Specify scan prop and fix csfilter array issue

konflux-ci · Sep 30, 2024 · 9431a2f · 9431a2f
1 parent e453ebf
commit 9431a2f
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/task/sast-shell-check/0.1/sast-shell-check.yaml b/task/sast-shell-check/0.1/sast-shell-check.yaml
@@ -67,6 +67,10 @@ spec:
         microdnf install -y ShellCheck
         microdnf download csmock-plugin-shellcheck && rpm -ivh --nodeps ./csmock-plugin-shellcheck-*.rpm && rm -f ./csmock-plugin-shellcheck-*.rpm
 
+        # FIXME: replace PACKAGE_NAME with 'csmock-plugin-shellcheck-core' when it's available in the image.
+        PACKAGE_NAME="csmock-plugin-shellcheck"
+        PACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' $PACKAGE_NAME)
+
         OUTPUT_FILE="shellcheck-results.json"
         SOURCE_CODE_DIR=$(workspaces.workspace.path)/source
 
@@ -78,6 +82,7 @@ spec:
             --strip-path-prefix="$SOURCE_CODE_DIR"/
             --remove-duplicates
             --embed-context=3
+            --set-scan-prop="${PACKAGE_NAME}:${PACKAGE_VERSION}"
         )
         if [[ "$IMP_FINDINGS_ONLY" == "true" ]]; then
             # predefined list of shellcheck important findings
@@ -120,7 +125,7 @@ spec:
             fi
 
             # Execute the command and capture any errors
-            if ! "${csfilter_cmd[@]}" "$OUTPUT_FILE" > "${OUTPUT_FILE}.filtered" 2> "${OUTPUT_FILE}.error"; then
+            if ! "${csfilter_cmd}" "${OUTPUT_FILE}" > "${OUTPUT_FILE}.filtered" 2> "${OUTPUT_FILE}.error"; then
                 echo "Error occurred while filtering known false positives:"
                 cat "${OUTPUT_FILE}.error"
                 note="Task $(context.task.name) failed: For details, check Tekton task log."