rule["vulnFilter"]
                 compliance_filter = "false"
 
@@ -325,7 +325,7 @@ def triage(self) -> None:
             new_container_count, new_vuln_count, new_compliance_count = self.count()
 
             # sanity check that our query didn't go wrong
-            if rule_type == RuleType.Vuln:
+            if rule_type == RuleType.VULN:
                 assert compliance_count == new_compliance_count
             else:
                 assert vuln_count == new_vuln_count
@@ -411,7 +411,7 @@ def print(self, finding_stats: bool) -> None:
             print("\t" + "\n\t".join(rule_issues))
             print(
                 "Once an issue is closed, the corresponding triage rule "
-                "should be removed so regressions will be detected."
+                "should be removed or set to expire so regressions will be detected."
             )
 
     def print_rule_stats(self) -> None:
@@ -540,17 +540,17 @@ def triaged(self) -> Mapping[str, Any]:
             "containers": [
                 {"rule": stat.rule["matches"], "containers": stat.containers}
                 for stat in self._rule_stats
-                if stat.rule_type == RuleType.Container
+                if stat.rule_type == RuleType.CONTAINER
             ],
             "vulnerabilities": [
                 {"rule": stat.rule["matches"], "findings": stat.findings}
                 for stat in self._rule_stats
-                if stat.rule_type == RuleType.Vuln
+                if stat.rule_type == RuleType.VULN
             ],
             "complianceIssues": [
                 {"rule": stat.rule["matches"], "findings": stat.findings}
                 for stat in self._rule_stats
-                if stat.rule_type == RuleType.Compliance
+                if stat.rule_type == RuleType.COMPLIANCE
             ],
         }
 

diff --git a/test/spec-stdout b/test/spec-stdout
@@ -61,4 +61,4 @@ The following rules have expired and were ignored:
 
 Outstanding issues in triage rules: 
 	PROJ-321
-Once an issue is closed, the corresponding triage rule should be removed so regressions will be detected.
+Once an issue is closed, the corresponding triage rule should be removed or set to expire so regressions will be detected.