From b09e5468a1e8ad0c8c9c7f8f5f0f10ebee1ffb0d Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Thu, 28 Nov 2024 13:00:38 +0200 Subject: [PATCH 01/10] Change IsAllowedEngine func to return true when packageEnforcementEnabled is set to false because that means that user has license for everything --- internal/wrappers/jwt-helper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 39d8bc301..7fea00555 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -79,7 +79,7 @@ func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlag } } } - return false, nil + return true, nil } func prepareEngines(engines []string) map[string]bool { From e568818e1c211def8f5206f64064cd75359efa3f Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Thu, 28 Nov 2024 15:09:35 +0200 Subject: [PATCH 02/10] remove unneeded feature flag call to package enforcement enabled --- internal/services/asca.go | 2 +- internal/wrappers/jwt-helper.go | 23 ++++++++++------------- internal/wrappers/mock/jwt-helper-mock.go | 2 +- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/internal/services/asca.go b/internal/services/asca.go index 029fcd610..6b59432a6 100644 --- a/internal/services/asca.go +++ b/internal/services/asca.go @@ -165,7 +165,7 @@ func ensureASCAServiceRunning(wrappersParam AscaWrappersParam, ascaParams AscaSc func checkLicense(isDefaultAgent bool, wrapperParams AscaWrappersParam) error { if !isDefaultAgent { - allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType, wrapperParams.FeatureFlagsWrapper) + allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType) if err != nil { return err } diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 7fea00555..c8ce72dc4 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -33,7 +33,7 @@ var defaultEngines = map[string]bool{ type JWTWrapper interface { GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (allowedEngines map[string]bool, err error) - IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) + IsAllowedEngine(engine string) (bool, error) ExtractTenantFromToken() (tenant string, err error) } @@ -65,21 +65,18 @@ func getJwtStruct() (*JWTStruct, error) { } // IsAllowedEngine will return if the engine is allowed in the user license -func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) { - flagResponse, _ := GetSpecificFeatureFlag(featureFlagsWrapper, PackageEnforcementEnabled) - if flagResponse.Status { - jwtStruct, err := getJwtStruct() - if err != nil { - return false, err - } +func (*JWTStruct) IsAllowedEngine(engine string) (bool, error) { + jwtStruct, err := getJwtStruct() + if err != nil { + return false, err + } - for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { - if strings.EqualFold(allowedEngine, engine) { - return true, nil - } + for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { + if strings.EqualFold(allowedEngine, engine) { + return true, nil } } - return true, nil + return false, nil } func prepareEngines(engines []string) map[string]bool { diff --git a/internal/wrappers/mock/jwt-helper-mock.go b/internal/wrappers/mock/jwt-helper-mock.go index 4f5a89cf7..3b2e4b923 100644 --- a/internal/wrappers/mock/jwt-helper-mock.go +++ b/internal/wrappers/mock/jwt-helper-mock.go @@ -27,7 +27,7 @@ func (*JWTMockWrapper) ExtractTenantFromToken() (tenant string, err error) { } // IsAllowedEngine mock for tests -func (j *JWTMockWrapper) IsAllowedEngine(engine string, featureFlagWrapper wrappers.FeatureFlagsWrapper) (bool, error) { +func (j *JWTMockWrapper) IsAllowedEngine(engine string) (bool, error) { if j.AIEnabled == AIProtectionDisabled { return false, nil } From ca85cce849c85c27a018a8b64f6a27a4fce5e69b Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Sun, 1 Dec 2024 16:01:21 +0200 Subject: [PATCH 03/10] revert las commit --- internal/services/asca.go | 2 +- internal/wrappers/jwt-helper.go | 23 +++++++++++++---------- internal/wrappers/mock/jwt-helper-mock.go | 2 +- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/internal/services/asca.go b/internal/services/asca.go index 6b59432a6..029fcd610 100644 --- a/internal/services/asca.go +++ b/internal/services/asca.go @@ -165,7 +165,7 @@ func ensureASCAServiceRunning(wrappersParam AscaWrappersParam, ascaParams AscaSc func checkLicense(isDefaultAgent bool, wrapperParams AscaWrappersParam) error { if !isDefaultAgent { - allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType) + allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType, wrapperParams.FeatureFlagsWrapper) if