Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adjustments in audit params #692

Merged
merged 32 commits into from
Jun 18, 2024
Merged

adjustments in audit params #692

Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
7451037
adjustments in audit params
orz25 May 5, 2024
a3e620c
Merge remote-tracking branch 'upstream/dev' into adjusments-in-audit-…
orz25 Jun 8, 2024
fbe6c7b
run go mod tidy
orz25 Jun 10, 2024
4a35ce9
change cli-core version
orz25 Jun 10, 2024
6f27420
add graph scan common params
orz25 Jun 13, 2024
00b7304
updating go.mod
orz25 Jun 13, 2024
da83c01
updating go.mod
orz25 Jun 15, 2024
6b3de54
updating go.mod
orz25 Jun 15, 2024
1ae3090
Merge remote-tracking branch 'upstream/dev' into adjusments-in-audit-…
orz25 Jun 15, 2024
d21bdb0
Merge remote-tracking branch 'upstream/dev' into adjusments-in-audit-…
orz25 Jun 15, 2024
e1513e1
update go.mod
orz25 Jun 15, 2024
a5c97d2
update go.mod
orz25 Jun 15, 2024
411253d
update go.mod
orz25 Jun 15, 2024
c657ea3
update go.mod
orz25 Jun 15, 2024
dff35d5
update go.mod
orz25 Jun 15, 2024
e7d806c
add set threads
orz25 Jun 15, 2024
62f14a1
create auditParallelRunner in RunInstallAndAudit func
orz25 Jun 16, 2024
12d9c74
update go.mod
orz25 Jun 16, 2024
b19017b
update go.mod
orz25 Jun 16, 2024
a3606ba
update go.mod
orz25 Jun 16, 2024
bf3ddab
update go.mod
orz25 Jun 16, 2024
29bd674
create parallel runner before RunInstallAndAudit
orz25 Jun 16, 2024
e14f21f
remove mutex in RunInstallAndAudit
orz25 Jun 16, 2024
295627b
bring back mutex in RunInstallAndAudit
orz25 Jun 16, 2024
9bc11e9
remove mutex in RunInstallAndAudit
orz25 Jun 16, 2024
8a4af0b
remove mutex in RunInstallAndAudit
orz25 Jun 16, 2024
88c39b2
update go.mod
orz25 Jun 16, 2024
04410db
update go.mod
orz25 Jun 16, 2024
f5c3d70
update go.mod
orz25 Jun 16, 2024
1421332
bring back bitbucket_server_run.sh
orz25 Jun 16, 2024
2a7eff5
Merge remote-tracking branch 'upstream/dev' into adjusments-in-audit-…
orz25 Jun 18, 2024
16aaf15
update go.mod to cli-security dev
orz25 Jun 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
)

// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev
replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb

// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev

Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -900,8 +900,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL
github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
github.com/jfrog/jfrog-cli-core/v2 v2.53.1 h1:odwPJlrUVw7yKIYctVIn7/8YW/Ynwq4vvsmrXOzAAa8=
github.com/jfrog/jfrog-cli-core/v2 v2.53.1/go.mod h1:4iTSevmlThM1Aw5NAY4WyVxim5US4SkrmxHSHFimaqk=
github.com/jfrog/jfrog-cli-security v1.3.0 h1:NJxWAj+9v1hJINQtRGlficTmWqXYGghdjEHSy4NE8EY=
github.com/jfrog/jfrog-cli-security v1.3.0/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8=
github.com/jfrog/jfrog-client-go v1.41.0 h1:g5OTFvreOVQ6U/5LUXFJfA3Bc+AZCo2PO/EzCLxLbLE=
github.com/jfrog/jfrog-client-go v1.41.0/go.mod h1:AN+/mT2DIBE4oRZicJojqND2BEKLfA7f73i5rT3Lfcc=
github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
Expand Down Expand Up @@ -977,6 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l
github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb h1:3ozchQPB1uKGni1EGibLqw7PMHbKF0GprbbOlwBtaUs=
github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8=
github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U=
github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY=
github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=
Expand Down
26 changes: 13 additions & 13 deletions scanpullrequest/scanpullrequest_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,8 @@ func TestCreateVulnerabilitiesRows(t *testing.T) {

// Run createNewIssuesRows and make sure that only the XRAY-2 violation exists in the results
securityViolationsRows, licenseViolations, err := createNewVulnerabilitiesRows(
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
nil,
)
assert.NoError(t, err)
Expand Down Expand Up @@ -168,8 +168,8 @@ func TestCreateVulnerabilitiesRowsCaseNoPrevViolations(t *testing.T) {

// Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 violation in the results
vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
[]string{},
)
assert.NoError(t, err)
Expand Down Expand Up @@ -213,8 +213,8 @@ func TestGetNewViolationsCaseNoNewViolations(t *testing.T) {

