Merge remote-tracking branch 'origin/dev'

jfrog · Sep 19, 2023 · 202e914 · 202e914
2 parents be4499c + f3f76b6
commit 202e914
Show file tree

Hide file tree

Showing 15 changed files with 336 additions and 277 deletions.
diff --git a/general/cisetup/jenkinsfiledslgenerator.go b/general/cisetup/jenkinsfiledslgenerator.go
@@ -163,7 +163,7 @@ func generateEnvironments(buildType coreutils.Technology) string {
 	case coreutils.Maven:
 		fallthrough
 	case coreutils.Gradle:
-		envs += fmt.Sprintf(homeEnv, strings.ToUpper(buildType.ToString()))
+		envs += fmt.Sprintf(homeEnv, strings.ToUpper(buildType.String()))
 	default:
 		envs += ""
 	}
@@ -197,8 +197,8 @@ func generateRtConfigSteps(techInfo *TechnologyInfo, rtUrl string) string {
 
 func generateBuildStages(buildCmd string, buildType coreutils.Technology) (buildStages string) {
 	buildStages = ""
-	resolverId := fmt.Sprintf(resolverIdTemplate, strings.ToUpper(buildType.ToString()))
-	deployerId := fmt.Sprintf(deployerIdTemplate, strings.ToUpper(buildType.ToString()))
+	resolverId := fmt.Sprintf(resolverIdTemplate, strings.ToUpper(buildType.String()))
+	deployerId := fmt.Sprintf(deployerIdTemplate, strings.ToUpper(buildType.String()))
 	switch buildType {
 	case coreutils.Maven:
 		buildStages += generateStage("Exec Maven", fmt.Sprintf(mavenRunStepTemplate, buildCmd, resolverId, deployerId))

diff --git a/utils/coreutils/techutils.go b/utils/coreutils/techutils.go
@@ -130,25 +130,25 @@ var technologiesData = map[Technology]TechData{
 
 func (tech Technology) ToFormal() string {
 	if technologiesData[tech].formal == "" {
-		return cases.Title(language.Und).String(tech.ToString())
+		return cases.Title(language.Und).String(tech.String())
 	}
 	return technologiesData[tech].formal
 }
 
-func (tech Technology) ToString() string {
+func (tech Technology) String() string {
 	return string(tech)
 }
 
 func (tech Technology) GetExecCommandName() string {
 	if technologiesData[tech].execCommand == "" {
-		return tech.ToString()
+		return tech.String()
 	}
 	return technologiesData[tech].execCommand
 }
 
 func (tech Technology) GetPackageType() string {
 	if technologiesData[tech].packageType == "" {
-		return tech.ToString()
+		return tech.String()
 	}
 	return technologiesData[tech].packageType
 }

diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager_test.go b/xray/commands/audit/jas/applicability/applicabilitymanager_test.go
@@ -49,13 +49,13 @@ func TestNewApplicabilityScanManager_NoDirectDependenciesInScan(t *testing.T) {
 		{
 			ScanId: "scanId_1",
 			Vulnerabilities: []services.Vulnerability{
-				{IssueId: "issueId_1", Technology: coreutils.Pipenv.ToString(),
+				{IssueId: "issueId_1", Technology: coreutils.Pipenv.String(),
 					Cves: []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}, {Id: "testCve3"}},
 					Components: map[string]services.Component{
 						"issueId_1_non_direct_dependency": {}}},
 			},
 			Violations: []services.Violation{
-				{IssueId: "issueId_2", Technology: coreutils.Pipenv.ToString(),
+				{IssueId: "issueId_2", Technology: coreutils.Pipenv.String(),
 					Cves: []services.Cve{{Id: "testCve4"}, {Id: "testCve5"}},
 					Components: map[string]services.Component{
 						"issueId_2_non_direct_dependency": {}}},
@@ -105,7 +105,7 @@ func TestNewApplicabilityScanManager_ViolationsDontExistInResults(t *testing.T)
 		{
 			ScanId: "scanId_1",
 			Vulnerabilities: []services.Vulnerability{
-				{IssueId: "issueId_1", Technology: coreutils.Pipenv.ToString(),
+				{IssueId: "issueId_1", Technology: coreutils.Pipenv.String(),
 					Cves:       []services.Cve{{Id: "test_cve_1"}, {Id: "test_cve_2"}, {Id: "test_cve_3"}},
 					Components: map[string]services.Component{"issueId_1_direct_dependency": {}}},
 			},
@@ -131,7 +131,7 @@ func TestNewApplicabilityScanManager_VulnerabilitiesDontExist(t *testing.T) {
 		{
 			ScanId: "scanId_1",
 			Violations: []services.Violation{
-				{IssueId: "issueId_2", Technology: coreutils.Pipenv.ToString(),
+				{IssueId: "issueId_2", Technology: coreutils.Pipenv.String(),
 					Cves:       []services.Cve{{Id: "test_cve_3"}, {Id: "test_cve_4"}},
 					Components: map[string]services.Component{"issueId_2_direct_dependency": {}}},
 			},
@@ -178,7 +178,7 @@ func TestExtractXrayDirectViolations(t *testing.T) {
 	var xrayResponseForDirectViolationsTest = []services.ScanResponse{
 		{
 			Violations: []services.Violation{
-				{IssueId: "issueId_2", Technology: coreutils.Pipenv.ToString(),
+				{IssueId: "issueId_2", Technology: coreutils.Pipenv.String(),
 					Cves:       []services.Cve{{Id: "testCve4"}, {Id: "testCve5"}},
 					Components: map[string]services.Component{"issueId_2_direct_dependency": {}}},
 			},
@@ -212,12 +212,12 @@ func TestExtractXrayDirectVulnerabilities(t *testing.T) {
 			ScanId: "scanId_1",
 			Vulnerabilities: []services.Vulnerability{
 				{
-					IssueId: "issueId_1", Technology: coreutils.Pipenv.ToString(),
+					IssueId: "issueId_1", Technology: coreutils.Pipenv.String(),
 					Cves:       []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}, {Id: "testCve3"}},
 					Components: map[string]services.Component{"issueId_1_direct_dependency": {}},
 				},
 				{
-					IssueId: "issueId_2", Technology: coreutils.Pipenv.ToString(),
+					IssueId: "issueId_2", Technology: coreutils.Pipenv.String(),
 					Cves:       []services.Cve{{Id: "testCve4"}, {Id: "testCve5"}},
 					Components: map[string]services.Component{"issueId_2_direct_dependency": {}},
 				},

diff --git a/xray/commands/audit/jas/common.go b/xray/commands/audit/jas/common.go
@@ -172,12 +172,12 @@ var FakeBasicXrayResults = []services.ScanResponse{
 	{
 		ScanId: "scanId_1",
 		Vulnerabilities: []services.Vulnerability{
-			{IssueId: "issueId_1", Technology: coreutils.Pipenv.ToString(),
+			{IssueId: "issueId_1", Technology: coreutils.Pipenv.String(),
 				Cves:       []services.Cve{{Id: "testCve1"}, {Id: "testCve2"}, {Id: "testCve3"}},
 				Components: map[string]services.Component{"issueId_1_direct_dependency": {}, "issueId_3_direct_dependency": {}}},
 		},
 		Violations: []services.Violation{
-			{IssueId: "issueId_2", Technology: coreutils.Pipenv.ToString(),
+			{IssueId: "issueId_2", Technology: coreutils.Pipenv.String(),
 				Cves:       []services.Cve{{Id: "testCve4"}, {Id: "testCve5"}},
 				Components: map[string]services.Component{"issueId_2_direct_dependency": {}, "issueId_4_direct_dependency": {}}},
 		},

diff --git a/xray/commands/audit/sca/common.go b/xray/commands/audit/sca/common.go
@@ -54,7 +54,7 @@ func RunXrayDependenciesTreeScanGraph(dependencyTree *xrayUtils.GraphNode, progr
 	scanGraphParams.XrayGraphScanParams().DependenciesGraph = dependencyTree
 	xscGitInfoContext := scanGraphParams.XrayGraphScanParams().XscGitInfoContext
 	if xscGitInfoContext != nil {
-		xscGitInfoContext.Technologies = []string{technology.ToString()}
+		xscGitInfoContext.Technologies = []string{technology.String()}
 	}
 	scanMessage := fmt.Sprintf("Scanning %d %s dependencies", len(dependencyTree.Nodes), technology)
 	if progress != nil {
@@ -68,10 +68,10 @@ func RunXrayDependenciesTreeScanGraph(dependencyTree *xrayUtils.GraphNode, progr
 		return
 	}
 	for i := range scanResults.Vulnerabilities {
-		scanResults.Vulnerabilities[i].Technology = technology.ToString()
+		scanResults.Vulnerabilities[i].Technology = technology.String()
 	}
 	for i := range scanResults.Violations {
-		scanResults.Violations[i].Technology = technology.ToString()
+		scanResults.Violations[i].Technology = technology.String()
 	}
 	results = append(results, *scanResults)
 	return
@@ -143,29 +143,24 @@ func BuildImpactPathsForScanResponse(scanResult []services.ScanResponse, depende
 	return scanResult
 }
 
