diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 10c6172fb..60cc1d31a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,11 +18,11 @@ jobs:
run: |
sudo chmod +x ./internal/commands/.scripts/up.sh
./internal/commands/.scripts/up.sh
- - name: Check if total coverage is greater then 80
+ - name: Check if total coverage is greater then 79.9
shell: bash
run: |
CODE_COV=$(go tool cover -func cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}')
- EXPECTED_CODE_COV=80
+ EXPECTED_CODE_COV=79.9
var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }')
if [ "$var" -eq 1 ];then
echo "Your code coverage is too low. Coverage precentage is: $CODE_COV"
@@ -91,11 +91,11 @@ jobs:
name: ${{ runner.os }}-coverage-latest
path: coverage.html
- - name: Check if total coverage is greater then 80
+ - name: Check if total coverage is greater then 79.9
shell: bash
run: |
CODE_COV=$(go tool cover -func cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}')
- EXPECTED_CODE_COV=80
+ EXPECTED_CODE_COV=79.9
var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }')
if [ "$var" -eq 1 ];then
echo "Your code coverage is too low. Coverage precentage is: $CODE_COV"
@@ -153,15 +153,22 @@ jobs:
run: go build -o ./cx ./cmd
- name: Build Docker image
run: docker build -t ast-cli:${{ github.sha }} .
-
- - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 #0.20.0
+ - name: Run Trivy scanner without downloading DBs
+ uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 #v0.28.0
with:
- image-ref: 'ast-cli:${{ github.sha }}'
+ scan-type: 'image'
+ image-ref: ast-cli:${{ github.sha }}
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
+ output: './trivy-image-results.txt'
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
-
-
+ env:
+ TRIVY_SKIP_DB_UPDATE: true
+ TRIVY_SKIP_JAVA_DB_UPDATE: true
+
+ - name: Inspect action report
+ if: always()
+ shell: bash
+ run: cat ./trivy-image-results.txt
\ No newline at end of file
diff --git a/.github/workflows/manual-integration-test.yml b/.github/workflows/manual-integration-test.yml
index ed918497d..81219f263 100644
--- a/.github/workflows/manual-integration-test.yml
+++ b/.github/workflows/manual-integration-test.yml
@@ -91,7 +91,7 @@ jobs:
shell: bash
run: |
CODE_COV=$(go tool cover -func cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}')
- EXPECTED_CODE_COV=80
+ EXPECTED_CODE_COV=79.9
var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }')
if [ "$var" -eq 1 ];then
echo "Your code coverage is too low. Coverage precentage is: $CODE_COV"
diff --git a/.github/workflows/one-scan.yml b/.github/workflows/one-scan.yml
index aaefa089a..9a48e5d22 100644
--- a/.github/workflows/one-scan.yml
+++ b/.github/workflows/one-scan.yml
@@ -1,23 +1,25 @@
name: Checkmarx One Scan
-
on:
workflow_dispatch:
pull_request:
push:
branches:
- main
+ schedule:
+ - cron: '00 7 * * *' # Every day at 07:00
jobs:
cx-scan:
+ name: Checkmarx One Scan
runs-on: ubuntu-latest
steps:
- name: Checkout
- uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 #v3.0.0
+ uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Checkmarx One CLI Action
- uses: checkmarx/ast-github-action@6c56658230f79c227a55120e9b24845d574d5225 # main
+ uses: checkmarx/ast-github-action@f0869bd1a37fddc06499a096101e6c900e815d81 # v.2.0.36
with:
base_uri: ${{ secrets.AST_RND_SCANS_BASE_URI }}
cx_tenant: ${{ secrets.AST_RND_SCANS_TENANT }}
cx_client_id: ${{ secrets.AST_RND_SCANS_CLIENT_ID }}
cx_client_secret: ${{ secrets.AST_RND_SCANS_CLIENT_SECRET }}
- additional_params: --tags phoenix --threshold "sast-high=1;sast-medium=1;sast-low=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1;sca-high=1;sca-medium=1;sca-low=1"
+ additional_params: --tags phoenix --threshold "sca-critical=1;sca-high=1;sca-medium=1;sca-low=1;sast-critical=1;sast-high=1;sast-medium=1;sast-low=1;iac-security-critical=1;iac-security-high=1;iac-security-medium=1;iac-security-low=1"
\ No newline at end of file
diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml
new file mode 100644
index 000000000..01aa69cae
--- /dev/null
+++ b/.github/workflows/pr-linter.yml
@@ -0,0 +1,31 @@
+name: PR Linter
+
+on:
+ pull_request:
+ types: [opened, edited]
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check PR Title and Branch
+ run: |
+ PR_TITLE="${{ github.event.pull_request.title }}"
+ PR_BRANCH="${{ github.head_ref }}"
+
+ if ! [[ "$PR_TITLE" =~ ^[A-Z][a-zA-Z0-9]* ]]; then
+ echo "::error::PR title must be in CamelCase. Please update the title."
+ exit 1
+ fi
+
+ if ! [[ "$PR_TITLE" =~ \(AST-[0-9]+\)$ ]]; then
+ echo "::error::PR title must contain a Jira ticket ID at the end in the format '(AST-XXXX)'."
+ exit 1
+ fi
+
+ if ! [[ "$PR_BRANCH" =~ ^(bug|feature|other)/ ]]; then
+ echo "::error::Branch name must start with 'bug/' or 'feature/' or 'other/'."
+ exit 1
+ fi
+
+ shell: bash
\ No newline at end of file
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e8dc914c0..204dea219 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -35,6 +35,9 @@ jobs:
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+ COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+ COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+ COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
steps:
- name: Checkout
uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 #v4.0.0
@@ -64,7 +67,7 @@ jobs:
brew install Bearer/tap/gon
- name: Setup Docker on macOS
if: inputs.dev == false
- uses: douglascamata/setup-docker-macos-action@0f8f0e9f1033ccfb6676fe219e91781393f8ed4b #v1-alpha
+ uses: douglascamata/setup-docker-macos-action@8d5fa43892aed7eee4effcdea113fd53e4d4bf83 #v1-alpha
- name: Test docker
if: inputs.dev == false
run: |
@@ -76,6 +79,17 @@ jobs:
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
+
+ - name: Install Cosign
+ if: inputs.dev == false
+ run: |
+ brew install sigstore/tap/cosign
+
+ - name: Add and Commit qemu.rb
+ if: inputs.dev == false
+ run: |
+ git add qemu.rb
+ git commit -m "Add qemu.rb"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
with:
@@ -114,6 +128,18 @@ jobs:
SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
+ - name: Sign Docker Image with Cosign
+ if: inputs.dev == false
+ run: |
+ cosign sign --yes --key env://COSIGN_PRIVATE_KEY checkmarx/ast-cli:${{ inputs.tag }}
+
+ - name: Verify Docker image signature
+ if: inputs.dev == false
+ run: |
+ echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+ cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
+ env:
+ COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
notify:
runs-on: ubuntu-latest
diff --git a/.github/workflows/trivy-cache.yml b/.github/workflows/trivy-cache.yml
new file mode 100644
index 000000000..e1acf556f
--- /dev/null
+++ b/.github/workflows/trivy-cache.yml
@@ -0,0 +1,39 @@
+# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
+# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
+name: Update Trivy Cache
+
+on:
+ schedule:
+ - cron: '0 0 * * *' # Run daily at midnight UTC
+ workflow_dispatch: # Allow manual triggering
+
+jobs:
+ update-trivy-db:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Setup oras
+ uses: oras-project/setup-oras@9c92598691bfef1424de2f8fae81941568f5889c #v1.2.1
+
+ - name: Get current date
+ id: date
+ run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+ - name: Download and extract the vulnerability DB
+ run: |
+ mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+ oras pull ghcr.io/aquasecurity/trivy-db:2
+ tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+ rm db.tar.gz
+
+ #- name: Download and extract the Java DB
+ # run: |
+ # mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+ # oras pull ghcr.io/aquasecurity/trivy-java-db:1
+ # tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+ # rm javadb.tar.gz
+
+ - name: Cache DBs
+ uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a #v4.1.2
+ with:
+ path: ${{ github.workspace }}/.cache/trivy
+ key: cache-trivy-${{ steps.date.outputs.date }}
\ No newline at end of file
diff --git a/.goreleaser.yml b/.goreleaser.yml
index 95ca1e5f8..c721b0245 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -40,7 +40,7 @@ builds:
- SIGNING_REMOTE_SSH_HOST={{ .Env.SIGNING_REMOTE_SSH_HOST }}
- SIGNING_HSM_CREDS={{ .Env.SIGNING_HSM_CREDS }}
- SIGNING_REMOTE_SSH_PRIVATE_KEY={{ .Env.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
-
+
- main: ./cmd/main.go
env:
- CGO_ENABLED=0
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 000000000..ad673fdbd
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,5 @@
+# Codeowners file
+# Each line is a file pattern followed by one or more owners
+
+# Specify the default owners for the entire repository
+* @OrShamirCM @AlvoBen
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 7ca51422e..47c1ef014 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,4 @@
-FROM cgr.dev/chainguard/bash@sha256:6f0c9e28cbbe206781cb6b0ace299d1d4edbb2450bfadffb8b2e125596d0f6b0
-
+FROM cgr.dev/chainguard/bash@sha256:f8e48690d991e6814c81f063833176439e8f0d4bc1c5f0a47f94858dea3e4f44
USER nonroot
COPY cx /app/bin/cx
diff --git a/README.md b/README.md
index f27bb2e3f..eadf8e77f 100644
--- a/README.md
+++ b/README.md
@@ -13,8 +13,7 @@
-
-
+
diff --git a/go.mod b/go.mod
index e8811356e..7e2afcca5 100644
--- a/go.mod
+++ b/go.mod
@@ -1,10 +1,10 @@
module github.com/checkmarx/ast-cli
-go 1.22.5
+go 1.22.7
require (
github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
- github.com/CheckmarxDev/containers-resolver v1.0.10
+ github.com/CheckmarxDev/containers-resolver v1.0.13
github.com/MakeNowJust/heredoc v1.0.0
github.com/checkmarxDev/gpt-wrapper v0.0.0-20230721160222-85da2fd1cc4c
github.com/golang-jwt/jwt v3.2.2+incompatible
@@ -19,11 +19,12 @@ require (
github.com/spf13/viper v1.18.2
github.com/stretchr/testify v1.9.0
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
+ github.com/xeipuuv/gojsonschema v1.2.0
golang.org/x/crypto v0.26.0
golang.org/x/sync v0.8.0
golang.org/x/text v0.17.0
- google.golang.org/grpc v1.63.2
- google.golang.org/protobuf v1.33.0
+ google.golang.org/grpc v1.65.0
+ google.golang.org/protobuf v1.34.2
gotest.tools v2.2.0+incompatible
)
@@ -41,7 +42,7 @@ require (
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Masterminds/squirrel v1.5.4 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
- github.com/Microsoft/hcsshim v0.12.3 // indirect
+ github.com/Microsoft/hcsshim v0.12.6 // indirect
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/acobaugh/osrelease v0.1.0 // indirect
github.com/adrg/xdg v0.5.0 // indirect
@@ -53,8 +54,8 @@ require (
github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b // indirect
github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f // indirect
- github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f // indirect
- github.com/anchore/syft v1.11.1 // indirect
+ github.com/anchore/stereoscope v0.0.3 // indirect
+ github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe // indirect
github.com/andybalholm/brotli v1.1.0 // indirect
github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
@@ -65,17 +66,19 @@ require (
github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
- github.com/charmbracelet/lipgloss v0.12.1 // indirect
+ github.com/charmbracelet/lipgloss v0.13.0 // indirect
github.com/charmbracelet/x/ansi v0.1.4 // indirect
github.com/cloudflare/circl v1.3.8 // indirect
- github.com/containerd/cgroups/v3 v3.0.2 // indirect
- github.com/containerd/containerd v1.7.15 // indirect
+ github.com/containerd/cgroups/v3 v3.0.3 // indirect
+ github.com/containerd/containerd v1.7.21 // indirect
+ github.com/containerd/containerd/api v1.7.19 // indirect
github.com/containerd/continuity v0.4.2 // indirect
github.com/containerd/errdefs v0.1.0 // indirect
github.com/containerd/fifo v1.1.0 // indirect
github.com/containerd/log v0.1.0 // indirect
+ github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
- github.com/containerd/ttrpc v1.2.3 // indirect
+ github.com/containerd/ttrpc v1.2.5 // indirect
github.com/containerd/typeurl/v2 v2.1.1 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
@@ -109,7 +112,7 @@ require (
github.com/go-git/go-billy/v5 v5.5.0 // indirect
github.com/go-git/go-git/v5 v5.12.0 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect
- github.com/go-logr/logr v1.4.1 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
@@ -157,7 +160,7 @@ require (
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
- github.com/mattn/go-runewidth v0.0.15 // indirect
+ github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
github.com/mholt/archiver/v3 v3.5.1 // indirect
github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 // indirect
@@ -174,7 +177,8 @@ require (
github.com/moby/sys/mountinfo v0.7.2 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/sys/signal v0.7.0 // indirect
- github.com/moby/sys/user v0.1.0 // indirect
+ github.com/moby/sys/user v0.3.0 // indirect
+ github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -186,7 +190,7 @@ require (
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
- github.com/opencontainers/runtime-spec v1.1.0 // indirect
+ github.com/opencontainers/runtime-spec v1.2.0 // indirect
github.com/opencontainers/selinux v1.11.0 // indirect
github.com/pborman/indent v1.2.1 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
@@ -196,7 +200,7 @@ require (
github.com/pjbgf/sha1cd v0.3.0 // indirect
github.com/pkg/profile v1.7.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
- github.com/prometheus/client_golang v1.19.0 // indirect
+ github.com/prometheus/client_golang v1.19.1 // indirect
github.com/prometheus/client_model v0.6.1 // indirect
github.com/prometheus/common v0.53.0 // indirect
github.com/prometheus/procfs v0.14.0 // indirect
@@ -232,44 +236,42 @@ require (
github.com/xanzy/ssh-agent v0.3.3 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
- github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
go.opencensus.io v0.24.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 // indirect
- go.opentelemetry.io/otel v1.25.0 // indirect
- go.opentelemetry.io/otel/metric v1.25.0 // indirect
- go.opentelemetry.io/otel/trace v1.25.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
+ go.opentelemetry.io/otel v1.28.0 // indirect
+ go.opentelemetry.io/otel/metric v1.28.0 // indirect
+ go.opentelemetry.io/otel/trace v1.28.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
golang.org/x/mod v0.20.0 // indirect
golang.org/x/net v0.28.0 // indirect
- golang.org/x/oauth2 v0.18.0 // indirect
+ golang.org/x/oauth2 v0.20.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/term v0.23.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
- google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- helm.sh/helm/v3 v3.15.3 // indirect
- k8s.io/api v0.30.0 // indirect
- k8s.io/apiextensions-apiserver v0.30.0 // indirect
- k8s.io/apimachinery v0.30.0 // indirect
- k8s.io/apiserver v0.30.0 // indirect
- k8s.io/cli-runtime v0.30.0 // indirect
- k8s.io/client-go v0.30.0 // indirect
- k8s.io/component-base v0.30.0 // indirect
+ helm.sh/helm/v3 v3.15.4 // indirect
+ k8s.io/api v0.30.3 // indirect
+ k8s.io/apiextensions-apiserver v0.30.3 // indirect
+ k8s.io/apimachinery v0.30.3 // indirect
+ k8s.io/apiserver v0.30.3 // indirect
+ k8s.io/cli-runtime v0.30.3 // indirect
+ k8s.io/client-go v0.30.3 // indirect
+ k8s.io/component-base v0.30.3 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
- k8s.io/kubectl v0.30.0 // indirect
+ k8s.io/kubectl v0.30.3 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
oras.land/oras-go v1.2.5 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
diff --git a/go.sum b/go.sum
index 28d7cb403..5e024f0a4 100644
--- a/go.sum
+++ b/go.sum
@@ -62,8 +62,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=
github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo=
-github.com/CheckmarxDev/containers-resolver v1.0.10 h1:Co9tKzvcQYtmAP/iendcBcUHIZRwiCEQhSXigTXQ4xM=
-github.com/CheckmarxDev/containers-resolver v1.0.10/go.mod h1:i9ZTKip7/EuzXxlW1FdGzAdWooAy0fwzkuwFBJnvcE4=
+github.com/CheckmarxDev/containers-resolver v1.0.13 h1:lppKa2kD1NbXuiX+Mq+gkw61lYmQWA8fJQPbnXdIj3Y=
+github.com/CheckmarxDev/containers-resolver v1.0.13/go.mod h1:y9gAEbaf0/MdHgABpX4ZCnEZ2Skh02LlNNjuGBjHuOo=
github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8=
github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw=
github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
@@ -87,8 +87,8 @@ github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA4
github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0=
-github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
+github.com/Microsoft/hcsshim v0.12.6 h1:qEnZjoHXv+4/s0LmKZWE0/AiZmMWEIkFfWBSf1a0wlU=
+github.com/Microsoft/hcsshim v0.12.6/go.mod h1:ZABCLVcvLMjIkzr9rUGcQ1QA0p0P3Ps+d3N1g2DsFfk=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
@@ -120,10 +120,10 @@ github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b h1:e1bmaoJfZV
github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b/go.mod h1:Bkc+JYWjMCF8OyZ340IMSIi2Ebf3uwByOk6ho4wne1E=
github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f h1:B/E9ixKNCasntpoch61NDaQyGPDXLEJlL+B9B/PbdbA=
github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4=
-github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f h1:xuBvotcht1Ns8IdaC4UuYV1U8MFln9c5ELeo5bzDEO8=
-github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f/go.mod h1:DcQdMes8SwpFli3rDH0v+Vd9qU9Jariq7JSHNJV5X/A=
-github.com/anchore/syft v1.11.1 h1:uJVmZ1WuhMw2cutCsBj0aUgUZxaNlbBNimZEISFttWY=
-github.com/anchore/syft v1.11.1/go.mod h1:iwb+87tx6Fg2+1bzKEzgNcaBS6zjFSx59uraw24xtIY=
+github.com/anchore/stereoscope v0.0.3 h1:JRPHySy8S6P+Ff3IDiQ29ap1i8/laUQxDk9K1eFh/2U=
+github.com/anchore/stereoscope v0.0.3/go.mod h1:5DJheGPjVRsSqegTB24Zi6SCHnYQnA519yeIG+RG+I4=
+github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe h1:4/o5kM/zT0ERokHfe86XvqNWUXEsqKU3qQAwzC3WHlI=
+github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe/go.mod h1:Hk5BT8JX7SRvWuf/vWnDeK56GKojX+ngHxIUovRw3Xc=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y=
github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
@@ -179,12 +179,12 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=
github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
-github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0=
-github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw=
+github.com/charmbracelet/bubbles v0.19.0 h1:gKZkKXPP6GlDk6EcfujDK19PCQqRjaJZQ7QRERx1UF0=
+github.com/charmbracelet/bubbles v0.19.0/go.mod h1:WILteEqZ+krG5c3ntGEMeG99nCupcuIk7V0/zOP0tOA=
github.com/charmbracelet/bubbletea v0.27.0 h1:Mznj+vvYuYagD9Pn2mY7fuelGvP0HAXtZYGgRBCbHvU=
github.com/charmbracelet/bubbletea v0.27.0/go.mod h1:5MdP9XH6MbQkgGhnlxUqCNmBXf9I74KRQ8HIidRxV1Y=
-github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/NR7A0zQcs=
-github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8=
+github.com/charmbracelet/lipgloss v0.13.0 h1:4X3PPeoWEDCMvzDvGmTajSyYPcZM4+y8sCA/SsA3cjw=
+github.com/charmbracelet/lipgloss v0.13.0/go.mod h1:nw4zy0SBX/F/eAO1cWdcvy6qnkDUxr8Lw7dvFrAIbbY=
github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM=
github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw=
github.com/charmbracelet/x/input v0.1.0 h1:TEsGSfZYQyOtp+STIjyBq6tpRaorH0qpwZUj8DavAhQ=
@@ -214,10 +214,12 @@ github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
-github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
-github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes=
-github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY=
+github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
+github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
+github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA=
+github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g=
+github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA=
+github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig=
github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
@@ -226,10 +228,12 @@ github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY
github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
+github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
-github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0=
-github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM=
+github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
+github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -354,8 +358,8 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
@@ -653,8 +657,8 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D
github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75 h1:P8UmIzZMYDR+NGImiFvErt6VWfIRPuGM+vyjiEdkmIw=
github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI=
github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
@@ -701,8 +705,10 @@ github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5
github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo=
github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=
github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg=
-github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=
-github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU=
+github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo=
+github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
+github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
+github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -722,8 +728,6 @@ github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo=
github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA=
github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
-github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s=
-github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8=
github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo=
github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -746,8 +750,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -786,8 +790,8 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
-github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=
-github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -827,8 +831,8 @@ github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6ke
github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/sahilm/fuzzy v0.1.1-0.20230530133925-c48e322e2a8f h1:MvTmaQdww/z0Q4wrYjDSCcZ78NoftLQyHBSLW/Cx79Y=
-github.com/sahilm/fuzzy v0.1.1-0.20230530133925-c48e322e2a8f/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
+github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
+github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d h1:hrujxIzL1woJ7AwssoOcM/tq5JjjG2yYOc8odClEiXA=
github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
github.com/sanity-io/litter v1.5.5 h1:iE+sBxPBzoK6uaEP5Lt3fHNgpKcHXc/A2HGETy0uJQo=
@@ -968,20 +972,20 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 h1:cEPbyTSEHlQR89XVlyo78gqluF8Y3oMeBkXGWzQsfXY=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0/go.mod h1:DKdbWcT4GH1D0Y3Sqt/PFXt2naRKDWtU+eE6oLdFNA8=
-go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k=
-go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0 h1:dT33yIHtmsqpixFsSQPwNeY5drM9wTcoL8h0FWF4oGM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0/go.mod h1:h95q0LBGh7hlAC08X2DhSeyIG02YQ0UyioTCVAqRPmc=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
-go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA=
-go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s=
-go.opentelemetry.io/otel/sdk v1.25.0 h1:PDryEJPC8YJZQSyLY5eqLeafHtG+X7FWnf3aXMtxbqo=
-go.opentelemetry.io/otel/sdk v1.25.0/go.mod h1:oFgzCM2zdsxKzz6zwpTZYLLQsFwc+K0daArPdIhuxkw=
-go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM=
-go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
+go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94=
go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A=
@@ -1118,8 +1122,8 @@ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI=
-golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8=
+golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=
+golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1232,7 +1236,6 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
@@ -1346,8 +1349,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1413,10 +1414,10 @@ google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ6
google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU=
-google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1444,8 +1445,8 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD
google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
-google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=
-google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA=
+google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
+google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1460,8 +1461,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
-google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1493,8 +1494,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc=
-helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ=
+helm.sh/helm/v3 v3.15.4 h1:UFHd6oZ1IN3FsUZ7XNhOQDyQ2QYknBNWRHH57e9cbHY=
+helm.sh/helm/v3 v3.15.4/go.mod h1:phOwlxqGSgppCY/ysWBNRhG3MtnpsttOzxaTK+Mt40E=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1502,26 +1503,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
-k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
-k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=
-k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y=
-k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
-k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M=
-k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY=
-k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48=
-k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg=
-k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
-k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
-k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o=
-k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ=
+k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ=
+k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04=
+k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U=
+k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4=
+k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc=
