add danger ignore ability

checkov/common/bridgecrew/platform_integration.py

@@ -661,7 +661,7 @@ def commit_repository(self, branch: str) -> str | None:
                 self.s3_setup_failed = True
             except JSONDecodeError:
                 if request:
-                    logging.warning(f"Response (status: {request.status}) of {self.integrations_api_url}: {request.data.decode('utf8')}")  # nosec
+                    logging.warning(f"Response (status: {request.status}) of {self.integrations_api_url}: {request.data.decode('utf8')}")  # danger:ignore - we won't be here if the response contains valid data
                 logging.error(f"Response of {self.integrations_api_url} is not a valid JSON", exc_info=True)
                 self.s3_setup_failed = True
             finally:

dangerfile.ts

@@ -27,6 +27,7 @@ const FIND_CODE_INSIDE_BRACES_OR_AFTER_COMMA = /^.*\{[^}]*code[^}]*\}.*|.*,.*cod
 const FSTRING_PATTERN = /f(["'])(.*?{.*?}.*?)(\1)/;
 const SUPPORTED_EXTENSIONS = ['.py'];
 const EXCLUDED_FILES = ['__init__.py', 'dangerfile.ts'];
+const IGNORE_COMMENT = '# danger:ignore'
 
 function varMayContainData(varString) {
   if (IGNORE_VAR.includes(varString)) return false;
@@ -60,7 +61,7 @@ async function failIfLoggingLineContainsSensitiveData() {
       const removedLinesLength = fileDiff.removed.split('\n');
       const allLines = [...addedLinesLength, ...removedLinesLength];
       for (let line of allLines) {
-        if (FIND_LOGGING_LEVEL_PY.test(line) && FSTRING_PATTERN.test(line) && !line.includes(PY_MASK_STR)) {
+        if (FIND_LOGGING_LEVEL_PY.test(line) && FSTRING_PATTERN.test(line) && !line.includes(PY_MASK_STR) && !line.includes(IGNORE_COMMENT)) {
           if (FIND_CODE_INSIDE_BRACES_OR_AFTER_COMMA.test(line)) {
             const varsInLog = line.match(VAR_IN_LOG) || line.match(VAR_IN_FUNC)?.[1].split(',').slice(1) || [];
             for (const varString of varsInLog) {