Revert "Feature/ast 37694 test critical severity (#696)"

This reverts commit 9aab42e.
Checkmarx · May 17, 2024 · 9815a8e · 9815a8e
1 parent 9aab42e
commit 9815a8e
Show file tree

Hide file tree

Showing 98 changed files with 522 additions and 2,382 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
 
 env:
-  GO_VERSION: '1.21.8'
+  GO_VERSION: '1.21.5'
 
 jobs:
   unit-tests:
@@ -68,10 +68,10 @@ jobs:
           PR_GITHUB_REPO_NAME: "ast-cli"
           PR_GITHUB_NUMBER: 418
           PR_GITLAB_TOKEN : ${{ secrets.PR_GITLAB_TOKEN }}
-          PR_GITLAB_NAMESPACE: ${{ secrets.PR_GITLAB_NAMESPACE }}
-          PR_GITLAB_REPO_NAME: ${{ secrets.PR_GITLAB_REPO_NAME }}
-          PR_GITLAB_PROJECT_ID: ${{ secrets.PR_GITLAB_PROJECT_ID }}
-          PR_GITLAB_IID: ${{ secrets.PR_GITLAB_IID }}
+          PR_GITLAB_NAMESPACE: "tiagobcx"
+          PR_GITLAB_REPO_NAME: "testProject"
+          PR_GITLAB_PROJECT_ID: 40227565
+          PR_GITLAB_IID: 19
           AZURE_ORG: ${{ secrets.AZURE_ORG }}
           AZURE_PROJECT: ${{ secrets.AZURE_PROJECT }}
           AZURE_REPOS: ${{ secrets.AZURE_REPOS }}
@@ -116,7 +116,7 @@ jobs:
           go-version: ${{ env.GO_VERSION }}
       - run: go version
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc #v3
+        uses: golangci/golangci-lint-action@v3
         with:
           skip-pkg-cache: true
           version: v1.54.2
@@ -127,7 +127,7 @@ jobs:
     name: govulncheck
     steps:
       - id: govulncheck
-        uses: golang/govulncheck-action@7da72f730e37eeaad891fcff0a532d27ed737cd4 #v1
+        uses: golang/govulncheck-action@v1
         with:
           go-version-input: ${{ env.GO_VERSION }}
           go-package: ./...
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@bfac3fa29cc6834ca2e3fd659343da191a65d971 # v1.3.1
+        uses: dependabot/[email protected]
         with:
           github-token: "${{ secrets.GH_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
@@ -20,6 +20,6 @@ jobs:
           GITHUB_TOKEN: ${{secrets.GH_TOKEN}}
         run: gh pr merge --auto --merge "$PR_URL"
       - name: Auto approve dependabot PRs
-        uses: hmarr/auto-approve-action@7782c7e2bdf62b4d79bdcded8332808fd2f179cd #v2
+        uses: hmarr/auto-approve-action@v2
         with:
           github-token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
diff --git a/.github/workflows/jira_notify.yml b/.github/workflows/jira_notify.yml
@@ -27,15 +27,15 @@ jobs:
       JIRA_URL: "https://checkmarx.atlassian.net/"
     steps:
       - name: Jira Login
-        uses: atlassian/gajira-login@ca13f8850ea309cf44a6e4e0c49d9aa48ac3ca4c #v3
+        uses: atlassian/gajira-login@v3
         env:
           JIRA_BASE_URL: ${{ env.JIRA_URL }}
           JIRA_USER_EMAIL: ${{ secrets.AST_JIRA_USER_EMAIL }}
           JIRA_API_TOKEN: ${{ secrets.AST_JIRA_API_TOKEN }}
 
       - name: Jira Create issue
         id: create_jira_issue
-        uses: atlassian/gajira-create@1ff0b6bd115a780592b47bfbb63fc4629132e6ec #v3
+        uses: atlassian/gajira-create@v3
         with:
           project: AST
           issuetype: Task
@@ -55,7 +55,7 @@ jobs:
             })
 