// Run createNewIssuesRows and expect no violations in the results
securityViolations, licenseViolations, err := createNewVulnerabilitiesRows(
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
[]string{"MIT"},
)
assert.NoError(t, err)
Expand Down Expand Up @@ -285,14 +285,14 @@ func TestGetNewVulnerabilities(t *testing.T) {
// Run createNewIssuesRows and make sure that only the XRAY-2 vulnerability exists in the results
vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
&xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}},
ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}},
ExtendedScanResults: &xrayutils.ExtendedScanResults{
EntitledForJas: true,
ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))},
},
},
&xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}},
ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}},
ExtendedScanResults: &xrayutils.ExtendedScanResults{
EntitledForJas: true,
ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))},
Expand Down Expand Up @@ -355,8 +355,8 @@ func TestGetNewVulnerabilitiesCaseNoPrevVulnerabilities(t *testing.T) {

// Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 vulnerability in the results
vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
nil,
)
assert.NoError(t, err)
Expand Down Expand Up @@ -391,8 +391,8 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) {

// Run createNewIssuesRows and expect no vulnerability in the results
vulnerabilities, licenses, err := createNewVulnerabilitiesRows(
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
&xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}},
nil,
)
assert.NoError(t, err)
Expand All @@ -403,7 +403,7 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) {
func TestGetAllIssues(t *testing.T) {
allowedLicenses := []string{"MIT"}
auditResults := &xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{{
ScaResults: []*xrayutils.ScaScanResult{{
XrayResults: []services.ScanResponse{{
Vulnerabilities: []services.Vulnerability{
{Cves: []services.Cve{{Id: "CVE-2022-2122"}}, Severity: "High", Components: map[string]services.Component{"Dep-1": {FixedVersions: []string{"1.2.3"}}}},
Expand Down
5 changes: 2 additions & 3 deletions scanrepository/scanrepository_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -441,15 +441,14 @@ func TestCreateVulnerabilitiesMap(t *testing.T) {
{
name: "Scan results with no violations and vulnerabilities",
scanResults: &xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{},
ExtendedScanResults: &xrayutils.ExtendedScanResults{},
},
expectedMap: map[string]*utils.VulnerabilityDetails{},
},
{
name: "Scan results with vulnerabilities and no violations",
scanResults: &xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{{
ScaResults: []*xrayutils.ScaScanResult{{
XrayResults: []services.ScanResponse{
{
Vulnerabilities: []services.Vulnerability{
Expand Down Expand Up @@ -500,7 +499,7 @@ func TestCreateVulnerabilitiesMap(t *testing.T) {
{
name: "Scan results with violations and no vulnerabilities",
scanResults: &xrayutils.Results{
ScaResults: []xrayutils.ScaScanResult{{
ScaResults: []*xrayutils.ScaScanResult{{
XrayResults: []services.ScanResponse{
{
Violations: []services.Violation{
Expand Down
31 changes: 27 additions & 4 deletions utils/scandetails.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,13 @@ import (
"fmt"
"github.com/jfrog/froggit-go/vcsclient"
"github.com/jfrog/jfrog-cli-core/v2/utils/config"
"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
"github.com/jfrog/jfrog-cli-security/commands/audit"
"github.com/jfrog/jfrog-cli-security/scangraph"
xrayutils "github.com/jfrog/jfrog-cli-security/utils"
"github.com/jfrog/jfrog-client-go/utils/log"
"github.com/jfrog/jfrog-client-go/xray/services"
"os"
"path/filepath"
)

Expand Down Expand Up @@ -89,6 +92,26 @@ func (sc *ScanDetails) SetRepoName(repoName string) *ScanDetails {
return sc
}

func (sc *ScanDetails) CreateCommonGraphScanParams() *scangraph.CommonGraphScanParams {
commonParams := &scangraph.CommonGraphScanParams{
RepoPath: sc.RepoPath,
Watches: sc.Watches,
ScanType: sc.ScanType,
}
if sc.ProjectKey == "" {
commonParams.ProjectKey = os.Getenv(coreutils.Project)
} else {
commonParams.ProjectKey = sc.ProjectKey
}
commonParams.IncludeVulnerabilities = sc.IncludeVulnerabilities
commonParams.IncludeLicenses = sc.IncludeLicenses
commonParams.MultiScanId = sc.MultiScanId
if commonParams.MultiScanId != "" {
commonParams.XscVersion = sc.XscVersion
}
return commonParams
}

func createXrayScanParams(watches []string, project string, includeLicenses bool) (params *services.XrayGraphScanParams) {
params = &services.XrayGraphScanParams{
ScanType: services.Dependency,
Expand Down Expand Up @@ -117,17 +140,17 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra
SetInstallCommandArgs(sc.InstallCommandArgs)

auditParams := audit.NewAuditParams().
SetXrayGraphScanParams(sc.XrayGraphScanParams).
SetWorkingDirs(workDirs).
SetMinSeverityFilter(sc.MinSeverityFilter()).
SetFixableOnly(sc.FixableOnly()).
SetGraphBasicParams(auditBasicParams)

SetGraphBasicParams(auditBasicParams).
SetCommonGraphScanParams(sc.CreateCommonGraphScanParams())
auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan)

auditResults, err = audit.RunAudit(auditParams)

if auditResults != nil {
err = errors.Join(err, auditResults.ScaError, auditResults.JasError)
err = errors.Join(err, auditResults.ScansErr)
}
return
}
Expand Down
Loading