Skip to content

Commit

Permalink
Add Xray Source Control Service (#940)
Browse files Browse the repository at this point in the history
  • Loading branch information
EyalDelarea authored Sep 11, 2023
1 parent 257da28 commit d1f16cf
Show file tree
Hide file tree
Showing 9 changed files with 29 additions and 17 deletions.
4 changes: 1 addition & 3 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ require (
github.com/jedib0t/go-pretty/v6 v6.4.7
github.com/jfrog/build-info-go v1.9.10
github.com/jfrog/gofrog v1.3.0
github.com/jfrog/jfrog-client-go v1.31.6
github.com/jfrog/jfrog-client-go v1.32.1
github.com/magiconair/properties v1.8.7
github.com/manifoldco/promptui v0.9.0
github.com/owenrumney/go-sarif/v2 v2.2.0
Expand Down Expand Up @@ -93,8 +93,6 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
)

replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230910192358-6994626b2069

// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230905120411-62d1bdd4eb38

// replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.6-0.20230418122323-2bf299dd6d27
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -198,8 +198,8 @@ github.com/jfrog/build-info-go v1.9.10 h1:uXnDLVxpqxoAMpXcki00QaBB+M2BoGMMpHODPk
github.com/jfrog/build-info-go v1.9.10/go.mod h1:ujJ8XQZMdT2tMkLSMJNyDd1pCY+duwHdjV+9or9FLIg=
github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
github.com/jfrog/jfrog-client-go v1.28.1-0.20230910192358-6994626b2069 h1:vk+P6jK4Zv8+F44ZnRxXUPT14BQxjJtNKdpGdemci7A=
github.com/jfrog/jfrog-client-go v1.28.1-0.20230910192358-6994626b2069/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg=
github.com/jfrog/jfrog-client-go v1.32.1 h1:RQmuPSLsF5222vZJzwkgHSZMMJF83ExS7SwIvh4P+H8=
github.com/jfrog/jfrog-client-go v1.32.1/go.mod h1:362+oa7uTTYurzBs1L0dmUTlLo7uhpAU/pwM5Zb9clg=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
Expand Down
5 changes: 2 additions & 3 deletions xray/commands/audit/audit.go
Original file line number Diff line number Diff line change
Expand Up @@ -158,8 +158,7 @@ func RunAudit(auditParams *AuditParams) (results *Results, err error) {
return
}
var xrayManager *xray.XrayServicesManager
xrayManager, auditParams.xrayVersion, err = xrayutils.CreateXrayServiceManagerAndGetVersion(serverDetails)
if err != nil {
if xrayManager, auditParams.xrayVersion, err = xrayutils.CreateXrayServiceManagerAndGetVersion(serverDetails); err != nil {
return
}
if err = clientutils.ValidateMinimumVersion(clientutils.Xray, auditParams.xrayVersion, scangraph.GraphScanMinXrayVersion); err != nil {
Expand Down Expand Up @@ -187,7 +186,7 @@ func RunAudit(auditParams *AuditParams) (results *Results, err error) {

// Run scanners only if the user is entitled for Advanced Security
if results.ExtendedScanResults.EntitledForJas {
results.JasError = runJasScannersAndSetResults(results.ExtendedScanResults, auditParams.DirectDependencies(), serverDetails, auditParams.workingDirs, auditParams.Progress())
results.JasError = runJasScannersAndSetResults(results.ExtendedScanResults, auditParams.DirectDependencies(), serverDetails, auditParams.workingDirs, auditParams.Progress(), auditParams.xrayGraphScanParams.MultiScanId)
}
return
}
Expand Down
5 changes: 3 additions & 2 deletions xray/commands/audit/jas/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ type JasScanner struct {
ScannerDirCleanupFunc func() error
}

func NewJasScanner(workingDirs []string, serverDetails *config.ServerDetails) (scanner *JasScanner, err error) {
func NewJasScanner(workingDirs []string, serverDetails *config.ServerDetails, multiScanId string) (scanner *JasScanner, err error) {
scanner = &JasScanner{}
if scanner.AnalyzerManager.AnalyzerManagerFullPath, err = utils.GetAnalyzerManagerExecutable(); err != nil {
return
Expand All @@ -57,6 +57,7 @@ func NewJasScanner(workingDirs []string, serverDetails *config.ServerDetails) (s
scanner.ConfigFileName = filepath.Join(tempDir, "config.yaml")
scanner.ResultsFileName = filepath.Join(tempDir, "results.sarif")
scanner.WorkingDirs, err = coreutils.GetFullPathsWorkingDirs(workingDirs)
scanner.AnalyzerManager.MultiScanId = multiScanId
return
}

