Files at commit allow list bug (#485)

* fix allowlist bug

* Adding new repo for testing allowlisting

* Adding missing allowlist checks for commits and files/paths

scan/commit.go

@@ -42,6 +42,11 @@ func (cs *CommitScanner) SetRepoName(repoName string) {
 // Scan kicks off a CommitScanner Scan
 func (cs *CommitScanner) Scan() (Report, error) {
 	var scannerReport Report
+
+	if cs.cfg.Allowlist.CommitAllowed(cs.commit.Hash.String()) {
+		return scannerReport, nil
+	}
+
 	if len(cs.commit.ParentHashes) == 0 {
 		facScanner := NewFilesAtCommitScanner(cs.opts, cs.cfg, cs.repo, cs.commit)
 		return facScanner.Scan()

scan/filesatcommit.go

@@ -38,6 +38,11 @@ func NewFilesAtCommitScanner(opts options.Options, cfg config.Config, repo *git.
 // Scan kicks off a FilesAtCommitScanner Scan
 func (fs *FilesAtCommitScanner) Scan() (Report, error) {
 	var scannerReport Report
+
+	if fs.cfg.Allowlist.CommitAllowed(fs.commit.Hash.String()) {
+		return scannerReport, nil
+	}
+
 	fIter, err := fs.commit.Files()
 	if err != nil {
 		return scannerReport, err
@@ -51,6 +56,11 @@ func (fs *FilesAtCommitScanner) Scan() (Report, error) {
 			return err
 		}
 
+		if fs.cfg.Allowlist.FileAllowed(filepath.Base(f.Name)) ||
+			fs.cfg.Allowlist.PathAllowed(f.Name) {
+			return nil
+		}
+
 		content, err := f.Contents()
 		if err != nil {
 			return err

scan/scan_test.go

@@ -463,6 +463,30 @@ func TestScan(t *testing.T) {
 			},
 			wantPath: "../test_data/test_allow_list_docx_no_git.json",
 		},
+		{
+			description: "test local repo two allowlist Commit config",
+			opts: options.Options{
+				Path:          "../test_data/test_repos/test_repo_2",
+				Report:        "../test_data/test_local_repo_two_allowlist_commits_files_at_commit.json.got",
+				ConfigPath:    "../test_data/test_configs/allowlist_commit.toml",
+				ReportFormat:  "json",
+				FilesAtCommit: "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+			},
+			wantPath:  "../test_data/test_local_repo_two_allowlist_commits_files_at_commit.json",
+			wantEmpty: true,
+		},
+		{
+			description: "test local repo two global allowlist commit config",
+			opts: options.Options{
+				Path:          "../test_data/test_repos/test_repo_2",
+				Report:        "../test_data/test_local_repo_two_global_allowlist_files_at_commit.json.got",
+				ConfigPath:    "../test_data/test_configs/allowlist_global_files.toml",
+				ReportFormat:  "json",
+				FilesAtCommit: "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+			},
+			wantPath:  "../test_data/test_local_repo_two_global_allowlist_files_at_commit.json",
+			wantEmpty: true,
+		},
 	}
 
 	for _, test := range tests {

test_data/test_configs/allowlist_global_files.toml

@@ -0,0 +1,9 @@
+[[rules]]
+    description = "AWS Access Key"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
+
+[allowlist]
+	description = "Allowlisted files"
+	paths = ['''.py''']
+	files = ['''.md$''']