From 7451037a4120dafc5cf4a123c7ff21fcefe7e19c Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 5 May 2024 14:07:38 +0300 Subject: [PATCH 01/29] adjustments in audit params --- go.mod | 2 +- go.sum | 4 ++-- scanpullrequest/scanpullrequest_test.go | 26 ++++++++++++------------- scanrepository/scanrepository_test.go | 5 ++--- utils/scandetails.go | 3 +-- 5 files changed, 19 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 0d9aab04d..171c733cb 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240505085837-a571d87a2566 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 559177801..c537e7d59 100644 --- a/go.sum +++ b/go.sum @@ -900,8 +900,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.51.0 h1:nESbCpSTPZx1av0W9tdmWLxKaPSL1SaZinbZGtYNeFI= github.com/jfrog/jfrog-cli-core/v2 v2.51.0/go.mod h1:064wSSHVI3ZIVi/a94yJqzs+ACM+9JK/u9tQ1sfTK6A= -github.com/jfrog/jfrog-cli-security v1.1.0 h1:ifCjFJSa1D1pWyW/ADYPqnMkOddzkAT/WY4vHAufn1g= -github.com/jfrog/jfrog-cli-security v1.1.0/go.mod h1:086t7e/einVAGfBXxRdEGDKovWt67I6SqUb1rcpdiZc= github.com/jfrog/jfrog-client-go v1.40.1 h1:ISSSV7/IUS8R+QCPfH2lVKLburbv2Xn07fvNyDc17rI= github.com/jfrog/jfrog-client-go v1.40.1/go.mod h1:FprEW0Sqhj6ZSFTFk9NCni+ovFAYMA3zCBmNX4hGXgQ= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= @@ -977,6 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/orz25/jfrog-cli-security v0.0.0-20240505085837-a571d87a2566 h1:fje241fp6+HJTUDD2nfx4Lsgf3aU3zJFvv/NaF5bJOM= +github.com/orz25/jfrog-cli-security v0.0.0-20240505085837-a571d87a2566/go.mod h1:eo/0vWDfIpE496LGWi7iQWiNyksTI7MrPhbuA5oHIW4= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.0 h1:wP5yEpI53zr0v5cBmagXzLbHZp9Oylyo3AJDpfLBITs= github.com/owenrumney/go-sarif/v2 v2.3.0/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/scanpullrequest/scanpullrequest_test.go b/scanpullrequest/scanpullrequest_test.go index c5f444042..4f4674a9e 100644 --- a/scanpullrequest/scanpullrequest_test.go +++ b/scanpullrequest/scanpullrequest_test.go @@ -89,8 +89,8 @@ func TestCreateVulnerabilitiesRows(t *testing.T) { // Run createNewIssuesRows and make sure that only the XRAY-2 violation exists in the results securityViolationsRows, licenseViolations, err := createNewVulnerabilitiesRows( - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, nil, ) assert.NoError(t, err) @@ -168,8 +168,8 @@ func TestCreateVulnerabilitiesRowsCaseNoPrevViolations(t *testing.T) { // Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 violation in the results vulnerabilities, licenses, err := createNewVulnerabilitiesRows( - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, []string{}, ) assert.NoError(t, err) @@ -213,8 +213,8 @@ func TestGetNewViolationsCaseNoNewViolations(t *testing.T) { // Run createNewIssuesRows and expect no violations in the results securityViolations, licenseViolations, err := createNewVulnerabilitiesRows( - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, []string{"MIT"}, ) assert.NoError(t, err) @@ -285,14 +285,14 @@ func TestGetNewVulnerabilities(t *testing.T) { // Run createNewIssuesRows and make sure that only the XRAY-2 vulnerability exists in the results vulnerabilities, licenses, err := createNewVulnerabilitiesRows( &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, + ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{ EntitledForJas: true, ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))}, }, }, &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, + ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{ EntitledForJas: true, ApplicabilityScanResults: []*sarif.Run{xrayutils.CreateRunWithDummyResults(xrayutils.CreateResultWithOneLocation("file1", 1, 10, 2, 11, "snippet", "applic_CVE-2023-4321", ""))}, @@ -355,8 +355,8 @@ func TestGetNewVulnerabilitiesCaseNoPrevVulnerabilities(t *testing.T) { // Run createNewIssuesRows and expect both XRAY-1 and XRAY-2 vulnerability in the results vulnerabilities, licenses, err := createNewVulnerabilitiesRows( - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, nil, ) assert.NoError(t, err) @@ -391,8 +391,8 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) { // Run createNewIssuesRows and expect no vulnerability in the results vulnerabilities, licenses, err := createNewVulnerabilitiesRows( - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, - &xrayutils.Results{ScaResults: []xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{previousScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, + &xrayutils.Results{ScaResults: []*xrayutils.ScaScanResult{{XrayResults: []services.ScanResponse{currentScan}}}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}}, nil, ) assert.NoError(t, err) @@ -403,7 +403,7 @@ func TestGetNewVulnerabilitiesCaseNoNewVulnerabilities(t *testing.T) { func TestGetAllIssues(t *testing.T) { allowedLicenses := []string{"MIT"} auditResults := &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{{ + ScaResults: []*xrayutils.ScaScanResult{{ XrayResults: []services.ScanResponse{{ Vulnerabilities: []services.Vulnerability{ {Cves: []services.Cve{{Id: "CVE-2022-2122"}}, Severity: "High", Components: map[string]services.Component{"Dep-1": {FixedVersions: []string{"1.2.3"}}}}, diff --git a/scanrepository/scanrepository_test.go b/scanrepository/scanrepository_test.go index 09290e630..8a405d187 100644 --- a/scanrepository/scanrepository_test.go +++ b/scanrepository/scanrepository_test.go @@ -439,7 +439,6 @@ func TestCreateVulnerabilitiesMap(t *testing.T) { { name: "Scan results with no violations and vulnerabilities", scanResults: &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{}, ExtendedScanResults: &xrayutils.ExtendedScanResults{}, }, expectedMap: map[string]*utils.VulnerabilityDetails{}, @@ -447,7 +446,7 @@ func TestCreateVulnerabilitiesMap(t *testing.T) { { name: "Scan results with vulnerabilities and no violations", scanResults: &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{{ + ScaResults: []*xrayutils.ScaScanResult{{ XrayResults: []services.ScanResponse{ { Vulnerabilities: []services.Vulnerability{ @@ -498,7 +497,7 @@ func TestCreateVulnerabilitiesMap(t *testing.T) { { name: "Scan results with violations and no vulnerabilities", scanResults: &xrayutils.Results{ - ScaResults: []xrayutils.ScaScanResult{{ + ScaResults: []*xrayutils.ScaScanResult{{ XrayResults: []services.ScanResponse{ { Violations: []services.Violation{ diff --git a/utils/scandetails.go b/utils/scandetails.go index cf9f87872..14ae8531e 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -117,7 +117,6 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetInstallCommandArgs(sc.InstallCommandArgs) auditParams := audit.NewAuditParams(). - SetXrayGraphScanParams(sc.XrayGraphScanParams). SetWorkingDirs(workDirs). SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). @@ -127,7 +126,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { - err = errors.Join(err, auditResults.ScaError, auditResults.JasError) + err = errors.Join(err, auditResults.ScansErr) } return } From fbe6c7ba1f0d9cf1246852d326a1db75fb55a8ff Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Mon, 10 Jun 2024 17:12:12 +0300 Subject: [PATCH 02/29] run go mod tidy --- go.mod | 8 ++++---- go.sum | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 325319802..a972ccd76 100644 --- a/go.mod +++ b/go.mod @@ -6,12 +6,12 @@ require ( github.com/go-git/go-git/v5 v5.12.0 github.com/golang/mock v1.6.0 github.com/google/go-github/v45 v45.2.0 - github.com/jfrog/build-info-go v1.9.27 + github.com/jfrog/build-info-go v1.9.29 github.com/jfrog/froggit-go v1.15.0 github.com/jfrog/gofrog v1.7.2 - github.com/jfrog/jfrog-cli-core/v2 v2.53.0 + github.com/jfrog/jfrog-cli-core/v2 v2.53.1 github.com/jfrog/jfrog-cli-security v1.1.0 - github.com/jfrog/jfrog-client-go v1.40.2 + github.com/jfrog/jfrog-client-go v1.41.0 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible github.com/owenrumney/go-sarif/v2 v2.3.1 github.com/stretchr/testify v1.9.0 @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240608054757-afa30109c979 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52 replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240603153234-c15cde9842c7 diff --git a/go.sum b/go.sum index 234cc2788..32dd0991d 100644 --- a/go.sum +++ b/go.sum @@ -890,8 +890,8 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.0 h1:OVZ50vudkIQmKMgA8mmFF9S0gA47lcag22N13iV3F1w= github.com/jfrog/archiver/v3 v3.6.0/go.mod h1:fCAof46C3rAXgZurS8kNRNdSVMKBbZs+bNNhPYxLldI= -github.com/jfrog/build-info-go v1.9.27 h1:7RWJcajqtNNbGHuYkgOLUIG7mmRKF0yxC7mvYAbdVlU= -github.com/jfrog/build-info-go v1.9.27/go.mod h1:8T7/ajM9aGshvgpwCtXwIFpyF/R6CEn4W+/FLryNXWw= +github.com/jfrog/build-info-go v1.9.29 h1:3vJ+kbk9PpU6wjisXi9c4qISNpYkISh/NmB5mq1ZlSY= +github.com/jfrog/build-info-go v1.9.29/go.mod h1:AzFJlN/yKfKuKcSBaGy5nNmKN1xzx6+XcRWAswCTLTA= github.com/jfrog/froggit-go v1.15.0 h1:P9pWpLxucoL97FmSKW0UFbPDaRox72uqQ0XiNtbqlqQ= github.com/jfrog/froggit-go v1.15.0/go.mod h1:TEJSzgiV+3D/GVGE8Y6j46ut1jrBLD1FL6WdMdKwwCE= github.com/jfrog/gofrog v1.7.2 h1:VkAaA/9tmbw27IqgUOmaZWnO6ATUqL3vRzDnsROKATw= @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240608054757-afa30109c979 h1:B6eam+McsKTEI/ArSwi8ZgOCaYakd2Ms2f/7kU3bCPQ= -github.com/orz25/jfrog-cli-security v0.0.0-20240608054757-afa30109c979/go.mod h1:pUaWq40iEAzNG2Erd1USmcyK6NLteGu75qBGLz1Abb4= +github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52 h1:BFz+UdaqF+D9pxXMp0RUU2FNykfA7bPxsomSISHv+kE= +github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From 4a35ce9acfd16d4e044509de950b2d5c97b203b7 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Mon, 10 Jun 2024 17:21:22 +0300 Subject: [PATCH 03/29] change cli-core version --- go.mod | 4 ++-- go.sum | 8 ++++---- packagehandlers/gopackagehandler.go | 3 ++- packagehandlers/pythonpackagehandler.go | 3 +-- scanpullrequest/scanpullrequest_test.go | 7 +++---- scanrepository/scanrepository_test.go | 20 ++++++++++---------- 6 files changed, 22 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index a972ccd76..4538059d9 100644 --- a/go.mod +++ b/go.mod @@ -121,10 +121,10 @@ require ( replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52 -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240603153234-c15cde9842c7 +//replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev -replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20240530101935-539b5837ce04 +//replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev // replace github.com/jfrog/froggit-go => github.com/jfrog/froggit-go dev diff --git a/go.sum b/go.sum index 32dd0991d..d9da340b0 100644 --- a/go.sum +++ b/go.sum @@ -898,10 +898,10 @@ github.com/jfrog/gofrog v1.7.2 h1:VkAaA/9tmbw27IqgUOmaZWnO6ATUqL3vRzDnsROKATw= github.com/jfrog/gofrog v1.7.2/go.mod h1:WJFk88SR9Sr9mKl1bQBig7DmSdXiBGKV3WhL9O6jL9w= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240603153234-c15cde9842c7 h1:pWVjLJ4kwm9jn0hEPWABtQTXT77phbvLGR7icTNvtOk= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240603153234-c15cde9842c7/go.mod h1:ckNDje4Ydeo7DPS4kiripqSZ7xF7mVE5Gca3uJ5vTik= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240530101935-539b5837ce04 h1:ERLE/L7YPr6aCUTeAnE8SXU5VOZHd5/XK16rM1TEpts= -github.com/jfrog/jfrog-client-go v1.28.1-0.20240530101935-539b5837ce04/go.mod h1:37RR4pYgXZM4w7tywyfRu8t2wagt0qf5wBtpDILWBsk= +github.com/jfrog/jfrog-cli-core/v2 v2.53.1 h1:odwPJlrUVw7yKIYctVIn7/8YW/Ynwq4vvsmrXOzAAa8= +github.com/jfrog/jfrog-cli-core/v2 v2.53.1/go.mod h1:4iTSevmlThM1Aw5NAY4WyVxim5US4SkrmxHSHFimaqk= +github.com/jfrog/jfrog-client-go v1.41.0 h1:g5OTFvreOVQ6U/5LUXFJfA3Bc+AZCo2PO/EzCLxLbLE= +github.com/jfrog/jfrog-client-go v1.41.0/go.mod h1:AN+/mT2DIBE4oRZicJojqND2BEKLfA7f73i5rT3Lfcc= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= diff --git a/packagehandlers/gopackagehandler.go b/packagehandlers/gopackagehandler.go index 2dd0bd19b..55954f585 100644 --- a/packagehandlers/gopackagehandler.go +++ b/packagehandlers/gopackagehandler.go @@ -3,6 +3,7 @@ package packagehandlers import ( "github.com/jfrog/frogbot/v2/utils" golangutils "github.com/jfrog/jfrog-cli-core/v2/artifactory/commands/golang" + goutils "github.com/jfrog/jfrog-cli-core/v2/utils/golang" ) type GoPackageHandler struct { @@ -12,7 +13,7 @@ type GoPackageHandler struct { func (golang *GoPackageHandler) UpdateDependency(vulnDetails *utils.VulnerabilityDetails) error { // Configure resolution from an Artifactory server if needed if golang.depsRepo != "" { - if err := golangutils.SetArtifactoryAsResolutionServer(golang.serverDetails, golang.depsRepo); err != nil { + if err := golangutils.SetArtifactoryAsResolutionServer(golang.serverDetails, golang.depsRepo, goutils.GoProxyUrlParams{}); err != nil { return err } } diff --git a/packagehandlers/pythonpackagehandler.go b/packagehandlers/pythonpackagehandler.go index e12fcb987..34c3c1727 100644 --- a/packagehandlers/pythonpackagehandler.go +++ b/packagehandlers/pythonpackagehandler.go @@ -9,7 +9,6 @@ import ( "strings" "github.com/jfrog/frogbot/v2/utils" - "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" "github.com/jfrog/jfrog-cli-security/utils/techutils" ) @@ -58,7 +57,7 @@ func (py *PythonPackageHandler) handlePoetry(vulnDetails *utils.VulnerabilityDet return } // Update Poetry lock file as well - return runPackageMangerCommand(coreutils.Poetry.GetExecCommandName(), coreutils.Poetry.String(), []string{"update"}) + return runPackageMangerCommand(techutils.Poetry.GetExecCommandName(), techutils.Poetry.String(), []string{"update"}) } func (py *PythonPackageHandler) handlePip(vulnDetails *utils.VulnerabilityDetails) (err error) { diff --git a/scanpullrequest/scanpullrequest_test.go b/scanpullrequest/scanpullrequest_test.go index c78c8dc5f..3ae1784b1 100644 --- a/scanpullrequest/scanpullrequest_test.go +++ b/scanpullrequest/scanpullrequest_test.go @@ -19,7 +19,6 @@ import ( "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/froggit-go/vcsutils" coreconfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" "github.com/jfrog/jfrog-cli-security/formats" xrayutils "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/techutils" @@ -232,7 +231,7 @@ func TestGetNewVulnerabilities(t *testing.T) { Severity: "high", Cves: []services.Cve{{Id: "CVE-2023-1234"}}, Components: map[string]services.Component{"component-A": {}, "component-B": {}}, - Technology: coreutils.Maven.String(), + Technology: techutils.Maven.String(), }}, } @@ -245,7 +244,7 @@ func TestGetNewVulnerabilities(t *testing.T) { Severity: "high", Cves: []services.Cve{{Id: "CVE-2023-1234"}}, Components: map[string]services.Component{"component-A": {}, "component-B": {}}, - Technology: coreutils.Maven.String(), + Technology: techutils.Maven.String(), }, { IssueId: "XRAY-2", @@ -253,7 +252,7 @@ func TestGetNewVulnerabilities(t *testing.T) { Severity: "low", Cves: []services.Cve{{Id: "CVE-2023-4321"}}, Components: map[string]services.Component{"component-C": {}, "component-D": {}}, - Technology: coreutils.Yarn.String(), + Technology: techutils.Yarn.String(), }, }, } diff --git a/scanrepository/scanrepository_test.go b/scanrepository/scanrepository_test.go index 93a88bd1d..01359d24e 