improving sca exploitable path validations

Checkmarx · Oct 9, 2023 · ff980f0 · ff980f0
1 parent 6790ba2
commit ff980f0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -2419,15 +2419,18 @@ func validateCreateScanFlags(cmd *cobra.Command) error {
 	exploitablePath, _ := cmd.Flags().GetString(commonParams.ExploitablePathFlag)
 	lastSastScanTime, _ := cmd.Flags().GetString(commonParams.LastSastScanTime)
 	exploitablePath = strings.ToLower(exploitablePath)
-	if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) &&
-		(exploitablePath != "" || lastSastScanTime != "") {
+	if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && strings.EqualFold(exploitablePath, trueString) {
 		return errors.Errorf("Please to use either --sca-exploitable-path or --sca-last-sast-scan-time flags in SCA, " +
 			"you must enable SAST scan type.")
 	}
 	err := validateBooleanString(exploitablePath)
 	if err != nil {
 		return errors.Errorf("Invalid value for --sca-exploitable-path flag. The value must be true or false.")
 	}
+	if lastSastScanTime != "" && !strings.EqualFold(exploitablePath, trueString) {
+		return errors.Errorf("Please to use --sca-last-sast-scan-time flag in SCA, " +
+			"you must set --exploitable-path flag to true.")
+	}
 
 	if lastSastScanTime != "" {
 		lsst, sastErr := strconv.Atoi(lastSastScanTime)

diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -443,11 +443,17 @@ func TestCreateScanProjecGroupsError(t *testing.T) {
 	assert.Error(t, err, "Failed updating a project: Failed finding groups: [err]", err.Error())
 }
 func TestScanCreateLastSastScanTimeWithInvalidValue(t *testing.T) {
-	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-last-sast-scan-time", "notaniteger"}
+	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "true", "--sca-last-sast-scan-time", "notaniteger"}
 	err := execCmdNotNilAssertion(t, baseArgs...)
 	assert.ErrorContains(t, err, "Invalid value for --sca-last-sast-scan-time flag", err.Error())
 }
 
+func TestScanCreateLastSastScanTimeWithoutExploitablePathEnabled(t *testing.T) {
+	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "false", "--sca-last-sast-scan-time", "notaniteger"}
+	err := execCmdNotNilAssertion(t, baseArgs...)
+	assert.ErrorContains(t, err, "Please to use --sca-last-sast-scan-time flag in SCA, you must set --exploitable-path flag to true", err.Error())
+}
+
 func TestScanCreateExploitablePathWithWrongValue(t *testing.T) {
 	baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "nottrueorfalse"}
 	err := execCmdNotNilAssertion(t, baseArgs...)