+k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g=
+k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg=
+k8s.io/cli-runtime v0.30.3 h1:aG69oRzJuP2Q4o8dm+f5WJIX4ZBEwrvdID0+MXyUY6k=
+k8s.io/cli-runtime v0.30.3/go.mod h1:hwrrRdd9P84CXSKzhHxrOivAR9BRnkMt0OeP5mj7X30=
+k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k=
+k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U=
+k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s=
+k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA=
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk=
-k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI=
+k8s.io/kubectl v0.30.3 h1:YIBBvMdTW0xcDpmrOBzcpUVsn+zOgjMYIu7kAq+yqiI=
+k8s.io/kubectl v0.30.3/go.mod h1:IcR0I9RN2+zzTRUa1BzZCm4oM0NLOawE6RzlDvd1Fpo=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI=
diff --git a/internal/commands/vorpal/vorpal-engine.go b/internal/commands/asca/asca-engine.go
similarity index 52%
rename from internal/commands/vorpal/vorpal-engine.go
rename to internal/commands/asca/asca-engine.go
index 01f317658..fc851378c 100644
--- a/internal/commands/vorpal/vorpal-engine.go
+++ b/internal/commands/asca/asca-engine.go
@@ -1,4 +1,4 @@
-package vorpal
+package asca
import (
"github.com/checkmarx/ast-cli/internal/commands/util/printer"
@@ -10,24 +10,24 @@ import (
"github.com/spf13/viper"
)
-func RunScanVorpalCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
+func RunScanASCACommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
return func(cmd *cobra.Command, args []string) error {
- vorpalLatestVersion, _ := cmd.Flags().GetBool(commonParams.VorpalLatestVersion)
+ ASCALatestVersion, _ := cmd.Flags().GetBool(commonParams.ASCALatestVersion)
fileSourceFlag, _ := cmd.Flags().GetString(commonParams.SourcesFlag)
agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
- var port = viper.GetInt(commonParams.VorpalPortKey)
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(port)
- vorpalParams := services.VorpalScanParams{
- FilePath: fileSourceFlag,
- VorpalUpdateVersion: vorpalLatestVersion,
- IsDefaultAgent: agent == commonParams.DefaultAgent,
+ var port = viper.GetInt(commonParams.ASCAPortKey)
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(port)
+ ASCAParams := services.AscaScanParams{
+ FilePath: fileSourceFlag,
+ ASCAUpdateVersion: ASCALatestVersion,
+ IsDefaultAgent: agent == commonParams.DefaultAgent,
}
- wrapperParams := services.VorpalWrappersParam{
+ wrapperParams := services.AscaWrappersParam{
JwtWrapper: jwtWrapper,
FeatureFlagsWrapper: featureFlagsWrapper,
- VorpalWrapper: vorpalWrapper,
+ ASCAWrapper: ASCAWrapper,
}
- scanResult, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams)
+ scanResult, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams)
if err != nil {
return err
}
diff --git a/internal/commands/vorpal/vorpal-engine_test.go b/internal/commands/asca/asca-engine_test.go
similarity index 55%
rename from internal/commands/vorpal/vorpal-engine_test.go
rename to internal/commands/asca/asca-engine_test.go
index 9349a9d8d..cbc09cf9e 100644
--- a/internal/commands/vorpal/vorpal-engine_test.go
+++ b/internal/commands/asca/asca-engine_test.go
@@ -1,4 +1,4 @@
-package vorpal
+package asca
import (
"reflect"
@@ -12,10 +12,10 @@ import (
"github.com/spf13/cobra"
)
-func Test_ExecuteVorpalScan(t *testing.T) {
+func Test_ExecuteAscaScan(t *testing.T) {
type args struct {
- fileSourceFlag string
- vorpalUpdateVersion bool
+ fileSourceFlag string
+ ASCAUpdateVersion bool
}
tests := []struct {
name string
@@ -27,8 +27,8 @@ func Test_ExecuteVorpalScan(t *testing.T) {
{
name: "Test with empty fileSource flag should not return error",
args: args{
- fileSourceFlag: "",
- vorpalUpdateVersion: true,
+ fileSourceFlag: "",
+ ASCAUpdateVersion: true,
},
want: &grpcs.ScanResult{
Message: services.FilePathNotProvided,
@@ -36,28 +36,28 @@ func Test_ExecuteVorpalScan(t *testing.T) {
wantErr: false,
},
{
- name: "Test with valid flags. vorpalUpdateVersion set to true",
+ name: "Test with valid flags. ASCAUpdateVersion set to true",
args: args{
- fileSourceFlag: "../data/python-vul-file.py",
- vorpalUpdateVersion: true,
+ fileSourceFlag: "../data/python-vul-file.py",
+ ASCAUpdateVersion: true,
},
want: mock.ReturnSuccessfulResponseMock(),
wantErr: false,
},
{
- name: "Test with valid flags. vorpalUpdateVersion set to false",
+ name: "Test with valid flags. ASCAUpdateVersion set to false",
args: args{
- fileSourceFlag: "../data/python-vul-file.py",
- vorpalUpdateVersion: false,
+ fileSourceFlag: "../data/python-vul-file.py",
+ ASCAUpdateVersion: false,
},
want: mock.ReturnSuccessfulResponseMock(),
wantErr: false,
},
{
- name: "Test with valid flags. vorpal scan failed",
+ name: "Test with valid flags. asca scan failed",
args: args{
- fileSourceFlag: "../data/csharp-no-vul.cs",
- vorpalUpdateVersion: false,
+ fileSourceFlag: "../data/csharp-no-vul.cs",
+ ASCAUpdateVersion: false,
},
want: mock.ReturnFailureResponseMock(),
wantErr: false,
@@ -66,32 +66,32 @@ func Test_ExecuteVorpalScan(t *testing.T) {
for _, tt := range tests {
ttt := tt
t.Run(ttt.name, func(t *testing.T) {
- vorpalParams := services.VorpalScanParams{
- FilePath: ttt.args.fileSourceFlag,
- VorpalUpdateVersion: ttt.args.vorpalUpdateVersion,
- IsDefaultAgent: true,
+ ASCAParams := services.AscaScanParams{
+ FilePath: ttt.args.fileSourceFlag,
+ ASCAUpdateVersion: ttt.args.ASCAUpdateVersion,
+ IsDefaultAgent: true,
}
- wrapperParams := services.VorpalWrappersParam{
+ wrapperParams := services.AscaWrappersParam{
JwtWrapper: &mock.JWTMockWrapper{},
FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: &mock.VorpalMockWrapper{},
+ ASCAWrapper: &mock.ASCAMockWrapper{},
}
- got, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams)
+ got, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams)
if (err != nil) != ttt.wantErr {
- t.Errorf("executeVorpalScan() error = %v, wantErr %v", err, ttt.wantErr)
+ t.Errorf("executeASCAScan() error = %v, wantErr %v", err, ttt.wantErr)
return
}
if ttt.wantErr && err.Error() != ttt.wantErrMsg {
- t.Errorf("executeVorpalScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
+ t.Errorf("executeASCAScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
}
if !reflect.DeepEqual(got, ttt.want) {
- t.Errorf("executeVorpalScan() got = %v, want %v", got, ttt.want)
+ t.Errorf("executeASCAScan() got = %v, want %v", got, ttt.want)
}
})
}
}
-func Test_runScanVorpalCommand(t *testing.T) {
+func Test_runScanASCACommand(t *testing.T) {
tests := []struct {
name string
sourceFlag string
@@ -108,14 +108,14 @@ func Test_runScanVorpalCommand(t *testing.T) {
want: nil,
},
{
- name: "Test with valid fileSource Flag and vorpalUpdateVersion flag set false ",
+ name: "Test with valid fileSource Flag and ASCAUpdateVersion flag set false ",
sourceFlag: "data/python-vul-file.py",
engineFlag: false,
want: nil,
wantErr: false,
},
{
- name: "Test with valid fileSource Flag and vorpalUpdateVersion flag set true ",
+ name: "Test with valid fileSource Flag and ASCAUpdateVersion flag set true ",
sourceFlag: "data/python-vul-file.py",
engineFlag: true,
want: nil,
@@ -127,16 +127,16 @@ func Test_runScanVorpalCommand(t *testing.T) {
t.Run(ttt.name, func(t *testing.T) {
cmd := &cobra.Command{}
cmd.Flags().String(commonParams.SourcesFlag, ttt.sourceFlag, "")
- cmd.Flags().Bool(commonParams.VorpalLatestVersion, ttt.engineFlag, "")
+ cmd.Flags().Bool(commonParams.ASCALatestVersion, ttt.engineFlag, "")
cmd.Flags().String(commonParams.FormatFlag, printer.FormatJSON, "")
- runFunc := RunScanVorpalCommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
+ runFunc := RunScanASCACommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
err := runFunc(cmd, []string{})
if (err != nil) != ttt.wantErr {
- t.Errorf("RunScanVorpalCommand() error = %v, wantErr %v", err, ttt.wantErr)
+ t.Errorf("RunScanASCACommand() error = %v, wantErr %v", err, ttt.wantErr)
return
}
if ttt.wantErr && err.Error() != ttt.wantErrMsg {
- t.Errorf("RunScanVorpalCommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
+ t.Errorf("RunScanASCACommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
}
})
}
diff --git a/internal/commands/asca/asca_test.go b/internal/commands/asca/asca_test.go
new file mode 100644
index 000000000..9fc1b2d24
--- /dev/null
+++ b/internal/commands/asca/asca_test.go
@@ -0,0 +1,51 @@
+package asca
+
+import (
+ "os"
+ "testing"
+
+ "gotest.tools/assert"
+
+ ascaconfig "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig"
+ "github.com/checkmarx/ast-cli/internal/services/osinstaller"
+)
+
+func TestInstallOrUpgrade_firstInstallation_Success(t *testing.T) {
+ err := firstInstallation()
+ assert.NilError(t, err, "Error on first installation of asca")
+ fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath())
+ assert.Assert(t, fileExists, "Executable file not found")
+ fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath())
+ assert.Assert(t, fileExists, "Hash file not found")
+}
+
+func firstInstallation() error {
+ os.RemoveAll(ascaconfig.Params.WorkingDir())
+ _, err := osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+ return err
+}
+
+func TestInstallOrUpgrade_installationIsUpToDate_Success(t *testing.T) {
+ err := firstInstallation()
+ assert.NilError(t, err, "Error on first installation of asca")
+ _, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+ assert.NilError(t, err, "Error when not need to upgrade")
+}
+
+func TestInstallOrUpgrade_installationIsNotUpToDate_Success(t *testing.T) {
+ err := firstInstallation()
+ assert.NilError(t, err, "Error on first installation of asca")
+ changeHashFile()
+ _, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+ assert.NilError(t, err, "Error when need to upgrade")
+ fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath())
+ assert.Assert(t, fileExists, "Executable file not found")
+ fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath())
+ assert.Assert(t, fileExists, "Hash file not found")
+}
+
+func changeHashFile() {
+ content, _ := os.ReadFile(ascaconfig.Params.HashFilePath())
+ content[0]++
+ _ = os.WriteFile(ascaconfig.Params.HashFilePath(), content, os.ModePerm)
+}
diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go b/internal/commands/asca/ascaconfig/asca-linux-amd.go
similarity index 95%
rename from internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go
rename to internal/commands/asca/ascaconfig/asca-linux-amd.go
index 7aec2cbc6..babfe4881 100644
--- a/internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go
+++ b/internal/commands/asca/ascaconfig/asca-linux-amd.go
@@ -1,6 +1,6 @@
//go:build linux && amd64
-package vorpalconfig
+package ascaconfig
import (
"github.com/checkmarx/ast-cli/internal/services/osinstaller"
diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go b/internal/commands/asca/ascaconfig/asca-linux-arm.go
similarity index 95%
rename from internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go
rename to internal/commands/asca/ascaconfig/asca-linux-arm.go
index 8d95c3f2a..5763acb15 100644
--- a/internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go
+++ b/internal/commands/asca/ascaconfig/asca-linux-arm.go
@@ -1,6 +1,6 @@
//go:build linux && (arm64 || arm)
-package vorpalconfig
+package ascaconfig
import (
"github.com/checkmarx/ast-cli/internal/services/osinstaller"
diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go b/internal/commands/asca/ascaconfig/asca-mac-amd.go
similarity index 95%
rename from internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go
rename to internal/commands/asca/ascaconfig/asca-mac-amd.go
index 5bdfd885c..5a05c2100 100644
--- a/internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go
+++ b/internal/commands/asca/ascaconfig/asca-mac-amd.go
@@ -1,6 +1,6 @@
//go:build darwin && amd64
-package vorpalconfig
+package ascaconfig
import (
"github.com/checkmarx/ast-cli/internal/services/osinstaller"
diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go b/internal/commands/asca/ascaconfig/asca-mac-arm.go
similarity index 95%
rename from internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go
rename to internal/commands/asca/ascaconfig/asca-mac-arm.go
index d6557f142..49bfa7625 100644
--- a/internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go
+++ b/internal/commands/asca/ascaconfig/asca-mac-arm.go
@@ -1,6 +1,6 @@
//go:build darwin && arm64
-package vorpalconfig
+package ascaconfig
import (
"github.com/checkmarx/ast-cli/internal/services/osinstaller"
diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-windows.go b/internal/commands/asca/ascaconfig/asca-windows.go
similarity index 95%
rename from internal/commands/vorpal/vorpalconfig/vorpal-windows.go
rename to internal/commands/asca/ascaconfig/asca-windows.go
index 1f8138afb..43893e60e 100644
--- a/internal/commands/vorpal/vorpalconfig/vorpal-windows.go
+++ b/internal/commands/asca/ascaconfig/asca-windows.go
@@ -1,6 +1,6 @@
//go:build windows
-package vorpalconfig
+package ascaconfig
import (
"github.com/checkmarx/ast-cli/internal/services/osinstaller"
diff --git a/internal/commands/cx_result_sonar.json b/internal/commands/cx_result_sonar.json
index ddcfe2bdd..05018bf56 100644
--- a/internal/commands/cx_result_sonar.json
+++ b/internal/commands/cx_result_sonar.json
@@ -1 +1 @@
-{"issues":[{"engineId":"sast","ruleId":"1","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-1","filePath":"dummy-file-name-1","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-1","filePath":"dummy-file-name-1","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"2","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"3","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":11,"startColumn":3,"endColumn":13}},{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":12,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"4","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-3","filePath":"dummy-file-name-3","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-3","filePath":"dummy-file-name-3","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"5","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-3","filePath":"dummy-file-name-4","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-3","filePath":"dummy-file-name-4","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"kics","type":"VULNERABILITY","primaryLocation":{"textRange":{"endColumn":1}},"secondaryLocations":null}]}
+{"issues":[{"engineId":"sast","ruleId":"1","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-1","filePath":"dummy-file-name-1","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-1","filePath":"dummy-file-name-1","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"2","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"3","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":11,"startColumn":3,"endColumn":13}},{"message":"mock-query-name-2","filePath":"dummy-file-name-2","textRange":{"startLine":12,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"4","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-3","filePath":"dummy-file-name-3","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-3","filePath":"dummy-file-name-3","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"sast","ruleId":"5","type":"VULNERABILITY","primaryLocation":{"message":"mock-query-name-3","filePath":"dummy-file-name-4","textRange":{"startLine":10,"startColumn":10,"endColumn":30}},"secondaryLocations":[{"message":"mock-query-name-3","filePath":"dummy-file-name-4","textRange":{"startLine":11,"startColumn":3,"endColumn":13}}]},{"engineId":"kics","type":"VULNERABILITY","primaryLocation":{"textRange":{"endColumn":1}},"secondaryLocations":null}]}
\ No newline at end of file
diff --git a/internal/commands/policymanagement/policy.go b/internal/commands/policymanagement/policy.go
index 9c9df3446..bc41bf053 100644
--- a/internal/commands/policymanagement/policy.go
+++ b/internal/commands/policymanagement/policy.go
@@ -104,7 +104,7 @@ func isPolicyEvaluated(
return false, nil, err
}
if errorModel != nil {
- log.Fatalf(fmt.Sprintf("%s: CODE: %d, %s", failedGetting, errorModel.Code, errorModel.Message))
+ return false, nil, fmt.Errorf("%s: CODE: %d, %s", failedGetting, errorModel.Code, errorModel.Message)
} else if policyResponseModel != nil {
if policyResponseModel.Status == evaluatingPolicy {
log.Println("Policy status: ", policyResponseModel.Status)
diff --git a/internal/commands/project.go b/internal/commands/project.go
index a78a3b284..413771981 100644
--- a/internal/commands/project.go
+++ b/internal/commands/project.go
@@ -433,6 +433,9 @@ func runGetProjectByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd
if errorModel != nil {
return errors.Errorf("%s: CODE: %d, %s", services.FailedGettingProj, errorModel.Code, errorModel.Message)
} else if projectResponseModel != nil {
+ resp := GetProjectByName(projectResponseModel.Name, projectsWrapper)
+
+ projectResponseModel.Groups = resp.Groups
err = printByFormat(cmd, toProjectView(*projectResponseModel))
if err != nil {
return err
@@ -442,6 +445,21 @@ func runGetProjectByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd
}
}
+func GetProjectByName(projectName string, projectsWrapper wrappers.ProjectsWrapper) wrappers.ProjectResponseModel {
+ resp, err := services.GetProjectsCollectionByProjectName(projectName, projectsWrapper)
+ if err != nil {
+ return wrappers.ProjectResponseModel{}
+ }
+
+ for i := range resp.Projects {
+ project := &resp.Projects[i]
+ if project.Name == projectName {
+ return *project
+ }
+ }
+ return wrappers.ProjectResponseModel{}
+}
+
func runGetBranchesByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd *cobra.Command, args []string) error {
return func(cmd *cobra.Command, args []string) error {
var branches []string
diff --git a/internal/commands/project_test.go b/internal/commands/project_test.go
index ac3f13382..37d2332e3 100644
--- a/internal/commands/project_test.go
+++ b/internal/commands/project_test.go
@@ -185,3 +185,15 @@ func TestCreateProjectWithSSHKey(t *testing.T) {
execCmdNilAssertion(t, append(baseArgs, "--ssh-key", "data/Dockerfile", "--repo-url", "git@github.com:dummyRepo/dummyProject.git")...)
}
+
+func TestGetProjectByName(t *testing.T) {
+ mockProjectsWrapper := &mock.ProjectsMockWrapper{}
+
+ // Call the function with the exact project name
+ projectName := "test_project3"
+ result := GetProjectByName(projectName, mockProjectsWrapper)
+
+ // Verify the result
+ assert.Equal(t, result.Name, projectName)
+ assert.Equal(t, result.ID, "3")
+}
diff --git a/internal/commands/result.go b/internal/commands/result.go
index 71dbe3ace..a11ba417e 100644
--- a/internal/commands/result.go
+++ b/internal/commands/result.go
@@ -98,6 +98,7 @@ const (
scaLastScanTimeFlagDescription = "SCA last scan time. Available options: integer above 1"
projectPrivatePackageFlagDescription = "Enable or disable project private package. Available options: true,false"
scaPrivatePackageVersionFlagDescription = "SCA project private package version. Example: 0.1.1"
+ scaHideDevAndTestDepFlagDescription = "Filter SCA results to exclude dev and test dependencies"
policeManagementNoneStatus = "none"
apiDocumentationFlagDescription = "Swagger folder/file filter for API-Security scan. Example: ./swagger.json"
summaryCreatedAtLayout = "2006-01-02, 15:04:05"
@@ -107,8 +108,9 @@ const (
redundantLabel = "redundant"
delayValueForReport = 10
fixLinkPrefix = "https://devhub.checkmarx.com/cve-details/"
- snoozeLabel = "Snooze"
- muteLabel = "Muted"
+ ScaDevAndTestExclusionParam = "DEV_AND_TEST"
+ ScaExcludeResultTypesParam = "exclude-result-types"
+ noFileForScorecardResultString = "Issue Found in your GitHub repository"
)
var summaryFormats = []string{
@@ -160,7 +162,12 @@ var sonarSeverities = map[string]string{
}
var containerEngineUnsupportedAgents = []string{
- "Jetbrains", "VS Code", "Visual Studio", "Eclipse",
+ commonParams.JetbrainsAgent, commonParams.VSCodeAgent, commonParams.VisualStudioAgent, commonParams.EclipseAgent,
+}
+
+var sscsEngineToOverviewEngineMap = map[string]string{
+ commonParams.SCSScorecardType: commonParams.SCSScorecardOverviewType,
+ commonParams.SCSSecretDetectionType: commonParams.SCSSecretDetectionOverviewType,
}
func NewResultsCommand(
@@ -272,6 +279,8 @@ func resultShowSubCommand(
resultShowCmd.PersistentFlags().Bool(commonParams.IgnorePolicyFlag, false, "Do not evaluate policies")
resultShowCmd.PersistentFlags().Bool(commonParams.SastRedundancyFlag, false,
"Populate SAST results 'data.redundancy' with values '"+fixLabel+"' (to fix) or '"+redundantLabel+"' (no need to fix)")
+ resultShowCmd.PersistentFlags().Bool(commonParams.ScaHideDevAndTestDepFlag, false, scaHideDevAndTestDepFlagDescription)
+
return resultShowCmd
}
@@ -509,8 +518,8 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
sastIssues := 0
scaIssues := 0
kicsIssues := 0
- scsIssues := 0
var containersIssues *int
+ var scsIssues *int
enginesStatusCode := map[string]int{
commonParams.SastType: 0,
commonParams.ScaType: 0,
@@ -524,6 +533,11 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
*containersIssues = 0
enginesStatusCode[commonParams.ContainersType] = 0
}
+ if wrappers.IsSCSEnabled {
+ scsIssues = new(int)
+ *scsIssues = 0
+ enginesStatusCode[commonParams.ScsType] = 0
+ }
if len(scanInfo.StatusDetails) > 0 {
for _, statusDetailItem := range scanInfo.StatusDetails {
@@ -534,8 +548,8 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
scaIssues = notAvailableNumber
} else if statusDetailItem.Name == commonParams.KicsType {
kicsIssues = notAvailableNumber
- } else if statusDetailItem.Name == commonParams.ScsType {
- scsIssues = notAvailableNumber
+ } else if statusDetailItem.Name == commonParams.ScsType && wrappers.IsSCSEnabled {
+ *scsIssues = notAvailableNumber
} else if statusDetailItem.Name == commonParams.ContainersType && wrappers.IsContainersEnabled {
*containersIssues = notAvailableNumber
}
@@ -574,13 +588,15 @@ func convertScanToResultsSummary(scanInfo *wrappers.ScanResponseModel, resultsWr
commonParams.ScaType: {StatusCode: enginesStatusCode[commonParams.ScaType]},
commonParams.KicsType: {StatusCode: enginesStatusCode[commonParams.KicsType]},
commonParams.APISecType: {StatusCode: enginesStatusCode[commonParams.APISecType]},
- commonParams.ScsType: {StatusCode: enginesStatusCode[commonParams.ScsType]},
commonParams.ContainersType: {StatusCode: enginesStatusCode[commonParams.ContainersType]},
},
}
if wrappers.IsContainersEnabled {
summary.EnginesResult[commonParams.ContainersType] = &wrappers.EngineResultSummary{StatusCode: enginesStatusCode[commonParams.ContainersType]}
}
+ if wrappers.IsSCSEnabled {
+ summary.EnginesResult[commonParams.ScsType] = &wrappers.EngineResultSummary{StatusCode: enginesStatusCode[commonParams.ScsType]}
+ }
baseURI, err := resultsWrapper.GetResultsURL(summary.ProjectID)
if err != nil {
return nil, err
@@ -618,11 +634,12 @@ func summaryReport(
}
if summary.HasSCS() && wrappers.IsSCSEnabled {
+ // Getting the base SCS overview. Results counts are overwritten in enhanceWithScanSummary->countResult
SCSOverview, err := getScanOverviewForSCSScanner(scsScanOverviewWrapper, summary.ScanID)
if err != nil {
return nil, err
}
- summary.SCSOverview = *SCSOverview
+ summary.SCSOverview = SCSOverview
}
if policies != nil {
@@ -637,7 +654,9 @@ func summaryReport(
if wrappers.IsContainersEnabled {
setNotAvailableNumberIfZero(summary, summary.ContainersIssues, commonParams.ContainersType)
}
- setNotAvailableNumberIfZero(summary, &summary.ScsIssues, commonParams.ScsType)
+ if wrappers.IsSCSEnabled {
+ setNotAvailableNumberIfZero(summary, summary.ScsIssues, commonParams.ScsType)
+ }
setRiskMsgAndStyle(summary)
setNotAvailableEnginesStatusCode(summary)
@@ -695,21 +714,17 @@ func enhanceWithScanSummary(summary *wrappers.ResultSummary, results *wrappers.S
summary.TotalIssues = summary.SastIssues + summary.ScaIssues + summary.KicsIssues + summary.GetAPISecurityDocumentationTotal()
if summary.HasSCS() && wrappers.IsSCSEnabled {
- summary.EnginesResult[commonParams.ScsType].Info = summary.SCSOverview.RiskSummary[infoLabel]
- summary.EnginesResult[commonParams.ScsType].Low = summary.SCSOverview.RiskSummary[lowLabel]
- summary.EnginesResult[commonParams.ScsType].Medium = summary.SCSOverview.RiskSummary[mediumLabel]
- summary.EnginesResult[commonParams.ScsType].High = summary.SCSOverview.RiskSummary[highLabel]
-
- summary.ScsIssues = summary.SCSOverview.TotalRisksCount
-
// Special case for SCS where status is partial if any microengines failed
if summary.SCSOverview.Status == scanPartialString {
summary.EnginesResult[commonParams.ScsType].StatusCode = scanPartialNumber
}
if !criticalEnabled {
summary.EnginesResult[commonParams.ScsType].Critical = notAvailableNumber
+ removeCriticalFromSCSOverview(summary)
+ }
+ if *summary.ScsIssues >= 0 {
+ summary.TotalIssues += *summary.ScsIssues
}
- summary.TotalIssues += summary.ScsIssues
}
if wrappers.IsContainersEnabled {
if *summary.ContainersIssues >= 0 {
@@ -724,6 +739,19 @@ func enhanceWithScanSummary(summary *wrappers.ResultSummary, results *wrappers.S
}
}
+func removeCriticalFromSCSOverview(summary *wrappers.ResultSummary) {
+ criticalCount := summary.SCSOverview.RiskSummary[criticalLabel]
+ summary.SCSOverview.TotalRisksCount -= criticalCount
+ summary.SCSOverview.RiskSummary[criticalLabel] = notAvailableNumber
+ for _, microEngineOverview := range summary.SCSOverview.MicroEngineOverviews {
+ if microEngineOverview.RiskSummary != nil && microEngineOverview.RiskSummary[criticalLabel] != nil {
+ engineCriticalCount := microEngineOverview.RiskSummary[criticalLabel]
+ microEngineOverview.TotalRisks -= engineCriticalCount.(int)
+ microEngineOverview.RiskSummary[criticalLabel] = disabledString
+ }
+ }
+}
+
func writeHTMLSummary(targetFile string, summary *wrappers.ResultSummary) error {
log.Println("Creating Summary Report: ", targetFile)
summaryTemp, err := template.New("summaryTemplate").Parse(wrappers.SummaryTemplate(isScanPending(summary.Status)))
@@ -791,13 +819,20 @@ func writeConsoleSummary(summary *wrappers.ResultSummary, featureFlagsWrapper wr
}
func printPoliciesSummary(summary *wrappers.ResultSummary) {
- fmt.Printf(tableLine + "\n")
- if summary.Policies.BreakBuild {
- fmt.Printf(" Policy Management Violation - Break Build Enabled: \n")
- } else {
- fmt.Printf(" Policy Management Violation: \n")
+ hasViolations := false