-// Initialize a map of issues to their components with empty impact paths
-func fillImpactPathsMapWithIssues(issuesImpactPathsMap map[string]*services.Component, components map[string]services.Component) {
+// Initialize a map of issues empty impact paths
+func fillIssuesMapWithEmptyImpactPaths(issuesImpactPathsMap map[string][][]services.ImpactPathNode, components map[string]services.Component) {
 	for dependencyName := range components {
-		emptyPathsComponent := &services.Component{
-			ImpactPaths:   [][]services.ImpactPathNode{},
-			FixedVersions: components[dependencyName].FixedVersions,
-			Cpes:          components[dependencyName].Cpes,
-		}
-		issuesImpactPathsMap[dependencyName] = emptyPathsComponent
+		issuesImpactPathsMap[dependencyName] = [][]services.ImpactPathNode{}
 	}
 }
 
 // Set the impact paths for each issue in the map
-func buildImpactPaths(issuesImpactPathsMap map[string]*services.Component, dependencyTrees []*xrayUtils.GraphNode) {
+func buildImpactPaths(issuesImpactPathsMap map[string][][]services.ImpactPathNode, dependencyTrees []*xrayUtils.GraphNode) {
 	for _, dependency := range dependencyTrees {
 		setPathsForIssues(dependency, issuesImpactPathsMap, []services.ImpactPathNode{})
 	}
 }
 
 func buildVulnerabilitiesImpactPaths(vulnerabilities []services.Vulnerability, dependencyTrees []*xrayUtils.GraphNode) {
-	issuesMap := make(map[string]*services.Component)
+	issuesMap := make(map[string][][]services.ImpactPathNode)
 	for _, vulnerability := range vulnerabilities {
-		fillImpactPathsMapWithIssues(issuesMap, vulnerability.Components)
+		fillIssuesMapWithEmptyImpactPaths(issuesMap, vulnerability.Components)
 	}
 	buildImpactPaths(issuesMap, dependencyTrees)
 	for i := range vulnerabilities {
@@ -174,9 +169,9 @@ func buildVulnerabilitiesImpactPaths(vulnerabilities []services.Vulnerability, d
 }
 
 func buildViolationsImpactPaths(violations []services.Violation, dependencyTrees []*xrayUtils.GraphNode) {
-	issuesMap := make(map[string]*services.Component)
+	issuesMap := make(map[string][][]services.ImpactPathNode)
 	for _, violation := range violations {
-		fillImpactPathsMapWithIssues(issuesMap, violation.Components)
+		fillIssuesMapWithEmptyImpactPaths(issuesMap, violation.Components)
 	}
 	buildImpactPaths(issuesMap, dependencyTrees)
 	for i := range violations {
@@ -185,26 +180,34 @@ func buildViolationsImpactPaths(violations []services.Violation, dependencyTrees
 }
 
 func buildLicensesImpactPaths(licenses []services.License, dependencyTrees []*xrayUtils.GraphNode) {
-	issuesMap := make(map[string]*services.Component)
+	issuesMap := make(map[string][][]services.ImpactPathNode)
 	for _, license := range licenses {
-		fillImpactPathsMapWithIssues(issuesMap, license.Components)
+		fillIssuesMapWithEmptyImpactPaths(issuesMap, license.Components)
 	}
 	buildImpactPaths(issuesMap, dependencyTrees)
 	for i := range licenses {
 		updateComponentsWithImpactPaths(licenses[i].Components, issuesMap)
 	}
 }
 
-func updateComponentsWithImpactPaths(components map[string]services.Component, issuesMap map[string]*services.Component) {
+func updateComponentsWithImpactPaths(components map[string]services.Component, issuesMap map[string][][]services.ImpactPathNode) {
 	for dependencyName := range components {
-		components[dependencyName] = *issuesMap[dependencyName]
+		updatedComponent := services.Component{
+			FixedVersions: components[dependencyName].FixedVersions,
+			ImpactPaths:   issuesMap[dependencyName],
+			Cpes:          components[dependencyName].Cpes,
+		}
+		components[dependencyName] = updatedComponent
 	}
 }
 
