Add progress bar to JFrog Advanced Security scanners (#902)

jfrog · Aug 22, 2023 · 6597271 · 6597271
1 parent 8d07a99
commit 6597271
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 71 deletions.
diff --git a/artifactory/utils/container/buildinfo_test.go b/artifactory/utils/container/buildinfo_test.go
@@ -60,7 +60,6 @@ func TestManifestConfig(t *testing.T) {
 	assert.Len(t, dependencies, 2)
 }
 
-// #nosec G602
 func createManifestConfig() (map[string]*utils.ResultItem, string) {
 	config := make(map[string]*utils.ResultItem)
 	config["manifest.json"] = dummySearchResults
@@ -96,7 +95,6 @@ func TestGetDependenciesFromManifestLayer(t *testing.T) {
 	assert.Len(t, dependencies, 1)
 }
 
-// #nosec G602
 func createManifestConfigWithLayer() (map[string]*utils.ResultItem, *manifest) {
 	manifest := &manifest{
 		Layers: []layer{{
@@ -117,7 +115,6 @@ func TestMissingDependenciesInManifestLayer(t *testing.T) {
 	assert.ErrorContains(t, err, "Could not find layer: sha__2 in Artifactory")
 }
 
-// #nosec G602
 func createManifestConfigWithMissingLayer() (map[string]*utils.ResultItem, *manifest) {
 	manifest := &manifest{
 		Layers: []layer{
@@ -145,7 +142,6 @@ func TestForeignDependenciesInManifestLayer(t *testing.T) {
 	assert.Len(t, dependencies, 1)
 }
 
-// #nosec G602
 func createManifestConfigWithForeignLayer() (map[string]*utils.ResultItem, *manifest) {
 	manifest := &manifest{
 		Layers: []layer{

diff --git a/xray/audit/jas/applicabilitymanager_test.go b/xray/audit/jas/applicabilitymanager_test.go
@@ -431,12 +431,10 @@ func TestParseResults_AllCvesNotApplicable(t *testing.T) {
 }
 
 func TestGetExtendedScanResults_AnalyzerManagerReturnsError(t *testing.T) {
-	// Act
 	assert.NoError(t, rtutils.DownloadAnalyzerManagerIfNeeded())
-	extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, &fakeServerDetails, []coreutils.Technology{coreutils.Npm}, nil)
+	scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}}
+	err := RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, &fakeServerDetails, nil, nil)
 
-	// Assert
-	assert.Error(t, err)
+	// Expect error:
 	assert.ErrorContains(t, err, "failed to run Applicability scan")
-	assert.Nil(t, extendedResults)
 }
diff --git a/xray/audit/jas/jasmanager.go b/xray/audit/jas/jasmanager.go
@@ -3,12 +3,11 @@ package jas
 import (
 	"errors"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
+	"github.com/jfrog/jfrog-client-go/utils/io"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
-	"github.com/jfrog/jfrog-client-go/xray/services"
 	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/owenrumney/go-sarif/v2/sarif"
 	"gopkg.in/yaml.v3"
@@ -66,41 +65,39 @@ func (a *AdvancedSecurityScanner) Run(scannerCmd ScannerCmd) (err error) {
 	return
 }
 
-func GetExtendedScanResults(xrayResults []services.ScanResponse, dependencyTrees []*xrayUtils.GraphNode,
-	serverDetails *config.ServerDetails, scannedTechnologies []coreutils.Technology, workingDirs []string) (*utils.ExtendedScanResults, error) {
+func RunScannersAndSetResults(scanResults *utils.ExtendedScanResults, dependencyTrees []*xrayUtils.GraphNode,
+	serverDetails *config.ServerDetails, workingDirs []string, progress io.ProgressMgr) (err error) {
 	if serverDetails == nil || len(serverDetails.Url) == 0 {
 		log.Warn("To include 'Advanced Security' scan as part of the audit output, please run the 'jf c add' command before running this command.")
-		return &utils.ExtendedScanResults{XrayResults: xrayResults}, nil
+		return
 	}
 	scanner, err := NewAdvancedSecurityScanner(workingDirs, serverDetails)
 	if err != nil {
-		return nil, err
+		return
 	}
 	defer func() {
 		cleanup := scanner.scannerDirCleanupFunc
 		err = errors.Join(err, cleanup())
 	}()
-	applicabilityScanResults, err := getApplicabilityScanResults(
-		xrayResults, dependencyTrees, scannedTechnologies, scanner)
-	if err != nil {
-		return nil, err
+	if progress != nil {
+		progress.SetHeadlineMsg("Running applicability scanning...")
 	}
-	secretsScanResults, err := getSecretsScanResults(scanner)
+	scanResults.ApplicabilityScanResults, err = getApplicabilityScanResults(scanResults.XrayResults, dependencyTrees, scanResults.ScannedTechnologies, scanner)
 	if err != nil {
-		return nil, err
+		return
+	}
+	if progress != nil {
+		progress.SetHeadlineMsg("Running secrets scanning...")
 	}
-	iacScanResults, err := getIacScanResults(scanner)
+	scanResults.SecretsScanResults, err = getSecretsScanResults(scanner)
 	if err != nil {
-		return nil, err
+		return
+	}
+	if progress != nil {
+		progress.SetHeadlineMsg("Running IaC scanning...")
 	}
-	return &utils.ExtendedScanResults{
-		EntitledForJas:           true,
-		XrayResults:              xrayResults,
-		ScannedTechnologies:      scannedTechnologies,
-		ApplicabilityScanResults: applicabilityScanResults,
-		SecretsScanResults:       secretsScanResults,
-		IacScanResults:           iacScanResults,
-	}, nil
+	scanResults.IacScanResults, err = getIacScanResults(scanner)
+	return
 }
 