+ for _, policy := range summary.Policies.Policies {
+ if len(policy.RulesViolated) > 0 {
+ hasViolations = true
+ break
+ }
}
- if len(summary.Policies.Policies) > 0 {
+ if hasViolations {
+ fmt.Printf(tableLine + "\n")
+ if summary.Policies.BreakBuild {
+ fmt.Printf(" Policy Management Violation - Break Build Enabled: \n")
+ } else {
+ fmt.Printf(" Policy Management Violation: \n")
+ }
for _, police := range summary.Policies.Policies {
if len(police.RulesViolated) > 0 {
fmt.Printf(" Policy: %s | Break Build: %t | Violated Rules: ", police.Name, police.BreakBuild)
@@ -807,8 +842,8 @@ func printPoliciesSummary(summary *wrappers.ResultSummary) {
}
fmt.Printf("\n")
}
+ fmt.Printf("\n")
}
- fmt.Printf("\n")
}
func printAPIsSecuritySummary(summary *wrappers.ResultSummary) {
@@ -850,7 +885,6 @@ func printSCSTableRow(microEngineOverview *wrappers.MicroEngineOverview, feature
notAvailableFormatString := " | %-20s %4v %4s %6s %4s %4s %5s |\n"
riskSummary := microEngineOverview.RiskSummary
- riskSummary[criticalLabel] = getCriticalLabelSCS(riskSummary, featureFlagsWrapper)
microEngineName := microEngineOverview.FullName
switch microEngineOverview.Status {
@@ -862,15 +896,6 @@ func printSCSTableRow(microEngineOverview *wrappers.MicroEngineOverview, feature
}
}
-func getCriticalLabelSCS(riskSummary map[string]interface{}, featureFlagsWrapper wrappers.FeatureFlagsWrapper) interface{} {
- flagResponse, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.CVSSV3Enabled)
- criticalEnabled := flagResponse.Status
- if !criticalEnabled {
- return disabledString
- }
- return riskSummary[criticalLabel]
-}
-
func getCountValue(count int) interface{} {
if count < 0 {
return disabledString
@@ -884,7 +909,6 @@ func printResultsSummaryTable(summary *wrappers.ResultSummary) {
totalMediumIssues := summary.EnginesResult.GetMediumIssues()
totalLowIssues := summary.EnginesResult.GetLowIssues()
totalInfoIssues := summary.EnginesResult.GetInfoIssues()
-
fmt.Printf(tableLine + twoNewLines)
fmt.Printf(" Total Results: %d \n", summary.TotalIssues)
fmt.Println(tableLine)
@@ -934,15 +958,22 @@ func runGetResultCommand(
formatSbomOptions, _ := cmd.Flags().GetString(commonParams.ReportSbomFormatFlag)
sastRedundancy, _ := cmd.Flags().GetBool(commonParams.SastRedundancyFlag)
agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
+ scaHideDevAndTestDep, _ := cmd.Flags().GetBool(commonParams.ScaHideDevAndTestDepFlag)
scanID, _ := cmd.Flags().GetString(commonParams.ScanIDFlag)
if scanID == "" {
return errors.Errorf("%s: Please provide a scan ID", failedListingResults)
}
- params, err := getFilters(cmd)
+
+ resultsParams, err := getFilters(cmd)
if err != nil {
return errors.Wrapf(err, "%s", failedListingResults)
}
+
+ if scaHideDevAndTestDep {
+ resultsParams[ScaExcludeResultTypesParam] = ScaDevAndTestExclusionParam
+ }
+
scan, errorModel, scanErr := scanWrapper.GetByID(scanID)
if scanErr != nil {
return errors.Wrapf(scanErr, "%s", failedGetting)
@@ -967,7 +998,7 @@ func runGetResultCommand(
logger.PrintIfVerbose("Skipping policy evaluation")
}
if sastRedundancy {
- params[commonParams.SastRedundancyFlag] = ""
+ resultsParams[commonParams.SastRedundancyFlag] = ""
}
return CreateScanReport(
@@ -985,7 +1016,7 @@ func runGetResultCommand(
targetFile,
targetPath,
agent,
- params,
+ resultsParams,
featureFlagsWrapper)
}
}
@@ -1040,6 +1071,43 @@ func setIsContainersEnabled(agent string, featureFlagsWrapper wrappers.FeatureFl
containerEngineCLIEnabled, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.ContainerEngineCLIEnabled)
wrappers.IsContainersEnabled = containerEngineCLIEnabled.Status && agentSupported
}
+
+func filterResultsByType(results *wrappers.ScanResultsCollection, excludedTypes map[string]struct{}) *wrappers.ScanResultsCollection {
+ var filteredResults []*wrappers.ScanResult
+
+ for _, result := range results.Results {
+ if _, shouldExclude := excludedTypes[result.Type]; shouldExclude {
+ results.TotalCount--
+ } else {
+ filteredResults = append(filteredResults, result)
+ }
+ }
+ results.Results = filteredResults
+ return results
+}
+
+func filterScsResultsByAgent(results *wrappers.ScanResultsCollection, agent string) *wrappers.ScanResultsCollection {
+ unsupportedTypesByAgent := map[string][]string{
+ commonParams.DefaultAgent: {},
+ commonParams.VSCodeAgent: {commonParams.SCSScorecardType},
+ commonParams.JetbrainsAgent: {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
+ commonParams.EclipseAgent: {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
+ commonParams.VisualStudioAgent: {commonParams.SCSScorecardType, commonParams.SCSSecretDetectionType},
+ }
+
+ excludedTypes := make(map[string]struct{})
+
+ if typesToExclude, exists := unsupportedTypesByAgent[agent]; exists {
+ for _, excludeType := range typesToExclude {
+ excludedTypes[excludeType] = struct{}{}
+ }
+ }
+
+ results = filterResultsByType(results, excludedTypes)
+
+ return results
+}
+
func CreateScanReport(
resultsWrapper wrappers.ResultsWrapper,
risksOverviewWrapper wrappers.RisksOverviewWrapper,
@@ -1055,7 +1123,7 @@ func CreateScanReport(
targetFile,
targetPath string,
agent string,
- params map[string]string,
+ resultsParams map[string]string,
featureFlagsWrapper wrappers.FeatureFlagsWrapper,
) error {
reportList := strings.Split(reportTypes, ",")
@@ -1066,7 +1134,6 @@ func CreateScanReport(
if err != nil {
return err
}
-
scanPending := isScanPending(summary.Status)
err = createDirectory(targetPath)
@@ -1074,7 +1141,7 @@ func CreateScanReport(
return err
}
if !scanPending {
- results, err = ReadResults(resultsWrapper, exportWrapper, scan, params)
+ results, err = ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
if err != nil {
return err
}
@@ -1088,7 +1155,7 @@ func CreateScanReport(
}
for _, reportType := range reportList {
err = createReport(reportType, formatPdfToEmail, formatPdfOptions, formatSbomOptions, targetFile,
- targetPath, results, summary, exportWrapper, resultsPdfReportsWrapper, featureFlagsWrapper)
+ targetPath, results, summary, exportWrapper, resultsPdfReportsWrapper, featureFlagsWrapper, agent)
if err != nil {
return err
}
@@ -1116,6 +1183,17 @@ func countResult(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {
} else {
return
}
+ } else if strings.HasPrefix(engineType, commonParams.SscsType) {
+ if wrappers.IsSCSEnabled {
+ addResultToSCSOverview(summary, result)
+ engineType = commonParams.ScsType
+ *summary.ScsIssues++
+ summary.TotalIssues++
+ } else {
+ return
+ }
+ } else {
+ return
}
switch severity {
@@ -1130,10 +1208,29 @@ func countResult(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {
case infoLabel:
summary.InfoIssues++
}
+
summary.UpdateEngineResultSummary(engineType, severity)
}
}
+func addResultToSCSOverview(summary *wrappers.ResultSummary, result *wrappers.ScanResult) {
+ if engineOverviewName, engineExists := sscsEngineToOverviewEngineMap[result.Type]; engineExists {
+ for _, microEngineOverview := range summary.SCSOverview.MicroEngineOverviews {
+ if microEngineOverview.Name == engineOverviewName {
+ if microEngineOverview.RiskSummary != nil {
+ severity := strings.ToLower(result.Severity)
+ if severityCount, exists := microEngineOverview.RiskSummary[severity]; exists {
+ summary.SCSOverview.RiskSummary[severity]++
+ microEngineOverview.TotalRisks++
+ summary.SCSOverview.TotalRisksCount++
+ microEngineOverview.RiskSummary[severity] = severityCount.(int) + 1
+ }
+ }
+ }
+ }
+ }
+}
+
func verifyFormatsByReportList(reportFormats []string, formats ...string) bool {
for _, reportFormat := range reportFormats {
for _, format := range formats {
@@ -1193,6 +1290,19 @@ func getScanOverviewForSCSScanner(
if errorModel != nil {
return nil, errors.Errorf("SCS: %s: CODE: %d, %s", failedListingResults, errorModel.Code, errorModel.Message)
} else if scsOverview != nil {
+ // Setting all counts to 0. Results are recounted in enhanceWithScanSummary->countResult
+ scsOverview.TotalRisksCount = 0
+ for key := range scsOverview.RiskSummary {
+ scsOverview.RiskSummary[key] = 0
+ }
+ for _, microEngineOverview := range scsOverview.MicroEngineOverviews {
+ microEngineOverview.TotalRisks = 0
+ if microEngineOverview.RiskSummary != nil {
+ for severity := range microEngineOverview.RiskSummary {
+ microEngineOverview.RiskSummary[severity] = 0
+ }
+ }
+ }
return scsOverview, nil
}
return nil, nil
@@ -1223,7 +1333,8 @@ func createReport(format,
summary *wrappers.ResultSummary,
exportWrapper wrappers.ExportWrapper,
resultsPdfReportsWrapper wrappers.ResultsPdfWrapper,
- featureFlagsWrapper wrappers.FeatureFlagsWrapper) error {
+ featureFlagsWrapper wrappers.FeatureFlagsWrapper,
+ agent string) error {
if printer.IsFormat(format, printer.FormatIndentedJSON) {
return nil
}
@@ -1311,15 +1422,18 @@ func ReadResults(
resultsWrapper wrappers.ResultsWrapper,
exportWrapper wrappers.ExportWrapper,
scan *wrappers.ScanResponseModel,
- params map[string]string,
+ resultsParams map[string]string,
+ agent string,
) (results *wrappers.ScanResultsCollection, err error) {
var resultsModel *wrappers.ScanResultsCollection
var errorModel *wrappers.WebError
- params[commonParams.ScanIDQueryParam] = scan.ID
- _, sastRedundancy := params[commonParams.SastRedundancyFlag]
+ resultsParams[commonParams.ScanIDQueryParam] = scan.ID
+ _, sastRedundancy := resultsParams[commonParams.SastRedundancyFlag]
+
+ scaHideDevAndTestDep := resultsParams[ScaExcludeResultTypesParam] == ScaDevAndTestExclusionParam
- resultsModel, errorModel, err = resultsWrapper.GetAllResultsByScanID(params)
+ resultsModel, errorModel, err = resultsWrapper.GetAllResultsByScanID(resultsParams)
if err != nil {
return nil, errors.Wrapf(err, "%s", failedListingResults)
@@ -1333,11 +1447,19 @@ func ReadResults(
// Compute SAST results redundancy
resultsModel = ComputeRedundantSastResults(resultsModel)
}
- resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel)
+ resultsModel, err = enrichScaResults(exportWrapper, scan, resultsModel, scaHideDevAndTestDep)
if err != nil {
return nil, err
}
+ if slices.Contains(scan.Engines, commonParams.ScsType) {
+ if !wrappers.IsSCSEnabled {
+ resultsModel = removeResultsByType(resultsModel, commonParams.SscsType)
+ } else {
+ resultsModel = filterScsResultsByAgent(resultsModel, agent)
+ }
+ }
+
resultsModel.ScanID = scan.ID
return resultsModel, nil
}
@@ -1348,9 +1470,10 @@ func enrichScaResults(
exportWrapper wrappers.ExportWrapper,
scan *wrappers.ScanResponseModel,
resultsModel *wrappers.ScanResultsCollection,
+ scaHideDevAndTestDep bool,
) (*wrappers.ScanResultsCollection, error) {
if slices.Contains(scan.Engines, commonParams.ScaType) {
- scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID)
+ scaExportDetails, err := services.GetExportPackage(exportWrapper, scan.ID, scaHideDevAndTestDep)
if err != nil {
return nil, errors.Wrapf(err, "%s", failedListingResults)
}
@@ -1361,7 +1484,7 @@ func enrichScaResults(
}
}
if slices.Contains(scan.Engines, commonParams.ContainersType) && !wrappers.IsContainersEnabled {
- resultsModel = removeContainerResults(resultsModel)
+ resultsModel = removeResultsByType(resultsModel, commonParams.ContainersType)
}
return resultsModel, nil
}
@@ -1421,10 +1544,14 @@ func appendMainPackageToDependencyPath(dependencyPathArray *[][]wrappers.Depende
}})
}
-func removeContainerResults(model *wrappers.ScanResultsCollection) *wrappers.ScanResultsCollection {
+func removeResultsByType(model *wrappers.ScanResultsCollection, resultType string) *wrappers.ScanResultsCollection {
var newResults []*wrappers.ScanResult
for _, result := range model.Results {
- if result.Type != commonParams.ContainersType {
+ isResultType := result.Type == resultType
+ if resultType == commonParams.SscsType {
+ isResultType = strings.HasPrefix(result.Type, resultType)
+ }
+ if !isResultType {
newResults = append(newResults, result)
}
}
@@ -1600,21 +1727,8 @@ func exportJSONResults(targetFile string, results *wrappers.ScanResultsCollectio
func exportJSONSummaryResults(targetFile string, results *wrappers.ResultSummary) error {
var err error
var resultsJSON []byte
- var resultsToReport *wrappers.ResultSummary
log.Println("Creating summary JSON Report: ", targetFile)
-
- // Remove SCS Result if it exists
- _, scsExists := results.EnginesResult[commonParams.ScsType]
- if scsExists {
- resultsToReport, err = createReportWithoutScsSummary(results)
- if err != nil {
- return err
- }
- } else {
- resultsToReport = results
- }
-
- resultsJSON, err = json.Marshal(resultsToReport)
+ resultsJSON, err = json.Marshal(results)
if err != nil {
return errors.Wrapf(err, "%s: failed to serialize results response ", failedGettingAll)
}
@@ -1991,6 +2105,9 @@ func parseResultsSonar(results *wrappers.ScanResultsCollection) []wrappers.Sonar
} else if wrappers.IsContainersEnabled && engineType == commonParams.ContainersType {
auxIssue.PrimaryLocation = parseContainersSonar(result)
sonarIssues = append(sonarIssues, auxIssue)
+ } else if wrappers.IsSCSEnabled && strings.HasPrefix(engineType, commonParams.SscsType) {
+ sscsSonarIssue := parseSscsSonar(result)
+ sonarIssues = append(sonarIssues, sscsSonarIssue)
}
}
}
@@ -2010,6 +2127,28 @@ func parseContainersSonar(result *wrappers.ScanResult) wrappers.SonarLocation {
return auxLocation
}
+func parseSscsSonar(result *wrappers.ScanResult) wrappers.SonarIssues {
+ sonarIssue := initSonarIssue(result)
+
+ // overriding ruleID set by default in initSonarIssue
+ if result.ScanResultData.RuleID != nil {
+ sonarIssue.RuleID = *result.ScanResultData.RuleID
+ }
+
+ sonarIssue.PrimaryLocation.FilePath = result.ScanResultData.Filename
+ if result.ScanResultData.Snippet != "" {
+ sonarIssue.PrimaryLocation.Message = fmt.Sprintf("%s : %s", result.ScanResultData.Snippet, result.Description)
+ } else {
+ sonarIssue.PrimaryLocation.Message = result.Description
+ }
+ var textRange wrappers.SonarTextRange
+ textRange.StartColumn = 1
+ textRange.EndColumn = 2
+ textRange.StartLine = result.ScanResultData.Line
+ sonarIssue.PrimaryLocation.TextRange = textRange
+ return sonarIssue
+}
+
func initSonarIssue(result *wrappers.ScanResult) wrappers.SonarIssues {
var sonarIssue wrappers.SonarIssues
sonarIssue.Severity = sonarSeverities[result.Severity]
@@ -2106,7 +2245,7 @@ func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappe
sarifRule.ID, sarifRule.Name, _ = findRuleID(result)
sarifRule.FullDescription = findFullDescription(result)
sarifRule.Help = findHelp(result)
- sarifRule.HelpURI = wrappers.SarifInformationURI
+ sarifRule.HelpURI = findHelpURI(result)
sarifRule.Properties = findProperties(result)
if !ruleIds[sarifRule.ID] {
@@ -2118,12 +2257,18 @@ func findRule(ruleIds map[interface{}]bool, result *wrappers.ScanResult) *wrappe
}
func findRuleID(result *wrappers.ScanResult) (ruleID, ruleName, shortMessage string) {
- if result.ScanResultData.QueryID == nil {
+ if result.ScanResultData.QueryID == nil && result.ScanResultData.RuleID == nil {
return fmt.Sprintf("%s (%s)", result.ID, result.Type),
strings.Title(strings.ToLower(strings.ReplaceAll(result.ID, "-", ""))),
fmt.Sprintf("%s (%s)", result.ScanResultData.PackageIdentifier, result.ID)
}
+ if result.ScanResultData.RuleID != nil {
+ return fmt.Sprintf("%s (%s)", *result.ScanResultData.RuleID, result.Type),
+ result.ScanResultData.RuleName,
+ result.ScanResultData.RuleName
+ }
+
return fmt.Sprintf("%v (%s)", result.ScanResultData.QueryID, result.Type),
strings.ReplaceAll(result.ScanResultData.QueryName, "_", " "),
strings.ReplaceAll(result.ScanResultData.QueryName, "_", " ")
@@ -2137,29 +2282,51 @@ func findFullDescription(result *wrappers.ScanResult) wrappers.SarifDescription
func findHelp(result *wrappers.ScanResult) wrappers.SarifHelp {
var sarifHelp wrappers.SarifHelp
- sarifHelp.Text = findDescriptionText(result)
+ sarifHelp.Text = findHelpText(result)
sarifHelp.Markdown = findHelpMarkdownText(result)
return sarifHelp
}
+func findHelpURI(result *wrappers.ScanResult) string {
+ if strings.HasPrefix(result.Type, commonParams.SscsType) {
+ if result.ScanResultData.RemediationLink != "" {
+ return result.ScanResultData.RemediationLink
+ }
+ }
+
+ return wrappers.SarifInformationURI
+}
+
func findDescriptionText(result *wrappers.ScanResult) string {
if result.Type == commonParams.KicsType {
return fmt.Sprintf(
"%s Value: %s Excepted value: %s",
result.Description, result.ScanResultData.Value, result.ScanResultData.ExpectedValue,
)
+ } else if strings.HasPrefix(result.Type, commonParams.SscsType) {
+ return result.ScanResultData.RuleDescription
}
return result.Description
}
+func findHelpText(result *wrappers.ScanResult) string {
+ if strings.HasPrefix(result.Type, commonParams.SscsType) {
+ return findHelpMarkdownText(result)
+ }
+
+ return findDescriptionText(result)
+}
+
func findHelpMarkdownText(result *wrappers.ScanResult) string {
if result.Type == commonParams.KicsType {
return fmt.Sprintf(
"%s
Value: %s
Excepted value: %s",
result.Description, result.ScanResultData.Value, result.ScanResultData.ExpectedValue,
)
+ } else if strings.HasPrefix(result.Type, commonParams.SscsType) {
+ return result.ScanResultData.Remediation
}
return result.Description
@@ -2205,6 +2372,8 @@ func findResult(result *wrappers.ScanResult) []wrappers.SarifScanResult {
scanResults = parseSarifResultsSca(result, scanResults)
} else if result.Type == commonParams.ContainersType && wrappers.IsContainersEnabled {
scanResults = parseSarifResultsContainers(result, scanResults)
+ } else if strings.HasPrefix(result.Type, commonParams.SscsType) && wrappers.IsSCSEnabled {
+ scanResults = parseSarifResultsSscs(result, scanResults)
}
if len(scanResults) > 0 {
@@ -2296,6 +2465,41 @@ func parseSarifResultSast(result *wrappers.ScanResult, scanResults []wrappers.Sa
return scanResults
}
+func parseSarifResultsSscs(result *wrappers.ScanResult, scanResults []wrappers.SarifScanResult) []wrappers.SarifScanResult {
+ var scanResult = initSarifResult(result)
+ scanResult.Message.Text = result.Description
+
+ var scanLocation wrappers.SarifLocation
+
+ trimOsSeparatorFromFileName(result)
+ if result.Type == commonParams.SCSScorecardType && result.ScanResultData.Filename == noFileForScorecardResultString {
+ scanLocation.PhysicalLocation.ArtifactLocation.URI = ""
+ scanLocation.PhysicalLocation.ArtifactLocation.Description = &wrappers.SarifMessage{}
+ scanLocation.PhysicalLocation.ArtifactLocation.Description.Text = result.ScanResultData.Filename
+ } else {
+ scanLocation.PhysicalLocation.ArtifactLocation.URI = result.ScanResultData.Filename
+ }
+
+ scanLocation.PhysicalLocation.Region = &wrappers.SarifRegion{}
+ scanLocation.PhysicalLocation.Region.StartLine = result.ScanResultData.Line
+ scanLocation.PhysicalLocation.Region.StartColumn = 1
+ scanLocation.PhysicalLocation.Region.EndColumn = 2
+ if result.ScanResultData.Snippet != "" {
+ scanLocation.PhysicalLocation.Region.Snippet = &wrappers.SarifSnippet{}
+ scanLocation.PhysicalLocation.Region.Snippet.Text = result.ScanResultData.Snippet
+ }
+
+ scanResult.Locations = append(scanResult.Locations, scanLocation)
+
+ var properties wrappers.SarifResultProperties
+ properties.Severity = result.Severity
+ properties.Validity = result.ScanResultData.Validity
+ scanResult.Properties = &properties
+
+ scanResults = append(scanResults, scanResult)
+ return scanResults
+}
+
func convertNotAvailableNumberToZero(summary *wrappers.ResultSummary) {
if summary.KicsIssues == notAvailableNumber {
summary.KicsIssues = 0
@@ -2459,6 +2663,13 @@ func filterViolatedRules(policyModel wrappers.PolicyResponseModel) *wrappers.Pol
return &policyModel
}
+func trimOsSeparatorFromFileName(result *wrappers.ScanResult) {
+ if result.ScanResultData.Filename != "" {
+ result.ScanResultData.Filename = strings.TrimPrefix(result.ScanResultData.Filename, "/")
+ result.ScanResultData.Filename = strings.TrimPrefix(result.ScanResultData.Filename, "\\")
+ }
+}
+
type ScannerResponse struct {
ScanID string `json:"ScanID,omitempty"`
Name string `json:"Name,omitempty"`
@@ -2466,25 +2677,3 @@ type ScannerResponse struct {
Details string `json:"Details,omitempty"`
ErrorCode string `json:"ErrorCode,omitempty"`
}
-
-func createReportWithoutScsSummary(results *wrappers.ResultSummary) (*wrappers.ResultSummary, error) {
- var err error
- var resultsJSON []byte
- resultsJSON, err = json.Marshal(results)
- if err != nil {
- return nil, errors.Wrapf(err, "%s: failed to serialize results before removing scs ", failedGettingAll)
- }
-
- var resultsWithoutScs *wrappers.ResultSummary
- err = json.Unmarshal(resultsJSON, &resultsWithoutScs)
- if err != nil {
- return nil, errors.Wrapf(err, "%s: failed to deserialize results before removing scs ", failedGettingAll)
- }
-
- _, scsExists := resultsWithoutScs.EnginesResult[commonParams.ScsType]
- if scsExists {
- delete(resultsWithoutScs.EnginesResult, commonParams.ScsType)
- }
-
- return resultsWithoutScs, nil
-}
diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go
index 4a7e4ed2e..46e4aaa24 100644
--- a/internal/commands/result_test.go
+++ b/internal/commands/result_test.go
@@ -3,9 +3,12 @@
package commands
import (
+ "bytes"
"encoding/json"
"fmt"
+ "io"
"os"
+ "reflect"
"regexp"
"strings"
"testing"
@@ -15,6 +18,8 @@ import (
params "github.com/checkmarx/ast-cli/internal/params"
"github.com/checkmarx/ast-cli/internal/wrappers"
"github.com/checkmarx/ast-cli/internal/wrappers/mock"
+ "golang.org/x/text/cases"
+ "golang.org/x/text/language"
"gotest.tools/assert"
)
@@ -29,7 +34,7 @@ const (
jsonValue = "json"
tableValue = "table"
listValue = "list"
- secretDetectionLine = "| Secret Detection 0 5 3 2 0 Completed |"
+ secretDetectionLine = "| Secret Detection 0 1 1 0 0 Completed |"
)
func flag(f string) string {
@@ -132,6 +137,110 @@ func TestResultsExitCode_OnPartialScan_PrintOnlyFailedScannersInfoToConsole(t *t
assert.Equal(t, results[0].Status, "Partial", "")
}
+func runScanCommand(t *testing.T, agent, scanID string) *wrappers.ScanResultsCollection {
+ clearFlags()
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ _, err := executeRedirectedOsStdoutTestCommand(createASTTestCommand(),
+ "results", "show", "--scan-id", scanID, "--report-format", "json", "--agent", agent)
+ assert.NilError(t, err)
+
+ file, err := os.Open(fileName + ".json")
+ if err != nil {
+ t.Fatalf("failed to open file: %v", err)
+ }
+ defer func() {
+ file.Close()
+ os.Remove(fileName + ".json")
+ }()
+
+ fileContents, err := io.ReadAll(file)
+ if err != nil {
+ t.Fatalf("failed to read file: %v", err)
+ }
+
+ var results wrappers.ScanResultsCollection
+ err = json.Unmarshal(fileContents, &results)
+ assert.NilError(t, err)
+ return &results
+}
+
+func TestRunScsResultsShow_ASTCLI_AgentShouldShowAllResults(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "SCS_ONLY", "--report-format", "json", "--agent", params.DefaultAgent)
+ assertTypePresentJSON(t, params.SCSScorecardType, 1)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 2)
+ assertTotalCountJSON(t, 3)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunScsResultsShow_VSCode_AgentShouldNotShowScorecardResults(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "SCS_ONLY", "--report-format", "json", "--agent", params.VSCodeAgent)
+ assertTypePresentJSON(t, params.SCSScorecardType, 0)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 2)
+ assertTotalCountJSON(t, 2)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunScsResultsShow_Other_AgentsShouldNotShowScsResults(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "SCS_ONLY", "--report-format", "json", "--agent", params.JetbrainsAgent)
+ assertTypePresentJSON(t, params.SCSScorecardType, 0)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
+ assertTotalCountJSON(t, 0)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunWithoutScsResults_Other_AgentsShouldNotShowScsResults(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "SAST_ONLY", "--report-format", "json", "--agent", params.EclipseAgent)
+ assertTypePresentJSON(t, params.SCSScorecardType, 0)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
+ assertTotalCountJSON(t, 1)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunNilResults_Other_AgentsShouldNotShowAnyResults(t *testing.T) {
+ clearFlags()
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK_NO_VULNERABILITIES", "--report-format", "json", "--agent", params.VisualStudioAgent)
+ assertTypePresentJSON(t, params.SCSScorecardType, 0)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
+ assertTotalCountJSON(t, 0)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+}
+
func TestResultsExitCode_OnCanceledScan_PrintOnlyScanIDAndStatusCanceledToConsole(t *testing.T) {
model := wrappers.ScanResponseModel{
ID: "fake-scan-id-kics-fail-sast-canceled-id",
@@ -348,7 +457,12 @@ func createTestScanResultsCollection() *wrappers.ScanResultsCollection {
}
func removeFileBySuffix(t *testing.T, suffix string) {
- removeFile(t, fileName, suffix)
+ switch suffix {
+ case printer.FormatSonar:
+ removeFile(t, fileName+sonarTypeLabel, printer.FormatJSON)
+ default:
+ removeFile(t, fileName, suffix)
+ }
}
func removeFile(t *testing.T, prefix, suffix string) {
@@ -673,7 +787,7 @@ func TestRunResultsShow_ContainersFFIsOn_includeContainersResult(t *testing.T) {
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
- assertContainersPresent(t, true)
+ assertTypePresentJSON(t, params.ContainersType, 1)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
@@ -681,7 +795,7 @@ func TestRunResultsShow_ContainersFFIsOff_excludeContainersResult(t *testing.T)
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: false}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
- assertContainersPresent(t, false)
+ assertTypePresentJSON(t, params.ContainersType, 0)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
@@ -689,7 +803,7 @@ func TestRunResultsShow_jetbrainsIsNotSupported_excludeContainersResult(t *testi
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "jetbrains")
- assertContainersPresent(t, false)
+ assertTypePresentJSON(t, params.ContainersType, 0)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
@@ -698,7 +812,7 @@ func TestRunResultsShow_EclipseIsNotSupported_excludeContainersResult(t *testing
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Eclipse")
- assertContainersPresent(t, false)
+ assertTypePresentJSON(t, params.ContainersType, 0)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
@@ -707,7 +821,7 @@ func TestRunResultsShow_VsCodeIsNotSupported_excludeContainersResult(t *testing.
