From 28db26318370302f396e5ebcb4de83f0db3958f4 Mon Sep 17 00:00:00 2001
From: Ori Bendet <oribendet@Oris-MacBook-Pro.local>
Date: Sat, 28 Feb 2026 17:58:27 -0500
Subject: [PATCH] fix(engine): allow excluding OpenAPI queries by their
 override (version-specific) IDs

OpenAPI queries define version-specific variants via an "override" field in
metadata.json (e.g. a Swagger 2.0 variant of an OpenAPI 3.0 query). These
variants have their own IDs which are reported in scan results, but
checkQueryExclude only checked the primary metadata "id", so passing an
override ID to --exclude-queries had no effect.

Extend checkQueryExclude to also iterate the "override" map and check each
variant's "id" against the ByIDs exclusion list.

Fixes #7574

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 pkg/engine/source/filesystem.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkg/engine/source/filesystem.go b/pkg/engine/source/filesystem.go
index c2304077894..16d9b5b36ce 100644
--- a/pkg/engine/source/filesystem.go
+++ b/pkg/engine/source/filesystem.go
@@ -238,8 +238,22 @@ func checkQueryExcludeField(id interface{}, excludeQueries []string) bool {
 }
 
 func checkQueryExclude(metadata map[string]interface{}, queryParameters *QueryInspectorParameters) bool {
-	return checkQueryExcludeField(metadata["id"], queryParameters.ExcludeQueries.ByIDs) ||
-		checkQueryExcludeField(metadata["category"], queryParameters.ExcludeQueries.ByCategories) ||
+	if checkQueryExcludeField(metadata["id"], queryParameters.ExcludeQueries.ByIDs) {
+		return true
+	}
+
+	// Also check override IDs (e.g. OpenAPI queries with version-specific variants like Swagger 2.0)
+	if override, ok := metadata["override"].(map[string]interface{}); ok {
+		for _, overrideData := range override {
+			if overrideObj, ok := overrideData.(map[string]interface{}); ok {
+				if checkQueryExcludeField(overrideObj["id"], queryParameters.ExcludeQueries.ByIDs) {
+					return true
+				}
+			}
+		}
+	}
+
+	return checkQueryExcludeField(metadata["category"], queryParameters.ExcludeQueries.ByCategories) ||
 		checkQueryExcludeField(metadata["severity"], queryParameters.ExcludeQueries.BySeverities) ||
 		(!queryParameters.BomQueries && metadata["severity"] == model.SeverityTrace)
 }