 func deleteJasProcessFiles(configFile string, resultFile string) error {

diff --git a/xray/audit/jas/jasmanager_test.go b/xray/audit/jas/jasmanager_test.go
@@ -1,6 +1,7 @@
 package jas
 
 import (
+	"github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	"os"
 	"testing"
 
@@ -71,18 +72,14 @@ func TestGetExtendedScanResults_AnalyzerManagerDoesntExist(t *testing.T) {
 	defer func() {
 		assert.NoError(t, os.Unsetenv(coreutils.HomeDir))
 	}()
-	extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, &fakeServerDetails, []coreutils.Technology{coreutils.Yarn}, nil)
-
-	// Assert
+	scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}}
+	err = RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, &fakeServerDetails, nil, nil)
+	// Expect error:
 	assert.Error(t, err)
-	assert.Nil(t, extendedResults)
 }
 
 func TestGetExtendedScanResults_ServerNotValid(t *testing.T) {
-	// Act
-	extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, nil, []coreutils.Technology{coreutils.Pip}, nil)
-
-	// Assert
-	assert.NotNil(t, extendedResults)
+	scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Pip}}
+	err := RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, nil, nil, nil)
 	assert.NoError(t, err)
 }
diff --git a/xray/commands/audit/generic/auditmanager.go b/xray/commands/audit/generic/auditmanager.go
@@ -17,7 +17,7 @@ import (
 	"github.com/jfrog/jfrog-cli-core/v2/xray/audit/python"
 	"github.com/jfrog/jfrog-cli-core/v2/xray/audit/yarn"
 	commandsutils "github.com/jfrog/jfrog-cli-core/v2/xray/commands/utils"
-	clientUtils "github.com/jfrog/jfrog-cli-core/v2/xray/utils"
+	xrayutils "github.com/jfrog/jfrog-cli-core/v2/xray/utils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
@@ -33,14 +33,14 @@ type Params struct {
 	installFunc         func(tech string) error
 	fixableOnly         bool
 	minSeverityFilter   string
-	*clientUtils.GraphBasicParams
+	*xrayutils.GraphBasicParams
 	xrayVersion string
 }
 
 func NewAuditParams() *Params {
 	return &Params{
 		xrayGraphScanParams: &services.XrayGraphScanParams{},
-		GraphBasicParams:    &clientUtils.GraphBasicParams{},
+		GraphBasicParams:    &xrayutils.GraphBasicParams{},
 	}
 }
 
@@ -65,7 +65,7 @@ func (params *Params) SetXrayGraphScanParams(xrayGraphScanParams *services.XrayG
 	return params
 }
 
-func (params *Params) SetGraphBasicParams(gbp *clientUtils.GraphBasicParams) *Params {
+func (params *Params) SetGraphBasicParams(gbp *xrayutils.GraphBasicParams) *Params {
 	params.GraphBasicParams = gbp
 	return params
 }
@@ -106,12 +106,11 @@ func (params *Params) SetXrayVersion(version string) *Params {
 type Results struct {
 	IsMultipleRootProject bool
 	AuditError            error
-	ExtendedScanResults   *clientUtils.ExtendedScanResults
-	ScannedTechnologies   []coreutils.Technology
+	ExtendedScanResults   *xrayutils.ExtendedScanResults
 }
 
 func NewAuditResults() *Results {
-	return &Results{ExtendedScanResults: &clientUtils.ExtendedScanResults{}}
+	return &Results{ExtendedScanResults: &xrayutils.ExtendedScanResults{}}
 }
 
 func (r *Results) SetAuditError(err error) *Results {
@@ -123,11 +122,7 @@ func (r *Results) SetAuditError(err error) *Results {
 // Returns an audit Results object containing all the scan results.
 // If the current server is entitled for JAS, the advanced security results will be included in the scan results.
 func RunAudit(auditParams *Params) (results *Results, err error) {
-	serverDetails, err := auditParams.ServerDetails()
-	if err != nil {
-		return
-	}
-	isEntitled, xrayVersion, err := isEntitledForJas(serverDetails)
+	isEntitled, xrayVersion, err := isEntitledForJas(auditParams.ServerDetails())
 	if err != nil {
 		return
 	}
@@ -149,9 +144,8 @@ func RunAudit(auditParams *Params) (results *Results, err error) {
 