       - name: Send a teams notification
-        uses: thechetantalwar/teams-notify@8a78811f5e8f58cdd204efebd79158006428c46b #v2
+        uses: thechetantalwar/teams-notify@v2
         with:
           teams_webhook_url: ${{ secrets.TEAMS_WEBHOOK_URI }}
           message: "Github issue created ${{ github.repository }} - Link - ${{inputs.html_url}} - Jira Issue - ${{ env.JIRA_URL }}/browse/${{ steps.create_jira_issue.outputs.issue }}"
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Delete release
-        uses: dev-drprasad/delete-tag-and-release@5eafd8668311bf3e4d6c1e9898f32a317103de68 #v0.2.1
+        uses: dev-drprasad/[email protected]
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/pr-label.yml b/.github/workflows/pr-label.yml
@@ -12,7 +12,7 @@ jobs:
       pull-requests: write  # for TimonVS/pr-labeler-action to add labels in PR
     runs-on: ubuntu-latest
     steps:
-      - uses: TimonVS/pr-labeler-action@8447391d87bc7648ce6bf97159c17b642576afb0 #v3
+      - uses: TimonVS/pr-labeler-action@v3
         with:
           configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
         env:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -45,7 +45,7 @@ jobs:
         with:
           go-version: '^1.21.5'
       - name: Import Code-Signing Certificates
-        uses: Apple-Actions/import-codesign-certs@253ddeeac23f2bdad1646faac5c8c2832e800071 #v1
+        uses: Apple-Actions/import-codesign-certs@v1
         with:
           # The certificates in a PKCS12 file encoded as a base64 string
           p12-file-base64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
@@ -61,7 +61,8 @@ jobs:
           brew --version
       - name: Install gon
         run: |
-          brew install Bearer/tap/gon
+          brew tap mitchellh/gon
+          brew install mitchellh/gon/gon
       - name: Install and start docker
         if: inputs.dev == false
         run: |
@@ -75,12 +76,12 @@ jobs:
           docker info
       - name: Login to Docker Hub
         if: inputs.dev == false
-        uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 #v1
+        uses: docker/login-action@v1
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2
+        uses: aws-actions/configure-aws-credentials@v2
         with:
           role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
           aws-region: ${{ secrets.AWS_ASSUME_ROLE_REGION }}
@@ -104,7 +105,7 @@ jobs:
       - name: Echo GoReleaser Args
         run: echo ${{ env.GR_ARGS }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@b508e2e3ef3b19d4e4146d4f8fb3ba9db644a757 #v3
+        uses: goreleaser/goreleaser-action@v3
         with:
           version: v1.18.2
           args: ${{ env.GR_ARGS }}
@@ -130,7 +131,7 @@ jobs:
 
       - name: Converts Markdown to HTML
         id: convert
-        uses: lifepal/markdown-to-html@71ed74a56602597c05dd7dd0e561631557158ed5 #v1.1
+        uses: lifepal/[email protected]
         with:
           text: "${{ steps.release.outputs.body_release }}"
 
@@ -143,7 +144,7 @@ jobs:
 
       - name: Send a Notification
         id: notify
-        uses: thechetantalwar/teams-notify@8a78811f5e8f58cdd204efebd79158006428c46b #v2
+        uses: thechetantalwar/teams-notify@v2
         with:
           teams_webhook_url: ${{ secrets.TEAMS_WEBHOOK_URI }}
           message: "${{ steps.clean.outputs.clean }}"
diff --git a/.golangci.yml b/.golangci.yml
@@ -60,7 +60,7 @@ linters-settings:
   misspell:
     locale: US
 linters:
-  # please, do not use `enable-all`: it's deprecated and will be removed soon. 
+  # please, do not use `enable-all`: it's deprecated and will be removed soon.
   # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
   disable-all: true
   enable:

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-FROM alpine:3.19.1
+FROM alpine:3.19.0
 
-RUN apk add bash
+RUN apk add --no-cache bash
 RUN adduser --system --disabled-password cxuser
 USER cxuser
 

diff --git a/cmd/main.go b/cmd/main.go
@@ -32,7 +32,6 @@ func main() {
 	groups := viper.GetString(params.GroupsPathKey)
 	logs := viper.GetString(params.LogsPathKey)
 	projects := viper.GetString(params.ProjectsPathKey)
-	applications := viper.GetString(params.ApplicationsPathKey)
 	results := viper.GetString(params.ResultsPathKey)
 	scanSummary := viper.GetString(params.ScanSummaryPathKey)
 	scaPackage := viper.GetString(params.ScaPackagePathKey)
@@ -50,7 +49,6 @@ func main() {
 	featureFlagsPath := viper.GetString(params.FeatureFlagsKey)
 	policyEvaluationPath := viper.GetString(params.PolicyEvaluationPathKey)
 	sastMetadataPath := viper.GetString(params.SastMetadataPathKey)
-	accessManagementPath := viper.GetString(params.AccessManagementPathKey)
 