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "vs code")
- assertContainersPresent(t, false)
+ assertTypePresentJSON(t, params.ContainersType, 0)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
@@ -716,27 +830,126 @@ func TestRunResultsShow_VisualStudioIsNotSupported_excludeContainersResult(t *te
clearFlags()
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.ContainerEngineCLIEnabled, Status: true}
execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json", "--agent", "Visual Studio")
- assertContainersPresent(t, false)
+ assertTypePresentJSON(t, params.ContainersType, 0)
// Remove generated json file
removeFileBySuffix(t, printer.FormatJSON)
}
-func assertContainersPresent(t *testing.T, isContainersEnabled bool) {
- bytes, err := os.ReadFile(fileName + "." + printer.FormatJSON)
+func assertTypePresentJSON(t *testing.T, resultType string, expectedResultTypeCount int) {
+ reportBytes, err := os.ReadFile(fileName + "." + printer.FormatJSON)
+ assert.NilError(t, err, "Error reading file")
+ // Unmarshal the JSON data into the ScanResultsCollection struct
+ var scanResultsCollection *wrappers.ScanResultsCollection
+ err = json.Unmarshal(reportBytes, &scanResultsCollection)
+ assert.NilError(t, err, "Error unmarshalling JSON data")
+ actualResultTypeCount := 0
+ for i := range scanResultsCollection.Results {
+ scanResult := scanResultsCollection.Results[i]
+ if scanResult.Type == resultType {
+ actualResultTypeCount++
+ }
+ }
+ assert.Equal(t, actualResultTypeCount, expectedResultTypeCount,
+ fmt.Sprintf("Expected %s result count to be %d, but found %d results", resultType, expectedResultTypeCount, actualResultTypeCount))
+}
+
+func assertTotalCountJSON(t *testing.T, expectedResultTypeCount uint) {
+ reportBytes, err := os.ReadFile(fileName + "." + printer.FormatJSON)
assert.NilError(t, err, "Error reading file")
// Unmarshal the JSON data into the ScanResultsCollection struct
var scanResultsCollection *wrappers.ScanResultsCollection
- err = json.Unmarshal(bytes, &scanResultsCollection)
+ err = json.Unmarshal(reportBytes, &scanResultsCollection)
+ assert.NilError(t, err, "Error unmarshalling JSON data")
+
+ assert.Equal(t, scanResultsCollection.TotalCount, expectedResultTypeCount,
+ fmt.Sprintf("Expected total count to be %d, but actual total count is %d", expectedResultTypeCount, scanResultsCollection.TotalCount))
+}
+
+func assertTypePresentSonar(t *testing.T, resultType string, expectedResultTypeCount int) {
+ reportBytes, err := os.ReadFile(fileName + sonarTypeLabel + "." + printer.FormatJSON)
+ assert.NilError(t, err, "Error reading file")
+ // Unmarshal the JSON data into the ScanResultsCollection struct
+ var scanResultsCollection *wrappers.ScanResultsSonar
+ err = json.Unmarshal(reportBytes, &scanResultsCollection)
assert.NilError(t, err, "Error unmarshalling JSON data")
- for _, scanResult := range scanResultsCollection.Results {
- if !isContainersEnabled && scanResult.Type == params.ContainersType {
- assert.Assert(t, false, "Containers result should not be present")
- } else if isContainersEnabled && scanResult.Type == params.ContainersType {
+ actualResultTypeCount := 0
+ for i := range scanResultsCollection.Results {
+ scanResult := scanResultsCollection.Results[i]
+ if scanResult.EngineID == resultType {
+ actualResultTypeCount++
+ }
+ }
+ assert.Equal(t, actualResultTypeCount, expectedResultTypeCount,
+ fmt.Sprintf("Expected %s result count to be %d, but found %d results", resultType, expectedResultTypeCount, actualResultTypeCount))
+}
+
+func assertTypePresentSarif(t *testing.T, resultType string, expectedResultTypeCount int) {
+ reportBytes, err := os.ReadFile(fileName + "." + printer.FormatSarif)
+ assert.NilError(t, err, "Error reading file")
+ // Unmarshal the JSON data into the ScanResultsCollection struct
+ var scanResultsCollection *wrappers.SarifResultsCollection
+ err = json.Unmarshal(reportBytes, &scanResultsCollection)
+ assert.NilError(t, err, "Error unmarshalling SARIF data")
+ resultTypeRuleSuffix := fmt.Sprintf("(%s)", resultType)
+ actualResultTypeCount := 0
+ for i := range scanResultsCollection.Runs[0].Results {
+ scanResult := scanResultsCollection.Runs[0].Results[i]
+ if strings.HasSuffix(scanResult.RuleID, resultTypeRuleSuffix) {
+ actualResultTypeCount++
+ assertRulePresentSarif(t, scanResult.RuleID, scanResultsCollection)
+ }
+ }
+ assert.Equal(t, actualResultTypeCount, expectedResultTypeCount,
+ fmt.Sprintf("Expected %s result count to be %d, but found %d results", resultType, expectedResultTypeCount, actualResultTypeCount))
+}
+
+func assertRulePresentSarif(t *testing.T, ruleID string, scanResultsCollection *wrappers.SarifResultsCollection) {
+ for i := range scanResultsCollection.Runs[0].Tool.Driver.Rules {
+ rule := scanResultsCollection.Runs[0].Tool.Driver.Rules[i]
+ if rule.ID == ruleID {
+ return
+ }
+ }
+ assert.Assert(t, false, fmt.Sprintf("RuleID %s found in SARIF result not found in rules of SARIF report", ruleID))
+}
+
+func assertResultsPresentSummaryJSON(t *testing.T, isResultsEnabled bool, scanType string, numberOfIssues *int) {
+ reportBytes, err := os.ReadFile(fileName + "." + printer.FormatJSON)
+ assert.NilError(t, err, "Error reading file")
+ // Unmarshal the JSON data into the ScanResultsCollection struct
+ var scanResultSummary *wrappers.ResultSummary
+ err = json.Unmarshal(reportBytes, &scanResultSummary)
+ assert.NilError(t, err, "Error unmarshalling JSON data")
+
+ // Test presence of Issues field
+ scanTypeCapitalized := cases.Title(language.Und).String(scanType)
+ IssuesFieldName := scanTypeCapitalized + "Issues"
+ reflectedScanResultSummary := reflect.ValueOf(scanResultSummary).Elem()
+ IssuesField := reflectedScanResultSummary.FieldByName(IssuesFieldName)
+
+ assert.Equal(t, IssuesField.IsValid(), true, fmt.Sprintf("field %s not found in ResultSummary struct definition", IssuesFieldName))
+ assert.Equal(t, !IssuesField.IsNil(), isResultsEnabled, fmt.Sprintf("Expected field %s to be present: %t", IssuesFieldName, isResultsEnabled))
+
+ if !IssuesField.IsNil() && numberOfIssues != nil {
+ assert.Equal(t, *IssuesField.Interface().(*int), *numberOfIssues, fmt.Sprintf("Expected field %s to have value: %d", IssuesFieldName, *numberOfIssues))
+ }
+
+ // Test presence of Scs Overview field
+ if scanType == params.ScsType {
+ ScsOverviewField := reflectedScanResultSummary.FieldByName("SCSOverview")
+ assert.Equal(t, ScsOverviewField.IsValid(), true, fmt.Sprintf("field %s not found in ResultSummary struct definition ", ScsOverviewField))
+ assert.Equal(t, !ScsOverviewField.IsNil(), isResultsEnabled, fmt.Sprintf("Expected field %s to be present: %t", ScsOverviewField, isResultsEnabled))
+ }
+
+ for engine := range scanResultSummary.EnginesResult {
+ if !isResultsEnabled && engine == scanType {
+ assert.Assert(t, false, fmt.Sprintf("%s result summary should not be present", scanType))
+ } else if isResultsEnabled && engine == scanType {
return
}
}
- if isContainersEnabled {
- assert.Assert(t, false, "Containers result should be present")
+ if isResultsEnabled {
+ assert.Assert(t, false, "%s result summary should be present", scanType)
}
}
func TestRunGetResultsShow_ContainersFFOffAndResultsHasContainersResultsOnly_NilAssertion(t *testing.T) {
@@ -868,6 +1081,41 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsNotScanned_ScsMissingInRep
mock.SetScsMockVarsToDefault()
}
+func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsCompleted_ScsCompletedInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+
+ buffer, err := executeRedirectedOsStdoutTestCommand(createASTTestCommand(),
+ "results", "show", "--scan-id", "MOCK", "--report-format", "summaryConsole")
+ assert.NilError(t, err)
+
+ stdoutString := buffer.String()
+ ansiRegexp := regexp.MustCompile("\x1b\\[[0-9;]*[mK]")
+ cleanString := ansiRegexp.ReplaceAllString(stdoutString, "")
+ fmt.Print(stdoutString)
+
+ TotalResults := "Total Results: 11"
+ assert.Equal(t, strings.Contains(cleanString, TotalResults), true,
+ "Expected: "+TotalResults)
+ TotalSummary := "| TOTAL 0 6 3 2 0 Completed |"
+ assert.Equal(t, strings.Contains(cleanString, TotalSummary), true,
+ "Expected TOTAL summary: "+TotalSummary)
+ scsSummary := "| SCS 0 1 1 1 0 Completed |"
+ assert.Equal(t, strings.Contains(cleanString, scsSummary), true,
+ "Expected SCS summary:"+scsSummary)
+ secretDetectionSummary := secretDetectionLine
+ assert.Equal(t, strings.Contains(cleanString, secretDetectionSummary), true,
+ "Expected Secret Detection summary:"+secretDetectionSummary)
+ scorecardSummary := "| Scorecard 0 0 0 1 0 Completed |"
+ assert.Equal(t, strings.Contains(cleanString, scorecardSummary), true,
+ "Expected Scorecard summary:"+scorecardSummary)
+
+ mock.SetScsMockVarsToDefault()
+}
+
func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsPartial_ScsPartialInReport(t *testing.T) {
clearFlags()
mock.HasScs = true
@@ -884,13 +1132,13 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsPartial_ScsPartialInReport
cleanString := ansiRegexp.ReplaceAllString(stdoutString, "")
fmt.Print(stdoutString)
- TotalResults := "Total Results: 18"
+ TotalResults := "Total Results: 10"
assert.Equal(t, strings.Contains(cleanString, TotalResults), true,
"Expected: "+TotalResults)
- TotalSummary := "| TOTAL 0 10 5 3 0 Completed |"
+ TotalSummary := "| TOTAL 0 6 3 1 0 Completed |"
assert.Equal(t, strings.Contains(cleanString, TotalSummary), true,
"Expected TOTAL summary: "+TotalSummary)
- scsSummary := "| SCS 0 5 3 2 0 Partial |"
+ scsSummary := "| SCS 0 1 1 0 0 Partial |"
assert.Equal(t, strings.Contains(cleanString, scsSummary), true,
"Expected SCS summary:"+scsSummary)
secretDetectionSummary := secretDetectionLine
@@ -917,7 +1165,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_ScsScorecardNotScanned_Scorec
stdoutString := buffer.String()
fmt.Print(stdoutString)
- scsSummary := "| SCS 0 5 3 2 0 Completed |"
+ scsSummary := "| SCS 0 1 1 0 0 Completed |"
assert.Equal(t, strings.Contains(stdoutString, scsSummary), true,
"Expected SCS summary:"+scsSummary)
secretDetectionSummary := secretDetectionLine
@@ -938,7 +1186,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_SCSFlagNotEnabled_SCSMissingI
mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
buffer, err := executeRedirectedOsStdoutTestCommand(createASTTestCommand(),
- "results", "show", "--scan-id", "MOCK", "--report-format", "summaryConsole")
+ "results", "show", "--scan-id", "MOCK", "--report-format", "summaryConsole,summaryJSON")
assert.NilError(t, err)
stdoutString := buffer.String()
@@ -946,7 +1194,7 @@ func TestRunGetResultsByScanIdSummaryConsoleFormat_SCSFlagNotEnabled_SCSMissingI
scsSummary := "| SCS"
assert.Equal(t, !strings.Contains(stdoutString, scsSummary), true,
- "Expected SCS summary:"+scsSummary)
+ "Expected SCS summary to be missing:"+scsSummary)
secretDetectionSummary := "Secret Detection"
assert.Equal(t, !strings.Contains(stdoutString, secretDetectionSummary), true,
"Expected Secret Detection summary to be missing:"+secretDetectionSummary)
@@ -1014,8 +1262,7 @@ func createEmptyResultSummary() *wrappers.ResultSummary {
SastIssues: 0,
ScaIssues: 0,
KicsIssues: 0,
- ScsIssues: 0,
- SCSOverview: wrappers.SCSOverview{},
+ SCSOverview: &wrappers.SCSOverview{},
APISecurity: wrappers.APISecResult{
APICount: 0,
TotalRisksCount: 0,
@@ -1060,3 +1307,216 @@ func createEmptyResultSummary() *wrappers.ResultSummary {
},
}
}
+func TestPrintPoliciesSummary_WhenNoRolViolated_ShouldNotContainPolicyViolation(t *testing.T) {
+ summary := &wrappers.ResultSummary{
+ Policies: &wrappers.PolicyResponseModel{
+ Status: "Success",
+ Policies: []wrappers.Policy{
+ {
+ RulesViolated: []string{},
+ },
+ },
+ BreakBuild: false,
+ },
+ }
+ r, w, _ := os.Pipe()
+ old := os.Stdout
+ os.Stdout = w
+
+ printPoliciesSummary(summary)
+
+ w.Close()
+ os.Stdout = old
+
+ var buf bytes.Buffer
+ if _, err := io.Copy(&buf, r); err != nil {
+ t.Fatalf("failed to copy output: %v", err) // Handle the error if io.Copy fails
+ }
+ output := buf.String()
+ assert.Assert(t, !strings.Contains(output, "Policy Management Violation "), "Output should not contain 'Policy Management Violation'")
+}
+
+func TestRunGetResultsByScanIdJSONFormat_SCSFlagNotEnabled_SCSMissingInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
+ assertTypePresentJSON(t, params.SCSScorecardType, 0)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 0)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdJSONFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "json")
+ assertTypePresentJSON(t, params.SCSScorecardType, 1)
+ assertTypePresentJSON(t, params.SCSSecretDetectionType, 2)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSonarFormat_SCSFlagNotEnabled_SCSMissingInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")
+ assertTypePresentSonar(t, params.SCSScorecardType, 0)
+ assertTypePresentSonar(t, params.SCSSecretDetectionType, 0)
+
+ removeFileBySuffix(t, printer.FormatSonar)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSonarFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sonar")
+ assertTypePresentSonar(t, params.SCSScorecardType, 1)
+ assertTypePresentSonar(t, params.SCSSecretDetectionType, 2)
+
+ removeFileBySuffix(t, printer.FormatSonar)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSarifFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sarif")
+ assertTypePresentSarif(t, params.SCSScorecardType, 1)
+ assertTypePresentSarif(t, params.SCSSecretDetectionType, 2)
+
+ removeFileBySuffix(t, printer.FormatSarif)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSarifFormat_SCSFlagEnabled_SCSMissingInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "sarif")
+ assertTypePresentSarif(t, params.SCSScorecardType, 0)
+ assertTypePresentSarif(t, params.SCSSecretDetectionType, 0)
+
+ removeFileBySuffix(t, printer.FormatSarif)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryJSONFormat_SCSFlagNotEnabled_SCSMissingInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ ScsFlagValue := false
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: ScsFlagValue}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryJSON")
+
+ assertResultsPresentSummaryJSON(t, ScsFlagValue, params.ScsType, nil)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryJSONFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.ScsScanPartial = false
+ mock.ScorecardScanned = true
+ ScsFlagValue := true
+ expectedScsIssues := 3
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: ScsFlagValue}
+
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryJSON")
+
+ assertResultsPresentSummaryJSON(t, ScsFlagValue, params.ScsType, &expectedScsIssues)
+
+ removeFileBySuffix(t, printer.FormatJSON)
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryMarkdownFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "markdown")
+ // Read the contents of the file
+ markdownBytes, err := os.ReadFile(fmt.Sprintf("%s.%s", fileName, "md"))
+ assert.NilError(t, err, "Error reading file")
+
+ markdownString := string(markdownBytes)
+ assert.Equal(t, strings.Contains(markdownString, "SCS"), true, "SCS should be present in the markdown file")
+
+ // Remove generated md file
+ removeFileBySuffix(t, "md")
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryMarkdownFormat_SCSFlagNotEnabled_SCSNotPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "markdown")
+ // Read the contents of the file
+ markdownBytes, err := os.ReadFile(fmt.Sprintf("%s.%s", fileName, "md"))
+ assert.NilError(t, err, "Error reading file")
+
+ markdownString := string(markdownBytes)
+ assert.Equal(t, strings.Contains(markdownString, "SCS"), false, "SCS should not be present in the markdown file")
+
+ // Remove generated md file
+ removeFileBySuffix(t, "md")
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryHtmlFormat_SCSFlagEnabled_SCSPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: true}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryHTML")
+ // Read the contents of the file
+ htmlBytes, err := os.ReadFile(fmt.Sprintf("%s.%s", fileName, "html"))
+ assert.NilError(t, err, "Error reading file")
+
+ htmlString := string(htmlBytes)
+ assert.Equal(t, strings.Contains(htmlString, "SCS"), true, "SCS should be present in the html file")
+
+ // Remove generated html file
+ removeFileBySuffix(t, "html")
+ mock.SetScsMockVarsToDefault()
+}
+
+func TestRunGetResultsByScanIdSummaryHtmlFormat_SCSFlagNotEnabled_SCSNotPresentInReport(t *testing.T) {
+ clearFlags()
+ mock.HasScs = true
+ mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.SCSEngineCLIEnabled, Status: false}
+ execCmdNilAssertion(t, "results", "show", "--scan-id", "MOCK", "--report-format", "summaryHTML")
+ // Read the contents of the file
+ htmlBytes, err := os.ReadFile(fmt.Sprintf("%s.%s", fileName, "html"))
+ assert.NilError(t, err, "Error reading file")
+
+ htmlString := string(htmlBytes)
+ assert.Equal(t, strings.Contains(htmlString, "SCS"), false, "SCS should not be present in the html file")
+
+ // Remove generated md file
+ removeFileBySuffix(t, "html")
+ mock.SetScsMockVarsToDefault()
+}
diff --git a/internal/commands/root.go b/internal/commands/root.go
index d6fb1174a..a440f165c 100644
--- a/internal/commands/root.go
+++ b/internal/commands/root.go
@@ -211,7 +211,6 @@ func NewAstCLI(
chatCmd,
)
- rootCmd.SilenceErrors = true
rootCmd.SilenceUsage = true
return rootCmd
}
diff --git a/internal/commands/root_test.go b/internal/commands/root_test.go
index ad14bc490..9fee22ce1 100644
--- a/internal/commands/root_test.go
+++ b/internal/commands/root_test.go
@@ -140,6 +140,13 @@ func TestFilterTagStateAndSeverityValues(t *testing.T) {
assert.NilError(t, err)
}
+func TestCreateCommand_WithInvalidFlag_ShouldReturnExitCode1(t *testing.T) {
+ args := []string{"g"}
+ cmd := createASTTestCommand()
+ err := executeTestCommand(cmd, args...)
+ assert.Error(t, err, "unknown command \"g\" for \"cx\"")
+}
+
func executeTestCommand(cmd *cobra.Command, args ...string) error {
fmt.Println("Executing command with args ", args)
cmd.SetArgs(args)
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
index 0b1367fcd..f7c602d8d 100644
--- a/internal/commands/scan.go
+++ b/internal/commands/scan.go
@@ -19,10 +19,10 @@ import (
"strings"
"time"
+ "github.com/checkmarx/ast-cli/internal/commands/asca"
"github.com/checkmarx/ast-cli/internal/commands/scarealtime"
"github.com/checkmarx/ast-cli/internal/commands/util"
"github.com/checkmarx/ast-cli/internal/commands/util/printer"
- "github.com/checkmarx/ast-cli/internal/commands/vorpal"
"github.com/checkmarx/ast-cli/internal/constants"
errorConstants "github.com/checkmarx/ast-cli/internal/constants/errors"
exitCodes "github.com/checkmarx/ast-cli/internal/constants/exit-codes"
@@ -106,6 +106,8 @@ const (
ScsSecretDetectionType = "secret-detection"
ScsRepoRequiredMsg = "SCS scan failed to start: Scorecard scan is missing required flags, please include in the ast-cli arguments: " +
"--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
+ ScsRepoWarningMsg = "SCS scan warning: Unable to start Scorecard scan due to missing required flags, please include in the ast-cli arguments: " +
+ "--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
)
var (
@@ -187,7 +189,7 @@ func NewScanCommand(
showScanCmd := scanShowSubCommand(scansWrapper)
- scanVorpalCmd := scanVorpalSubCommand(jwtWrapper, featureFlagsWrapper)
+ scanASCACmd := scanASCASubCommand(jwtWrapper, featureFlagsWrapper)
workflowScanCmd := scanWorkflowSubCommand(scansWrapper)
@@ -212,7 +214,7 @@ func NewScanCommand(
)
scanCmd.AddCommand(
createScanCmd,
- scanVorpalCmd,
+ scanASCACmd,
showScanCmd,
workflowScanCmd,
listScansCmd,
@@ -400,15 +402,15 @@ func scanShowSubCommand(scansWrapper wrappers.ScansWrapper) *cobra.Command {
return showScanCmd
}
-func scanVorpalSubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command {
- scanVorpalCmd := &cobra.Command{
+func scanASCASubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command {
+ scanASCACmd := &cobra.Command{
Hidden: true,
- Use: "vorpal",
- Short: "Run a Vorpal scan",
- Long: "Running a Vorpal scan is a fast and efficient way to identify vulnerabilities in a specific file.",
+ Use: "asca",
+ Short: "Run a ASCA scan",
+ Long: "Running a ASCA scan is a fast and efficient way to identify vulnerabilities in a specific file.",
Example: heredoc.Doc(
`
- $ cx scan vorpal --file-source --vorpal-latest-version
+ $ cx scan asca --file-source --asca-latest-version
`,
),
Annotations: map[string]string{
@@ -418,19 +420,19 @@ func scanVorpalSubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wr
`,
),
},
- RunE: vorpal.RunScanVorpalCommand(jwtWrapper, featureFlagsWrapper),
+ RunE: asca.RunScanASCACommand(jwtWrapper, featureFlagsWrapper),
}
- scanVorpalCmd.PersistentFlags().Bool(commonParams.VorpalLatestVersion, false,
- "Use this flag to update to the latest version of the Vorpal scanner."+
+ scanASCACmd.PersistentFlags().Bool(commonParams.ASCALatestVersion, false,
+ "Use this flag to update to the latest version of the ASCA scanner."+
"Otherwise, we will check if there is an existing installation that can be used.")