 	// Run scanners only if the user is entitled for Advanced Security
 	if isEntitled {
-		xrayScanResults := results.ExtendedScanResults.XrayResults
-		scannedTechnologies := results.ScannedTechnologies
-		results.ExtendedScanResults, err = jas.GetExtendedScanResults(xrayScanResults, auditParams.FullDependenciesTree(), serverDetails, scannedTechnologies, auditParams.workingDirs)
+		results.ExtendedScanResults.EntitledForJas = true
+		err = jas.RunScannersAndSetResults(results.ExtendedScanResults, auditParams.FullDependenciesTree(), auditParams.ServerDetails(), auditParams.workingDirs, auditParams.Progress())
 	}
 	return
 }
@@ -161,12 +155,12 @@ func isEntitledForJas(serverDetails *config.ServerDetails) (entitled bool, xrayV
 	if err != nil {
 		return
 	}
-	if !version.NewVersion(xrayVersion).AtLeast(clientUtils.EntitlementsMinVersion) {
+	if !version.NewVersion(xrayVersion).AtLeast(xrayutils.EntitlementsMinVersion) {
 		log.Debug("Entitlements check for ‘Advanced Security’ package failed:")
-		log.Debug(coreutils.MinimumVersionMsg, coreutils.Xray, xrayVersion, clientUtils.EntitlementsMinVersion)
+		log.Debug(coreutils.MinimumVersionMsg, coreutils.Xray, xrayVersion, xrayutils.EntitlementsMinVersion)
 		return
 	}
-	entitled, err = xrayManager.IsEntitled(clientUtils.ApplicabilityFeatureId)
+	entitled, err = xrayManager.IsEntitled(xrayutils.ApplicabilityFeatureId)
 	return
 }
 
@@ -217,7 +211,7 @@ func auditMultipleWorkingDirs(params *Params) *Results {
 		if !results.IsMultipleRootProject {
 			results.IsMultipleRootProject = auditResults.IsMultipleRootProject
 		}
-		results.ScannedTechnologies = append(results.ScannedTechnologies, auditResults.ScannedTechnologies...)
+		results.ExtendedScanResults.ScannedTechnologies = append(results.ExtendedScanResults.ScannedTechnologies, auditResults.ExtendedScanResults.ScannedTechnologies...)
 	}
 	return results
 }
@@ -235,7 +229,7 @@ func doAudit(params *Params) *Results {
 			return NewAuditResults().SetAuditError(err)
 		}
 	}
-	serverDetails, err := params.ServerDetails()
+	serverDetails := params.ServerDetails()
 	results := NewAuditResults()
 	if err != nil {
 		return NewAuditResults().SetAuditError(err)
@@ -266,16 +260,16 @@ func doAudit(params *Params) *Results {
 		if !results.IsMultipleRootProject {
 			results.IsMultipleRootProject = len(flattenTree) > 1
 		}
-		results.ScannedTechnologies = append(results.ScannedTechnologies, tech)
+		results.ExtendedScanResults.ScannedTechnologies = append(results.ExtendedScanResults.ScannedTechnologies, tech)
 	}
 	return results.SetAuditError(err)
 }
 
-func GetTechDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils.Technology) (flatTree []*xrayCmdUtils.GraphNode, err error) {
+func GetTechDependencyTree(params *xrayutils.GraphBasicParams, tech coreutils.Technology) (flatTree []*xrayCmdUtils.GraphNode, err error) {
 	if params.Progress() != nil {
 		params.Progress().SetHeadlineMsg(fmt.Sprintf("Calculating %v dependencies", tech.ToFormal()))
 	}
-	serverDetails, err := params.ServerDetails()
+	serverDetails := params.ServerDetails()
 	if err != nil {
 		return
 	}
@@ -310,18 +304,14 @@ func GetTechDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils.
 	return services.FlattenGraph(dependencyTrees)
 }
 
-func getJavaDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils.Technology) ([]*xrayCmdUtils.GraphNode, error) {
-	serverDetails, err := params.ServerDetails()
-	if err != nil {
-		return nil, err
-	}
+func getJavaDependencyTree(params *xrayutils.GraphBasicParams, tech coreutils.Technology) ([]*xrayCmdUtils.GraphNode, error) {
 	return java.BuildDependencyTree(&java.DependencyTreeParams{
 		Tool:             tech,
 		InsecureTls:      params.InsecureTls(),
 		IgnoreConfigFile: params.IgnoreConfigFile(),
 		ExcludeTestDeps:  params.ExcludeTestDependencies(),
 		UseWrapper:       params.UseWrapper(),
-		Server:           serverDetails,
+		Server:           params.ServerDetails(),
 		DepsRepo:         params.DepsRepo(),
 	})
 }
diff --git a/xray/utils/models.go b/xray/utils/models.go
@@ -30,8 +30,8 @@ func (gbp *GraphBasicParams) SetFullDependenciesTree(fullDependenciesTree []*xra
 	return gbp
 }
 
-func (gbp *GraphBasicParams) ServerDetails() (*config.ServerDetails, error) {
-	return gbp.serverDetails, nil
+func (gbp *GraphBasicParams) ServerDetails() *config.ServerDetails {
+	return gbp.serverDetails
 }
 
 func (gbp *GraphBasicParams) SetServerDetails(serverDetails *config.ServerDetails) *GraphBasicParams {