renames

jfrog · Sep 11, 2023 · ad5ad84 · ad5ad84
1 parent ba31175
commit ad5ad84
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 29 deletions.
diff --git a/xray/commands/audit/audit.go b/xray/commands/audit/audit.go
@@ -92,7 +92,7 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetMinSeverityFilter(auditCmd.minSeverityFilter).
 		SetFixableOnly(auditCmd.fixableOnly).
 		SetGraphBasicParams(auditCmd.AuditBasicParams).
-		SetThirdPartyContextualAnalysis(auditCmd.thirdPartyContextualAnalysis)
+		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan)
 	auditResults, err := RunAudit(auditParams)
 	if err != nil {
 		return
@@ -188,7 +188,7 @@ func RunAudit(auditParams *AuditParams) (results *Results, err error) {
 
 	// Run scanners only if the user is entitled for Advanced Security
 	if results.ExtendedScanResults.EntitledForJas {
-		results.JasError = runJasScannersAndSetResults(results.ExtendedScanResults, auditParams.DirectDependencies(), serverDetails, auditParams.workingDirs, auditParams.thirdPartyContextualAnalysis,auditParams.Progress())
+		results.JasError = runJasScannersAndSetResults(results.ExtendedScanResults, auditParams.DirectDependencies(), serverDetails, auditParams.workingDirs, auditParams.thirdPartyApplicabilityScan, auditParams.Progress())
 	}
 	return
 }

diff --git a/xray/commands/audit/auditparams.go b/xray/commands/audit/auditparams.go
@@ -12,9 +12,9 @@ type AuditParams struct {
 	fixableOnly         bool
 	minSeverityFilter   string
 	*xrayutils.AuditBasicParams
-	xrayVersion                 string
-	// Third party dependencies source code is included in the applicability scanner
-	thirdPartyContextualAnalysis bool
+	xrayVersion string
+	// Include third party dependencies source code in the applicability scan.
+	thirdPartyApplicabilityScan bool
 }
 
 func NewAuditParams() *AuditParams {
@@ -78,7 +78,7 @@ func (params *AuditParams) SetMinSeverityFilter(minSeverityFilter string) *Audit
 	return params
 }
 
-func (params *AuditParams) SetThirdPartyContextualAnalysis(include bool) *AuditParams {
-	params.thirdPartyContextualAnalysis = include
+func (params *AuditParams) SetThirdPartyApplicabilityScan(includeThirdPartyDeps bool) *AuditParams {
+	params.thirdPartyApplicabilityScan = includeThirdPartyDeps
 	return params
 }
diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager.go b/xray/commands/audit/jas/applicability/applicabilitymanager.go
@@ -22,11 +22,11 @@ const (
 
 type ApplicabilityScanManager struct {
 	applicabilityScanResults []*sarif.Run
-	dependencyWhitelist      []string
+	cvesWhitelist            []string
 	xrayResults              []services.ScanResponse
 	scanner                  *jas.JasScanner
 	// Include third party dependencies source code in the scan
-	thirdPartyContextualAnalysis bool
+	thirdPartyApplicablityScan bool
 }
 
 // The getApplicabilityScanResults function runs the applicability scan flow, which includes the following steps:
@@ -54,20 +54,20 @@ func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencie
 }
 
 func newApplicabilityScanManager(xrayScanResults []services.ScanResponse, directDependencies []string, scanner *jas.JasScanner, thirdPartyContextualAnalysis bool) (manager *ApplicabilityScanManager) {
-	dependencyWhitelist := prepareDependenciesCvesWhitelist(xrayScanResults, directDependencies, thirdPartyContextualAnalysis)
+	dependencyWhitelist := prepareCvesWhitelist(xrayScanResults, directDependencies, thirdPartyContextualAnalysis)
 	return &ApplicabilityScanManager{
-		applicabilityScanResults:     []*sarif.Run{},
-		dependencyWhitelist:          dependencyWhitelist,
-		xrayResults:                  xrayScanResults,
-		scanner:                      scanner,
-		thirdPartyContextualAnalysis: thirdPartyContextualAnalysis,
+		applicabilityScanResults:   []*sarif.Run{},
+		cvesWhitelist:              dependencyWhitelist,
+		xrayResults:                xrayScanResults,
+		scanner:                    scanner,
+		thirdPartyApplicablityScan: thirdPartyContextualAnalysis,
 	}
 }
 
 // Prepares a list of CVES for the scanner to scan.
-// In most cases, we will send only direct dependencies to the whitelist
+// In most cases, we will send only direct dependencies to the cve whitelist
 // Except when ThirdPartyContextualAnalysis is set to true.
-func prepareDependenciesCvesWhitelist(xrayScanResults []services.ScanResponse, directDependencies []string, thirdPartyContextualAnalysis bool) []string {
+func prepareCvesWhitelist(xrayScanResults []services.ScanResponse, directDependencies []string, thirdPartyContextualAnalysis bool) []string {
 	whitelistCves := datastructures.MakeSet[string]()
 	for _, scanResult := range xrayScanResults {
 		for _, vulnerability := range scanResult.Vulnerabilities {
@@ -89,7 +89,6 @@ func prepareDependenciesCvesWhitelist(xrayScanResults []services.ScanResponse, d
 			}
 		}
 	}
-
 	return whitelistCves.ToSlice()
 }
 