- scanVorpalCmd.PersistentFlags().StringP(
+ scanASCACmd.PersistentFlags().StringP(
commonParams.SourcesFlag,
commonParams.SourcesFlagSh,
"",
"The file source should be the path to a single file",
)
- return scanVorpalCmd
+ return scanASCACmd
}
func scanListSubCommand(scansWrapper wrappers.ScansWrapper, sastMetadataWrapper wrappers.SastMetadataWrapper) *cobra.Command {
@@ -652,6 +654,7 @@ func scanCreateSubCommand(
createScanCmd.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "Provide a token with read permission for the repo that you are scanning (for scorecard scans)")
createScanCmd.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "The URL of the repo that you are scanning with scs (for scorecard scans)")
createScanCmd.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "Specify which scs engines will run (default: all licensed engines)")
+ createScanCmd.PersistentFlags().Bool(commonParams.ScaHideDevAndTestDepFlag, false, scaHideDevAndTestDepFlagDescription)
return createScanCmd
}
@@ -780,7 +783,7 @@ func setupScanTypeProjectAndConfig(
configArr = append(configArr, containersConfig)
}
- var SCSConfig, scsErr = addSCSScan(cmd, resubmitConfig)
+ var SCSConfig, scsErr = addSCSScan(cmd, resubmitConfig, userAllowedEngines[commonParams.EnterpriseSecretsType])
if scsErr != nil {
return scsErr
} else if SCSConfig != nil {
@@ -974,11 +977,11 @@ func addAPISecScan(cmd *cobra.Command) map[string]interface{} {
}
return nil
}
-func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRepoURL string) wrappers.SCSConfig {
+func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRepoURL string, hasEnterpriseSecretsLicense bool) wrappers.SCSConfig {
scsConfig := wrappers.SCSConfig{}
for _, config := range resubmitConfig {
resubmitTwoms := config.Value[configTwoms]
- if resubmitTwoms != nil {
+ if resubmitTwoms != nil && hasEnterpriseSecretsLicense {
scsConfig.Twoms = resubmitTwoms.(string)
}
scsConfig.RepoURL = scsRepoURL
@@ -992,47 +995,62 @@ func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRep
}
return scsConfig
}
-func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[string]interface{}, error) {
+func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, hasEnterpriseSecretsLicense bool) (map[string]interface{}, error) {
if scanTypeEnabled(commonParams.ScsType) || scanTypeEnabled(commonParams.MicroEnginesType) {
scsConfig := wrappers.SCSConfig{}
SCSMapConfig := make(map[string]interface{})
SCSMapConfig[resultsMapType] = commonParams.MicroEnginesType // scs is still microengines in the scans API
userScanTypes, _ := cmd.Flags().GetString(commonParams.ScanTypes)
scsRepoToken, _ := cmd.Flags().GetString(commonParams.SCSRepoTokenFlag)
+ viper.Set(commonParams.SCSRepoTokenFlag, scsRepoToken) // sanitizeLogs uses viper to get the value
scsRepoURL, _ := cmd.Flags().GetString(commonParams.SCSRepoURLFlag)
+ viper.Set(commonParams.SCSRepoURLFlag, scsRepoURL) // sanitizeLogs uses viper to get the value
SCSEngines, _ := cmd.Flags().GetString(commonParams.SCSEnginesFlag)
if resubmitConfig != nil {
- scsConfig = createResubmitConfig(resubmitConfig, scsRepoToken, scsRepoURL)
+ scsConfig = createResubmitConfig(resubmitConfig, scsRepoToken, scsRepoURL, hasEnterpriseSecretsLicense)
SCSMapConfig[resultsMapValue] = &scsConfig
return SCSMapConfig, nil
}
+
+ scsSecretDetectionSelected := false
+ scsScoreCardSelected := false
+
if SCSEngines != "" {
SCSEnginesTypes := strings.Split(SCSEngines, ",")
for _, engineType := range SCSEnginesTypes {
engineType = strings.TrimSpace(engineType)
switch engineType {
case ScsSecretDetectionType:
- scsConfig.Twoms = trueString
+ scsSecretDetectionSelected = true
case ScsScoreCardType:
- scsConfig.Scorecard = trueString
+ scsScoreCardSelected = true
}
}
} else {
- scsConfig.Scorecard = trueString
+ scsSecretDetectionSelected = true
+ scsScoreCardSelected = true
+ }
+
+ if scsSecretDetectionSelected && hasEnterpriseSecretsLicense {
scsConfig.Twoms = trueString
}
- if scsConfig.Scorecard == trueString {
+ if scsScoreCardSelected {
if scsRepoToken != "" && scsRepoURL != "" {
+ scsConfig.Scorecard = trueString
scsConfig.RepoToken = scsRepoToken
scsConfig.RepoURL = strings.ToLower(scsRepoURL)
} else {
if userScanTypes == "" {
- fmt.Println(ScsRepoRequiredMsg)
- return nil, nil
+ fmt.Println(ScsRepoWarningMsg)
+ } else {
+ return nil, errors.Errorf(ScsRepoRequiredMsg)
}
- return nil, errors.Errorf(ScsRepoRequiredMsg)
}
}
+ if scsConfig.Scorecard != trueString && scsConfig.Twoms != trueString {
+ return nil, nil
+ }
+
SCSMapConfig[resultsMapValue] = &scsConfig
return SCSMapConfig, nil
}
@@ -1041,6 +1059,8 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[strin
func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) error {
var scanTypes []string
+ var SCSScanTypes []string
+
containerEngineCLIEnabled, _ := featureFlagsWrapper.GetSpecificFlag(wrappers.ContainerEngineCLIEnabled)
allowedEngines, err := jwtWrapper.GetAllowedEngines(featureFlagsWrapper)
if err != nil {
@@ -1049,10 +1069,20 @@ func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featu
}
userScanTypes, _ := cmd.Flags().GetString(commonParams.ScanTypes)
+ userSCSScanTypes, _ := cmd.Flags().GetString(commonParams.SCSEnginesFlag)
if len(userScanTypes) > 0 {
userScanTypes = strings.ReplaceAll(strings.ToLower(userScanTypes), " ", "")
userScanTypes = strings.Replace(strings.ToLower(userScanTypes), commonParams.KicsType, commonParams.IacType, 1)
userScanTypes = strings.Replace(strings.ToLower(userScanTypes), commonParams.ContainersTypeFlag, commonParams.ContainersType, 1)
+ userSCSScanTypes = strings.Replace(strings.ToLower(userSCSScanTypes), commonParams.SCSEnginesFlag, commonParams.ScsType, 1)
+
+ SCSScanTypes = strings.Split(userSCSScanTypes, ",")
+ if slices.Contains(SCSScanTypes, ScsSecretDetectionType) && !allowedEngines[commonParams.EnterpriseSecretsType] {
+ keys := reflect.ValueOf(allowedEngines).MapKeys()
+ err = errors.Errorf(engineNotAllowed, ScsSecretDetectionType, ScsSecretDetectionType, keys)
+ return err
+ }
+
scanTypes = strings.Split(userScanTypes, ",")
for _, scanType := range scanTypes {
if !allowedEngines[scanType] || (scanType == commonParams.ContainersType && !(containerEngineCLIEnabled.Status)) {
@@ -1885,11 +1915,17 @@ func createReportsAfterScan(
formatPdfOptions, _ := cmd.Flags().GetString(commonParams.ReportFormatPdfOptionsFlag)
formatSbomOptions, _ := cmd.Flags().GetString(commonParams.ReportSbomFormatFlag)
agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
+ scaHideDevAndTestDep, _ := cmd.Flags().GetBool(commonParams.ScaHideDevAndTestDepFlag)
- params, err := getFilters(cmd)
+ resultsParams, err := getFilters(cmd)
if err != nil {
return err
}
+
+ if scaHideDevAndTestDep {
+ resultsParams[ScaExcludeResultTypesParam] = ScaDevAndTestExclusionParam
+ }
+
if !strings.Contains(reportFormats, printer.FormatSummaryConsole) {
reportFormats += "," + printer.FormatSummaryConsole
}
@@ -1915,7 +1951,7 @@ func createReportsAfterScan(
targetFile,
targetPath,
agent,
- params,
+ resultsParams,
featureFlagsWrapper,
)
}
@@ -1933,12 +1969,13 @@ func applyThreshold(
}
sastRedundancy, _ := cmd.Flags().GetBool(commonParams.SastRedundancyFlag)
+ agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
params := make(map[string]string)
if sastRedundancy {
params[commonParams.SastRedundancyFlag] = ""
}
- summaryMap, err := getSummaryThresholdMap(resultsWrapper, exportWrapper, scanResponseModel, params, risksOverviewWrapper)
+ summaryMap, err := getSummaryThresholdMap(resultsWrapper, exportWrapper, scanResponseModel, params, risksOverviewWrapper, agent)
if err != nil {
return err
@@ -2026,11 +2063,12 @@ func getSummaryThresholdMap(
resultsWrapper wrappers.ResultsWrapper,
exportWrapper wrappers.ExportWrapper,
scan *wrappers.ScanResponseModel,
- params map[string]string,
+ resultsParams map[string]string,
risksOverviewWrapper wrappers.RisksOverviewWrapper,
+ agent string,
) (map[string]int, error) {
summaryMap := make(map[string]int)
- results, err := ReadResults(resultsWrapper, exportWrapper, scan, params)
+ results, err := ReadResults(resultsWrapper, exportWrapper, scan, resultsParams, agent)
if err != nil {
return nil, err
@@ -2488,7 +2526,7 @@ func createKicsScanEnv(cmd *cobra.Command) (volumeMap, kicsDir string, err error
func contains(s []string, str string) bool {
for _, v := range s {
- if strings.Contains(str, v) {
+ if v != "" && strings.Contains(str, v) {
return true
}
}
diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
index 2f9ae39d4..536447c36 100644
--- a/internal/commands/scan_test.go
+++ b/internal/commands/scan_test.go
@@ -689,7 +689,7 @@ func TestAddSCSScan_ResubmitWithOutScorecardFlags_ShouldPass(t *testing.T) {
},
}
- result, _ := addSCSScan(cmdCommand, resubmitConfig)
+ result, _ := addSCSScan(cmdCommand, resubmitConfig, true)
expectedConfig := wrappers.SCSConfig{
Twoms: trueString,
@@ -730,7 +730,7 @@ func TestAddSCSScan_ResubmitWithScorecardFlags_ShouldPass(t *testing.T) {
},
}
- result, _ := addSCSScan(cmdCommand, resubmitConfig)
+ result, _ := addSCSScan(cmdCommand, resubmitConfig, true)
expectedConfig := wrappers.SCSConfig{
Twoms: "true",
@@ -906,7 +906,7 @@ func TestCreateScan_WithSCSSecretDetectionAndScorecard_scsMapHasBoth(t *testing.
_ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
_ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyRepo)
- result, _ := addSCSScan(cmdCommand, resubmitConfig)
+ result, _ := addSCSScan(cmdCommand, resubmitConfig, true)
scsConfig := wrappers.SCSConfig{
Twoms: "true",
@@ -923,6 +923,38 @@ func TestCreateScan_WithSCSSecretDetectionAndScorecard_scsMapHasBoth(t *testing.
}
}
+func TestCreateScan_WithoutSCSSecretDetection_scsMapNoSecretDetection(t *testing.T) {
+ var resubmitConfig []wrappers.Config
+ cmdCommand := &cobra.Command{
+ Use: "scan",
+ Short: "Scan a project",
+ Long: `Scan a project`,
+ }
+ cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag")
+ cmdCommand.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "GitHub token to be used with SCS engines")
+ cmdCommand.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "GitHub url to be used with SCS engines")
+ _ = cmdCommand.Execute()
+ _ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection,scorecard")
+ _ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
+ _ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyRepo)
+
+ result, _ := addSCSScan(cmdCommand, resubmitConfig, false)
+
+ scsConfig := wrappers.SCSConfig{
+ Twoms: "",
+ Scorecard: "true",
+ RepoURL: dummyRepo,
+ RepoToken: dummyToken,
+ }
+ scsMapConfig := make(map[string]interface{})
+ scsMapConfig[resultsMapType] = commonParams.MicroEnginesType
+ scsMapConfig[resultsMapValue] = &scsConfig
+
+ if !reflect.DeepEqual(result, scsMapConfig) {
+ t.Errorf("Expected %+v, but got %+v", scsMapConfig, result)
+ }
+}
+
func TestCreateScan_WithSCSSecretDetection_scsMapHasSecretDetection(t *testing.T) {
var resubmitConfig []wrappers.Config
cmdCommand := &cobra.Command{
@@ -934,7 +966,7 @@ func TestCreateScan_WithSCSSecretDetection_scsMapHasSecretDetection(t *testing.T
_ = cmdCommand.Execute()
_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection")
- result, _ := addSCSScan(cmdCommand, resubmitConfig)
+ result, _ := addSCSScan(cmdCommand, resubmitConfig, true)
scsConfig := wrappers.SCSConfig{
Twoms: "true",
@@ -995,6 +1027,15 @@ func Test_isDirFiltered(t *testing.T) {
want: true,
wantErr: false,
},
+ {
+ name: "WhenNodeModulesExcluded_ReturnIsFilteredTrue",
+ args: args{
+ filename: "node_modules",
+ filters: commonParams.BaseExcludeFilters,
+ },
+ want: true,
+ wantErr: false,
+ },
}
for _, tt := range tests {
ttt := tt
diff --git a/internal/commands/util/pr.go b/internal/commands/util/pr.go
index 859ece365..6c243e0d1 100644
--- a/internal/commands/util/pr.go
+++ b/internal/commands/util/pr.go
@@ -283,6 +283,9 @@ func policiesToPrPolicies(policy *wrappers.PolicyResponseModel) []wrappers.PrPol
var prPolicies []wrappers.PrPolicy
if policy != nil {
for _, policy := range policy.Policies {
+ if len(policy.RulesViolated) == 0 {
+ continue
+ }
prPolicy := wrappers.PrPolicy{}
prPolicy.Name = policy.Name
prPolicy.BreakBuild = policy.BreakBuild
diff --git a/internal/commands/util/pr_test.go b/internal/commands/util/pr_test.go
index 84ed0ec46..f2a86ae29 100644
--- a/internal/commands/util/pr_test.go
+++ b/internal/commands/util/pr_test.go
@@ -37,3 +37,10 @@ func TestIfScanRunning_WhenScanDone_ShouldReturnFalse(t *testing.T) {
scanRunning, _ := isScanRunningOrQueued(scansMockWrapper, "ScanNotRunning")
asserts.False(t, scanRunning)
}
+
+func TestPRDecorationGithub_WhenNoViolatedPolicies_ShouldNotReturnPolicy(t *testing.T) {
+ prMockWrapper := &mock.PolicyMockWrapper{}
+ policyResponse, _, _ := prMockWrapper.EvaluatePolicy(nil)
+ prPolicy := policiesToPrPolicies(policyResponse)
+ asserts.True(t, len(prPolicy) == 0)
+}
diff --git a/internal/commands/vorpal/vorpal_test.go b/internal/commands/vorpal/vorpal_test.go
deleted file mode 100644
index dde020015..000000000
--- a/internal/commands/vorpal/vorpal_test.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package vorpal
-
-import (
- "os"
- "testing"
-
- "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig"
- "github.com/checkmarx/ast-cli/internal/services/osinstaller"
- "gotest.tools/assert"
-)
-
-func TestInstallOrUpgrade_firstInstallation_Success(t *testing.T) {
- err := firstInstallation()
- assert.NilError(t, err, "Error on first installation of vorpal")
- fileExists, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath())
- assert.Assert(t, fileExists, "Executable file not found")
- fileExists, _ = osinstaller.FileExists(vorpalconfig.Params.HashFilePath())
- assert.Assert(t, fileExists, "Hash file not found")
-}
-
-func firstInstallation() error {
- os.RemoveAll(vorpalconfig.Params.WorkingDir())
- _, err := osinstaller.InstallOrUpgrade(&vorpalconfig.Params)
- return err
-}
-
-func TestInstallOrUpgrade_installationIsUpToDate_Success(t *testing.T) {
- err := firstInstallation()
- assert.NilError(t, err, "Error on first installation of vorpal")
- _, err = osinstaller.InstallOrUpgrade(&vorpalconfig.Params)
- assert.NilError(t, err, "Error when not need to upgrade")
-}
-
-func TestInstallOrUpgrade_installationIsNotUpToDate_Success(t *testing.T) {
- err := firstInstallation()
- assert.NilError(t, err, "Error on first installation of vorpal")
- changeHashFile()
- _, err = osinstaller.InstallOrUpgrade(&vorpalconfig.Params)
- assert.NilError(t, err, "Error when need to upgrade")
- fileExists, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath())
- assert.Assert(t, fileExists, "Executable file not found")
- fileExists, _ = osinstaller.FileExists(vorpalconfig.Params.HashFilePath())
- assert.Assert(t, fileExists, "Hash file not found")
-}
-
-func changeHashFile() {
- content, _ := os.ReadFile(vorpalconfig.Params.HashFilePath())
- content[0]++
- _ = os.WriteFile(vorpalconfig.Params.HashFilePath(), content, os.ModePerm)
-}
diff --git a/internal/constants/errors/errors.go b/internal/constants/errors/errors.go
index 33155c958..55c255d53 100644
--- a/internal/constants/errors/errors.go
+++ b/internal/constants/errors/errors.go
@@ -19,10 +19,10 @@ const (
SarifInvalidFileExtension = "Invalid file extension. Supported extensions are .sarif and .zip containing sarif files."
ImportSarifFileError = "There was a problem importing the SARIF file. Please contact support for further details."
ImportSarifFileErrorMessageWithMessage = "There was a problem importing the SARIF file. Please contact support for further details with the following error code: %d %s"
- NoVorpalLicense = "User doesn't have \"AI Protection\" license"
+ NoASCALicense = "User doesn't have \"AI Protection\" license"
FailedUploadFileMsgWithDomain = "Unable to upload the file to the pre-signed URL. Try adding the domain: %s to your allow list."
FailedUploadFileMsgWithURL = "Unable to upload the file to the pre-signed URL. Try adding the URL: %s to your allow list."
- // Vorpal Engine
+ // asca Engine
FileExtensionIsRequired = "file must have an extension"
)
diff --git a/internal/logger/utils.go b/internal/logger/utils.go
index 1e35f5112..6837c0cbc 100644
--- a/internal/logger/utils.go
+++ b/internal/logger/utils.go
@@ -21,6 +21,8 @@ var sanitizeFlags = []string{
params.AstToken, params.SSHValue,
params.SCMTokenFlag, params.ProxyKey,
params.UploadURLEnv,
+ params.SCSRepoTokenFlag,
+ params.SCSRepoURLFlag,
}
func Print(msg string) {
diff --git a/internal/params/binds.go b/internal/params/binds.go
index 5f4b3131b..4a5b10e0b 100644
--- a/internal/params/binds.go
+++ b/internal/params/binds.go
@@ -62,5 +62,5 @@ var EnvVarsBinds = []struct {
{PolicyEvaluationPathKey, PolicyEvaluationPathEnv, "api/policy_management_service_uri/evaluation"},
{AccessManagementPathKey, AccessManagementPathEnv, "api/access-management"},
{ByorPathKey, ByorPathEnv, "api/byor"},
- {VorpalPortKey, VorpalPortEnv, ""},
+ {ASCAPortKey, ASCAPortEnv, ""},
}
diff --git a/internal/params/envs.go b/internal/params/envs.go
index a776100f2..9ea114d98 100644
--- a/internal/params/envs.go
+++ b/internal/params/envs.go
@@ -61,5 +61,5 @@ const (
AccessManagementPathEnv = "CX_ACCESS_MANAGEMENT_PATH"
ByorPathEnv = "CX_BYOR_PATH"
IgnoreProxyEnv = "CX_IGNORE_PROXY"
- VorpalPortEnv = "CX_VORPAL_PORT"
+ ASCAPortEnv = "CX_ASCA_PORT"
)
diff --git a/internal/params/filters.go b/internal/params/filters.go
index 4e1e5d0cc..bd665d196 100644
--- a/internal/params/filters.go
+++ b/internal/params/filters.go
@@ -141,6 +141,7 @@ var BaseExcludeFilters = []string{
"!.vs",
"!.vscode",
"!.idea",
+ "!node_modules",
}
var KicsBaseFilters = []string{
diff --git a/internal/params/flags.go b/internal/params/flags.go
index 466bf07c1..6bd011ec8 100644
--- a/internal/params/flags.go
+++ b/internal/params/flags.go
@@ -47,7 +47,7 @@ const (
FormatFlag = "format"
FormatFlagUsageFormat = "Format for the output. One of %s"
FilterFlag = "filter"
- VorpalLatestVersion = "vorpal-latest-version"
+ ASCALatestVersion = "asca-latest-version"
BaseURIFlag = "base-uri"
ProxyFlag = "proxy"
ProxyFlagUsage = "Proxy server to send communication through"
@@ -106,43 +106,47 @@ const (
Threshold = "threshold"
ThresholdFlagUsage = "Local build threshold. Format -=. " +
"Example: scan --threshold \"sast-high=10;sca-high=5;iac-security-low=10\""
- KeyValuePairSize = 2
- WaitDelayDefault = 5
- SimilarityIDFlag = "similarity-id"
- SeverityFlag = "severity"
- StateFlag = "state"
- CommentFlag = "comment"
- LanguageFlag = "language"
- VulnerabilityTypeFlag = "vulnerability-type"
- CweIDFlag = "cwe-id"
- SCMTokenFlag = "token"
- AzureTokenUsage = "Azure DevOps personal access token. Requires “Connected server” and “Code“ scope."
- GithubTokenUsage = "GitHub OAuth token. Requires “Repo” scope and organization SSO authorization, if enforced by the organization"
- GitLabTokenUsage = "GitLab OAuth token"
- BotCount = "Note: dependabot is not counted but other bots might be considered as contributors."
- DisabledReposCount = "Note: Disabled repositories are not counted."
- URLFlag = "url"
- GitLabURLFlag = "url-gitlab"
- URLFlagUsage = "API base URL"
- QueryIDFlag = "query-id"
- SSHKeyFlag = "ssh-key"
- RepoURLFlag = "repo-url"
- AstToken = "ast-token"
- SSHValue = "ssh-value"
- KicsContainerNameKey = "kics-container-name"
- KicsPlatformsFlag = "kics-platforms"
- KicsPlatformsFlagUsage = "KICS Platform Flag. Use ',' as the delimiter for arrays."
- IacsPlatformsFlag = "iac-security-platforms"
- IacsPlatformsFlagUsage = "IaC Security Platform Flag"
- ApikeyOverrideFlag = "apikey-override"
- ExploitablePathFlag = "sca-exploitable-path"
- LastSastScanTime = "sca-last-sast-scan-time"
- ProjecPrivatePackageFlag = "project-private-package"
- SastRedundancyFlag = "sast-redundancy"
- ContainerImagesFlag = "container-images"
- ContainersTypeFlag = "container-security"
-
+ KeyValuePairSize = 2
+ WaitDelayDefault = 5
+ SimilarityIDFlag = "similarity-id"
+ SeverityFlag = "severity"
+ StateFlag = "state"
+ CommentFlag = "comment"
+ LanguageFlag = "language"
+ VulnerabilityTypeFlag = "vulnerability-type"
+ CweIDFlag = "cwe-id"
+ SCMTokenFlag = "token"
+ AzureTokenUsage = "Azure DevOps personal access token. Requires “Connected server” and “Code“ scope."
+ GithubTokenUsage = "GitHub OAuth token. Requires “Repo” scope and organization SSO authorization, if enforced by the organization"
+ GitLabTokenUsage = "GitLab OAuth token"
+ BotCount = "Note: dependabot is not counted but other bots might be considered as contributors."
+ DisabledReposCount = "Note: Disabled repositories are not counted."
+ URLFlag = "url"
+ GitLabURLFlag = "url-gitlab"
+ URLFlagUsage = "API base URL"
+ QueryIDFlag = "query-id"
+ SSHKeyFlag = "ssh-key"
+ RepoURLFlag = "repo-url"
+ AstToken = "ast-token"
+ SSHValue = "ssh-value"
+ KicsContainerNameKey = "kics-container-name"
+ KicsPlatformsFlag = "kics-platforms"
+ KicsPlatformsFlagUsage = "KICS Platform Flag. Use ',' as the delimiter for arrays."
+ IacsPlatformsFlag = "iac-security-platforms"
+ IacsPlatformsFlagUsage = "IaC Security Platform Flag"
+ ApikeyOverrideFlag = "apikey-override"
+ ExploitablePathFlag = "sca-exploitable-path"
+ LastSastScanTime = "sca-last-sast-scan-time"
+ ProjecPrivatePackageFlag = "project-private-package"
+ SastRedundancyFlag = "sast-redundancy"
+ ContainerImagesFlag = "container-images"
+ ContainersTypeFlag = "container-security"
+ VSCodeAgent = "VS Code"
+ EclipseAgent = "Eclipse"
+ VisualStudioAgent = "Visual Studio"
+ JetbrainsAgent = "Jetbrains"
ScaPrivatePackageVersionFlag = "sca-private-package-version"
+ ScaHideDevAndTestDepFlag = "sca-hide-dev-test-dependencies"
// INDIVIDUAL FILTER FLAGS
SastFilterFlag = "sast-filter"
@@ -230,20 +234,27 @@ const (
// Results
const (
- SastType = "sast"
- KicsType = "kics"
- APISecurityType = "api-security"
- AIProtectionType = "AI Protection"
- ContainersType = "containers"
- APIDocumentationFlag = "apisec-swagger-filter"
- IacType = "iac-security"
- IacLabel = "IaC Security"
- APISecurityLabel = "API Security"
- ScaType = "sca"
- APISecType = "apisec"
- ScsType = "scs"
- MicroEnginesType = "microengines" // the scs scan type for scans API
- Success = "success"
+ SastType = "sast"
+ KicsType = "kics"
+ APISecurityType = "api-security"
+ AIProtectionType = "AI Protection"
+ ContainersType = "containers"
+ APIDocumentationFlag = "apisec-swagger-filter"
+ IacType = "iac-security"
+ IacLabel = "IaC Security"
+ APISecurityLabel = "API Security"
+ ScaType = "sca"
+ APISecType = "apisec"
+ ScsType = "scs"
+ SscsType = "sscs"
+ MicroEnginesType = "microengines" // the scs scan type for scans API
+ Success = "success"
+ SCSScorecardType = "sscs-scorecard"
+ SCSSecretDetectionType = "sscs-secret-detection"
+ EnterpriseSecretsLabel = "Enterprise Secrets"
+ EnterpriseSecretsType = "enterprise-secrets"
+ SCSScorecardOverviewType = "Scorecard"
+ SCSSecretDetectionOverviewType = "2ms"
)
// ScaAgent AST Role
diff --git a/internal/params/keys.go b/internal/params/keys.go
index 8dcb84e95..1da512e43 100644
--- a/internal/params/keys.go
+++ b/internal/params/keys.go
@@ -61,5 +61,5 @@ var (
PolicyEvaluationPathKey = strings.ToLower(PolicyEvaluationPathEnv)
AccessManagementPathKey = strings.ToLower(AccessManagementPathEnv)
ByorPathKey = strings.ToLower(ByorPathEnv)
- VorpalPortKey = strings.ToLower(VorpalPortEnv)
+ ASCAPortKey = strings.ToLower(ASCAPortEnv)
)
diff --git a/internal/services/vorpal.go b/internal/services/asca.go
similarity index 54%
rename from internal/services/vorpal.go
rename to internal/services/asca.go
index cc84e9b65..6752d35e5 100644
--- a/internal/services/vorpal.go
+++ b/internal/services/asca.go
@@ -8,7 +8,7 @@ import (
"path/filepath"
"time"
- "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig"
+ "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig"
errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
"github.com/checkmarx/ast-cli/internal/logger"
"github.com/checkmarx/ast-cli/internal/params"
@@ -20,39 +20,39 @@ import (
)
const (
- FilePathNotProvided = "File path not provided, Vorpal engine is running successfully."
+ FilePathNotProvided = "File path not provided, asca engine is running successfully."
