Skip to content

Optimize skip rule #287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fproulx-boostsecurity merged 3 commits into from
Apr 18, 2025
Merged

Optimize skip rule #287

fproulx-boostsecurity merged 3 commits into from
Apr 18, 2025

Conversation

@Talgarr
Copy link
Collaborator

@Talgarr Talgarr commented Apr 18, 2025
edited
Loading

Feat: Add --skip CLI option and optimize skipped rule processing

This PR introduces two key improvements:

  1. New --skip Command-Line Option:

    • Allows users to specify a list of rule IDs (e.g., --skip rule1,rule2) to be skipped during execution.
    • These rules are added to any rules already skipped via the configuration file.
    • This provides a convenient way to disable entire rules directly from the command line, overriding any partial skips defined in the configuration for the same rule ID (i.e., if partially skipped in config but fully skipped via CLI, the rule is fully skipped).

  2. Performance Optimization for Skipped Rules:

    • Previously, all rules were processed/compiled, and their results were filtered afterwards according to the skip configuration.
    • This change optimizes the process: Rules marked for complete skipping (either via config or the new --skip CLI option) are now identified before processing and are not compiled or executed.
    • This avoids unnecessary computation for fully skipped rules, improving performance. Partial rule filtering (e.g., based on specific findings like osv_id) still requires the rule to be processed first.

@Talgarr
Optimize skip rule
8f606b7 
Do not compile rules that are going to be filtered by the config

Move HasOnlyRule to valid place

Add cli
@Talgarr Talgarr force-pushed the optimize_skip_rule branch from 899d5a2 to 8f606b7 Compare April 18, 2025 18:36
@Talgarr Talgarr marked this pull request as ready for review April 18, 2025 18:47
@Talgarr Talgarr requested a review from a team as a code owner April 18, 2025 18:47
@Talgarr
Update cli message
3324daa 
Signed-off-by: Sébastien Graveline <[email protected]>
SUSTAPLE117
SUSTAPLE117 reviewed Apr 18, 2025
View reviewed changes
@Talgarr @SUSTAPLE117
Update opa/opa.go
ac3257f 
Co-authored-by: Alexis-Maurer Fortin <[email protected]>
Signed-off-by: Sébastien Graveline <[email protected]>
@Talgarr Talgarr requested a review from SUSTAPLE117 April 18, 2025 19:09
@fproulx-boostsecurity fproulx-boostsecurity merged commit 3185069 into boostsecurityio:main Apr 18, 2025
6 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Apr 18, 2025
Merged
Talgarr added a commit to Talgarr/poutine that referenced this pull request Apr 24, 2025
@Talgarr @SUSTAPLE117
Optimize skip rule (boostsecurityio#287)
1cf7519 
Refactoring

Do not compile rules that are going to be filtered by the config

Move HasOnlyRule to valid place

Add cli

* Update cli message

Signed-off-by: Sébastien Graveline <[email protected]>

* Update opa/opa.go

Co-authored-by: Alexis-Maurer Fortin <[email protected]>
Signed-off-by: Sébastien Graveline <[email protected]>

---------

Signed-off-by: Sébastien Graveline <[email protected]>
Co-authored-by: Alexis-Maurer Fortin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fproulx-boostsecurity fproulx-boostsecurity fproulx-boostsecurity approved these changes

@SUSTAPLE117 SUSTAPLE117 Awaiting requested review from SUSTAPLE117

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Talgarr @SUSTAPLE117 @fproulx-boostsecurity