@@ -108,7 +107,7 @@ func (asm *ApplicabilityScanManager) Run(wd string) (err error) {
 	} else {
 		log.Info("Running applicability scanning...")
 	}
-	if err = asm.createConfigFile(wd, asm.thirdPartyContextualAnalysis); err != nil {
+	if err = asm.createConfigFile(wd, asm.thirdPartyApplicablityScan); err != nil {
 		return
 	}
 	if err = asm.runAnalyzerManager(); err != nil {
@@ -123,7 +122,7 @@ func (asm *ApplicabilityScanManager) Run(wd string) (err error) {
 }
 
 func (asm *ApplicabilityScanManager) directDependenciesExist() bool {
-	return len(asm.dependencyWhitelist) > 0
+	return len(asm.cvesWhitelist) > 0
 }
 
 func (asm *ApplicabilityScanManager) shouldRunApplicabilityScan(technologies []coreutils.Technology) bool {
@@ -156,7 +155,7 @@ func (asm *ApplicabilityScanManager) createConfigFile(workingDir string, thirdPa
 				Output:       asm.scanner.ResultsFileName,
 				Type:         applicabilityScanType,
 				GrepDisable:  false,
-				CveWhitelist: asm.dependencyWhitelist,
+				CveWhitelist: asm.cvesWhitelist,
 				SkippedDirs:  skipDirs,
 			},
 		},

diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager_test.go b/xray/commands/audit/jas/applicability/applicabilitymanager_test.go
@@ -23,7 +23,7 @@ func TestNewApplicabilityScanManager_InputIsValid(t *testing.T) {
 	if assert.NotNil(t, applicabilityManager) {
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
-		assert.Len(t, applicabilityManager.dependencyWhitelist, 5)
+		assert.Len(t, applicabilityManager.cvesWhitelist, 5)
 	}
 }
 
@@ -39,7 +39,7 @@ func TestNewApplicabilityScanManager_DependencyTreeDoesntExist(t *testing.T) {
 		assert.Len(t, applicabilityManager.scanner.WorkingDirs, 1)
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
-		assert.Empty(t, applicabilityManager.dependencyWhitelist)
+		assert.Empty(t, applicabilityManager.cvesWhitelist)
 	}
 }
 
@@ -75,7 +75,7 @@ func TestNewApplicabilityScanManager_NoDirectDependenciesInScan(t *testing.T) {
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
 		// Non-direct dependencies should not be added
-		assert.Empty(t, applicabilityManager.dependencyWhitelist)
+		assert.Empty(t, applicabilityManager.cvesWhitelist)
 	}
 }
 
@@ -90,7 +90,7 @@ func TestNewApplicabilityScanManager_MultipleDependencyTrees(t *testing.T) {
 	if assert.NotNil(t, applicabilityManager) {
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
-		assert.Len(t, applicabilityManager.dependencyWhitelist, 5)
+		assert.Len(t, applicabilityManager.cvesWhitelist, 5)
 	}
 }
 
@@ -116,7 +116,7 @@ func TestNewApplicabilityScanManager_ViolationsDontExistInResults(t *testing.T)
 	if assert.NotNil(t, applicabilityManager) {
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
-		assert.Len(t, applicabilityManager.dependencyWhitelist, 3)
+		assert.Len(t, applicabilityManager.cvesWhitelist, 3)
 	}
 }
 
@@ -142,7 +142,7 @@ func TestNewApplicabilityScanManager_VulnerabilitiesDontExist(t *testing.T) {
 	if assert.NotNil(t, applicabilityManager) {
 		assert.NotEmpty(t, applicabilityManager.scanner.ConfigFileName)
 		assert.NotEmpty(t, applicabilityManager.scanner.ResultsFileName)
-		assert.Len(t, applicabilityManager.dependencyWhitelist, 2)
+		assert.Len(t, applicabilityManager.cvesWhitelist, 2)
 	}
 }
 
@@ -196,7 +196,7 @@ func TestExtractXrayDirectViolations(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		cves := prepareDependenciesCvesWhitelist(xrayResponseForDirectViolationsTest, test.directDependencies,false)
+		cves := prepareCvesWhitelist(xrayResponseForDirectViolationsTest, test.directDependencies, false)
 		assert.Len(t, cves, test.cvesCount)
 	}
 }
@@ -237,7 +237,7 @@ func TestExtractXrayDirectVulnerabilities(t *testing.T) {
 	}
 
 	for _, test := range tests {
-		assert.Len(t, prepareDependenciesCvesWhitelist(xrayResponseForDirectVulnerabilitiesTest, test.directDependencies,false), test.cvesCount)
+		assert.Len(t, prepareCvesWhitelist(xrayResponseForDirectVulnerabilitiesTest, test.directDependencies, false), test.cvesCount)
 	}
 }