diff --git a/artifactory/utils/container/buildinfo_test.go b/artifactory/utils/container/buildinfo_test.go index 8f38e8b68..2b9bc5939 100644 --- a/artifactory/utils/container/buildinfo_test.go +++ b/artifactory/utils/container/buildinfo_test.go @@ -60,7 +60,6 @@ func TestManifestConfig(t *testing.T) { assert.Len(t, dependencies, 2) } -// #nosec G602 func createManifestConfig() (map[string]*utils.ResultItem, string) { config := make(map[string]*utils.ResultItem) config["manifest.json"] = dummySearchResults @@ -96,7 +95,6 @@ func TestGetDependenciesFromManifestLayer(t *testing.T) { assert.Len(t, dependencies, 1) } -// #nosec G602 func createManifestConfigWithLayer() (map[string]*utils.ResultItem, *manifest) { manifest := &manifest{ Layers: []layer{{ @@ -117,7 +115,6 @@ func TestMissingDependenciesInManifestLayer(t *testing.T) { assert.ErrorContains(t, err, "Could not find layer: sha__2 in Artifactory") } -// #nosec G602 func createManifestConfigWithMissingLayer() (map[string]*utils.ResultItem, *manifest) { manifest := &manifest{ Layers: []layer{ @@ -145,7 +142,6 @@ func TestForeignDependenciesInManifestLayer(t *testing.T) { assert.Len(t, dependencies, 1) } -// #nosec G602 func createManifestConfigWithForeignLayer() (map[string]*utils.ResultItem, *manifest) { manifest := &manifest{ Layers: []layer{ diff --git a/xray/audit/jas/applicabilitymanager_test.go b/xray/audit/jas/applicabilitymanager_test.go index 23891f51e..7d6caf0d8 100644 --- a/xray/audit/jas/applicabilitymanager_test.go +++ b/xray/audit/jas/applicabilitymanager_test.go @@ -431,12 +431,10 @@ func TestParseResults_AllCvesNotApplicable(t *testing.T) { } func TestGetExtendedScanResults_AnalyzerManagerReturnsError(t *testing.T) { - // Act assert.NoError(t, rtutils.DownloadAnalyzerManagerIfNeeded()) - extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, &fakeServerDetails, []coreutils.Technology{coreutils.Npm}, nil) + scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}} + err := RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, &fakeServerDetails, nil, nil) - // Assert - assert.Error(t, err) + // Expect error: assert.ErrorContains(t, err, "failed to run Applicability scan") - assert.Nil(t, extendedResults) } diff --git a/xray/audit/jas/jasmanager.go b/xray/audit/jas/jasmanager.go index 441b398cd..2ac4b0399 100644 --- a/xray/audit/jas/jasmanager.go +++ b/xray/audit/jas/jasmanager.go @@ -3,12 +3,11 @@ package jas import ( "errors" "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" "github.com/jfrog/jfrog-cli-core/v2/xray/utils" "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/io" "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/services" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" "github.com/owenrumney/go-sarif/v2/sarif" "gopkg.in/yaml.v3" @@ -66,41 +65,39 @@ func (a *AdvancedSecurityScanner) Run(scannerCmd ScannerCmd) (err error) { return } -func GetExtendedScanResults(xrayResults []services.ScanResponse, dependencyTrees []*xrayUtils.GraphNode, - serverDetails *config.ServerDetails, scannedTechnologies []coreutils.Technology, workingDirs []string) (*utils.ExtendedScanResults, error) { +func RunScannersAndSetResults(scanResults *utils.ExtendedScanResults, dependencyTrees []*xrayUtils.GraphNode, + serverDetails *config.ServerDetails, workingDirs []string, progress io.ProgressMgr) (err error) { if serverDetails == nil || len(serverDetails.Url) == 0 { log.Warn("To include 'Advanced Security' scan as part of the audit output, please run the 'jf c add' command before running this command.") - return &utils.ExtendedScanResults{XrayResults: xrayResults}, nil + return } scanner, err := NewAdvancedSecurityScanner(workingDirs, serverDetails) if err != nil { - return nil, err + return } defer func() { cleanup := scanner.scannerDirCleanupFunc err = errors.Join(err, cleanup()) }() - applicabilityScanResults, err := getApplicabilityScanResults( - xrayResults, dependencyTrees, scannedTechnologies, scanner) - if err != nil { - return nil, err + if progress != nil { + progress.SetHeadlineMsg("Running applicability scanning...") } - secretsScanResults, err := getSecretsScanResults(scanner) + scanResults.ApplicabilityScanResults, err = getApplicabilityScanResults(scanResults.XrayResults, dependencyTrees, scanResults.ScannedTechnologies, scanner) if err != nil { - return nil, err + return + } + if progress != nil { + progress.SetHeadlineMsg("Running secrets scanning...") } - iacScanResults, err := getIacScanResults(scanner) + scanResults.SecretsScanResults, err = getSecretsScanResults(scanner) if err != nil { - return nil, err + return + } + if progress != nil { + progress.SetHeadlineMsg("Running IaC scanning...") } - return &utils.ExtendedScanResults{ - EntitledForJas: true, - XrayResults: xrayResults, - ScannedTechnologies: scannedTechnologies, - ApplicabilityScanResults: applicabilityScanResults, - SecretsScanResults: secretsScanResults, - IacScanResults: iacScanResults, - }, nil + scanResults.IacScanResults, err = getIacScanResults(scanner) + return } func deleteJasProcessFiles(configFile string, resultFile string) error { diff --git a/xray/audit/jas/jasmanager_test.go b/xray/audit/jas/jasmanager_test.go index df4622ba8..e7a36df70 100644 --- a/xray/audit/jas/jasmanager_test.go +++ b/xray/audit/jas/jasmanager_test.go @@ -1,6 +1,7 @@ package jas import ( + "github.com/jfrog/jfrog-cli-core/v2/xray/utils" "os" "testing" @@ -71,18 +72,14 @@ func TestGetExtendedScanResults_AnalyzerManagerDoesntExist(t *testing.T) { defer func() { assert.NoError(t, os.Unsetenv(coreutils.HomeDir)) }() - extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, &fakeServerDetails, []coreutils.Technology{coreutils.Yarn}, nil) - - // Assert + scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}} + err = RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, &fakeServerDetails, nil, nil) + // Expect error: assert.Error(t, err) - assert.Nil(t, extendedResults) } func TestGetExtendedScanResults_ServerNotValid(t *testing.T) { - // Act - extendedResults, err := GetExtendedScanResults(fakeBasicXrayResults, fakeBasicDependencyGraph, nil, []coreutils.Technology{coreutils.Pip}, nil) - - // Assert - assert.NotNil(t, extendedResults) + scanResults := &utils.ExtendedScanResults{XrayResults: fakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Pip}} + err := RunScannersAndSetResults(scanResults, fakeBasicDependencyGraph, nil, nil, nil) assert.NoError(t, err) } diff --git a/xray/commands/audit/generic/auditmanager.go b/xray/commands/audit/generic/auditmanager.go index 5418e1e17..51a668544 100644 --- a/xray/commands/audit/generic/auditmanager.go +++ b/xray/commands/audit/generic/auditmanager.go @@ -17,7 +17,7 @@ import ( "github.com/jfrog/jfrog-cli-core/v2/xray/audit/python" "github.com/jfrog/jfrog-cli-core/v2/xray/audit/yarn" commandsutils "github.com/jfrog/jfrog-cli-core/v2/xray/commands/utils" - clientUtils "github.com/jfrog/jfrog-cli-core/v2/xray/utils" + xrayutils "github.com/jfrog/jfrog-cli-core/v2/xray/utils" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/services" @@ -33,14 +33,14 @@ type Params struct { installFunc func(tech string) error fixableOnly bool minSeverityFilter string - *clientUtils.GraphBasicParams + *xrayutils.GraphBasicParams xrayVersion string } func NewAuditParams() *Params { return &Params{ xrayGraphScanParams: &services.XrayGraphScanParams{}, - GraphBasicParams: &clientUtils.GraphBasicParams{}, + GraphBasicParams: &xrayutils.GraphBasicParams{}, } } @@ -65,7 +65,7 @@ func (params *Params) SetXrayGraphScanParams(xrayGraphScanParams *services.XrayG return params } -func (params *Params) SetGraphBasicParams(gbp *clientUtils.GraphBasicParams) *Params { +func (params *Params) SetGraphBasicParams(gbp *xrayutils.GraphBasicParams) *Params { params.GraphBasicParams = gbp return params } @@ -106,12 +106,11 @@ func (params *Params) SetXrayVersion(version string) *Params { type Results struct { IsMultipleRootProject bool AuditError error - ExtendedScanResults *clientUtils.ExtendedScanResults - ScannedTechnologies []coreutils.Technology + ExtendedScanResults *xrayutils.ExtendedScanResults } func NewAuditResults() *Results { - return &Results{ExtendedScanResults: &clientUtils.ExtendedScanResults{}} + return &Results{ExtendedScanResults: &xrayutils.ExtendedScanResults{}} } func (r *Results) SetAuditError(err error) *Results { @@ -123,11 +122,7 @@ func (r *Results) SetAuditError(err error) *Results { // Returns an audit Results object containing all the scan results. // If the current server is entitled for JAS, the advanced security results will be included in the scan results. func RunAudit(auditParams *Params) (results *Results, err error) { - serverDetails, err := auditParams.ServerDetails() - if err != nil { - return - } - isEntitled, xrayVersion, err := isEntitledForJas(serverDetails) + isEntitled, xrayVersion, err := isEntitledForJas(auditParams.ServerDetails()) if err != nil { return } @@ -149,9 +144,8 @@ func RunAudit(auditParams *Params) (results *Results, err error) { // Run scanners only if the user is entitled for Advanced Security if isEntitled { - xrayScanResults := results.ExtendedScanResults.XrayResults - scannedTechnologies := results.ScannedTechnologies - results.ExtendedScanResults, err = jas.GetExtendedScanResults(xrayScanResults, auditParams.FullDependenciesTree(), serverDetails, scannedTechnologies, auditParams.workingDirs) + results.ExtendedScanResults.EntitledForJas = true + err = jas.RunScannersAndSetResults(results.ExtendedScanResults, auditParams.FullDependenciesTree(), auditParams.ServerDetails(), auditParams.workingDirs, auditParams.Progress()) } return } @@ -161,12 +155,12 @@ func isEntitledForJas(serverDetails *config.ServerDetails) (entitled bool, xrayV if err != nil { return } - if !version.NewVersion(xrayVersion).AtLeast(clientUtils.EntitlementsMinVersion) { + if !version.NewVersion(xrayVersion).AtLeast(xrayutils.EntitlementsMinVersion) { log.Debug("Entitlements check for ‘Advanced Security’ package failed:") - log.Debug(coreutils.MinimumVersionMsg, coreutils.Xray, xrayVersion, clientUtils.EntitlementsMinVersion) + log.Debug(coreutils.MinimumVersionMsg, coreutils.Xray, xrayVersion, xrayutils.EntitlementsMinVersion) return } - entitled, err = xrayManager.IsEntitled(clientUtils.ApplicabilityFeatureId) + entitled, err = xrayManager.IsEntitled(xrayutils.ApplicabilityFeatureId) return } @@ -217,7 +211,7 @@ func auditMultipleWorkingDirs(params *Params) *Results { if !results.IsMultipleRootProject { results.IsMultipleRootProject = auditResults.IsMultipleRootProject } - results.ScannedTechnologies = append(results.ScannedTechnologies, auditResults.ScannedTechnologies...) + results.ExtendedScanResults.ScannedTechnologies = append(results.ExtendedScanResults.ScannedTechnologies, auditResults.ExtendedScanResults.ScannedTechnologies...) } return results } @@ -235,7 +229,7 @@ func doAudit(params *Params) *Results { return NewAuditResults().SetAuditError(err) } } - serverDetails, err := params.ServerDetails() + serverDetails := params.ServerDetails() results := NewAuditResults() if err != nil { return NewAuditResults().SetAuditError(err) @@ -266,16 +260,16 @@ func doAudit(params *Params) *Results { if !results.IsMultipleRootProject { results.IsMultipleRootProject = len(flattenTree) > 1 } - results.ScannedTechnologies = append(results.ScannedTechnologies, tech) + results.ExtendedScanResults.ScannedTechnologies = append(results.ExtendedScanResults.ScannedTechnologies, tech) } return results.SetAuditError(err) } -func GetTechDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils.Technology) (flatTree []*xrayCmdUtils.GraphNode, err error) { +func GetTechDependencyTree(params *xrayutils.GraphBasicParams, tech coreutils.Technology) (flatTree []*xrayCmdUtils.GraphNode, err error) { if params.Progress() != nil { params.Progress().SetHeadlineMsg(fmt.Sprintf("Calculating %v dependencies", tech.ToFormal())) } - serverDetails, err := params.ServerDetails() + serverDetails := params.ServerDetails() if err != nil { return } @@ -310,18 +304,14 @@ func GetTechDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils. return services.FlattenGraph(dependencyTrees) } -func getJavaDependencyTree(params *clientUtils.GraphBasicParams, tech coreutils.Technology) ([]*xrayCmdUtils.GraphNode, error) { - serverDetails, err := params.ServerDetails() - if err != nil { - return nil, err - } +func getJavaDependencyTree(params *xrayutils.GraphBasicParams, tech coreutils.Technology) ([]*xrayCmdUtils.GraphNode, error) { return java.BuildDependencyTree(&java.DependencyTreeParams{ Tool: tech, InsecureTls: params.InsecureTls(), IgnoreConfigFile: params.IgnoreConfigFile(), ExcludeTestDeps: params.ExcludeTestDependencies(), UseWrapper: params.UseWrapper(), - Server: serverDetails, + Server: params.ServerDetails(), DepsRepo: params.DepsRepo(), }) } diff --git a/xray/utils/models.go b/xray/utils/models.go index dfb6a35bc..f1f94b690 100644 --- a/xray/utils/models.go +++ b/xray/utils/models.go @@ -30,8 +30,8 @@ func (gbp *GraphBasicParams) SetFullDependenciesTree(fullDependenciesTree []*xra return gbp } -func (gbp *GraphBasicParams) ServerDetails() (*config.ServerDetails, error) { - return gbp.serverDetails, nil +func (gbp *GraphBasicParams) ServerDetails() *config.ServerDetails { + return gbp.serverDetails } func (gbp *GraphBasicParams) SetServerDetails(serverDetails *config.ServerDetails) *GraphBasicParams {