100644 --- a/scanrepository/scanrepository_test.go +++ b/scanrepository/scanrepository_test.go @@ -35,16 +35,16 @@ var testPackagesData = []struct { commandArgs []string }{ { - packageType: coreutils.Go.String(), + packageType: techutils.Go.String(), }, { - packageType: coreutils.Maven.String(), + packageType: techutils.Maven.String(), }, { - packageType: coreutils.Gradle.String(), + packageType: techutils.Gradle.String(), }, { - packageType: coreutils.Npm.String(), + packageType: techutils.Npm.String(), commandName: "npm", commandArgs: []string{"install"}, }, @@ -59,23 +59,23 @@ var testPackagesData = []struct { commandArgs: []string{"install"}, }, { - packageType: coreutils.Dotnet.String(), + packageType: techutils.Dotnet.String(), commandName: "dotnet", commandArgs: []string{"restore"}, }, { - packageType: coreutils.Nuget.String(), + packageType: techutils.Nuget.String(), commandName: "nuget", commandArgs: []string{"restore"}, }, { - packageType: coreutils.Pip.String(), + packageType: techutils.Pip.String(), }, { - packageType: coreutils.Pipenv.String(), + packageType: techutils.Pipenv.String(), }, { - packageType: coreutils.Poetry.String(), + packageType: techutils.Poetry.String(), }, } @@ -384,7 +384,7 @@ func TestPackageTypeFromScan(t *testing.T) { }() assert.NoError(t, err) assert.NoError(t, biutils.CopyDir(projectPath, tmpDir, true, nil)) - if pkg.packageType == coreutils.Gradle.String() { + if pkg.packageType == techutils.Gradle.String() { assert.NoError(t, os.Chmod(filepath.Join(tmpDir, "gradlew"), 0777)) assert.NoError(t, os.Chmod(filepath.Join(tmpDir, "gradlew.bat"), 0777)) } From 6f274207f2596e224656c2856d31a1c508a36c1a Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Thu, 13 Jun 2024 14:22:19 +0300 Subject: [PATCH 04/29] add graph scan common params --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 26 +++++++++++++++++++++++++- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 4538059d9..badeff0c5 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36 //replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index d9da340b0..588ce3e9b 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52 h1:BFz+UdaqF+D9pxXMp0RUU2FNykfA7bPxsomSISHv+kE= -github.com/orz25/jfrog-cli-security v0.0.0-20240610140149-ce5c1f4d7c52/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36 h1:SWzFzJMxLzKbAhyYmgcM1PetbdNWoYkqIAbdXQW24S4= +github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 14ae8531e..04128b789 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -6,10 +6,13 @@ import ( "fmt" "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" "github.com/jfrog/jfrog-cli-security/commands/audit" + "github.com/jfrog/jfrog-cli-security/scangraph" xrayutils "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/services" + "os" "path/filepath" ) @@ -89,6 +92,26 @@ func (sc *ScanDetails) SetRepoName(repoName string) *ScanDetails { return sc } +func (sc *ScanDetails) CreateCommonGraphScanParams() *scangraph.CommonGraphScanParams { + commonParams := &scangraph.CommonGraphScanParams{ + RepoPath: sc.RepoPath, + Watches: sc.Watches, + ScanType: sc.ScanType, + } + if sc.ProjectKey == "" { + commonParams.ProjectKey = os.Getenv(coreutils.Project) + } else { + commonParams.ProjectKey = sc.ProjectKey + } + commonParams.IncludeVulnerabilities = sc.IncludeVulnerabilities + commonParams.IncludeLicenses = sc.IncludeLicenses + commonParams.MultiScanId = sc.MultiScanId + if commonParams.MultiScanId != "" { + commonParams.XscVersion = sc.XscVersion + } + return commonParams +} + func createXrayScanParams(watches []string, project string, includeLicenses bool) (params *services.XrayGraphScanParams) { params = &services.XrayGraphScanParams{ ScanType: services.Dependency, @@ -120,7 +143,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetWorkingDirs(workDirs). SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). - SetGraphBasicParams(auditBasicParams) + SetGraphBasicParams(auditBasicParams). + SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) From 00b730471020a88bea64337bfe5009a827b3696e Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Thu, 13 Jun 2024 17:40:16 +0300 Subject: [PATCH 05/29] updating go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index badeff0c5..85b70b40e 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3 //replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 588ce3e9b..589b0f2b2 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36 h1:SWzFzJMxLzKbAhyYmgcM1PetbdNWoYkqIAbdXQW24S4= -github.com/orz25/jfrog-cli-security v0.0.0-20240613105035-59ce3b7e8c36/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3 h1:cCYX+ZBvEEWahH2ORLXXN92znK2vky7URcmWhS+0Gy4= +github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From da83c01f80de14fc55fa5d28f88e89bc1376b4dd Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 16:33:05 +0300 Subject: [PATCH 06/29] updating go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 85b70b40e..76a0954a0 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b //replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 589b0f2b2..7eb047271 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3 h1:cCYX+ZBvEEWahH2ORLXXN92znK2vky7URcmWhS+0Gy4= -github.com/orz25/jfrog-cli-security v0.0.0-20240613143222-c5b3cca814a3/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b h1:MxBRkLo/SsJuKbfVAAsRGH43il2/J4/LQVQ0Cd4Uo/8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From 6b3de54f9e18c4e1cd71370c937d8e6aa2a47ecd Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 16:50:43 +0300 Subject: [PATCH 07/29] updating go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 76a0954a0..3d0a54a89 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 //replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 7eb047271..ef8a68cc3 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b h1:MxBRkLo/SsJuKbfVAAsRGH43il2/J4/LQVQ0Cd4Uo/8= -github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 h1:yNgPNXrr1UN9GUE65DbrPklTFCWPesTFyKTfAkxFeuw= +github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From d21bdb020c2db1ab9598d940f5eee55f4fc11be0 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 17:06:47 +0300 Subject: [PATCH 08/29] Merge remote-tracking branch 'upstream/dev' into adjusments-in-audit-command # Conflicts: # go.mod # go.sum --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 41c8068e1..312f5f2cb 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index ef8a68cc3..7eb047271 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 h1:yNgPNXrr1UN9GUE65DbrPklTFCWPesTFyKTfAkxFeuw= -github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b h1:MxBRkLo/SsJuKbfVAAsRGH43il2/J4/LQVQ0Cd4Uo/8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From e1513e1c1426e90b56d2b7c5042c651aa6f2e321 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 17:09:17 +0300 Subject: [PATCH 09/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 312f5f2cb..41c8068e1 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 7eb047271..ef8a68cc3 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b h1:MxBRkLo/SsJuKbfVAAsRGH43il2/J4/LQVQ0Cd4Uo/8= -github.com/orz25/jfrog-cli-security v0.0.0-20240615085522-2986a0d2e24b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 h1:yNgPNXrr1UN9GUE65DbrPklTFCWPesTFyKTfAkxFeuw= +github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From a5c97d26ca5a0033ca1d9fc2b22264a9a6e5b23b Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 17:28:21 +0300 Subject: [PATCH 10/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 41c8068e1..2111e8202 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index ef8a68cc3..b163c5d43 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4 h1:yNgPNXrr1UN9GUE65DbrPklTFCWPesTFyKTfAkxFeuw= -github.com/orz25/jfrog-cli-security v0.0.0-20240615134801-affc60eb43e4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f h1:mD9y4RqR5sd87H2E/Pf2hRGiMTi23tuVBvKyZ9vy8/s= +github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From 411253de07e8d566c7c58a0597529098d7fdc75a Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 18:22:42 +0300 Subject: [PATCH 11/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2111e8202..b6bb965f2 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index b163c5d43..d8ba6ddc3 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f h1:mD9y4RqR5sd87H2E/Pf2hRGiMTi23tuVBvKyZ9vy8/s= -github.com/orz25/jfrog-cli-security v0.0.0-20240615142525-021a5d1b9d7f/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7 h1:8KvvIiw95Xc5t1eVo1t6EMA7NjejU45MXw/6R+1f7II= +github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From c657ea3aa1b819720631d9daa18e31bfb5e34496 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 18:31:36 +0300 Subject: [PATCH 12/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b6bb965f2..ea9f3c815 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index d8ba6ddc3..1bf17c62c 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7 h1:8KvvIiw95Xc5t1eVo1t6EMA7NjejU45MXw/6R+1f7II= -github.com/orz25/jfrog-cli-security v0.0.0-20240615152037-e9787db007f7/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c h1:3A84ylfIF/7Kw2DRMpICDg6Wr5Pd2UQhPFf6l3ATHNY= +github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From dff35d517107ec9fe782e27a528fcf787e7315b1 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 18:50:13 +0300 Subject: [PATCH 13/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ea9f3c815..1fa3f8455 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 1bf17c62c..227fa41d2 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c h1:3A84ylfIF/7Kw2DRMpICDg6Wr5Pd2UQhPFf6l3ATHNY= -github.com/orz25/jfrog-cli-security v0.0.0-20240615152859-4250a6cc174c/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240 h1:aDLn7Zb32UPRxr2zuffZstdwVkVnA/nlV9Tkon2+O7g= +github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From e7d806c9ee9cf8ce0d8cdf152293f7177ad3126b Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sat, 15 Jun 2024 19:07:43 +0300 Subject: [PATCH 14/29] add set threads --- utils/scandetails.