Make email receivers optional (#442)

jfrog · Aug 16, 2023 · 538c662 · 538c662
1 parent 6893511
commit 538c662
Show file tree

Hide file tree

Showing 25 changed files with 296 additions and 835 deletions.
diff --git a/commands/utils/email.go b/commands/utils/email.go
@@ -6,14 +6,13 @@ import (
 	"github.com/jfrog/frogbot/commands/utils/outputwriter"
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/froggit-go/vcsutils"
-	"github.com/jfrog/gofrog/datastructures"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/formats"
 	"github.com/jordan-wright/email"
 	"net/smtp"
 	"strings"
 )
 
-var excludedEmailAddresses = []string{"no-reply", "no_reply", "noreply", "no.reply", "frogbot"}
+var blacklistedEmailAddresses = []string{"no-reply", "no_reply", "noreply", "no.reply", "frogbot"}
 
 type SecretsEmailDetails struct {
 	gitClient       vcsclient.VcsClient
@@ -98,20 +97,28 @@ func getRelevantEmailReceivers(client vcsclient.VcsClient, repoOwner, repoName,
 }
 
 func getEmailReceiversFromCommits(commits []vcsclient.CommitInfo, preConfiguredEmailReceivers []string) ([]string, error) {
-	emailReceivers := datastructures.MakeSet[string]()
+	emailReceivers := []string{}
 	for _, commit := range commits {
-		if shouldExcludeEmailAddress(commit.AuthorEmail, excludedEmailAddresses) || shouldExcludeEmailAddress(commit.AuthorEmail, preConfiguredEmailReceivers) {
+		if shouldExcludeEmailAddress(commit.AuthorEmail, preConfiguredEmailReceivers) {
 			continue
 		}
-		emailReceivers.Add(commit.AuthorEmail)
+		emailReceivers = append(emailReceivers, commit.AuthorEmail)
 	}
 
-	return emailReceivers.ToSlice(), nil
+	return emailReceivers, nil
 }
 
-func shouldExcludeEmailAddress(emailAddress string, excludes []string) bool {
-	for _, excludedEmailAddress := range excludes {
-		if strings.Contains(emailAddress, excludedEmailAddress) {
+func shouldExcludeEmailAddress(emailAddress string, preConfiguredEmailReceivers []string) bool {
+	if emailAddress == "" {
+		return true
+	}
+	for _, blackListedEmail := range blacklistedEmailAddresses {
+		if strings.Contains(emailAddress, blackListedEmail) {
+			return true
+		}
+	}
+	for _, preConfiguredEmailAddress := range preConfiguredEmailReceivers {
+		if emailAddress == preConfiguredEmailAddress {
 			return true
 		}
 	}

diff --git a/commands/utils/email_test.go b/commands/utils/email_test.go
@@ -52,6 +52,7 @@ func TestGetEmailReceiversFromCommits(t *testing.T) {
 		{AuthorEmail: "test3@jfrog.noreply.com"},
 		{AuthorEmail: "test3@jfrog.no-reply.com"},
 		{AuthorEmail: "test3@jfrog.frogbot.com"},
+		{AuthorEmail: ""},
 	}
 	preConfiguredEmailReceivers := []string{"receiver1@jfrog.com", "receiver2@jfrog.com"}
 	finalEmailReceiversList, err := getEmailReceiversFromCommits(commits, preConfiguredEmailReceivers)

diff --git a/commands/utils/params.go b/commands/utils/params.go
@@ -145,8 +145,9 @@ func (s *Scan) SetEmailDetails() error {
 		return fmt.Errorf("failed while setting your email details. SMTP password is expected, but the %s environment variable is empty", SmtpPasswordEnv)
 	}
 	if len(s.EmailReceivers) == 0 {
-		emailReceivers := getTrimmedEnv(EmailReceiversEnv)
-		s.EmailReceivers = strings.Split(emailReceivers, ",")
+		if emailReceiversEnv := getTrimmedEnv(EmailReceiversEnv); emailReceiversEnv != "" {
+			s.EmailReceivers = strings.Split(emailReceiversEnv, ",")
+		}
 	}
 	return nil
 }

diff --git a/docs/install-azure-pipelines.md b/docs/install-azure-pipelines.md
@@ -198,9 +198,10 @@ To install Frogbot on Azure Repos repositories, follow these steps.
             # Set the email of the commit author
             # JF_GIT_EMAIL_AUTHOR: ""
 
