issue filtering not working correctly #1832
Description
Hi there,
We are currently running action-brakeman against our rails codebase, and sometime in the last couple of days we notice that it has started to report scanner issues outside of the PR diff, despite our configuration.
Our github action config for our rails repository:
on: [pull_request]
jobs:
brakeman:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
- name: brakeman
uses: reviewdog/action-brakeman@v2
Assumed default configuration of action should be filter_mode: added
Here's the action output, showing that filter_mode is set to added:
Run reviewdog/action-brakeman@v2
with:
github_token: ***
tool_name: brakeman
level: error
reporter: github-pr-check
filter_mode: added
fail_on_error: false
workdir: .
skip_install: false
use_bundler: false
Run $GITHUB_ACTION_PATH/script.sh
$GITHUB_ACTION_PATH/script.sh
shell: /usr/bin/sh -e {0}
env:
REVIEWDOG_VERSION: v0.20.0
INPUT_GITHUB_TOKEN: ***
INPUT_BRAKEMAN_VERSION:
INPUT_BRAKEMAN_FLAGS:
INPUT_TOOL_NAME: brakeman
INPUT_LEVEL: error
INPUT_REPORTER: github-pr-check
INPUT_FILTER_MODE: added
INPUT_FAIL_ON_ERROR: false
INPUT_REVIEWDOG_FLAGS:
INPUT_WORKDIR: .
INPUT_SKIP_INSTALL: false
INPUT_USE_BUNDLER: false
And in there we see the results from brakeman returning issues from outside of the diff, the check failing for the PR, and annotations being added in the PR under "Unchanged files with check annotations" in the "Files" tab of the PR.
I note that the brakeman version was bumped to 0.20 recently, anything in there that might have caused this issue we're seeing?