-func setPathsForIssues(dependency *xrayUtils.GraphNode, issuesImpactPathsMap map[string]*services.Component, pathFromRoot []services.ImpactPathNode) {
+func setPathsForIssues(dependency *xrayUtils.GraphNode, issuesImpactPathsMap map[string][][]services.ImpactPathNode, pathFromRoot []services.ImpactPathNode) {
 	pathFromRoot = append(pathFromRoot, services.ImpactPathNode{ComponentId: dependency.Id})
 	if _, exists := issuesImpactPathsMap[dependency.Id]; exists {
-		issuesImpactPathsMap[dependency.Id].ImpactPaths = append(issuesImpactPathsMap[dependency.Id].ImpactPaths, pathFromRoot)
+		// Create a copy of pathFromRoot to avoid modifying the original slice
+		pathCopy := make([]services.ImpactPathNode, len(pathFromRoot))
+		copy(pathCopy, pathFromRoot)
+		issuesImpactPathsMap[dependency.Id] = append(issuesImpactPathsMap[dependency.Id], pathCopy)
 	}
 	for _, depChild := range dependency.Nodes {
 		setPathsForIssues(depChild, issuesImpactPathsMap, pathFromRoot)

diff --git a/xray/commands/audit/sca/common_test.go b/xray/commands/audit/sca/common_test.go
@@ -4,6 +4,7 @@ import (
 	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/stretchr/testify/assert"
+	"reflect"
 	"testing"
 )
 
@@ -20,51 +21,44 @@ func TestSetPathsForIssues(t *testing.T) {
 	childNode3.Nodes = []*xrayUtils.GraphNode{childNode5}
 
 	// Create a test issues map
-	issuesMap := make(map[string]*services.Component)
-	issuesMap["child1"] = &services.Component{ImpactPaths: [][]services.ImpactPathNode{}}
-	issuesMap["child4"] = &services.Component{ImpactPaths: [][]services.ImpactPathNode{}}
-	issuesMap["child5"] = &services.Component{ImpactPaths: [][]services.ImpactPathNode{}}
+	issuesMap := make(map[string][][]services.ImpactPathNode)
+	issuesMap["child1"] = [][]services.ImpactPathNode{}
+	issuesMap["child4"] = [][]services.ImpactPathNode{}
+	issuesMap["child5"] = [][]services.ImpactPathNode{}
 
 	// Call setPathsForIssues with the test data
 	setPathsForIssues(rootNode, issuesMap, []services.ImpactPathNode{})
 
 	// Check the results
-	assert.Equal(t, issuesMap["child1"].ImpactPaths[0][0].ComponentId, "root")
-	assert.Equal(t, issuesMap["child1"].ImpactPaths[0][1].ComponentId, "child1")
+	assert.Equal(t, issuesMap["child1"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child1"][0][1].ComponentId, "child1")
 
-	assert.Equal(t, issuesMap["child4"].ImpactPaths[0][0].ComponentId, "root")
-	assert.Equal(t, issuesMap["child4"].ImpactPaths[0][1].ComponentId, "child2")
-	assert.Equal(t, issuesMap["child4"].ImpactPaths[0][2].ComponentId, "child4")
+	assert.Equal(t, issuesMap["child4"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child4"][0][1].ComponentId, "child2")
+	assert.Equal(t, issuesMap["child4"][0][2].ComponentId, "child4")
 
-	assert.Equal(t, issuesMap["child5"].ImpactPaths[0][0].ComponentId, "root")
-	assert.Equal(t, issuesMap["child5"].ImpactPaths[0][1].ComponentId, "child3")
-	assert.Equal(t, issuesMap["child5"].ImpactPaths[0][2].ComponentId, "child5")
+	assert.Equal(t, issuesMap["child5"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child5"][0][1].ComponentId, "child3")
+	assert.Equal(t, issuesMap["child5"][0][2].ComponentId, "child5")
 }
 
 func TestUpdateVulnerableComponent(t *testing.T) {
-	// Create test data
 	components := map[string]services.Component{
 		"dependency1": {
 			FixedVersions: []string{"1.0.0"},
 			ImpactPaths:   [][]services.ImpactPathNode{},
 		},
 	}
-	dependencyName := "dependency1"
-	issuesMap := map[string]*services.Component{
-		dependencyName: {
-			FixedVersions: []string{"1.0.0"},
-			ImpactPaths: [][]services.ImpactPathNode{
-				{{ComponentId: "dependency2"}},
-			},
-		},
+	dependencyName, issuesMap := "dependency1", map[string][][]services.ImpactPathNode{
+		"dependency1": {},
 	}
 
 	updateComponentsWithImpactPaths(components, issuesMap)
 
