Merge pull request #8257 from maddieclayton/suppressions

Add suppressions file for Policheck

Author: MiYanni

Diff for: tools/CheckPoliCheck.ps1

@@ -10,8 +10,18 @@ param(
 
 & "$CIToolsPath\tools\PoliCheck\PoliCheck5.8.1\PoliCheck.exe" /F:"$PSScriptRoot\..\artifacts" /T:"9" /O:"$PSScriptRoot\..\artifacts\PoliCheck-Scan.xml"
 
-$poliCheckReport = Get-Content $PSScriptRoot\..\artifacts\PoliCheck-Scan.xml
-if ($poliCheckReport -like "*Severity=`"1`"*")
-{
-    throw "PoliCheck failed with a Severity 1 issue, please check the report at in artifacts/PoliCheck-Scan.html"
+[xml]$poliCheckReport = Get-Content $PSScriptRoot\..\artifacts\PoliCheck-Scan.xml
+
+$hits = $poliCheckReport.PLCKRR.Result.Object | Where-Object { $_.Severity -eq 1 }
+
+$suppressions = Get-Content -Raw $PSScriptRoot/PolicheckSuppressions.json | ConvertFrom-Json
+
+$hits | ForEach-Object {
+    $relativePath = ($_.URL -split "artifacts")[1]
+    $fileName = "artifacts" + $relativePath
+    $TermId = $_.TermId
+    if ($suppressions.$fileName -ne $TermId)
+    {
+        throw "PoliCheck failed with a Severity 1 issue, please check the report at in artifacts/PoliCheck-Scan.html"
+    }
 }

Diff for: tools/PolicheckSuppressions.json

@@ -0,0 +1,3 @@
+{
+    "artifact\\ExampleFile1.dll": "TermId"
+}