err != nil { return err } diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index c8ce72dc4..7fea00555 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -33,7 +33,7 @@ var defaultEngines = map[string]bool{ type JWTWrapper interface { GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (allowedEngines map[string]bool, err error) - IsAllowedEngine(engine string) (bool, error) + IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) ExtractTenantFromToken() (tenant string, err error) } @@ -65,18 +65,21 @@ func getJwtStruct() (*JWTStruct, error) { } // IsAllowedEngine will return if the engine is allowed in the user license -func (*JWTStruct) IsAllowedEngine(engine string) (bool, error) { - jwtStruct, err := getJwtStruct() - if err != nil { - return false, err - } +func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) { + flagResponse, _ := GetSpecificFeatureFlag(featureFlagsWrapper, PackageEnforcementEnabled) + if flagResponse.Status { + jwtStruct, err := getJwtStruct() + if err != nil { + return false, err + } - for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { - if strings.EqualFold(allowedEngine, engine) { - return true, nil + for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { + if strings.EqualFold(allowedEngine, engine) { + return true, nil + } } } - return false, nil + return true, nil } func prepareEngines(engines []string) map[string]bool { diff --git a/internal/wrappers/mock/jwt-helper-mock.go b/internal/wrappers/mock/jwt-helper-mock.go index 3b2e4b923..4f5a89cf7 100644 --- a/internal/wrappers/mock/jwt-helper-mock.go +++ b/internal/wrappers/mock/jwt-helper-mock.go @@ -27,7 +27,7 @@ func (*JWTMockWrapper) ExtractTenantFromToken() (tenant string, err error) { } // IsAllowedEngine mock for tests -func (j *JWTMockWrapper) IsAllowedEngine(engine string) (bool, error) { +func (j *JWTMockWrapper) IsAllowedEngine(engine string, featureFlagWrapper wrappers.FeatureFlagsWrapper) (bool, error) { if j.AIEnabled == AIProtectionDisabled { return false, nil } From 2d867086278a7e5560a6bb0e4c2ca8650b2c5ef7 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Sun, 1 Dec 2024 16:06:43 +0200 Subject: [PATCH 04/10] add the fix prefix to branch name as valid prefix in the pr linter --- .github/workflows/pr-linter.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-linter.yml b/.github/workflows/pr-linter.yml index 5b48260b6..5ed416c97 100644 --- a/.github/workflows/pr-linter.yml +++ b/.github/workflows/pr-linter.yml @@ -23,7 +23,7 @@ jobs: exit 1 fi - if ! [[ "$PR_BRANCH" =~ ^(bug|feature|other)/ ]]; then + if ! [[ "$PR_BRANCH" =~ ^(bug|fix|feature|other)/ ]]; then echo "::error::Branch name must start with 'bug/' or 'feature/' or 'other/'." exit 1 fi From dbf2081b803bd9ebcda6da88d8a9e37a57e2fcb4 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Mon, 2 Dec 2024 14:56:02 +0200 Subject: [PATCH 05/10] add unitest --- internal/services/asca_test.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/internal/services/asca_test.go b/internal/services/asca_test.go index 8ef5d6bf5..10a862bf2 100644 --- a/internal/services/asca_test.go +++ b/internal/services/asca_test.go @@ -5,6 +5,7 @@ import ( "testing" errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" + "github.com/checkmarx/ast-cli/internal/wrappers" "github.com/checkmarx/ast-cli/internal/wrappers/grpcs" "github.com/checkmarx/ast-cli/internal/wrappers/mock" "github.com/stretchr/testify/assert" @@ -130,3 +131,20 @@ func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success( assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck()) _ = wrapperParams.ASCAWrapper.ShutDown() } + +func TestCreateASCAScanRequest_EngineNotRunningAndPackageEnforcementFFOff_Success(t *testing.T) { + port, err := getAvailablePort() + if err != nil { + t.Fatalf("Failed to get available port: %v", err) + } + + mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.PackageEnforcementEnabled, Status: false} + + wrapperParams := AscaWrappersParam{ + JwtWrapper: wrappers.NewJwtWrapper(), + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: grpcs.NewASCAGrpcWrapper(port), + } + err = checkLicense(false, wrapperParams) + assert.Nil(t, err) +} From 8a98b06486f71a541c0f5e1de4278cf7ac2353c4 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Mon, 2 Dec 2024 15:07:11 +0200 Subject: [PATCH 06/10] code owners --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index ad673fdbd..039bbd5a3 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,4 +2,4 @@ # Each line is a file pattern followed by one or more owners # Specify the default owners for the entire repository -* @OrShamirCM @AlvoBen \ No newline at end of file +* @AlvoBen @greensd4 @miryamfoiferCX From 493d3cd2431399c27a1182d6b363d60c7e443f1d Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Mon, 2 Dec 2024 15:32:14 +0200 Subject: [PATCH 07/10] change test name --- internal/services/asca_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/services/asca_test.go b/internal/services/asca_test.go index 10a862bf2..549df02b9 100644 --- a/internal/services/asca_test.go +++ b/internal/services/asca_test.go @@ -132,7 +132,7 @@ func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success( _ = wrapperParams.ASCAWrapper.ShutDown() } -func TestCreateASCAScanRequest_EngineNotRunningAndPackageEnforcementFFOff_Success(t *testing.T) { +func TestCreateASCAScanRequest_CheckLicenseWhenPackageEnforcementFFOff_SuccessWithNilError(t *testing.T) { port, err := getAvailablePort() if err != nil { t.Fatalf("Failed to get available port: %v", err) From 8ba1568534b1a1d7169750c7044ca974fdd30988 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Mon, 2 Dec 2024 17:00:56 +0200 Subject: [PATCH 08/10] resolve conversation --- internal/wrappers/jwt-helper.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 7fea00555..8d37b2c95 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -78,6 +78,7 @@ func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlag return true, nil } } + return false, nil } return true, nil } From 4726e82e5d520a1fad702b42dde0e2f56237fcc4 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Tue, 3 Dec 2024 11:10:24 +0200 Subject: [PATCH 09/10] resolve conversation --- internal/services/asca_test.go | 2 +- internal/wrappers/jwt-helper.go | 23 ++++++++++++----------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/internal/services/asca_test.go b/internal/services/asca_test.go index 549df02b9..d4e17b459 100644 --- a/internal/services/asca_test.go +++ b/internal/services/asca_test.go @@ -132,7 +132,7 @@ func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success( _ = wrapperParams.ASCAWrapper.ShutDown() } -func TestCreateASCAScanRequest_CheckLicenseWhenPackageEnforcementFFOff_SuccessWithNilError(t *testing.T) { +func TestCreateASCAScanRequest_whenCheckLicenseWithPackageEnforcementFFOff_shouldSuccess(t *testing.T) { port, err := getAvailablePort() if err != nil { t.Fatalf("Failed to get available port: %v", err) diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 8d37b2c95..8be84ee2e 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -67,20 +67,21 @@ func getJwtStruct() (*JWTStruct, error) { // IsAllowedEngine will return if the engine is allowed in the user license func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) { flagResponse, _ := GetSpecificFeatureFlag(featureFlagsWrapper, PackageEnforcementEnabled) - if flagResponse.Status { - jwtStruct, err := getJwtStruct() - if err != nil { - return false, err - } + if !flagResponse.Status { + return true, nil + } + + jwtStruct, err := getJwtStruct() + if err != nil { + return false, err + } - for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { - if strings.EqualFold(allowedEngine, engine) { - return true, nil - } + for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines { + if strings.EqualFold(allowedEngine, engine) { + return true, nil } - return false, nil } - return true, nil + return false, nil } func prepareEngines(engines []string) map[string]bool { From 723a6590630659b1a0429288fd83fb258fb55fa2 Mon Sep 17 00:00:00 2001 From: AlvoBen Date: Tue, 3 Dec 2024 14:41:18 +0200 Subject: [PATCH 10/10] fix bfl test --- test/integration/bfl_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/bfl_test.go b/test/integration/bfl_test.go index 05c0ca82b..a45176e3a 100644 --- a/test/integration/bfl_test.go +++ b/test/integration/bfl_test.go @@ -33,7 +33,7 @@ func TestRunGetBflWithInvalidScanIDandQueryID(t *testing.T) { err, _ := executeCommand( t, "results", "bfl", flag(params.ScanIDFlag), "123456", - flag(params.QueryIDFlag), "abcd", + flag(params.QueryIDFlag), "1", flag(params.FormatFlag), "json") assertError(t, err, "Failed getting BFL: CODE: 5002, Failed getting BFL")