def get_safety_ignore

def get_safety_ignore_dict()

in src/utils.py [0:0]
44 lines of code
15 McCabe index (conditional complexity)

def get_safety_ignore_dict(image_uri, framework, python_version, job_type):
    """
    Get a dict of known safety check issue IDs to ignore, if specified in file ../data/ignore_ids_safety_scan.json.

    :param image_uri: str, consists of f"{image_repo}:{image_tag}"
    :param framework: str, framework like tensorflow, mxnet etc.
    :param python_version: str, py2 or py3
    :param job_type: str, type of training job. Can be "training"/"inference"
    :return: dict, key is the ignored vulnerability id and value is the reason to ignore it
    """
    if job_type == "inference":
        job_type = (
            "inference-eia"
            if "eia" in image_uri
            else "inference-neuronx"
            if "neuronx" in image_uri
            else "inference-neuron"
            if "neuron" in image_uri
            else "inference"
        )

    if job_type == "training":
        job_type = (
            "training-neuronx"
            if "neuronx" in image_uri
            else "training-neuron"
            if "neuron" in image_uri
            else "training"
        )

    if "habana" in image_uri:
        framework = f"habana_{framework}"

    if "graviton" in image_uri:
        framework = f"graviton_{framework}"

    if "arm64" in image_uri:
        framework = f"arm64_{framework}"

    ignore_data_file = os.path.join(
        os.sep, get_cloned_folder_path(), "data", "ignore_ids_safety_scan.json"
    )

    with open(ignore_data_file) as f:
        ignore_safety_ids = json.load(f)
    ignore_dict = ignore_safety_ids.get(framework, {}).get(job_type, {}).get(python_version, {})

    ## Find common vulnerabilites and add it to the ignore dict
    common_ignore_list_file = os.path.join(
        os.sep, get_cloned_folder_path(), "data", "common-safety-ignorelist.json"
    )
    with open(common_ignore_list_file) as f:
        common_ids_to_ignore = json.load(f)
    for common_id, reason in common_ids_to_ignore.items():
        if common_id not in ignore_dict:
            ignore_dict[common_id] = reason

    # While retrieving the allowlist for the image, we update the central allowlist data present in the data folder
    # with the image specific allowlist data corresponding to the image being scanned.
    ignore_dict_from_image_specific_allowlist = (
        get_safety_ignore_dict_from_image_specific_safety_allowlists(image_uri)
    )
    ignore_dict.update(ignore_dict_from_image_specific_allowlist)
    return ignore_dict