FileNotFound = "File %s not found"
)
-type VorpalScanParams struct {
- FilePath string
- VorpalUpdateVersion bool
- IsDefaultAgent bool
+type AscaScanParams struct {
+ FilePath string
+ ASCAUpdateVersion bool
+ IsDefaultAgent bool
}
-type VorpalWrappersParam struct {
+type AscaWrappersParam struct {
JwtWrapper wrappers.JWTWrapper
FeatureFlagsWrapper wrappers.FeatureFlagsWrapper
- VorpalWrapper grpcs.VorpalWrapper
+ ASCAWrapper grpcs.AscaWrapper
}
-func CreateVorpalScanRequest(vorpalParams VorpalScanParams, wrapperParams VorpalWrappersParam) (*grpcs.ScanResult, error) {
- err := manageVorpalInstallation(vorpalParams, wrapperParams)
+func CreateASCAScanRequest(ascaParams AscaScanParams, wrapperParams AscaWrappersParam) (*grpcs.ScanResult, error) {
+ err := manageASCAInstallation(ascaParams, wrapperParams)
if err != nil {
return nil, err
}
- err = ensureVorpalServiceRunning(wrapperParams, vorpalParams)
+ err = ensureASCAServiceRunning(wrapperParams, ascaParams)
if err != nil {
return nil, err
}
- emptyResults := validateFilePath(vorpalParams.FilePath)
+ emptyResults := validateFilePath(ascaParams.FilePath)
if emptyResults != nil {
return emptyResults, nil
}
- return executeScan(wrapperParams.VorpalWrapper, vorpalParams.FilePath)
+ return executeScan(wrapperParams.ASCAWrapper, ascaParams.FilePath)
}
func validateFilePath(filePath string) *grpcs.ScanResult {
@@ -76,41 +76,41 @@ func validateFilePath(filePath string) *grpcs.ScanResult {
return nil
}
-func executeScan(vorpalWrapper grpcs.VorpalWrapper, filePath string) (*grpcs.ScanResult, error) {
+func executeScan(ascaWrapper grpcs.AscaWrapper, filePath string) (*grpcs.ScanResult, error) {
sourceCode, err := readSourceCode(filePath)
if err != nil {
return nil, err
}
_, fileName := filepath.Split(filePath)
- return vorpalWrapper.Scan(fileName, sourceCode)
+ return ascaWrapper.Scan(fileName, sourceCode)
}
-func manageVorpalInstallation(vorpalParams VorpalScanParams, vorpalWrappers VorpalWrappersParam) error {
- vorpalInstalled, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath())
+func manageASCAInstallation(ascaParams AscaScanParams, ascaWrappers AscaWrappersParam) error {
+ ASCAInstalled, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath())
- if !vorpalInstalled || vorpalParams.VorpalUpdateVersion {
- if err := checkLicense(vorpalParams.IsDefaultAgent, vorpalWrappers); err != nil {
- _ = vorpalWrappers.VorpalWrapper.ShutDown()
+ if !ASCAInstalled || ascaParams.ASCAUpdateVersion {
+ if err := checkLicense(ascaParams.IsDefaultAgent, ascaWrappers); err != nil {
+ _ = ascaWrappers.ASCAWrapper.ShutDown()
return err
}
- newInstallation, err := osinstaller.InstallOrUpgrade(&vorpalconfig.Params)
+ newInstallation, err := osinstaller.InstallOrUpgrade(&ascaconfig.Params)
if err != nil {
return err
}
if newInstallation {
- _ = vorpalWrappers.VorpalWrapper.ShutDown()
+ _ = ascaWrappers.ASCAWrapper.ShutDown()
}
}
return nil
}
-func findVorpalPort() (int, error) {
+func findASCAPort() (int, error) {
port, err := getAvailablePort()
if err != nil {
return 0, err
}
- setConfigPropertyQuiet(params.VorpalPortKey, port)
+ setConfigPropertyQuiet(params.ASCAPortKey, port)
return port, nil
}
@@ -122,15 +122,15 @@ func getAvailablePort() (int, error) {
return port.Port, nil
}
-func configureVorpalWrapper(existingVorpalWrapper grpcs.VorpalWrapper) (grpcs.VorpalWrapper, error) {
- if err := existingVorpalWrapper.HealthCheck(); err != nil {
- port, portErr := findVorpalPort()
+func configureASCAWrapper(existingASCAWrapper grpcs.AscaWrapper) (grpcs.AscaWrapper, error) {
+ if err := existingASCAWrapper.HealthCheck(); err != nil {
+ port, portErr := findASCAPort()
if portErr != nil {
return nil, portErr
}
- existingVorpalWrapper.ConfigurePort(port)
+ existingASCAWrapper.ConfigurePort(port)
}
- return existingVorpalWrapper, nil
+ return existingASCAWrapper, nil
}
func setConfigPropertyQuiet(propName string, propValue int) {
@@ -140,35 +140,35 @@ func setConfigPropertyQuiet(propName string, propValue int) {
}
}
-func ensureVorpalServiceRunning(wrappersParam VorpalWrappersParam, vorpalParams VorpalScanParams) error {
- if err := wrappersParam.VorpalWrapper.HealthCheck(); err != nil {
- err = checkLicense(vorpalParams.IsDefaultAgent, wrappersParam)
+func ensureASCAServiceRunning(wrappersParam AscaWrappersParam, ascaParams AscaScanParams) error {
+ if err := wrappersParam.ASCAWrapper.HealthCheck(); err != nil {
+ err = checkLicense(ascaParams.IsDefaultAgent, wrappersParam)
if err != nil {
return err
}
- wrappersParam.VorpalWrapper, err = configureVorpalWrapper(wrappersParam.VorpalWrapper)
+ wrappersParam.ASCAWrapper, err = configureASCAWrapper(wrappersParam.ASCAWrapper)
if err != nil {
return err
}
- if err := RunVorpalEngine(wrappersParam.VorpalWrapper.GetPort()); err != nil {
+ if err := RunASCAEngine(wrappersParam.ASCAWrapper.GetPort()); err != nil {
return err
}
- if err := wrappersParam.VorpalWrapper.HealthCheck(); err != nil {
+ if err := wrappersParam.ASCAWrapper.HealthCheck(); err != nil {
return err
}
}
return nil
}
-func checkLicense(isDefaultAgent bool, wrapperParams VorpalWrappersParam) error {
+func checkLicense(isDefaultAgent bool, wrapperParams AscaWrappersParam) error {
if !isDefaultAgent {
allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType, wrapperParams.FeatureFlagsWrapper)
if err != nil {
return err
}
if !allowed {
- return fmt.Errorf("%v", errorconstants.NoVorpalLicense)
+ return fmt.Errorf("%v", errorconstants.NoASCALicense)
}
}
return nil
@@ -183,16 +183,16 @@ func readSourceCode(filePath string) (string, error) {
return string(data), nil
}
-func RunVorpalEngine(port int) error {
+func RunASCAEngine(port int) error {
dialTimeout := 5 * time.Second
args := []string{
"-listen",
fmt.Sprintf("%d", port),
}
- logger.PrintIfVerbose(fmt.Sprintf("Running vorpal engine with args: %v \n", args))
+ logger.PrintIfVerbose(fmt.Sprintf("Running ASCA engine with args: %v \n", args))
- cmd := exec.Command(vorpalconfig.Params.ExecutableFilePath(), args...)
+ cmd := exec.Command(ascaconfig.Params.ExecutableFilePath(), args...)
osinstaller.ConfigureIndependentProcess(cmd)
@@ -206,7 +206,7 @@ func RunVorpalEngine(port int) error {
return fmt.Errorf("server did not become ready in time")
}
- logger.PrintIfVerbose("Vorpal engine started successfully!")
+ logger.PrintIfVerbose("ASCA engine started successfully!")
return nil
}
diff --git a/internal/services/asca_test.go b/internal/services/asca_test.go
new file mode 100644
index 000000000..8ef5d6bf5
--- /dev/null
+++ b/internal/services/asca_test.go
@@ -0,0 +1,132 @@
+package services
+
+import (
+ "fmt"
+ "testing"
+
+ errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
+ "github.com/checkmarx/ast-cli/internal/wrappers/grpcs"
+ "github.com/checkmarx/ast-cli/internal/wrappers/mock"
+ "github.com/stretchr/testify/assert"
+)
+
+func TestCreateASCAScanRequest_DefaultAgent_Success(t *testing.T) {
+ ASCAParams := AscaScanParams{
+ FilePath: "data/python-vul-file.py",
+ ASCAUpdateVersion: false,
+ IsDefaultAgent: true,
+ }
+ wrapperParams := AscaWrappersParam{
+ JwtWrapper: &mock.JWTMockWrapper{},
+ FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+ ASCAWrapper: mock.NewASCAMockWrapper(1234),
+ }
+ sr, err := CreateASCAScanRequest(ASCAParams, wrapperParams)
+ if err != nil {
+ t.Fatalf("Failed to create asca scan request: %v", err)
+ }
+ if sr == nil {
+ t.Fatalf("Failed to create asca scan request: %v", err)
+ }
+ fmt.Println(sr)
+}
+
+func TestCreateASCAScanRequest_DefaultAgentAndLatestVersionFlag_Success(t *testing.T) {
+ ASCAParams := AscaScanParams{
+ FilePath: "data/python-vul-file.py",
+ ASCAUpdateVersion: true,
+ IsDefaultAgent: true,
+ }
+ wrapperParams := AscaWrappersParam{
+ JwtWrapper: &mock.JWTMockWrapper{},
+ FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+ ASCAWrapper: mock.NewASCAMockWrapper(1234),
+ }
+ sr, err := CreateASCAScanRequest(ASCAParams, wrapperParams)
+ if err != nil {
+ t.Fatalf("Failed to create asca scan request: %v", err)
+ }
+ if sr == nil {
+ t.Fatalf("Failed to create asca scan request: %v", err)
+ }
+ fmt.Println(sr)
+}
+
+func TestCreateASCAScanRequest_SpecialAgentAndNoLicense_Fail(t *testing.T) {
+ specialErrorPort := 1
+ ASCAParams := AscaScanParams{
+ FilePath: "data/python-vul-file.py",
+ ASCAUpdateVersion: true,
+ IsDefaultAgent: false,
+ }
+ wrapperParams := AscaWrappersParam{
+ JwtWrapper: &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled},
+ FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+ ASCAWrapper: &mock.ASCAMockWrapper{Port: specialErrorPort},
+ }
+ _, err := CreateASCAScanRequest(ASCAParams, wrapperParams)
+ assert.ErrorContains(t, err, errorconstants.NoASCALicense)
+}
+
+func TestCreateASCAScanRequest_EngineRunningAndSpecialAgentAndNoLicense_Fail(t *testing.T) {
+ port, err := getAvailablePort()
+ if err != nil {
+ t.Fatalf("Failed to get available port: %v", err)
+ }
+
+ ASCAParams := AscaScanParams{
+ FilePath: "data/python-vul-file.py",
+ ASCAUpdateVersion: true,
+ IsDefaultAgent: false,
+ }
+
+ wrapperParams := AscaWrappersParam{
+ JwtWrapper: &mock.JWTMockWrapper{},
+ FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+ ASCAWrapper: grpcs.NewASCAGrpcWrapper(port),
+ }
+ err = manageASCAInstallation(ASCAParams, wrapperParams)
+ assert.Nil(t, err)
+
+ err = ensureASCAServiceRunning(wrapperParams, ASCAParams)
+ assert.Nil(t, err)
+ assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck())
+
+ wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}
+
+ err = manageASCAInstallation(ASCAParams, wrapperParams)
+ assert.ErrorContains(t, err, errorconstants.NoASCALicense)
+ assert.NotNil(t, wrapperParams.ASCAWrapper.HealthCheck())
+}
+
+func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success(t *testing.T) {
+ port, err := getAvailablePort()
+ if err != nil {
+ t.Fatalf("Failed to get available port: %v", err)
+ }
+
+ ASCAParams := AscaScanParams{
+ FilePath: "data/python-vul-file.py",
+ ASCAUpdateVersion: true,
+ IsDefaultAgent: true,
+ }
+
+ wrapperParams := AscaWrappersParam{
+ JwtWrapper: &mock.JWTMockWrapper{},
+ FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+ ASCAWrapper: grpcs.NewASCAGrpcWrapper(port),
+ }
+ err = manageASCAInstallation(ASCAParams, wrapperParams)
+ assert.Nil(t, err)
+
+ wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}
+
+ err = ensureASCAServiceRunning(wrapperParams, ASCAParams)
+ assert.Nil(t, err)
+ assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck())
+
+ err = manageASCAInstallation(ASCAParams, wrapperParams)
+ assert.Nil(t, err)
+ assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck())
+ _ = wrapperParams.ASCAWrapper.ShutDown()
+}
diff --git a/internal/services/export.go b/internal/services/export.go
index 3c866c74e..e85051a0d 100644
--- a/internal/services/export.go
+++ b/internal/services/export.go
@@ -20,7 +20,7 @@ const (
pollingTimeout = 5 // minutes
)
-func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string) (*wrappers.ScaPackageCollectionExport, error) {
+func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string, scaHideDevAndTestDep bool) (*wrappers.ScaPackageCollectionExport, error) {
var scaPackageCollection = &wrappers.ScaPackageCollectionExport{
Packages: []wrappers.ScaPackage{},
ScaTypes: []wrappers.ScaType{},
@@ -28,6 +28,9 @@ func GetExportPackage(exportWrapper wrappers.ExportWrapper, scanID string) (*wra
payload := &wrappers.ExportRequestPayload{
ScanID: scanID,
FileFormat: "ScanReportJson",
+ ExportParameters: wrappers.ExportParameters{
+ HideDevAndTestDependencies: scaHideDevAndTestDep,
+ },
}
exportID, err := exportWrapper.InitiateExportRequest(payload)
diff --git a/internal/services/projects.go b/internal/services/projects.go
index cfb1b5937..ea79e8cb4 100644
--- a/internal/services/projects.go
+++ b/internal/services/projects.go
@@ -31,9 +31,7 @@ func FindProject(
applicationWrapper wrappers.ApplicationsWrapper,
featureFlagsWrapper wrappers.FeatureFlagsWrapper,
) (string, error) {
- params := make(map[string]string)
- params["names"] = projectName
- resp, _, err := projectsWrapper.Get(params)
+ resp, err := GetProjectsCollectionByProjectName(projectName, projectsWrapper)
if err != nil {
return "", err
}
@@ -70,6 +68,29 @@ func FindProject(
return projectID, nil
}
+func GetProjectsCollectionByProjectName(projectName string, projectsWrapper wrappers.ProjectsWrapper) (*wrappers.ProjectsCollectionResponseModel, error) {
+ params := make(map[string]string)
+ params["name"] = projectName
+ resp, _, err := projectsWrapper.Get(params)
+
+ if err != nil {
+ logger.PrintIfVerbose(err.Error())
+ return nil, err
+ }
+
+ if resp == nil {
+ EmptyProjects := []wrappers.ProjectResponseModel{}
+ emptyProjectsCollection := &wrappers.ProjectsCollectionResponseModel{
+ TotalCount: 0,
+ FilteredTotalCount: 0,
+ Projects: EmptyProjects,
+ }
+ return emptyProjectsCollection, nil
+ }
+
+ return resp, nil
+}
+
func createProject(
projectName string,
cmd *cobra.Command,
diff --git a/internal/services/projects_test.go b/internal/services/projects_test.go
index 7f133d3f2..45382812e 100644
--- a/internal/services/projects_test.go
+++ b/internal/services/projects_test.go
@@ -1,6 +1,7 @@
package services
import (
+ "reflect"
"testing"
"github.com/checkmarx/ast-cli/internal/wrappers"
@@ -279,3 +280,67 @@ func Test_updateProject(t *testing.T) {
})
}
}
+
+func TestGetProjectsCollectionByProjectName(t *testing.T) {
+ type args struct {
+ projectName string
+ projectsWrapper wrappers.ProjectsWrapper
+ }
+ tests := []struct {
+ name string
+ args args
+ want *wrappers.ProjectsCollectionResponseModel
+ wantErr bool
+ }{
+ {
+ name: "WhenCalledWithExistingProjectName_ShouldReturnProjectCollection",
+ args: args{
+ projectName: "existing-project",
+ projectsWrapper: &mock.ProjectsMockWrapper{},
+ },
+ want: &wrappers.ProjectsCollectionResponseModel{
+ Projects: []wrappers.ProjectResponseModel{
+ {ID: "existing-project-id", Name: "existing-project"},
+ },
+ TotalCount: 1,
+ FilteredTotalCount: 1,
+ },
+ wantErr: false,
+ },
+ {
+ name: "WhenCalledWithNonExistingProjectName_ShouldReturnEmptyProjectCollection",
+ args: args{
+ projectName: "non-existing-project",
+ projectsWrapper: &mock.ProjectsMockWrapper{},
+ },
+ want: &wrappers.ProjectsCollectionResponseModel{
+ Projects: []wrappers.ProjectResponseModel{},
+ TotalCount: 0,
+ FilteredTotalCount: 0,
+ },
+ wantErr: false,
+ },
+ {
+ name: "WhenCalledWithProjectNameAndErrorProject_ShouldReturnError",
+ args: args{
+ projectName: "error-project",
+ projectsWrapper: &mock.ProjectsMockWrapper{},
+ },
+ want: nil,
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ ttt := tt
+ t.Run(tt.name, func(t *testing.T) {
+ got, err := GetProjectsCollectionByProjectName(ttt.args.projectName, ttt.args.projectsWrapper)
+ if (err != nil) != ttt.wantErr {
+ t.Errorf("GetProjectsCollectionByProjectName() error = %v, wantErr %v", err, ttt.wantErr)
+ return
+ }
+ if !reflect.DeepEqual(got, ttt.want) {
+ t.Errorf("GetProjectsCollectionByProjectName() got = %v, want %v", got, ttt.want)
+ }
+ })
+ }
+}
diff --git a/internal/services/vorpal_test.go b/internal/services/vorpal_test.go
deleted file mode 100644
index 63360f278..000000000
--- a/internal/services/vorpal_test.go
+++ /dev/null
@@ -1,132 +0,0 @@
-package services
-
-import (
- "fmt"
- "testing"
-
- errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
- "github.com/checkmarx/ast-cli/internal/wrappers/grpcs"
- "github.com/checkmarx/ast-cli/internal/wrappers/mock"
- "github.com/stretchr/testify/assert"
-)
-
-func TestCreateVorpalScanRequest_DefaultAgent_Success(t *testing.T) {
- vorpalParams := VorpalScanParams{
- FilePath: "data/python-vul-file.py",
- VorpalUpdateVersion: false,
- IsDefaultAgent: true,
- }
- wrapperParams := VorpalWrappersParam{
- JwtWrapper: &mock.JWTMockWrapper{},
- FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: mock.NewVorpalMockWrapper(1234),
- }
- sr, err := CreateVorpalScanRequest(vorpalParams, wrapperParams)
- if err != nil {
- t.Fatalf("Failed to create vorpal scan request: %v", err)
- }
- if sr == nil {
- t.Fatalf("Failed to create vorpal scan request: %v", err)
- }
- fmt.Println(sr)
-}
-
-func TestCreateVorpalScanRequest_DefaultAgentAndLatestVersionFlag_Success(t *testing.T) {
- vorpalParams := VorpalScanParams{
- FilePath: "data/python-vul-file.py",
- VorpalUpdateVersion: true,
- IsDefaultAgent: true,
- }
- wrapperParams := VorpalWrappersParam{
- JwtWrapper: &mock.JWTMockWrapper{},
- FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: mock.NewVorpalMockWrapper(1234),
- }
- sr, err := CreateVorpalScanRequest(vorpalParams, wrapperParams)
- if err != nil {
- t.Fatalf("Failed to create vorpal scan request: %v", err)
- }
- if sr == nil {
- t.Fatalf("Failed to create vorpal scan request: %v", err)
- }
- fmt.Println(sr)
-}
-
-func TestCreateVorpalScanRequest_SpecialAgentAndNoLicense_Fail(t *testing.T) {
- specialErrorPort := 1
- vorpalParams := VorpalScanParams{
- FilePath: "data/python-vul-file.py",
- VorpalUpdateVersion: true,
- IsDefaultAgent: false,
- }
- wrapperParams := VorpalWrappersParam{
- JwtWrapper: &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled},
- FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: &mock.VorpalMockWrapper{Port: specialErrorPort},
- }
- _, err := CreateVorpalScanRequest(vorpalParams, wrapperParams)
- assert.ErrorContains(t, err, errorconstants.NoVorpalLicense)
-}
-
-func TestCreateVorpalScanRequest_EngineRunningAndSpecialAgentAndNoLicense_Fail(t *testing.T) {
- port, err := getAvailablePort()
- if err != nil {
- t.Fatalf("Failed to get available port: %v", err)
- }
-
- vorpalParams := VorpalScanParams{
- FilePath: "data/python-vul-file.py",
- VorpalUpdateVersion: true,
- IsDefaultAgent: false,
- }
-
- wrapperParams := VorpalWrappersParam{
- JwtWrapper: &mock.JWTMockWrapper{},
- FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: grpcs.NewVorpalGrpcWrapper(port),
- }
- err = manageVorpalInstallation(vorpalParams, wrapperParams)
- assert.Nil(t, err)
-
- err = ensureVorpalServiceRunning(wrapperParams, vorpalParams)
- assert.Nil(t, err)
- assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck())
-
- wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}
-
- err = manageVorpalInstallation(vorpalParams, wrapperParams)
- assert.ErrorContains(t, err, errorconstants.NoVorpalLicense)
- assert.NotNil(t, wrapperParams.VorpalWrapper.HealthCheck())
-}
-
-func TestCreateVorpalScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success(t *testing.T) {
- port, err := getAvailablePort()
- if err != nil {
- t.Fatalf("Failed to get available port: %v", err)
- }
-
- vorpalParams := VorpalScanParams{
- FilePath: "data/python-vul-file.py",
- VorpalUpdateVersion: true,
- IsDefaultAgent: true,
- }
-
- wrapperParams := VorpalWrappersParam{
- JwtWrapper: &mock.JWTMockWrapper{},
- FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
- VorpalWrapper: grpcs.NewVorpalGrpcWrapper(port),
- }
- err = manageVorpalInstallation(vorpalParams, wrapperParams)
- assert.Nil(t, err)
-
- wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}
-
- err = ensureVorpalServiceRunning(wrapperParams, vorpalParams)
- assert.Nil(t, err)
- assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck())
-
- err = manageVorpalInstallation(vorpalParams, wrapperParams)
- assert.Nil(t, err)
- assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck())
- _ = wrapperParams.VorpalWrapper.ShutDown()
-}
diff --git a/internal/wrappers/client.go b/internal/wrappers/client.go
index 60ad98cf3..4cb7688e1 100644
--- a/internal/wrappers/client.go
+++ b/internal/wrappers/client.go
@@ -248,7 +248,7 @@ func addReqMonitor(req *http.Request) *http.Request {
}
func SendHTTPRequestPasswordAuth(method string, body io.Reader, timeout uint, username, password, adminClientID, adminClientSecret string) (*http.Response, error) {
- u, err := getAuthURI()
+ u, err := GetAuthURI()
if err != nil {
return nil, err
}
@@ -375,7 +375,7 @@ func GetWithQueryParamsAndCustomRequest(client *http.Client, customReq *http.Req
return request(client, customReq, true)
}
func GetAccessToken() (string, error) {
- authURI, err := getAuthURI()
+ authURI, err := GetAuthURI()
if err != nil {
return "", err
}
@@ -402,7 +402,7 @@ func enrichWithPasswordCredentials(
request *http.Request, username, password,
adminClientID, adminClientSecret string,
) error {
- authURI, err := getAuthURI()
+ authURI, err := GetAuthURI()
if err != nil {
return err
}
@@ -479,7 +479,7 @@ func getNewToken(credentialsPayload, authServerURI string) (string, error) {
res, err := doPrivateRequest(client, req)
if err != nil {
- authURL, _ := getAuthURI()
+ authURL, _ := GetAuthURI()
return "", errors.Errorf("%s %s", checkmarxURLError, authURL)
}
if res.StatusCode == http.StatusBadRequest {
@@ -653,7 +653,7 @@ func hasRedirectStatusCode(resp *http.Response) bool {
return resp.StatusCode == http.StatusTemporaryRedirect || resp.StatusCode == http.StatusMovedPermanently
}
-func getAuthURI() (string, error) {
+func GetAuthURI() (string, error) {
var authURI string
var err error
override := viper.GetBool(commonParams.ApikeyOverrideFlag)
diff --git a/internal/wrappers/export-http.go b/internal/wrappers/export-http.go
index 95d990974..9b6b1b579 100644
--- a/internal/wrappers/export-http.go
+++ b/internal/wrappers/export-http.go
@@ -166,18 +166,26 @@ func (e *ExportHTTPWrapper) GetScaPackageCollectionExport(fileURL string) (*ScaP
if err != nil {
return nil, err
}
+
resp, err := SendHTTPRequestByFullURL(http.MethodGet, fileURL, http.NoBody, true, viper.GetUint(commonParams.ClientTimeoutKey), accessToken, true)
if err != nil {
return nil, err
}
defer resp.Body.Close()
+ body, err := io.ReadAll(resp.Body)
+ if err != nil {
+ return nil, err
+ }
+
+ // Remove BOM if present
+ body = bytes.TrimPrefix(body, []byte("\xef\xbb\xbf"))
+
var scaPackageCollection ScaPackageCollectionExport
- if err := json.NewDecoder(resp.Body).Decode(&scaPackageCollection); err != nil {
+ if err := json.Unmarshal(body, &scaPackageCollection); err != nil {
return nil, err
}
logger.PrintIfVerbose("Retrieved SCA package collection export successfully")
-
return &scaPackageCollection, nil
}
diff --git a/internal/wrappers/grpcs/vorpal-grpc.go b/internal/wrappers/grpcs/asca-grpc.go
similarity index 68%
rename from internal/wrappers/grpcs/vorpal-grpc.go
rename to internal/wrappers/grpcs/asca-grpc.go
index 46251b83a..e6cf75917 100644
--- a/internal/wrappers/grpcs/vorpal-grpc.go
+++ b/internal/wrappers/grpcs/asca-grpc.go
@@ -5,14 +5,14 @@ import (
"time"
"github.com/checkmarx/ast-cli/internal/logger"
- vorpalManagement "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/vorpal/managements"
- vorpalScan "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/vorpal/scans"
+ ASCAManagement "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/asca/managements"
+ ASCAScan "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/asca/scans"
"github.com/google/uuid"
"github.com/pkg/errors"
"google.golang.org/grpc"
)
-type VorpalGrpcWrapper struct {
+type ASCAGrpcWrapper struct {
grpcClient *ClientWithTimeout
hostAddress string
port int
@@ -20,21 +20,21 @@ type VorpalGrpcWrapper struct {
}
const (
- vorpalScanErrMsg = "Vorpal scan failed for file %s. ScanId: %s"
+ ASCAScanErrMsg = "asca scan failed for file %s. ScanId: %s"
localHostAddress = "127.0.0.1:%d"
- serviceName = "VorpalEngine"
+ ASCAServiceName = "VorpalEngine"
)
-func NewVorpalGrpcWrapper(port int) VorpalWrapper {
+func NewASCAGrpcWrapper(port int) AscaWrapper {
serverHostAddress := fmt.Sprintf(localHostAddress, port)
- return &VorpalGrpcWrapper{
+ return &ASCAGrpcWrapper{
grpcClient: NewGRPCClientWithTimeout(serverHostAddress, 1*time.Second).(*ClientWithTimeout),
hostAddress: serverHostAddress,
port: port,
}
}
-func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, error) {
+func (v *ASCAGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, error) {
conn, connErr := v.grpcClient.CreateClientConn()
if connErr != nil {
logger.Printf(ConnErrMsg, v.hostAddress, connErr)
@@ -45,11 +45,11 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro
_ = conn.Close()
}(conn)
- scanClient := vorpalScan.NewScanServiceClient(conn)
+ scanClient := ASCAScan.NewScanServiceClient(conn)
scanID := uuid.New().String()
- request := &vorpalScan.SingleScanRequest{
- ScanRequest: &vorpalScan.ScanRequest{
+ request := &ASCAScan.SingleScanRequest{
+ ScanRequest: &ASCAScan.ScanRequest{
Id: scanID,
FileName: fileName,
SourceCode: sourceCode,
@@ -58,7 +58,7 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro
resp, err := scanClient.Scan(v.grpcClient.ctx, request)
if err != nil {
- return nil, errors.Wrapf(err, vorpalScanErrMsg, fileName, scanID)
+ return nil, errors.Wrapf(err, ASCAScanErrMsg, fileName, scanID)
}
var scanError *Error
@@ -77,7 +77,7 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro
}, nil
}
-func convertScanDetails(details []*vorpalScan.ScanResult_ScanDetail) []ScanDetail {
+func convertScanDetails(details []*ASCAScan.ScanResult_ScanDetail) []ScanDetail {
var scanDetails []ScanDetail
for _, detail := range details {
scanDetails = append(scanDetails, ScanDetail{
@@ -96,9 +96,9 @@ func convertScanDetails(details []*vorpalScan.ScanResult_ScanDetail) []ScanDetai
return scanDetails
}
-func (v *VorpalGrpcWrapper) HealthCheck() error {
+func (v *ASCAGrpcWrapper) HealthCheck() error {
if !v.serving {
- err := v.grpcClient.HealthCheck(v.grpcClient, serviceName)
+ err := v.grpcClient.HealthCheck(v.grpcClient, ASCAServiceName)
if err != nil {
return err
}
@@ -108,7 +108,7 @@ func (v *VorpalGrpcWrapper) HealthCheck() error {
return nil
}
-func (v *VorpalGrpcWrapper) ShutDown() error {
+func (v *ASCAGrpcWrapper) ShutDown() error {
conn, connErr := v.grpcClient.CreateClientConn()
if connErr != nil {
logger.Printf(ConnErrMsg, v.hostAddress, connErr)
@@ -118,21 +118,21 @@ func (v *VorpalGrpcWrapper) ShutDown() error {
_ = conn.Close()
}(conn)
- managementClient := vorpalManagement.NewManagementServiceClient(conn)
- _, shutdownErr := managementClient.Shutdown(v.grpcClient.ctx, &vorpalManagement.ShutdownRequest{})
+ managementClient := ASCAManagement.NewManagementServiceClient(conn)
+ _, shutdownErr := managementClient.Shutdown(v.grpcClient.ctx, &ASCAManagement.ShutdownRequest{})
if shutdownErr != nil {
return errors.Wrap(shutdownErr, "failed to shutdown")
}
- logger.PrintfIfVerbose("Vorpal service is shutting down")
+ logger.PrintfIfVerbose("asca service is shutting down")
v.serving = false
return nil
}
-func (v *VorpalGrpcWrapper) GetPort() int {
+func (v *ASCAGrpcWrapper) GetPort() int {
return v.port
}
-func (v *VorpalGrpcWrapper) ConfigurePort(port int) {
+func (v *ASCAGrpcWrapper) ConfigurePort(port int) {
v.port = port
v.hostAddress = fmt.Sprintf(localHostAddress, port)
v.grpcClient = NewGRPCClientWithTimeout(v.hostAddress, 1*time.Second).(*ClientWithTimeout)
diff --git a/internal/wrappers/grpcs/vorpal.go b/internal/wrappers/grpcs/asca.go
similarity index 97%
rename from internal/wrappers/grpcs/vorpal.go
rename to internal/wrappers/grpcs/asca.go
index 478f4802b..a66dbbd4d 100644
--- a/internal/wrappers/grpcs/vorpal.go
+++ b/internal/wrappers/grpcs/asca.go
@@ -1,6 +1,6 @@
package grpcs
-type VorpalWrapper interface {
+type AscaWrapper interface {
Scan(fileName, sourceCode string) (*ScanResult, error)
HealthCheck() error
ShutDown() error
diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go b/internal/wrappers/grpcs/protos/asca/managements/management.pb.go
similarity index 99%
rename from internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go
rename to internal/wrappers/grpcs/protos/asca/managements/management.pb.go
index 3e95feb01..7d845bfac 100644
--- a/internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go
+++ b/internal/wrappers/grpcs/protos/asca/managements/management.pb.go
@@ -2,7 +2,7 @@
// versions:
// protoc-gen-go v1.34.1
// protoc v4.25.3
-// source: managements/management.vorpal
+// source: managements/management.asca
package managements
diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management.proto b/internal/wrappers/grpcs/protos/asca/managements/management.proto
similarity index 83%
rename from internal/wrappers/grpcs/protos/vorpal/managements/management.proto
rename to internal/wrappers/grpcs/protos/asca/managements/management.proto
index e72dda38d..bfe28bc47 100644
--- a/internal/wrappers/grpcs/protos/vorpal/managements/management.proto
+++ b/internal/wrappers/grpcs/protos/asca/managements/management.proto
@@ -2,7 +2,7 @@ syntax = "proto3";
package cx.microsast.service.v1.managements;
-option go_package = "github.com/checkmarxdev/cxcodeprobe/vorpal/golang/managements";
+option go_package = "github.com/checkmarxdev/cxcodeprobe/asca/golang/managements";
// Represents a request to perform a shutdown.
