From ff980f0f788eed0864ed5837603c3be152ce19c4 Mon Sep 17 00:00:00 2001 From: igorlombacx Date: Mon, 9 Oct 2023 09:46:46 +0100 Subject: [PATCH] improving sca exploitable path validations --- internal/commands/scan.go | 7 +++++-- internal/commands/scan_test.go | 8 +++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 2f46df28a..7446e4fa0 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -2419,8 +2419,7 @@ func validateCreateScanFlags(cmd *cobra.Command) error { exploitablePath, _ := cmd.Flags().GetString(commonParams.ExploitablePathFlag) lastSastScanTime, _ := cmd.Flags().GetString(commonParams.LastSastScanTime) exploitablePath = strings.ToLower(exploitablePath) - if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && - (exploitablePath != "" || lastSastScanTime != "") { + if !strings.Contains(strings.ToLower(actualScanTypes), commonParams.SastType) && strings.EqualFold(exploitablePath, trueString) { return errors.Errorf("Please to use either --sca-exploitable-path or --sca-last-sast-scan-time flags in SCA, " + "you must enable SAST scan type.") } @@ -2428,6 +2427,10 @@ func validateCreateScanFlags(cmd *cobra.Command) error { if err != nil { return errors.Errorf("Invalid value for --sca-exploitable-path flag. The value must be true or false.") } + if lastSastScanTime != "" && !strings.EqualFold(exploitablePath, trueString) { + return errors.Errorf("Please to use --sca-last-sast-scan-time flag in SCA, " + + "you must set --exploitable-path flag to true.") + } if lastSastScanTime != "" { lsst, sastErr := strconv.Atoi(lastSastScanTime) diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go index d2af1f8b5..628ef03b1 100644 --- a/internal/commands/scan_test.go +++ b/internal/commands/scan_test.go @@ -443,11 +443,17 @@ func TestCreateScanProjecGroupsError(t *testing.T) { assert.Error(t, err, "Failed updating a project: Failed finding groups: [err]", err.Error()) } func TestScanCreateLastSastScanTimeWithInvalidValue(t *testing.T) { - baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-last-sast-scan-time", "notaniteger"} + baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "true", "--sca-last-sast-scan-time", "notaniteger"} err := execCmdNotNilAssertion(t, baseArgs...) assert.ErrorContains(t, err, "Invalid value for --sca-last-sast-scan-time flag", err.Error()) } +func TestScanCreateLastSastScanTimeWithoutExploitablePathEnabled(t *testing.T) { + baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "false", "--sca-last-sast-scan-time", "notaniteger"} + err := execCmdNotNilAssertion(t, baseArgs...) + assert.ErrorContains(t, err, "Please to use --sca-last-sast-scan-time flag in SCA, you must set --exploitable-path flag to true", err.Error()) +} + func TestScanCreateExploitablePathWithWrongValue(t *testing.T) { baseArgs := []string{"scan", "create", "--project-name", "MOCK", "-s", dummyRepo, "-b", "dummy_branch", "--sca-exploitable-path", "nottrueorfalse"} err := execCmdNotNilAssertion(t, baseArgs...)