in dusty/processors/exclude_by_endpoint/processor.py [0:0]
def execute(self):
""" Run the processor """
log.info("Excluding specific findings")
# Collect and compile regexes
endpoint_regexes = list()
for regex in self.config.get("endpoint_regex", list()):
try:
regex_item = (re.compile(regex), regex)
endpoint_regexes.append(regex_item)
except: # pylint: disable=W0702
log.exception("Failed to compile regex '%s'", regex)
# Collect and compile "keep" regexes
endpoint_keep_regexes = list()
for regex in self.config.get("endpoint_keep_regex", list()):
try:
regex_item = (re.compile(regex), regex)
endpoint_keep_regexes.append(regex_item)
except: # pylint: disable=W0702
log.exception("Failed to compile regex '%s'", regex)
# Process finding endpoints
for item in self.context.findings:
if isinstance(item, (DastFinding, SastFinding)):
force_keep_finding = False
for endpoint in item.get_meta("endpoints", list()):
for regex, regex_src in endpoint_keep_regexes:
if regex.match(endpoint.raw):
log.info(
"Keeping finding '%s' because of endpoint keep regex '%s'",
item.title, regex_src
)
force_keep_finding = True
if force_keep_finding:
continue
for regex, regex_src in endpoint_regexes:
if regex.match(endpoint.raw):
log.info(
"Excluding finding '%s' because of endpoint regex '%s'",
item.title, regex_src
)
item.set_meta("excluded_finding", True)