message ShutdownRequest {
diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go b/internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go
similarity index 99%
rename from internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go
rename to internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go
index 0bd6cd5b5..117a9b870 100644
--- a/internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go
+++ b/internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go
@@ -2,7 +2,7 @@
// versions:
// - protoc-gen-go-grpcs v1.3.0
// - protoc v4.25.3
-// source: managements/management.vorpal
+// source: managements/management.asca
package managements
diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go b/internal/wrappers/grpcs/protos/asca/scans/scan.pb.go
similarity index 99%
rename from internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go
rename to internal/wrappers/grpcs/protos/asca/scans/scan.pb.go
index 91e956bb3..65a5fe85f 100644
--- a/internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go
+++ b/internal/wrappers/grpcs/protos/asca/scans/scan.pb.go
@@ -2,7 +2,7 @@
// versions:
// protoc-gen-go v1.34.1
// protoc v4.25.3
-// source: scans/scan.vorpal
+// source: scans/scan.asca
package scans
diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan.proto b/internal/wrappers/grpcs/protos/asca/scans/scan.proto
similarity index 100%
rename from internal/wrappers/grpcs/protos/vorpal/scans/scan.proto
rename to internal/wrappers/grpcs/protos/asca/scans/scan.proto
diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go b/internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go
similarity index 99%
rename from internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go
rename to internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go
index 2bda5d05e..09143331c 100644
--- a/internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go
+++ b/internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go
@@ -2,7 +2,7 @@
// versions:
// - protoc-gen-go-grpcs v1.3.0
// - protoc v4.25.3
-// source: scans/scan.vorpal
+// source: scans/scan.asca
package scans
diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go
index 64b7f9e79..a18c3ea70 100644
--- a/internal/wrappers/jwt-helper.go
+++ b/internal/wrappers/jwt-helper.go
@@ -20,7 +20,7 @@ type JWTStruct struct {
jwt.Claims
}
-var enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers"}
+var enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers", "enterprise-secrets"}
var defaultEngines = map[string]bool{
"sast": true,
@@ -86,6 +86,7 @@ func prepareEngines(engines []string) map[string]bool {
m := make(map[string]bool)
for _, value := range engines {
engine := strings.Replace(strings.ToLower(value), strings.ToLower(commonParams.APISecurityLabel), commonParams.APISecurityType, 1)
+ engine = strings.Replace(strings.ToLower(engine), strings.ToLower(commonParams.EnterpriseSecretsLabel), commonParams.EnterpriseSecretsType, 1)
engine = strings.Replace(strings.ToLower(engine), commonParams.KicsType, commonParams.IacType, 1)
// Current limitation, CxOne is including non-engines in the JWT
diff --git a/internal/wrappers/mock/vorpal-mock.go b/internal/wrappers/mock/asca-mock.go
similarity index 85%
rename from internal/wrappers/mock/vorpal-mock.go
rename to internal/wrappers/mock/asca-mock.go
index b0ba8c539..71e59b651 100644
--- a/internal/wrappers/mock/vorpal-mock.go
+++ b/internal/wrappers/mock/asca-mock.go
@@ -10,33 +10,33 @@ var (
specialErrorPortNumber = 1
)
-type VorpalMockWrapper struct {
+type ASCAMockWrapper struct {
Port int
}
-func NewVorpalMockWrapper(port int) *VorpalMockWrapper {
- return &VorpalMockWrapper{Port: port}
+func NewASCAMockWrapper(port int) *ASCAMockWrapper {
+ return &ASCAMockWrapper{Port: port}
}
-func (v *VorpalMockWrapper) Scan(fileName, sourceCode string) (*grpcs.ScanResult, error) {
+func (v *ASCAMockWrapper) Scan(fileName, sourceCode string) (*grpcs.ScanResult, error) {
if fileName == "csharp-no-vul.cs" {
return ReturnFailureResponseMock(), nil
}
return ReturnSuccessfulResponseMock(), nil
}
-func (v *VorpalMockWrapper) HealthCheck() error {
+func (v *ASCAMockWrapper) HealthCheck() error {
if v.Port == specialErrorPortNumber {
return fmt.Errorf("error %d", InternalError)
}
return nil
}
-func (v *VorpalMockWrapper) ShutDown() error {
+func (v *ASCAMockWrapper) ShutDown() error {
return nil
}
-func (v *VorpalMockWrapper) GetPort() int {
+func (v *ASCAMockWrapper) GetPort() int {
return v.Port
}
@@ -81,7 +81,7 @@ func ReturnFailureResponseMock() *grpcs.ScanResult {
}
}
-func (v *VorpalMockWrapper) ConfigurePort(port int) {
+func (v *ASCAMockWrapper) ConfigurePort(port int) {
}
diff --git a/internal/wrappers/mock/projects-mock.go b/internal/wrappers/mock/projects-mock.go
index 7bff9f76a..f289399a6 100644
--- a/internal/wrappers/mock/projects-mock.go
+++ b/internal/wrappers/mock/projects-mock.go
@@ -50,7 +50,7 @@ func (p *ProjectsMockWrapper) Get(params map[string]string) (
}
var model *wrappers.ProjectsCollectionResponseModel
- switch name := params["names"]; name {
+ switch name := params["name"]; name {
case "fake-kics-scanner-fail":
model = getProjectResponseModel(fmt.Sprintf("%s-id", name), name, filteredTotalCount)
case "fake-multiple-scanner-fails":
@@ -59,6 +59,14 @@ func (p *ProjectsMockWrapper) Get(params map[string]string) (
model = getProjectResponseModel(fmt.Sprintf("%s-id", name), name, filteredTotalCount)
case "fake-kics-fail-sast-canceled":
model = getProjectResponseModel(fmt.Sprintf("%s-id", name), name, filteredTotalCount)
+ case "existing-project":
+ model = getProjectResponseModel(fmt.Sprintf("%s-id", name), name, filteredTotalCount)
+ case "non-existing-project":
+ model = nil
+ case "error-project":
+ return nil, nil, fmt.Errorf("some error")
+ case "test_project3":
+ model = ListProjectResponseModels()
default:
model = getProjectResponseModel("MOCK", "MOCK", filteredTotalCount)
}
@@ -68,6 +76,7 @@ func (p *ProjectsMockWrapper) Get(params map[string]string) (
func getProjectResponseModel(id, name string, filteredTotalCount int) *wrappers.ProjectsCollectionResponseModel {
return &wrappers.ProjectsCollectionResponseModel{
+ TotalCount: 1,
FilteredTotalCount: uint(filteredTotalCount),
Projects: []wrappers.ProjectResponseModel{
{
@@ -78,6 +87,28 @@ func getProjectResponseModel(id, name string, filteredTotalCount int) *wrappers.
}
}
+func ListProjectResponseModels() *wrappers.ProjectsCollectionResponseModel {
+ projects := []wrappers.ProjectResponseModel{
+ {
+ ID: "1",
+ Name: "test_project1",
+ },
+ {
+ ID: "2",
+ Name: "test_project2",
+ },
+ {
+ ID: "3",
+ Name: "test_project3",
+ },
+ }
+ return &wrappers.ProjectsCollectionResponseModel{
+ TotalCount: 3,
+ FilteredTotalCount: 3,
+ Projects: projects,
+ }
+}
+
func (p *ProjectsMockWrapper) GetByID(projectID string) (
*wrappers.ProjectResponseModel,
*wrappers.ErrorModel,
@@ -87,7 +118,8 @@ func (p *ProjectsMockWrapper) GetByID(projectID string) (
}
fmt.Println("Called GetByID in ProjectsMockWrapper")
return &wrappers.ProjectResponseModel{
- ID: projectID,
+ ID: projectID,
+ Name: "MOCK",
Tags: map[string]string{
"a": "b",
"c": "d",
diff --git a/internal/wrappers/mock/results-mock.go b/internal/wrappers/mock/results-mock.go
index ed207b33f..4264583b5 100644
--- a/internal/wrappers/mock/results-mock.go
+++ b/internal/wrappers/mock/results-mock.go
@@ -3,6 +3,8 @@ package mock
import (
"fmt"
+ "github.com/checkmarx/ast-cli/internal/params"
+
"github.com/checkmarx/ast-cli/internal/wrappers"
)
@@ -30,6 +32,53 @@ var containersResults = &wrappers.ScanResult{
},
}
+var scsResultsSecretDetection = []*wrappers.ScanResult{
+ {
+ Type: params.SCSSecretDetectionType,
+ ID: "bhXbZjjoQZdGAwUhj6MLo9sh4fA=",
+ SimilarityID: "6deb156f325544aaefecee846b49a948571cecd4445d2b2b391a490641be5845",
+ Status: "NEW",
+ State: "TO_VERIFY",
+ Severity: "HIGH",
+ Created: "2024-07-30T12:49:56Z",
+ FirstFoundAt: "2023-07-06T10:28:49Z",
+ FoundAt: "2024-07-30T12:49:56Z",
+ FirstScanID: "3d922bcd-00fe-4774-b182-d51e739dff81",
+ Description: "Generic API Key has detected secret for file application.properties.",
+ VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+ },
+ {
+ Type: params.SCSSecretDetectionType,
+ ID: "bhXbZjjoQZdGAwUhj6MLo9sh4fA=",
+ SimilarityID: "6deb156f325544aaefecee846b49a948571cecd4445d2b2b391a490641be5845",
+ Status: "NEW",
+ State: "TO_VERIFY",
+ Severity: "MEDIUM",
+ Created: "2024-07-30T12:49:56Z",
+ FirstFoundAt: "2023-07-06T10:28:49Z",
+ FoundAt: "2024-07-30T12:49:56Z",
+ FirstScanID: "3d922bcd-00fe-4774-b182-d51e739dff81",
+ Description: "Generic API Key has detected secret for file application.properties.",
+ VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+ },
+}
+var scsResultScorecard = []*wrappers.ScanResult{
+ {
+ Type: params.SCSScorecardType,
+ ID: "n2a8iCzrIgbCe+dGKYk+cAApO0U=",
+ SimilarityID: "65323789a325544aaefecee846b49a948571cecd4445d2b2b391a490641be5845",
+ Status: "NEW",
+ State: "TO_VERIFY",
+ Severity: "LOW",
+ Created: "2024-07-30T12:49:56Z",
+ FirstFoundAt: "2023-07-06T10:28:49Z",
+ FoundAt: "2024-07-30T12:49:56Z",
+ FirstScanID: "3d922bcd-00fe-4774-b182-d51e739dff81",
+ Description: "score is 0: branch protection not enabled on development/release branches:\\nWarn: branch protection not enabled for branch 'main'",
+ VulnerabilityDetails: wrappers.VulnerabilityDetails{},
+ },
+}
+
func (r ResultsMockWrapper) GetAllResultsByScanID(params map[string]string) (
*wrappers.ScanResultsCollection,
*wrappers.WebError,
@@ -49,11 +98,47 @@ func (r ResultsMockWrapper) GetAllResultsByScanID(params map[string]string) (
},
}, nil, nil
}
+ if params["scan-id"] == "SAST_ONLY" {
+ return &wrappers.ScanResultsCollection{
+ TotalCount: 1,
+ Results: []*wrappers.ScanResult{
+ {
+ Type: "sast",
+ ID: "1",
+ Severity: "high",
+ ScanResultData: wrappers.ScanResultData{
+ LanguageName: "JavaScript",
+ QueryName: "mock-query-name-1",
+ Nodes: []*wrappers.ScanResultNode{
+ {
+ FileName: "dummy-file-name-1",
+ Line: 10,
+ Column: 10,
+ Length: 20,
+ },
+ {
+ FileName: "dummy-file-name-1",
+ Line: 11,
+ Column: 3,
+ Length: 10,
+ },
+ },
+ },
+ },
+ },
+ }, nil, nil
+ }
+ if params["scan-id"] == "SCS_ONLY" {
+ scsResults := &wrappers.ScanResultsCollection{}
+ addSCSResults(scsResults)
+ return scsResults, nil, nil
+ }
+
const mock = "mock"
var dependencyPath = wrappers.DependencyPath{ID: mock, Name: mock, Version: mock, IsResolved: true, IsDevelopment: false, Locations: nil}
var dependencyArray = [][]wrappers.DependencyPath{{dependencyPath}}
- return &wrappers.ScanResultsCollection{
- TotalCount: 8,
+ scanResults := &wrappers.ScanResultsCollection{
+ TotalCount: 10,
Results: []*wrappers.ScanResult{
{
Type: "sast",
@@ -212,9 +297,23 @@ func (r ResultsMockWrapper) GetAllResultsByScanID(params map[string]string) (
Severity: "low",
},
},
- }, nil, nil
+ }
+ addSCSResults(scanResults)
+ return scanResults, nil, nil
}
func (r ResultsMockWrapper) GetResultsURL(projectID string) (string, error) {
return fmt.Sprintf("projects/%s/overview", projectID), nil
}
+
+// addSCSResults adds the SCS results to the scan results depending on the mock flags. Values in this mock should be in accordance with ScanOverviewMockWrapper
+func addSCSResults(scanResults *wrappers.ScanResultsCollection) {
+ // the mock always has a result for Secret Detection
+ scanResults.Results = append(scanResults.Results, scsResultsSecretDetection...)
+ scanResults.TotalCount += uint(len(scsResultsSecretDetection))
+
+ if ScorecardScanned && !ScsScanPartial {
+ scanResults.Results = append(scanResults.Results, scsResultScorecard...)
+ scanResults.TotalCount += uint(len(scsResultScorecard))
+ }
+}
diff --git a/internal/wrappers/mock/scan-overview-mock.go b/internal/wrappers/mock/scan-overview-mock.go
index 5e7f609ab..6ebcaaa2a 100644
--- a/internal/wrappers/mock/scan-overview-mock.go
+++ b/internal/wrappers/mock/scan-overview-mock.go
@@ -18,12 +18,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
if ScsScanPartial {
return &wrappers.SCSOverview{
Status: "Partial",
- TotalRisksCount: 10,
+ TotalRisksCount: 2,
RiskSummary: map[string]int{
"critical": 0,
- "high": 5,
- "medium": 3,
- "low": 2,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
MicroEngineOverviews: []*wrappers.MicroEngineOverview{
@@ -31,12 +31,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
Name: "2ms",
FullName: "Secret Detection",
Status: "Completed",
- TotalRisks: 10,
+ TotalRisks: 2,
RiskSummary: map[string]interface{}{
"critical": 0,
- "high": 5,
- "medium": 3,
- "low": 2,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
},
@@ -59,12 +59,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
if ScorecardScanned {
return &wrappers.SCSOverview{
Status: "Completed",
- TotalRisksCount: 14,
+ TotalRisksCount: 3,
RiskSummary: map[string]int{
"critical": 0,
- "high": 7,
- "medium": 4,
- "low": 3,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
MicroEngineOverviews: []*wrappers.MicroEngineOverview{
@@ -72,12 +72,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
Name: "2ms",
FullName: "Secret Detection",
Status: "Completed",
- TotalRisks: 10,
+ TotalRisks: 2,
RiskSummary: map[string]interface{}{
"critical": 0,
- "high": 5,
- "medium": 3,
- "low": 2,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
},
@@ -85,11 +85,11 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
Name: "Scorecard",
FullName: "Scorecard",
Status: "Completed",
- TotalRisks: 4,
+ TotalRisks: 1,
RiskSummary: map[string]interface{}{
"critical": 0,
- "high": 2,
- "medium": 1,
+ "high": 0,
+ "medium": 0,
"low": 1,
"info": 0,
},
@@ -100,12 +100,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
// default Overview
return &wrappers.SCSOverview{
Status: "Completed",
- TotalRisksCount: 10,
+ TotalRisksCount: 2,
RiskSummary: map[string]int{
"critical": 0,
- "high": 5,
- "medium": 3,
- "low": 2,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
MicroEngineOverviews: []*wrappers.MicroEngineOverview{
@@ -113,12 +113,12 @@ func (s ScanOverviewMockWrapper) GetSCSOverviewByScanID(scanID string) (
Name: "2ms",
FullName: "Secret Detection",
Status: "Completed",
- TotalRisks: 10,
+ TotalRisks: 2,
RiskSummary: map[string]interface{}{
"critical": 0,
- "high": 5,
- "medium": 3,
- "low": 2,
+ "high": 1,
+ "medium": 1,
+ "low": 0,
"info": 0,
},
},
diff --git a/internal/wrappers/results-json.go b/internal/wrappers/results-json.go
index 2d6497894..e2c4de43b 100644
--- a/internal/wrappers/results-json.go
+++ b/internal/wrappers/results-json.go
@@ -102,12 +102,12 @@ type ScanResultData struct {
ScaPackageCollection *ScaPackageCollection `json:"scaPackageData,omitempty"`
RecommendedVersion interface{} `json:"recommendedVersion,omitempty"`
// Added to support kics results
- Line uint `json:"line,omitempty"`
+ Line uint `json:"line,omitempty"` // also used by SSCS results
Platform string `json:"platform,omitempty"`
IssueType string `json:"issueType,omitempty"`
ExpectedValue string `json:"expectedValue,omitempty"`
Value string `json:"value,omitempty"`
- Filename string `json:"filename,omitempty"`
+ Filename string `json:"filename,omitempty"` // also used by SSCS results
// Added to support containers results
PackageName string `json:"packageName,omitempty"`
PackageVersion string `json:"packageVersion,omitempty"`
@@ -115,4 +115,14 @@ type ScanResultData struct {
ImageTag string `json:"imageTag,omitempty"`
ImageFilePath string `json:"imageFilePath,omitempty"`
ImageOrigin string `json:"imageOrigin,omitempty"`
+ // Added to support SSCS results
+ RuleID *string `json:"ruleId,omitempty"`
+ RuleName string `json:"ruleName,omitempty"`
+ Snippet string `json:"snippet,omitempty"`
+ SlsaStep string `json:"slsaStep,omitempty"`
+ RuleDescription string `json:"ruleDescription,omitempty"`
+ Remediation string `json:"remediation,omitempty"`
+ RemediationLink string `json:"remediationLink,omitempty"`
+ RemediationAdditional string `json:"remediationAdditional,omitempty"`
+ Validity string `json:"validity,omitempty"`
}
diff --git a/internal/wrappers/results-sarif.go b/internal/wrappers/results-sarif.go
index efb13ff13..a153e3186 100644
--- a/internal/wrappers/results-sarif.go
+++ b/internal/wrappers/results-sarif.go
@@ -59,6 +59,7 @@ type SarifScanResult struct {
Message SarifMessage `json:"message"`
PartialFingerprints *SarifResultFingerprint `json:"partialFingerprints,omitempty"`
Locations []SarifLocation `json:"locations,omitempty"`
+ Properties *SarifResultProperties `json:"properties,omitempty"`
}
type SarifLocation struct {
@@ -71,13 +72,19 @@ type SarifPhysicalLocation struct {
}
type SarifRegion struct {
- StartLine uint `json:"startLine,omitempty"`
- StartColumn uint `json:"startColumn,omitempty"`
- EndColumn uint `json:"endColumn,omitempty"`
+ StartLine uint `json:"startLine,omitempty"`
+ StartColumn uint `json:"startColumn,omitempty"`
+ EndColumn uint `json:"endColumn,omitempty"`
+ Snippet *SarifSnippet `json:"snippet,omitempty"`
+}
+
+type SarifSnippet struct {
+ Text string `json:"text,omitempty"`
}
type SarifArtifactLocation struct {
- URI string `json:"uri"`
+ URI string `json:"uri"`
+ Description *SarifMessage `json:"description,omitempty"`
}
type SarifMessage struct {
@@ -87,3 +94,8 @@ type SarifMessage struct {
type SarifResultFingerprint struct {
PrimaryLocationLineHash string `json:"primaryLocationLineHash,omitempty"`
}
+
+type SarifResultProperties struct {
+ Severity string `json:"severity,omitempty"`
+ Validity string `json:"validity,omitempty"`
+}
diff --git a/internal/wrappers/results-summary.go b/internal/wrappers/results-summary.go
index 905376f9f..85f3ae3b9 100644
--- a/internal/wrappers/results-summary.go
+++ b/internal/wrappers/results-summary.go
@@ -17,9 +17,9 @@ type ResultSummary struct {
SastIssues int
KicsIssues int
ScaIssues int
- ContainersIssues *int `json:"ContainersIssues,omitempty"`
- ScsIssues int `json:"-"`
- SCSOverview SCSOverview `json:"-"`
+ ContainersIssues *int `json:"ContainersIssues,omitempty"`
+ ScsIssues *int `json:"ScsIssues,omitempty"`
+ SCSOverview *SCSOverview `json:"ScsOverview,omitempty"`
APISecurity APISecResult
RiskStyle string
RiskMsg string
@@ -161,9 +161,15 @@ func (r *ResultSummary) ContainersIssuesValue() int {
return *r.ContainersIssues
}
+func (r *ResultSummary) SCSEnabled() bool {
+ return IsSCSEnabled
+}
func (r *ResultSummary) HasSCS() bool {
return r.HasEngine(params.ScsType)
}
+func (r *ResultSummary) SCSIssuesValue() int {
+ return *r.ScsIssues
+}
func (r *ResultSummary) getRiskFromAPISecurity(origin string) *riskDistribution {
for _, risk := range r.APISecurity.RiskDistribution {
@@ -307,6 +313,10 @@ const summaryTemplateHeader = `{{define "SummaryTemplate"}}
background-color: #70F9CC !important;
}
+ .bg-scs {
+ background-color: #D2C7F6 !important;
+ }
+
.header-row .cx-info .data .calendar-svg {
margin-right: 8px;
}
@@ -775,6 +785,9 @@ const nonAsyncSummary = `
{{if .ContainersEnabled}}{{end}}
+ {{if .SCSEnabled}}{{end}}
@@ -784,6 +797,7 @@ const nonAsyncSummary = `
{{if lt .KicsIssues 0}}N/A{{else}}{{.KicsIssues}}{{end}}
{{if lt .ScaIssues 0}}N/A{{else}}{{.ScaIssues}}{{end}}
{{if .ContainersEnabled}}
{{if lt .ContainersIssuesValue 0}}N/A{{else}}{{.ContainersIssuesValue}}{{end}}
{{end}}
+ {{if .SCSEnabled}}
{{if lt .SCSIssuesValue 0}}N/A{{else}}{{.SCSIssuesValue}}{{end}}
{{end}}
@@ -857,9 +871,9 @@ const SummaryMarkdownCompletedTemplate = `
### Vulnerabilities per Scan Type
-| SAST | IaC Security | SCA |{{if .ContainersEnabled}} Containers |{{end}}
-|:----------:|:----------:|:---------:|{{if .ContainersEnabled}} :----------:|{{end}}
-| {{if lt .SastIssues 0}}N/A{{else}}{{.SastIssues}}{{end}} | {{if lt .KicsIssues 0}}N/A{{else}}{{.KicsIssues}}{{end}} | {{if lt .ScaIssues 0}}N/A{{else}}{{.ScaIssues}}{{end}} | {{if .ContainersEnabled}}{{if lt .ScaIssues 0}}N/A{{else}}{{.ContainersIssuesValue}}{{end}} | {{end}}
+| SAST | IaC Security | SCA |{{if .SCSEnabled}} SCS |{{end}}{{if .ContainersEnabled}} Containers |{{end}}
+|:----------:|:----------:|:---------:|{{if .SCSEnabled}} :----------:|{{end}}{{if .ContainersEnabled}} :----------:|{{end}}
+| {{if lt .SastIssues 0}}N/A{{else}}{{.SastIssues}}{{end}} | {{if lt .KicsIssues 0}}N/A{{else}}{{.KicsIssues}}{{end}} | {{if lt .ScaIssues 0}}N/A{{else}}{{.ScaIssues}}{{end}} | {{if .SCSEnabled}}{{if lt .SCSIssuesValue 0}}N/A{{else}}{{.SCSIssuesValue}}{{end}} | {{end}} {{if .ContainersEnabled}}{{if lt .ScaIssues 0}}N/A{{else}}{{.ContainersIssuesValue}}{{end}} | {{end}}
{{if .HasAPISecurity}}
### API Security
diff --git a/test/integration/vorpal-engine_test.go b/test/integration/asca-engine_test.go
similarity index 73%
rename from test/integration/vorpal-engine_test.go
rename to test/integration/asca-engine_test.go
index c0e348af5..43a8948ff 100644
--- a/test/integration/vorpal-engine_test.go
+++ b/test/integration/asca-engine_test.go
@@ -8,7 +8,7 @@ import (
"os"
"testing"
- "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig"
+ "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig"
commonParams "github.com/checkmarx/ast-cli/internal/params"
"github.com/checkmarx/ast-cli/internal/services"
"github.com/checkmarx/ast-cli/internal/wrappers/configuration"
@@ -18,12 +18,12 @@ import (
"gotest.tools/assert"
)
-func TestScanVorpal_NoFileSourceSent_ReturnSuccess(t *testing.T) {
+func TestScanASCA_NoFileSourceSent_ReturnSuccess(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "",
- flag(commonParams.VorpalLatestVersion),
+ flag(commonParams.ASCALatestVersion),
}
err, bytes := executeCommand(t, args...)