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/scandetails.go b/utils/scandetails.go index 04128b789..4e08841af 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -144,7 +144,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). - SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) + SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()). + SetThreads(1) auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) From 62f14a12a6f180fa8825c7ec09df10abb9095918 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 09:51:18 +0300 Subject: [PATCH 15/29] create auditParallelRunner in RunInstallAndAudit func --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 1fa3f8455..e6bf02279 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 227fa41d2..3ac998ef6 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240 h1:aDLn7Zb32UPRxr2zuffZstdwVkVnA/nlV9Tkon2+O7g= -github.com/orz25/jfrog-cli-security v0.0.0-20240615154730-28f8c33dd240/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a h1:rJU9CI+YC+aqHIqCjaKFj8RIjLza+jCStbSnn9lAx3I= +github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 4e08841af..3d9aaf141 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -144,12 +144,12 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). - SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()). - SetThreads(1) + SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) - auditResults, err = audit.RunAudit(auditParams) + auditParallelRunner := xrayutils.CreateSecurityParallelRunner(1) + auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) if auditResults != nil { err = errors.Join(err, auditResults.ScansErr) } From 12d9c74f867506ad01bd7853d5fda9b716dda185 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 10:42:36 +0300 Subject: [PATCH 16/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 4 +--- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e6bf02279..12beb53fc 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 3ac998ef6..a1ed87382 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a h1:rJU9CI+YC+aqHIqCjaKFj8RIjLza+jCStbSnn9lAx3I= -github.com/orz25/jfrog-cli-security v0.0.0-20240616064436-212d4fb4f35a/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980 h1:bPghhLr+R9HZpAcgmUjbq8ty4vVnWP6vle2XYDNT5Mw= +github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 3d9aaf141..8d1a1b1f2 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -145,11 +145,9 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) - auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) - auditParallelRunner := xrayutils.CreateSecurityParallelRunner(1) - auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) + auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { err = errors.Join(err, auditResults.ScansErr) } From b19017b7dce2d7d435b09489b9614a28427e15a6 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 12:05:31 +0300 Subject: [PATCH 17/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 12beb53fc..f8593af97 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index a1ed87382..7f82d67aa 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980 h1:bPghhLr+R9HZpAcgmUjbq8ty4vVnWP6vle2XYDNT5Mw= -github.com/orz25/jfrog-cli-security v0.0.0-20240616073912-5752db71e980/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4 h1:c+Wvg4CDgxzltjPdFssEgjJ8ajeneg1saaItMfbRDdE= +github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From a3606ba619bd95c68496fb7a4ca4e631f01c44a7 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 13:48:12 +0300 Subject: [PATCH 18/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f8593af97..4f7779cfa 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 7f82d67aa..acede09a5 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4 h1:c+Wvg4CDgxzltjPdFssEgjJ8ajeneg1saaItMfbRDdE= -github.com/orz25/jfrog-cli-security v0.0.0-20240616090312-cfaa371ea7d4/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b h1:VU80L81XQNAi66aKw1tA7mIroZB8dNrslQRp/K+5JDA= +github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From bf3ddab9b76ba1837d58c5fc2eae653d239286f4 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 13:59:31 +0300 Subject: [PATCH 19/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4f7779cfa..a101fb5f0 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index acede09a5..5154dbb78 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b h1:VU80L81XQNAi66aKw1tA7mIroZB8dNrslQRp/K+5JDA= -github.com/orz25/jfrog-cli-security v0.0.0-20240616104549-cd11c22a734b/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662 h1:DwmZE9hwpHF8Ga4exCWF/hW9b1VoLPhmC19q2SG3Qi4= +github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From 29bd674b3369597ff778a67f8fccbfcf46f85c53 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 14:33:44 +0300 Subject: [PATCH 20/29] create parallel runner before RunInstallAndAudit --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 6 +++++- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index a101fb5f0..e071051fc 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 5154dbb78..98b8af248 