 	// Check the result
 	expected := services.Component{
 		FixedVersions: []string{"1.0.0"},
-		ImpactPaths:   issuesMap[dependencyName].ImpactPaths,
+		ImpactPaths:   issuesMap[dependencyName],
 	}
 	assert.Equal(t, expected, components[dependencyName])
 }
@@ -80,6 +74,9 @@ func TestBuildImpactPaths(t *testing.T) {
 							FixedVersions: []string{"1.2.3"},
 							Cpes:          []string{"cpe:/o:vendor:product:1.2.3"},
 						},
+						"dep2": {
+							FixedVersions: []string{"3.0.0"},
+						},
 					},
 				},
 			},
@@ -120,14 +117,46 @@ func TestBuildImpactPaths(t *testing.T) {
 				},
 			},
 		},
+		{
+			Id: "dep7",
+			Nodes: []*xrayUtils.GraphNode{
+				{
+					Id: "dep4",
+					Nodes: []*xrayUtils.GraphNode{
+						{
+							Id:    "dep2",
+							Nodes: []*xrayUtils.GraphNode{},
+						},
+						{
+							Id:    "dep5",
+							Nodes: []*xrayUtils.GraphNode{},
+						},
+						{
+							Id:    "dep6",
+							Nodes: []*xrayUtils.GraphNode{},
+						},
+					},
+				},
+			},
+		},
 	}
 
 	scanResult = BuildImpactPathsForScanResponse(scanResult, dependencyTrees)
 	// assert that the components were updated with impact paths
 	expectedImpactPaths := [][]services.ImpactPathNode{{{ComponentId: "dep1"}}}
 	assert.Equal(t, expectedImpactPaths, scanResult[0].Vulnerabilities[0].Components["dep1"].ImpactPaths)
 	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}, {ComponentId: "dep2"}}}
-	assert.Equal(t, expectedImpactPaths, scanResult[0].Violations[0].Components["dep2"].ImpactPaths)
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Vulnerabilities[0].Components["dep2"].ImpactPaths[0])
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep7"}, {ComponentId: "dep4"}, {ComponentId: "dep2"}}}
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Vulnerabilities[0].Components["dep2"].ImpactPaths[1])
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}}}
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Violations[0].Components["dep1"].ImpactPaths)
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}, {ComponentId: "dep2"}}}
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Violations[0].Components["dep2"].ImpactPaths[0])
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep7"}, {ComponentId: "dep4"}, {ComponentId: "dep2"}}}
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Violations[0].Components["dep2"].ImpactPaths[1])
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep7"}, {ComponentId: "dep4"}, {ComponentId: "dep2"}}}
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Violations[0].Components["dep2"].ImpactPaths)
 	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}, {ComponentId: "dep2"}, {ComponentId: "dep3"}}}
-	assert.Equal(t, expectedImpactPaths, scanResult[0].Licenses[0].Components["dep3"].ImpactPaths)
+	reflect.DeepEqual(expectedImpactPaths, scanResult[0].Licenses[0].Components["dep3"].ImpactPaths)
 }
diff --git a/xray/commands/curation/curationaudit.go b/xray/commands/curation/curationaudit.go
@@ -199,7 +199,7 @@ func (ca *CurationAuditCommand) auditTree(tech coreutils.Technology, results map
 	}
 	// Validate the graph isn't empty.
 	if len(fullDependenciesTree) == 0 {
-		return errorutils.CheckErrorf("found no dependencies for the audited project using '%v' as the package manager", tech.ToString())
+		return errorutils.CheckErrorf("found no dependencies for the audited project using '%v' as the package manager", tech.String())
 	}
 	if err = ca.SetRepo(tech); err != nil {
 		return err
@@ -333,7 +333,7 @@ func (ca *CurationAuditCommand) SetRepo(tech coreutils.Technology) error {
 		}
 		ca.setPackageManagerConfig(resolverParams)
 	default:
-		return errorutils.CheckErrorf(errorTemplateUnsupportedTech, tech.ToString())
+		return errorutils.CheckErrorf(errorTemplateUnsupportedTech, tech.String())
 	}
 	return nil
 }
@@ -502,7 +502,7 @@ func makeLegiblePolicyDetails(explanation, recommendation string) (string, strin
 
 func getUrlNameAndVersionByTech(tech coreutils.Technology, nodeId, artiUrl, repo string) (downloadUrl string, name string, scope string, version string) {
 	if tech == coreutils.Npm {
-		return getNpmNameScopeAndVersion(nodeId, artiUrl, repo, coreutils.Npm.ToString())
+		return getNpmNameScopeAndVersion(nodeId, artiUrl, repo, coreutils.Npm.String())
 	}
 	return
 }