@@ -34,12 +34,12 @@ func TestScanVorpal_NoFileSourceSent_ReturnSuccess(t *testing.T) {
assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided)
}
-func TestExecuteVorpalScan_VorpalLatestVersionSetTrue_Success(t *testing.T) {
+func TestExecuteASCAScan_ASCALatestVersionSetTrue_Success(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "",
- flag(commonParams.VorpalLatestVersion),
+ flag(commonParams.ASCALatestVersion),
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -51,13 +51,13 @@ func TestExecuteVorpalScan_VorpalLatestVersionSetTrue_Success(t *testing.T) {
assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided)
}
-func TestExecuteVorpalScan_NoSourceAndVorpalLatestVersionSetFalse_Success(t *testing.T) {
+func TestExecuteASCAScan_NoSourceAndASCALatestVersionSetFalse_Success(t *testing.T) {
configuration.LoadConfiguration()
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- _ = vorpalWrapper.ShutDown()
- _ = os.RemoveAll(vorpalconfig.Params.WorkingDir())
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ _ = ASCAWrapper.ShutDown()
+ _ = os.RemoveAll(ascaconfig.Params.WorkingDir())
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -70,10 +70,10 @@ func TestExecuteVorpalScan_NoSourceAndVorpalLatestVersionSetFalse_Success(t *tes
assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided)
}
-func TestExecuteVorpalScan_NotExistingFile_Success(t *testing.T) {
+func TestExecuteASCAScan_NotExistingFile_Success(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "not-existing-file.py",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -86,10 +86,10 @@ func TestExecuteVorpalScan_NotExistingFile_Success(t *testing.T) {
assert.Assert(t, scanResults.Error.Description == fmt.Sprintf(services.FileNotFound, "not-existing-file.py"), "should return error: ", services.FileNotFound)
}
-func TestExecuteVorpalScan_VorpalLatestVersionSetFalse_Success(t *testing.T) {
+func TestExecuteASCAScan_ASCALatestVersionSetFalse_Success(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "data/python-vul-file.py",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -104,15 +104,15 @@ func TestExecuteVorpalScan_VorpalLatestVersionSetFalse_Success(t *testing.T) {
asserts.NotNil(t, scanResult.ScanDetails)
}
-func TestExecuteVorpalScan_NoEngineInstalledAndVorpalLatestVersionSetFalse_Success(t *testing.T) {
+func TestExecuteASCAScan_NoEngineInstalledAndASCALatestVersionSetFalse_Success(t *testing.T) {
configuration.LoadConfiguration()
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- _ = vorpalWrapper.ShutDown()
- _ = os.RemoveAll(vorpalconfig.Params.WorkingDir())
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ _ = ASCAWrapper.ShutDown()
+ _ = os.RemoveAll(ascaconfig.Params.WorkingDir())
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "data/python-vul-file.py",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -127,10 +127,10 @@ func TestExecuteVorpalScan_NoEngineInstalledAndVorpalLatestVersionSetFalse_Succe
asserts.NotNil(t, scanResult.ScanDetails)
}
-func TestExecuteVorpalScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testing.T) {
+func TestExecuteASCAScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "data/python-vul-file.py",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -145,10 +145,10 @@ func TestExecuteVorpalScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testin
asserts.NotNil(t, scanResult.ScanDetails)
}
-func TestExecuteVorpalScan_UnsupportedLanguage_Fail(t *testing.T) {
+func TestExecuteASCAScan_UnsupportedLanguage_Fail(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "data/positive1.tf",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
@@ -161,18 +161,18 @@ func TestExecuteVorpalScan_UnsupportedLanguage_Fail(t *testing.T) {
asserts.NotNil(t, scanResult.Error)
}
-func TestExecuteVorpalScan_InitializeAndRunUpdateVersion_Success(t *testing.T) {
+func TestExecuteASCAScan_InitializeAndRunUpdateVersion_Success(t *testing.T) {
configuration.LoadConfiguration()
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- _ = vorpalWrapper.ShutDown()
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ _ = ASCAWrapper.ShutDown()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "",
- flag(commonParams.VorpalLatestVersion),
+ flag(commonParams.ASCALatestVersion),
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
}
- vorpalWrapper = grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- healthCheckErr := vorpalWrapper.HealthCheck()
+ ASCAWrapper = grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ healthCheckErr := ASCAWrapper.HealthCheck()
asserts.NotNil(t, healthCheckErr)
err, bytes := executeCommand(t, args...)
assert.NilError(t, err, "Sending empty source file should not fail")
@@ -182,10 +182,10 @@ func TestExecuteVorpalScan_InitializeAndRunUpdateVersion_Success(t *testing.T) {
assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided)
}
-func TestExecuteVorpalScan_InitializeAndShutdown_Success(t *testing.T) {
+func TestExecuteASCAScan_InitializeAndShutdown_Success(t *testing.T) {
configuration.LoadConfiguration()
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "",
flag(commonParams.AgentFlag), commonParams.DefaultAgent,
flag(commonParams.DebugFlag),
@@ -197,24 +197,24 @@ func TestExecuteVorpalScan_InitializeAndShutdown_Success(t *testing.T) {
assert.NilError(t, err, "Failed to unmarshal scan result")
assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided)
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- if healthCheckErr := vorpalWrapper.HealthCheck(); healthCheckErr != nil {
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ if healthCheckErr := ASCAWrapper.HealthCheck(); healthCheckErr != nil {
assert.Assert(t, healthCheckErr == nil, "Health check failed with error: ", healthCheckErr)
}
- if shutdownErr := vorpalWrapper.ShutDown(); shutdownErr != nil {
+ if shutdownErr := ASCAWrapper.ShutDown(); shutdownErr != nil {
assert.Assert(t, shutdownErr == nil, "Shutdown failed with error: ", shutdownErr)
}
- err = vorpalWrapper.HealthCheck()
+ err = ASCAWrapper.HealthCheck()
asserts.NotNil(t, err)
}
-func TestExecuteVorpalScan_EngineNotRunningWithLicense_Success(t *testing.T) {
+func TestExecuteASCAScan_EngineNotRunningWithLicense_Success(t *testing.T) {
configuration.LoadConfiguration()
- vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey))
- _ = vorpalWrapper.ShutDown()
- _ = os.RemoveAll(vorpalconfig.Params.WorkingDir())
+ ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey))
+ _ = ASCAWrapper.ShutDown()
+ _ = os.RemoveAll(ascaconfig.Params.WorkingDir())
args := []string{
- "scan", "vorpal",
+ "scan", "asca",
flag(commonParams.SourcesFlag), "data/python-vul-file.py",
flag(commonParams.DebugFlag),
flag(commonParams.AgentFlag), "JetBrains",
diff --git a/test/integration/bfl_test.go b/test/integration/bfl_test.go
index b5ef0332a..05c0ca82b 100644
--- a/test/integration/bfl_test.go
+++ b/test/integration/bfl_test.go
@@ -20,7 +20,8 @@ func TestRunGetBflByScanIdAndQueryId(t *testing.T) {
t, "Getting BFL should pass.", "results", "bfl",
flag(params.ScanIDFlag), scanID,
flag(params.QueryIDFlag), queryID,
- flag(params.FormatFlag), "json")
+ flag(params.FormatFlag), "json",
+ "--debug")
bflResult := []wrappers.ScanResultNode{}
_ = unmarshall(t, outputBuffer, &bflResult, "Reading BFL results should pass")
diff --git a/test/integration/data/DevAndTestsVulnerabilitiesProject.zip b/test/integration/data/DevAndTestsVulnerabilitiesProject.zip
new file mode 100644
index 000000000..9720b5a90
Binary files /dev/null and b/test/integration/data/DevAndTestsVulnerabilitiesProject.zip differ
diff --git a/test/integration/project_test.go b/test/integration/project_test.go
index 6f16ba7dc..c6f3eef9a 100644
--- a/test/integration/project_test.go
+++ b/test/integration/project_test.go
@@ -84,7 +84,6 @@ func TestCreateAlreadyExistingProject(t *testing.T) {
assertRequiredParameter(t, "Project name is required", "project", "create")
_, projectName := getRootProject(t)
-
err, _ := executeCommand(
t, "project", "create", flag(params.FormatFlag),
printer.FormatJSON, flag(params.ProjectName), projectName,
@@ -157,6 +156,10 @@ func TestProjectBranches(t *testing.T) {
func createProject(t *testing.T, tags map[string]string, groups []string) (string, string) {
projectName := getProjectNameForTest() + "_for_project"
+ return createNewProject(t, tags, groups, projectName)
+}
+
+func createNewProject(t *testing.T, tags map[string]string, groups []string, projectName string) (string, string) {
tagsStr := formatTags(tags)
groupsStr := formatGroups(groups)
diff --git a/test/integration/result_test.go b/test/integration/result_test.go
index d9d2ff340..47f024009 100644
--- a/test/integration/result_test.go
+++ b/test/integration/result_test.go
@@ -24,6 +24,14 @@ const (
fileName = "result-test"
resultsDirectory = "output-results-folder/"
fileExtention = "report.json"
+
+ //----------------------------------------------------------------------------------------------------------------------
+ // This ScanIDWithDevAndTestDep is associated with the CXOne project: ASTCLI/HideDevAndTestsVulnerabilities/Test (DEU, Galactica tenant).
+ // All vulnerable packages in this project have been snoozed or muted, so no vulnerabilities should appear in this scan.
+ // If the test fails, verify the scan exists in this project. If it doesn't, create a new scan for the project using
+ // DevAndTestsVulnerabilitiesProject.zip, mute and snooze all packages, and update the scanID accordingly.
+ ScanIDWithDevAndTestDep = "28d29a61-bc5e-4f5a-9fdd-e18c5a10c05b"
+ //----------------------------------------------------------------------------------------------------------------------
)
func TestResultsExitCode_OnSendingFakeScanId_ShouldReturnNotFoundError(t *testing.T) {
@@ -542,3 +550,67 @@ func TestResultsGeneratingReportWithExcludeNotExploitableStateAndSeverityAndStat
assert.NilError(t, err, "Report file should exist: "+fileName+printer.FormatJSON)
assert.Assert(t, outputBuffer != nil, "Scan must complete successfully")
}
+
+func TestResultsShow_ScanIDWithSnoozedAndMutedAllVulnerabilities_NoVulnerabilitiesInScan(t *testing.T) {
+ reportFilePath := fmt.Sprintf("%s%s.%s", resultsDirectory, fileName, printer.FormatJSON)
+
+ _ = executeCmdNilAssertion(
+ t, "Results show generating JSON report with options should pass",
+ "results", "show",
+ flag(params.ScanIDFlag), ScanIDWithDevAndTestDep,
+ flag(params.TargetFormatFlag), printer.FormatJSON,
+ flag(params.TargetPathFlag), resultsDirectory,
+ flag(params.TargetFlag), fileName,
+ )
+
+ defer func() {
+ _ = os.RemoveAll(resultsDirectory)
+ }()
+
+ assertFileExists(t, reportFilePath)
+
+ var result wrappers.ScanResultsCollection
+ readAndUnmarshalFile(t, reportFilePath, &result)
+
+ for _, res := range result.Results {
+ assert.Equal(t, "NOT_EXPLOITABLE", res.State, "Should be marked as not exploitable")
+ }
+}
+
+func TestResultsShow_WithScaHideDevAndTestDependencies_NoVulnerabilitiesInScan(t *testing.T) {
+ reportFilePath := fmt.Sprintf("%s%s.%s", resultsDirectory, fileName, printer.FormatJSON)
+
+ _ = executeCmdNilAssertion(
+ t, "Results show generating JSON report with options should pass",
+ "results", "show",
+ flag(params.ScanIDFlag), ScanIDWithDevAndTestDep,
+ flag(params.TargetFormatFlag), printer.FormatJSON,
+ flag(params.TargetPathFlag), resultsDirectory,
+ flag(params.TargetFlag), fileName,
+ flag(params.ScaHideDevAndTestDepFlag),
+ )
+
+ defer func() {
+ _ = os.RemoveAll(resultsDirectory)
+ }()
+
+ assertFileExists(t, reportFilePath)
+
+ var result wrappers.ScanResultsCollection
+ readAndUnmarshalFile(t, reportFilePath, &result)
+
+ assert.Equal(t, len(result.Results), 0, "Should have no results")
+}
+
+func assertFileExists(t *testing.T, path string) {
+ _, err := os.Stat(path)
+ assert.NilError(t, err, "Report file should exist at path "+path)
+}
+
+func readAndUnmarshalFile(t *testing.T, path string, v interface{}) {
+ file, err := os.ReadFile(path)
+ assert.NilError(t, err, "Error reading file at path "+path)
+
+ err = json.Unmarshal(file, v)
+ assert.NilError(t, err, "Error unmarshalling JSON data")
+}
diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go
index 719d8b973..b01834551 100644
--- a/test/integration/scan_test.go
+++ b/test/integration/scan_test.go
@@ -13,13 +13,10 @@ import (
"os"
"path/filepath"
"runtime"
- "slices"
"strings"
"testing"
"time"
- "github.com/google/uuid"
-
"github.com/checkmarx/ast-cli/internal/commands"
realtime "github.com/checkmarx/ast-cli/internal/commands/scarealtime"
"github.com/checkmarx/ast-cli/internal/commands/scarealtime/scaconfig"
@@ -31,6 +28,7 @@ import (
"github.com/checkmarx/ast-cli/internal/services"
"github.com/checkmarx/ast-cli/internal/wrappers"
"github.com/checkmarx/ast-cli/internal/wrappers/configuration"
+ "github.com/checkmarx/ast-cli/internal/wrappers/utils"
"github.com/pkg/errors"
"github.com/spf13/viper"
asserts "github.com/stretchr/testify/assert"
@@ -48,13 +46,12 @@ const (
invalidEngineValue = "invalidEngine"
scanList = "list"
projectIDParams = "project-id="
- scsRepoURL = "https://github.com/CheckmarxDev/easybuggy"
+ scsRepoURL = "https://github.com/CheckmarxDev/easybuggy-scs-tests"
invalidClientID = "invalidClientID"
invalidClientSecret = "invalidClientSecret"
invalidAPIKey = "invalidAPI"
invalidTenant = "invalidTenant"
timeout = 10 * time.Minute
- ProjectNameFile = "projectName.txt"
)
var (
@@ -296,15 +293,16 @@ func TestScanCreateEmptyProjectName(t *testing.T) {
}
func TestScanCreate_ExistingApplicationAndExistingProject_CreateScanSuccessfully(t *testing.T) {
+ _, projectName := createNewProject(t, nil, nil, GenerateRandomProjectNameForScan())
args := []string{
"scan", "create",
flag(params.ApplicationName), "my-application",
- flag(params.ProjectName), getProjectNameForScanTests(),
+ flag(params.ProjectName), projectName,
flag(params.SourcesFlag), ".",
flag(params.ScanTypes), params.IacType,
flag(params.BranchFlag), "dummy_branch",
+ flag(params.DebugFlag),
}
-
err, _ := executeCommand(t, args...)
assert.NilError(t, err)
}
@@ -356,6 +354,7 @@ func TestScanCreate_ApplicationDoesntExist_FailScanWithError(t *testing.T) {
flag(params.SourcesFlag), ".",
flag(params.ScanTypes), params.IacType,
flag(params.BranchFlag), "dummy_branch",
+ flag(params.DebugFlag),
}
err, _ := executeCommand(t, args...)
@@ -492,9 +491,9 @@ func createScanWithFastScan(t *testing.T, source string, name string, tags map[s
func TestScansUpdateProjectGroups(t *testing.T) {
cleanupCxZipFiles(t)
- scanID, projectID := executeCreateScan(t, getCreateArgs(Zip, Tags, params.IacType))
+ scanID, projectID := executeCreateScan(t, getCreateArgs(Zip, Tags, params.IacType), "timeout")
response := listScanByID(t, scanID)
- scanID, projectID = executeCreateScan(t, getCreateArgsWithNameAndGroups(Zip, Tags, Groups, response[0].ProjectName, params.IacType))
+ scanID, projectID = executeCreateScan(t, getCreateArgsWithNameAndGroups(Zip, Tags, Groups, response[0].ProjectName, params.IacType), "timeout")
executeScanAssertions(t, projectID, scanID, Tags)
glob, err := filepath.Glob(filepath.Join(os.TempDir(), "cx*.zip"))
@@ -871,7 +870,7 @@ func executeScanAssertions(t *testing.T, projectID, scanID string, tags map[stri
func createScan(t *testing.T, source string, tags map[string]string) (string, string) {
if isFFEnabled(t, wrappers.ContainerEngineCLIEnabled) {
- return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security, container-security, scs"))
+ return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security, container-security, scs"))
} else {
return executeCreateScan(t, getCreateArgs(source, tags, "sast , sca , iac-security , api-security, scs"))
}
@@ -939,6 +938,7 @@ func getCreateArgsWithNameAndGroups(source string, tags map[string]string, group
flag(params.TagList), formatTags(tags),
flag(params.BranchFlag), SlowRepoBranch,
flag(params.ProjectGroupList), formatGroups(groups),
+ flag(params.DebugFlag),
}
if strings.Contains(scanTypes, "scs") {
@@ -948,8 +948,13 @@ func getCreateArgsWithNameAndGroups(source string, tags map[string]string, group
return args
}
-func executeCreateScan(t *testing.T, args []string) (string, string) {
- buffer := executeScanGetBuffer(t, args)
+func executeCreateScan(t *testing.T, args []string, prop ...string) (string, string) {
+ var buffer *bytes.Buffer
+ if (prop != nil && len(prop) > 0) && prop[0] == "timeout" {
+ buffer = executeScanGetBufferWithSpecificTimeout(t, args, 12*time.Minute)
+ } else {
+ buffer = executeScanGetBuffer(t, args)
+ }
createdScan := wrappers.ScanResponseModel{}
_ = unmarshall(t, buffer, &createdScan, "Reading scan response JSON should pass")
@@ -966,6 +971,10 @@ func executeScanGetBuffer(t *testing.T, args []string) *bytes.Buffer {
return executeCmdWithTimeOutNilAssertion(t, "Creating a scan should pass", timeout, args...)
}
+func executeScanGetBufferWithSpecificTimeout(t *testing.T, args []string, timeOut time.Duration) *bytes.Buffer {
+ return executeCmdWithTimeOutNilAssertion(t, "Creating a scan should pass", timeOut, args...)
+}
+
func deleteScan(t *testing.T, scanID string) {
log.Println("Deleting the scan with id ", scanID)
executeCmdNilAssertion(t, "Deleting a scan should pass", "scan", "delete", flag(params.ScanIDFlag), scanID)
@@ -1692,7 +1701,6 @@ func TestScanWithPolicy(t *testing.T) {
flag(params.ScanTypes), params.IacType,
flag(params.BranchFlag), "main",
flag(params.TargetFormatFlag), "markdown,summaryConsole,summaryHTML"}
-
err, _ := executeCommand(t, args...)
assert.NilError(t, err)
}
@@ -1720,12 +1728,23 @@ func TestCreateScan_WithTypeScs_Success(t *testing.T) {
flag(params.BranchFlag), "main",
flag(params.SCSRepoURLFlag), scsRepoURL,
flag(params.SCSRepoTokenFlag), scsRepoToken,
+ flag(params.TargetFormatFlag), strings.Join(
+ []string{
+ printer.FormatJSON,
+ printer.FormatSarif,
+ printer.FormatSonar,
+ printer.FormatSummaryConsole,
+ printer.FormatSummaryJSON,
+ printer.FormatPDF,
+ printer.FormatSummaryMarkdown,
+ }, ",",
+ ),
}
executeCmdWithTimeOutNilAssertion(t, "SCS scan must complete successfully", 4*time.Minute, args...)
}
-func TestCreateScan_WithNoScanTypesFlag_SuccessAndScsNotScanned(t *testing.T) {
+func TestCreateScan_WithNoScanTypesAndScsFlagsNotPresent_SuccessAndScsScanned(t *testing.T) {
_, projectName := getRootProject(t)
args := []string{
@@ -1733,11 +1752,10 @@ func TestCreateScan_WithNoScanTypesFlag_SuccessAndScsNotScanned(t *testing.T) {
flag(params.ProjectName), projectName,
flag(params.SourcesFlag), Zip,
flag(params.BranchFlag), "main",
- flag(params.SCSRepoTokenFlag), scsRepoToken,
}
- output := executeCmdWithTimeOutNilAssertion(t, "Scan must complete successfully if no scan-types specified, even if missing scs-repo flags", timeout, args...)
- assert.Assert(t, !strings.Contains(output.String(), params.ScsType), "Scs scan must not run if all required flags are not provided")
+ output := executeCmdWithTimeOutNilAssertion(t, "Scan must complete successfully if no scan-types specified and with missing scs-repo flags", timeout, args...)
+ assert.Assert(t, strings.Contains(output.String(), params.ScsType), "SCS scan should run")
}
func TestCreateScan_WithNoScanTypesFlagButScsFlagsPresent_SuccessAndScsScanned(t *testing.T) {
@@ -1871,14 +1889,16 @@ func addSCSDefaultFlagsToArgs(args *[]string) {
func TestCreateScanAndValidateCheckmarxDomains(t *testing.T) {
wrappers.Domains = make(map[string]struct{})
_, _ = executeCreateScan(t, getCreateArgsWithGroups(Zip, Tags, Groups, "iac-security"))
- usedDomainsInTests := []string{"deu.iam.checkmarx.net", "deu.ast.checkmarx.net"}
- validateCheckmarxDomains(t, usedDomainsInTests)
+ baseUrl, _ := wrappers.GetURL("", "")
+ authUri, _ := wrappers.GetAuthURI()
+ usedDomainsFromConfig := []string{baseUrl, authUri}
+ validateCheckmarxDomains(t, usedDomainsFromConfig)
}
func validateCheckmarxDomains(t *testing.T, usedDomainsInTests []string) {
usedDomains := wrappers.Domains
for domain, _ := range usedDomains {
- assert.Assert(t, slices.Contains(usedDomainsInTests, domain), "Domain "+domain+" not found in used domains")
+ assert.Assert(t, utils.Contains(usedDomainsInTests, domain), "Domain "+domain+" not found in used domains")
}
}
@@ -1935,26 +1955,7 @@ func TestCreateAsyncScan_CallExportServiceBeforeScanFinishWithRetry_Success(t *t
flag(params.ScanInfoFormatFlag), printer.FormatJSON,
}
scanID, _ := executeCreateScan(t, args)
- exportRes, err := services.GetExportPackage(wrappers.NewExportHTTPWrapper("api/sca/export"), scanID)
+ exportRes, err := services.GetExportPackage(wrappers.NewExportHTTPWrapper("api/sca/export"), scanID, false)
asserts.Nil(t, err)
assert.Assert(t, exportRes != nil, "Export response should not be nil")
}
-
-func GenerateRandomProjectNameForScan() string {
- projectName := fmt.Sprintf("ast-cli-scan-%s", uuid.New().String())
- _ = WriteProjectNameToFile(projectName)
- return projectName
-}
-
-func WriteProjectNameToFile(projectName string) error {
- f, err := os.OpenFile(ProjectNameFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
- if err != nil {
- return err
- }
- defer f.Close()
-
- if _, err := f.WriteString(projectName + "\n"); err != nil {
- return err
- }
- return nil
-}
diff --git a/test/integration/util.go b/test/integration/util.go
index bdb969654..581c831d2 100644
--- a/test/integration/util.go
+++ b/test/integration/util.go
@@ -4,6 +4,7 @@ package integration
import (
"fmt"
+ "os"
"strings"
"testing"
@@ -14,6 +15,10 @@ import (
var projectNameRandom = uuid.New().String()
+const (
+ ProjectNameFile = "projectName.txt"
+)
+
func formatTags(tags map[string]string) string {
var tagsStr string
for key := range tags {
@@ -58,6 +63,25 @@ func getProjectNameForTest() string {
return fmt.Sprintf("ast-cli-tests_%s", projectNameRandom)
}
+func GenerateRandomProjectNameForScan() string {
+ projectName := fmt.Sprintf("ast-cli-scan-%s", uuid.New().String())
+ _ = WriteProjectNameToFile(projectName)
+ return projectName
+}
+
+func WriteProjectNameToFile(projectName string) error {
+ f, err := os.OpenFile(ProjectNameFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+
+ if _, err := f.WriteString(projectName + "\n"); err != nil {
+ return err
+ }
+ return nil
+}
+
func getScsRepoToken() string {
_ = viper.BindEnv("PERSONAL_ACCESS_TOKEN")
return viper.GetString("PERSONAL_ACCESS_TOKEN")