CM-53944-Fix-docker-file-ignore-issue (#352)

Author: galf16

cycode/cli/files_collector/file_excluder.py

@@ -69,6 +69,14 @@ def apply_scan_config(self, scan_type: str, scan_config: 'models.ScanConfigurati
         if scan_config.scannable_extensions:
             self._scannable_extensions[scan_type] = tuple(scan_config.scannable_extensions)
 
+    def _is_file_prefix_supported(self, scan_type: str, file_path: str) -> bool:
+        scannable_prefixes = self._scannable_prefixes.get(scan_type)
+        if scannable_prefixes:
+            path = Path(file_path)
+            file_name = path.name.lower()
+            return file_name in scannable_prefixes
+        return False
+
     def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool:
         filename = filename.lower()
 
@@ -80,10 +88,6 @@ def _is_file_extension_supported(self, scan_type: str, filename: str) -> bool:
         if non_scannable_extensions:
             return not filename.endswith(non_scannable_extensions)
 
-        scannable_prefixes = self._scannable_prefixes.get(scan_type)
-        if scannable_prefixes:
-            return filename.startswith(scannable_prefixes)
-
         return True
 
     def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> bool:
@@ -100,7 +104,10 @@ def _is_relevant_file_to_scan_common(self, scan_type: str, filename: str) -> boo
             )
             return False
 
-        if not self._is_file_extension_supported(scan_type, filename):
+        if not (
+            self._is_file_extension_supported(scan_type, filename)
+            or self._is_file_prefix_supported(scan_type, filename)
+        ):
             logger.debug(
                 'The document is irrelevant because its extension is not supported, %s',
                 {'scan_type': scan_type, 'filename': filename},

tests/cli/files_collector/test_file_excluder.py

@@ -1,7 +1,7 @@
 import pytest
 
 from cycode.cli import consts
-from cycode.cli.files_collector.file_excluder import _is_file_relevant_for_sca_scan
+from cycode.cli.files_collector.file_excluder import Excluder, _is_file_relevant_for_sca_scan
 
 
 class TestIsFileRelevantForScaScan:
@@ -38,6 +38,22 @@ def test_files_with_excluded_names_in_filename_should_be_included(self) -> None:
         assert _is_file_relevant_for_sca_scan('utils/pycache_cleaner.py') is True
         assert _is_file_relevant_for_sca_scan('config/gradle_config.xml') is True
 
+    def test_files_with_excluded_extensions_in_should_be_included(self) -> None:
+        """Test that files containing excluded extensions are NOT excluded."""
+        excluder = Excluder()
+        # These should be INCLUDED because the excluded terms are in the filename
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile') is True
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf') is True
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build.tf.json') is True
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.json') is True
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yaml') is True
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.yml') is True
+        # These should be EXCLUDED because the excluded terms are not in the filename
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/build') is False
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/Dockerfile.txt') is False
+        assert excluder._is_relevant_file_to_scan_common('iac', 'project/cfg/config.ini') is False
+
     def test_files_in_regular_directories_should_be_included(self) -> None:
         """Test that files in regular directories (not excluded) are included."""