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662 h1:DwmZE9hwpHF8Ga4exCWF/hW9b1VoLPhmC19q2SG3Qi4= -github.com/orz25/jfrog-cli-security v0.0.0-20240616105654-c1f79a87d662/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90 h1:OyPX53kMXGAYvp+sZDPBWRQh4iK9TTVm/siNZRKYfh8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 8d1a1b1f2..4bc381e2e 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -147,9 +147,13 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) - auditResults, err = audit.RunAudit(auditParams) + auditParallelRunner := xrayutils.CreateSecurityParallelRunner(1) + auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) + if auditResults != nil { + auditParallelRunner.ResultsMu.Lock() err = errors.Join(err, auditResults.ScansErr) + auditParallelRunner.ResultsMu.Unlock() } return } From e14f21f0d1979e6e44bf4c35ae4beb693a68909a Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 14:44:27 +0300 Subject: [PATCH 21/29] remove mutex in RunInstallAndAudit --- utils/scandetails.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/utils/scandetails.go b/utils/scandetails.go index 4bc381e2e..61d33588e 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -151,9 +151,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) if auditResults != nil { - auditParallelRunner.ResultsMu.Lock() err = errors.Join(err, auditResults.ScansErr) - auditParallelRunner.ResultsMu.Unlock() } return } From 295627bfdee5c44edaeb530580c251be631cc506 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 14:54:16 +0300 Subject: [PATCH 22/29] bring back mutex in RunInstallAndAudit --- utils/scandetails.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/scandetails.go b/utils/scandetails.go index 61d33588e..4bc381e2e 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -151,7 +151,9 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) if auditResults != nil { + auditParallelRunner.ResultsMu.Lock() err = errors.Join(err, auditResults.ScansErr) + auditParallelRunner.ResultsMu.Unlock() } return } From 9bc11e9d6b1ce5437421d1353199645775b34699 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 15:10:08 +0300 Subject: [PATCH 23/29] remove mutex in RunInstallAndAudit --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index e071051fc..03c5a26bd 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 98b8af248..437dafdaf 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90 h1:OyPX53kMXGAYvp+sZDPBWRQh4iK9TTVm/siNZRKYfh8= -github.com/orz25/jfrog-cli-security v0.0.0-20240616113002-196c6fa26d90/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280 h1:RvwjBS1q5p5haKOKmL6jlVOq3OVSfz+hYjWpJsy4P1I= +github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 4bc381e2e..61d33588e 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -151,9 +151,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) if auditResults != nil { - auditParallelRunner.ResultsMu.Lock() err = errors.Join(err, auditResults.ScansErr) - auditParallelRunner.ResultsMu.Unlock() } return } From 8a4af0b8ae72f0e661beccc5bb5afe232c47565f Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 15:34:17 +0300 Subject: [PATCH 24/29] remove mutex in RunInstallAndAudit --- go.mod | 2 +- go.sum | 4 ++-- utils/scandetails.go | 3 +-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 03c5a26bd..ddd51bc19 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 437dafdaf..b3f4cdaa1 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280 h1:RvwjBS1q5p5haKOKmL6jlVOq3OVSfz+hYjWpJsy4P1I= -github.com/orz25/jfrog-cli-security v0.0.0-20240616120645-423a4a418280/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464 h1:qNbjcxoFljL98okBiDBxr6LULgVSnxF14TR841msbC8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/utils/scandetails.go b/utils/scandetails.go index 61d33588e..d2c3bec0a 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -147,8 +147,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()) auditParams.SetExclusions(sc.PathExclusions).SetIsRecursiveScan(sc.IsRecursiveScan) - auditParallelRunner := xrayutils.CreateSecurityParallelRunner(1) - auditResults, err = audit.RunAudit(auditParams, auditParallelRunner) + auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { err = errors.Join(err, auditResults.ScansErr) From 88c39b2a2c29655d947e49170576614b5321a61d Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 15:51:20 +0300 Subject: [PATCH 25/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ddd51bc19..79c23e871 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index b3f4cdaa1..17c2df1d4 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464 h1:qNbjcxoFljL98okBiDBxr6LULgVSnxF14TR841msbC8= -github.com/orz25/jfrog-cli-security v0.0.0-20240616123155-1de40e7e1464/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780 h1:iUKWLj4M/4lEeA6zTwPiou1B4MuaJTEd+Nxk2VsOpfI= +github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From 04410dbc2f383efd2de040b1a3a16806aef2f56e Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 16:30:56 +0300 Subject: [PATCH 26/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 