From 32170adf600a88cf617882287b9fa1c659ff25ad Mon Sep 17 00:00:00 2001 From: Eran Turgeman <81029514+eranturgeman@users.noreply.github.com> Date: Sun, 15 Sep 2024 23:48:42 +0300 Subject: [PATCH] Add technology to audit params if provided by user through 'install' command (#749) --- go.mod | 2 +- go.sum | 4 ++-- utils/params.go | 17 +++++++++++++++++ utils/scandetails.go | 3 ++- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 4ce633aa9..1e825f84d 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security dev +replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index a30dea61f..f109d7bdc 100644 --- a/go.sum +++ b/go.sum @@ -901,8 +901,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8= github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0= -github.com/jfrog/jfrog-cli-security v1.8.1 h1:VdU3pnI5iufqw1ctcvej7N6ao9dx4ADhwQIPETmtkYg= -github.com/jfrog/jfrog-cli-security v1.8.1/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= +github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e h1:ez781jDFeMr1/odsF21AcvPDtrypflNQhddP4OnzXio= +github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/jfrog/jfrog-client-go v1.46.2 h1:1rk7PliYGc7zVSFVE2/RO77JOR1KdEtr28os8GQiLyI= github.com/jfrog/jfrog-client-go v1.46.2/go.mod h1:qtQ9ML8xrRJmUwU/t6QRsov7C5mIZndTDY3qulgB5hA= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= diff --git a/utils/params.go b/utils/params.go index 689b9edca..8e5295731 100644 --- a/utils/params.go +++ b/utils/params.go @@ -4,8 +4,10 @@ import ( "context" "errors" "fmt" + "github.com/jfrog/jfrog-cli-security/utils/techutils" "github.com/jfrog/jfrog-cli-security/utils/xsc" "github.com/jfrog/jfrog-client-go/xsc/services" + "golang.org/x/exp/slices" "net/http" "net/url" "os" @@ -129,6 +131,21 @@ func (p *Project) setDefaultsIfNeeded() error { return nil } +func (p *Project) GetTechFromInstallCmdIfExists() []string { + var technologies []string + if p.InstallCommandName != "" { + if !slices.Contains(techutils.AllTechnologiesStrings, p.InstallCommandName) { + log.Warn(fmt.Sprintf("The technology ā€˜%sā€™ was inferred from the provided install command but is not listed among the supported technologies. Please provide an install command for one of the following supported technologies: %s", p.InstallCommandName, techutils.AllTechnologiesStrings)) + return technologies + } + technologies = append(technologies, p.InstallCommandName) + if strings.ToLower(p.InstallCommandName) == "dotnet" { + technologies = append(technologies, "nuget") + } + } + return technologies +} + type Scan struct { IncludeAllVulnerabilities bool `yaml:"includeAllVulnerabilities,omitempty"` FixableOnly bool `yaml:"fixableOnly,omitempty"` diff --git a/utils/scandetails.go b/utils/scandetails.go index d1a1f11f2..182af3a2b 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -153,7 +153,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetIgnoreConfigFile(true). SetServerDetails(sc.ServerDetails). SetInstallCommandName(sc.InstallCommandName). - SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true) + SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true). + SetTechnologies(sc.GetTechFromInstallCmdIfExists()) auditParams := audit.NewAuditParams(). SetWorkingDirs(workDirs).