-            # [Mandatory if JF_SMTP_SERVER is set]
-            # List of email addresses to receive emails about secrets that has been detected in a pull request scan.
-            # The list should be seperated by commas.
+            # [Optional]
+            # List of comma separated email addresses to receive email notifications about secrets
+            # detected during pull request scanning. The notification is also sent to the email set
+            # in the committer git profile regardless of whether this variable is set or not.
             # JF_EMAIL_RECEIVERS: ""
 
          displayName: 'Download and Run Frogbot'   

diff --git a/docs/install-bitbucket-server.md b/docs/install-bitbucket-server.md
diff --git a/docs/install-github.md b/docs/install-github.md
@@ -27,7 +27,7 @@ Push the workflow files to the `.github/workflows` directory at the root of your
 
 > **IMPORTANT**: The workflow files must be pushed to the target branch before Frogbot is triggered. This means that if, for example, a pull request includes the workflow files and the target branch doesn't, Frogbot will fail to run.
 
-### 🔎Scan pull requests
+### 🔎 Scan pull requests
 
 Create a file named `frogbot-scan-pull-request.yml` with the content of the following template.
 This will allow Frogbot to scan pull requests for security issues when the pull requests are open, and before they are merged.
@@ -91,6 +91,19 @@ jobs:
           #       Uncheck the 'Store Artifacts Locally' option
           # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
           # JF_RELEASES_REPO: ""
+
+          # [Optional]
+          # Configure the SMTP server to enable Frogbot to send emails with detected secrets in pull request scans.
+          # SMTP server URL including should the relevant port: (Example: smtp.server.com:8080)
+          # JF_SMTP_SERVER: ""
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The username required for authenticating with the SMTP server.
+          # JF_SMTP_USER: ""
+
+          # [Mandatory if JF_SMTP_SERVER is set]
+          # The password associated with the username required for authentication with the SMTP server.
+          # JF_SMTP_PASSWORD: ""
 
           ##########################################################################
           ##   If your project uses a 'frogbot-config.yml' file, you can define   ##
@@ -143,11 +156,18 @@ jobs:
           # Set the minimum severity for vulnerabilities that should be fixed and commented on in pull requests
           # The following values are accepted: Low, Medium, High or Critical
           # JF_MIN_SEVERITY: ""
+
+          # [Optional]
+          # List of comma separated email addresses to receive email notifications about secrets
+          # detected during pull request scanning. The notification is also sent to the email set
+          # in the committer git profile regardless of whether this variable is set or not.
+          # JF_EMAIL_RECEIVERS: ""
+
 ```
 
 </details>
 
-### 🛠️Scanning repository branches and fixing issues
+### 🛠️ Scanning repository branches and fixing issues
 
 Create a file named `frogbot-scan-and-fix.yml` with the content of the following template.
 This will make Frogbot open pull requests with fixes for security vulnerabilities found in the GitHub repository.

diff --git a/docs/install-gitlab.md b/docs/install-gitlab.md
@@ -162,9 +162,10 @@ frogbot-scan:
     # Set the email of the commit author
     # JF_GIT_EMAIL_AUTHOR: ""
 
-    # [Mandatory if JF_SMTP_SERVER is set]
-    # List of email addresses to receive emails about secrets that has been detected in a pull request scan.
-    # The list should be seperated by commas.
+    # [Optional]
+    # List of comma separated email addresses to receive email notifications about secrets
+    # detected during pull request scanning. The notification is also sent to the email set
+    # in the committer git profile regardless of whether this variable is set or not.
     # JF_EMAIL_RECEIVERS: ""
 
   script:

diff --git a/docs/templates/github-actions/frogbot-scan-pull-request.yml b/docs/templates/github-actions/frogbot-scan-pull-request.yml
diff --git a/docs/templates/github-actions/frogbot-scan-repository.yml b/docs/templates/github-actions/frogbot-scan-repository.yml