79c23e871..f7c43c7e3 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 17c2df1d4..5d843575b 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780 h1:iUKWLj4M/4lEeA6zTwPiou1B4MuaJTEd+Nxk2VsOpfI= -github.com/orz25/jfrog-cli-security v0.0.0-20240616124857-699fc36e7780/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938 h1:qp2eGz6ZLrsCaBtEIEMreT4ONJgryhrqg+M4+3mjt6U= +github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= From f5c3d702d1ecac2b388d78fca2dc38827339a23d Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 16:44:17 +0300 Subject: [PATCH 27/29] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- testdata/resources/bitbucket_server_run.sh | 19 ------------------- 3 files changed, 3 insertions(+), 22 deletions(-) delete mode 100755 testdata/resources/bitbucket_server_run.sh diff --git a/go.mod b/go.mod index f7c43c7e3..fe1a84317 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938 +replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index 5d843575b..d646d6894 100644 --- a/go.sum +++ b/go.sum @@ -975,8 +975,8 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938 h1:qp2eGz6ZLrsCaBtEIEMreT4ONJgryhrqg+M4+3mjt6U= -github.com/orz25/jfrog-cli-security v0.0.0-20240616132811-cad75b190938/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= +github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb h1:3ozchQPB1uKGni1EGibLqw7PMHbKF0GprbbOlwBtaUs= +github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= diff --git a/testdata/resources/bitbucket_server_run.sh b/testdata/resources/bitbucket_server_run.sh deleted file mode 100755 index 18f2ebb49..000000000 --- a/testdata/resources/bitbucket_server_run.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -export BITBUCKET_VERSION=8.16.1 -export BITBUCKET_HOME=${PWD}/bitbucketHome - -# Download Bitbucket Server -curl -fLg https://www.atlassian.com/software/stash/downloads/binary/atlassian-bitbucket-$BITBUCKET_VERSION.tar.gz -O - -# Extract Bitbucket Server -tar -xvzf atlassian-bitbucket-$BITBUCKET_VERSION.tar.gz - -# Change directory to Bitbucket Server installation -cd atlassian-bitbucket-$BITBUCKET_VERSION - -# Set Bitbucket home directory -./bin/set-bitbucket-home.sh - -# Start Bitbucket Server -./bin/start-bitbucket.sh --no-search \ No newline at end of file From 14213321f8759483b7bfb5d71dcf1c24e10bcabb Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Sun, 16 Jun 2024 16:52:20 +0300 Subject: [PATCH 28/29] bring back bitbucket_server_run.sh --- testdata/resources/bitbucket_server_run.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 testdata/resources/bitbucket_server_run.sh diff --git a/testdata/resources/bitbucket_server_run.sh b/testdata/resources/bitbucket_server_run.sh new file mode 100644 index 000000000..18f2ebb49 --- /dev/null +++ b/testdata/resources/bitbucket_server_run.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +export BITBUCKET_VERSION=8.16.1 +export BITBUCKET_HOME=${PWD}/bitbucketHome + +# Download Bitbucket Server +curl -fLg https://www.atlassian.com/software/stash/downloads/binary/atlassian-bitbucket-$BITBUCKET_VERSION.tar.gz -O + +# Extract Bitbucket Server +tar -xvzf atlassian-bitbucket-$BITBUCKET_VERSION.tar.gz + +# Change directory to Bitbucket Server installation +cd atlassian-bitbucket-$BITBUCKET_VERSION + +# Set Bitbucket home directory +./bin/set-bitbucket-home.sh + +# Start Bitbucket Server +./bin/start-bitbucket.sh --no-search \ No newline at end of file From 16aaf15e11358e956d42980de1ac0053269525f0 Mon Sep 17 00:00:00 2001 From: Or Zinger Date: Tue, 18 Jun 2024 16:19:10 +0300 Subject: [PATCH 29/29] update go.mod to cli-security dev --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fe1a84317..14466e905 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb +replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index d646d6894..a85b5920c 100644 --- a/go.sum +++ b/go.sum @@ -900,6 +900,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.53.1 h1:odwPJlrUVw7yKIYctVIn7/8YW/Ynwq4vvsmrXOzAAa8= github.com/jfrog/jfrog-cli-core/v2 v2.53.1/go.mod h1:4iTSevmlThM1Aw5NAY4WyVxim5US4SkrmxHSHFimaqk= +github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e h1:F1Yx/K4cDzsWOnbK5YoYYIRh5lwP0iZ8vxa7UPslqxw= +github.com/jfrog/jfrog-cli-security v1.3.1-0.20240618131618-bb2f45c8b90e/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/jfrog/jfrog-client-go v1.41.0 h1:g5OTFvreOVQ6U/5LUXFJfA3Bc+AZCo2PO/EzCLxLbLE= github.com/jfrog/jfrog-client-go v1.41.0/go.mod h1:AN+/mT2DIBE4oRZicJojqND2BEKLfA7f73i5rT3Lfcc= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= @@ -975,8 +977,6 @@ github.com/nwaples/rardecode v1.1.3 h1:cWCaZwfM5H7nAD6PyEdcVnczzV8i/JtotnyW/dD9l github.com/nwaples/rardecode v1.1.3/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0= github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb h1:3ozchQPB1uKGni1EGibLqw7PMHbKF0GprbbOlwBtaUs= -github.com/orz25/jfrog-cli-security v0.0.0-20240616134105-dbc7a8221efb/go.mod h1:8Jmr6CBQIgB6zbyxuZLg/66x7M+7WWDkXBGCQPkw+j8= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=