Merge pull request #906 from Checkmarx/bug/Triggering-scan-without-En…

…gines-flags-does-not-trigger-Secret-Detection-by-default Fix triggering scan without engines flags does not trigger secret detection by default (AST-69529)
Checkmarx · Oct 14, 2024 · 7911e3f · 7911e3f
2 parents 115d173 + 10c53f9
commit 7911e3f
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 18 deletions.
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -106,6 +106,8 @@ const (
 	ScsSecretDetectionType      = "secret-detection"
 	ScsRepoRequiredMsg          = "SCS scan failed to start: Scorecard scan is missing required flags, please include in the ast-cli arguments: " +
 		"--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
+	ScsRepoWarningMsg = "SCS scan warning: Unable to start Scorecard scan due to missing required flags, please include in the ast-cli arguments: " +
+		"--scs-repo-url your_repo_url --scs-repo-token your_repo_token"
 )
 
 var (
@@ -1007,37 +1009,46 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, hasEnterpr
 			SCSMapConfig[resultsMapValue] = &scsConfig
 			return SCSMapConfig, nil
 		}
+
+		scsSecretDetectionSelected := false
+		scsScoreCardSelected := false
+
 		if SCSEngines != "" {
 			SCSEnginesTypes := strings.Split(SCSEngines, ",")
 			for _, engineType := range SCSEnginesTypes {
 				engineType = strings.TrimSpace(engineType)
 				switch engineType {
 				case ScsSecretDetectionType:
-					if hasEnterpriseSecretsLicense {
-						scsConfig.Twoms = trueString
-					}
+					scsSecretDetectionSelected = true
 				case ScsScoreCardType:
-					scsConfig.Scorecard = trueString
+					scsScoreCardSelected = true
 				}
 			}
 		} else {
-			scsConfig.Scorecard = trueString
-			if hasEnterpriseSecretsLicense {
-				scsConfig.Twoms = trueString
-			}
+			scsSecretDetectionSelected = true
+			scsScoreCardSelected = true
 		}
-		if scsConfig.Scorecard == trueString {
+
+		if scsSecretDetectionSelected && hasEnterpriseSecretsLicense {
+			scsConfig.Twoms = trueString
+		}
+		if scsScoreCardSelected {
 			if scsRepoToken != "" && scsRepoURL != "" {
+				scsConfig.Scorecard = trueString
 				scsConfig.RepoToken = scsRepoToken
 				scsConfig.RepoURL = strings.ToLower(scsRepoURL)
 			} else {
 				if userScanTypes == "" {
-					fmt.Println(ScsRepoRequiredMsg)
-					return nil, nil
+					fmt.Println(ScsRepoWarningMsg)
+				} else {
+					return nil, errors.Errorf(ScsRepoRequiredMsg)
 				}
-				return nil, errors.Errorf(ScsRepoRequiredMsg)
 			}
 		}
+		if scsConfig.Scorecard != trueString && scsConfig.Twoms != trueString {
+			return nil, nil
+		}
+
 		SCSMapConfig[resultsMapValue] = &scsConfig
 		return SCSMapConfig, nil
 	}

diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -931,13 +931,20 @@ func TestCreateScan_WithoutSCSSecretDetection_scsMapNoSecretDetection(t *testing
 		Long:  `Scan a project`,
 	}
 	cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag")
+	cmdCommand.PersistentFlags().String(commonParams.SCSRepoTokenFlag, "", "GitHub token to be used with SCS engines")
+	cmdCommand.PersistentFlags().String(commonParams.SCSRepoURLFlag, "", "GitHub url to be used with SCS engines")
 	_ = cmdCommand.Execute()
-	_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection")
+	_ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection,scorecard")
+	_ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken)
+	_ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyRepo)
 
 	result, _ := addSCSScan(cmdCommand, resubmitConfig, false)
 
 	scsConfig := wrappers.SCSConfig{
-		Twoms: "",
+		Twoms:     "",
+		Scorecard: "true",
+		RepoURL:   dummyRepo,
+		RepoToken: dummyToken,
 	}
 	scsMapConfig := make(map[string]interface{})
 	scsMapConfig[resultsMapType] = commonParams.MicroEnginesType

diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go
@@ -1744,19 +1744,18 @@ func TestCreateScan_WithTypeScs_Success(t *testing.T) {
 	executeCmdWithTimeOutNilAssertion(t, "SCS scan must complete successfully", 4*time.Minute, args...)
 }
 
-func TestCreateScan_WithNoScanTypesFlag_SuccessAndScsNotScanned(t *testing.T) {
+func TestCreateScan_WithNoScanTypesAndScsFlagsNotPresent_SuccessAndScsScanned(t *testing.T) {
 	_, projectName := getRootProject(t)
 
 	args := []string{
 		"scan", "create",
 		flag(params.ProjectName), projectName,
 		flag(params.SourcesFlag), Zip,
 		flag(params.BranchFlag), "main",
-		flag(params.SCSRepoTokenFlag), scsRepoToken,
 	}
 
-	output := executeCmdWithTimeOutNilAssertion(t, "Scan must complete successfully if no scan-types specified, even if missing scs-repo flags", timeout, args...)
-	assert.Assert(t, !strings.Contains(output.String(), params.ScsType), "Scs scan must not run if all required flags are not provided")
+	output := executeCmdWithTimeOutNilAssertion(t, "Scan must complete successfully if no scan-types specified and with missing scs-repo flags", timeout, args...)
+	assert.Assert(t, strings.Contains(output.String(), params.ScsType), "SCS scan should run")
 }
 
 func TestCreateScan_WithNoScanTypesFlagButScsFlagsPresent_SuccessAndScsScanned(t *testing.T) {