Ignoring multiple vulnerabilities does not work as documented
Opened this issue · 1 comments
- safety version: 2.3.5
- Python version: 3.10
- Operating System: macOS Venture 13.5
Description
README states that ignoring multiple vulnerabilities can be done with
safety check -i 1234,4567,89101
This doesn't seem to work: none of the configured IDs are ignored.
What I Did
If I run a safety check on two insecure packages, I get the expected result:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin
...
Scan was completed. 2 vulnerabilities were found.
We can configure one ignore without issue: it will be ignored by the scan:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758
Scan was completed. 1 vulnerability was found. 1 vulnerability from 1 package was ignored.
Setting the ignores separately (the backward compatibility way) works as expected:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758 -i 58713
Scan was completed. 0 vulnerabilities were found. 2 vulnerabilities from 2 packages were ignored.
However, if we try to add the second package to the ignore list in the documented way, neither of them get ignored:
echo -e "insecure-package==0.1\nstarlette==0.26.1" | safety check --stdin -i 58758,58713
Scan was completed. 2 vulnerabilities were found.
In safety.check(), ignore_vulns becomes {'58758,58713': {'expires': None, 'reason': ''}}, so vulnerability.vulnerability_id not in ignore_vulns will return True for each of the ignored vulnerabilities and both will get added to the report.