 	scansWrapper := wrappers.NewHTTPScansWrapper(scans)
 	resultsPdfReportsWrapper := wrappers.NewResultsPdfReportsHTTPWrapper(resultsPdfPath)
@@ -59,7 +57,6 @@ func main() {
 	logsWrapper := wrappers.NewLogsWrapper(logs)
 	uploadsWrapper := wrappers.NewUploadsHTTPWrapper(uploads)
 	projectsWrapper := wrappers.NewHTTPProjectsWrapper(projects)
-	applicationsWrapper := wrappers.NewApplicationsHTTPWrapper(applications)
 	risksOverviewWrapper := wrappers.NewHTTPRisksOverviewWrapper(risksOverview)
 	resultsWrapper := wrappers.NewHTTPResultsWrapper(results, scaPackage, scanSummary)
 	authWrapper := wrappers.NewAuthHTTPWrapper()
@@ -80,10 +77,8 @@ func main() {
 	featureFlagsWrapper := wrappers.NewFeatureFlagsHTTPWrapper(featureFlagsPath)
 	policyWrapper := wrappers.NewHTTPPolicyWrapper(policyEvaluationPath)
 	sastMetadataWrapper := wrappers.NewSastIncrementalHTTPWrapper(sastMetadataPath)
-	accessManagementWrapper := wrappers.NewAccessManagementHTTPWrapper(accessManagementPath)
 
 	astCli := commands.NewAstCLI(
-		applicationsWrapper,
 		scansWrapper,
 		resultsSbomReportsWrapper,
 		resultsPdfReportsWrapper,
@@ -111,7 +106,6 @@ func main() {
 		featureFlagsWrapper,
 		policyWrapper,
 		sastMetadataWrapper,
-		accessManagementWrapper,
 	)
 	exitListener()
 	err = astCli.Execute()

diff --git a/go.mod b/go.mod
@@ -1,21 +1,21 @@
 module github.com/checkmarx/ast-cli
 
-go 1.21.8
+go 1.21.5
 
 require (
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/checkmarxDev/gpt-wrapper v0.0.0-20230721160222-85da2fd1cc4c
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
-	github.com/google/uuid v1.6.0
+	github.com/google/uuid v1.5.0
 	github.com/gookit/color v1.5.4
 	github.com/mssola/user_agent v0.6.0
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.8.0
 	github.com/spf13/viper v1.18.2
 	github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
-	golang.org/x/crypto v0.21.0
+	golang.org/x/crypto v0.18.0
 	golang.org/x/text v0.14.0
 	gotest.tools v2.2.0+incompatible
 )
@@ -39,8 +39,7 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/sys v0.18.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-
-)
+)
diff --git a/go.sum b/go.sum
@@ -19,8 +19,8 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
+github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
 github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
@@ -83,20 +83,10 @@ go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
-golang.org/x/crypto v0.20.0 h1:jmAMJJZXr5KiCw05dfYK9QnqaqKLYXijU23lsEdcQqg=
-golang.org/x/crypto v0.20.0/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
-golang.org/x/crypto v0.20.1-0.20240228204720-0d2316b26734 h1:HutZC8sRIg57ztz3rVaQYl4yxgM+UF0Jal0kAWUSeFU=
-golang.org/x/crypto v0.20.1-0.20240228204720-0d2316b26734/go.mod h1:Xwo95rrVNIoSMx9wa1JroENMToLWn3RNVrTBpLHgZPQ=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

diff --git a/gon b/gon
diff --git a/gonMac.hcl b/gonMac.hcl
@@ -4,7 +4,7 @@ bundle_id = "com.checkmarx.cli"
 
 apple_id {
   username = "[email protected]"
-  provider = "Z68SAQG5BR"
+  password = "@env:AC_PASSWORD"
 }
 
 sign {

diff --git a/internal/commands/.scripts/integration_down.sh b/internal/commands/.scripts/integration_down.sh
diff --git a/internal/commands/.scripts/integration_up.sh b/internal/commands/.scripts/integration_up.sh
@@ -13,7 +13,7 @@ rm -rf ScaResolver-linux64.tar.gz
 go test \
   -tags integration \
   -v \
-  -timeout 90m \
+  -timeout 60m \
   -coverpkg github.com/checkmarx/ast-cli/internal/commands,github.com/checkmarx/ast-cli/internal/wrappers \
   -coverprofile cover.out \
   github.com/checkmarx/ast-cli/test/integration

diff --git a/internal/commands/chat-kics.go b/internal/commands/chat-kics.go
@@ -48,11 +48,10 @@ type OutputModel struct {
 
 func ChatKicsSubCommand(chatWrapper wrappers.ChatWrapper) *cobra.Command {
 	chatKicsCmd := &cobra.Command{
-		Use:    "kics",
-		Short:  "Chat about KICS result with OpenAI models",
-		Long:   "Chat about KICS result with OpenAI models",
-		Hidden: true,
-		RunE:   runChatKics(chatWrapper),
+		Use:   "kics",
+		Short: "Chat about KICS result with OpenAI models",
+		Long:  "Chat about KICS result with OpenAI models",
+		RunE:  runChatKics(chatWrapper),
 	}
 
 	chatKicsCmd.Flags().String(params.ChatAPIKey, "", "OpenAI API key")