Expand Down Expand Up @@ -181,7 +182,7 @@ var FakeBasicXrayResults = []services.ScanResponse{

func InitJasTest(t *testing.T, workingDirs ...string) (*JasScanner, func()) {
assert.NoError(t, rtutils.DownloadAnalyzerManagerIfNeeded())
scanner, err := NewJasScanner(workingDirs, &FakeServerDetails)
scanner, err := NewJasScanner(workingDirs, &FakeServerDetails, "")
assert.NoError(t, err)
return scanner, func() {
assert.NoError(t, scanner.ScannerDirCleanupFunc())
Expand Down
4 changes: 2 additions & 2 deletions xray/commands/audit/jasrunner.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@ import (
)

func runJasScannersAndSetResults(scanResults *utils.ExtendedScanResults, directDependencies []string,
serverDetails *config.ServerDetails, workingDirs []string, progress io.ProgressMgr) (err error) {
serverDetails *config.ServerDetails, workingDirs []string, progress io.ProgressMgr, multiScanId string) (err error) {
if serverDetails == nil || len(serverDetails.Url) == 0 {
log.Warn("To include 'Advanced Security' scan as part of the audit output, please run the 'jf c add' command before running this command.")
return
}
scanner, err := jas.NewJasScanner(workingDirs, serverDetails)
scanner, err := jas.NewJasScanner(workingDirs, serverDetails, multiScanId)
if err != nil {
return
}
Expand Down
6 changes: 3 additions & 3 deletions xray/commands/audit/jasrunner_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,22 +22,22 @@ func TestGetExtendedScanResults_AnalyzerManagerDoesntExist(t *testing.T) {
assert.NoError(t, os.Unsetenv(coreutils.HomeDir))
}()
scanResults := &utils.ExtendedScanResults{XrayResults: jas.FakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}}
err = runJasScannersAndSetResults(scanResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, &jas.FakeServerDetails, nil, nil)
err = runJasScannersAndSetResults(scanResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, &jas.FakeServerDetails, nil, nil, "")
// Expect error:
assert.Error(t, err)
}

func TestGetExtendedScanResults_ServerNotValid(t *testing.T) {
scanResults := &utils.ExtendedScanResults{XrayResults: jas.FakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Pip}}
err := runJasScannersAndSetResults(scanResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, nil, nil, nil)
err := runJasScannersAndSetResults(scanResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, nil, nil, nil, "")
assert.NoError(t, err)
}

func TestGetExtendedScanResults_AnalyzerManagerReturnsError(t *testing.T) {
mockDirectDependencies := []string{"issueId_2_direct_dependency", "issueId_1_direct_dependency"}
assert.NoError(t, rtutils.DownloadAnalyzerManagerIfNeeded())
scanResults := &utils.ExtendedScanResults{XrayResults: jas.FakeBasicXrayResults, ScannedTechnologies: []coreutils.Technology{coreutils.Yarn}}
err := runJasScannersAndSetResults(scanResults, mockDirectDependencies, &jas.FakeServerDetails, nil, nil)
err := runJasScannersAndSetResults(scanResults, mockDirectDependencies, &jas.FakeServerDetails, nil, nil, "")

// Expect error:
assert.ErrorContains(t, err, "failed to run Applicability scan")
Expand Down
4 changes: 4 additions & 0 deletions xray/commands/audit/sca/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ func populateXrayDependencyTree(currNode *xrayUtils.GraphNode, treeHelper map[st

func RunXrayDependenciesTreeScanGraph(dependencyTree *xrayUtils.GraphNode, progress ioUtils.ProgressMgr, technology coreutils.Technology, scanGraphParams *scangraph.ScanGraphParams) (results []services.ScanResponse, err error) {
scanGraphParams.XrayGraphScanParams().DependenciesGraph = dependencyTree
xscGitInfoContext := scanGraphParams.XrayGraphScanParams().XscGitInfoContext
if xscGitInfoContext != nil {
xscGitInfoContext.Technologies = []string{technology.ToString()}
}
scanMessage := fmt.Sprintf("Scanning %d %s dependencies", len(dependencyTree.Nodes), technology)
if progress != nil {
progress.SetHeadlineMsg(scanMessage)
Expand Down
11 changes: 10 additions & 1 deletion xray/scangraph/scangraph.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,20 @@ func RunScanGraphAndGetResults(params *ScanGraphParams) (*services.ScanResponse,
// Remove scan type param if Xray version is under the minimum supported version
params.xrayGraphScanParams.ScanType = ""
}

if params.xrayGraphScanParams.XscGitInfoContext != nil {
if params.xrayGraphScanParams.XscVersion, err = xrayManager.XscEnabled(); err != nil {
return nil, err
}
}

scanId, err := xrayManager.ScanGraph(*params.xrayGraphScanParams)
if err != nil {
return nil, err
}
scanResult, err := xrayManager.GetScanGraphResults(scanId, params.XrayGraphScanParams().IncludeVulnerabilities, params.XrayGraphScanParams().IncludeLicenses)

xscEnabled := params.xrayGraphScanParams.XscVersion != ""
scanResult, err := xrayManager.GetScanGraphResults(scanId, params.XrayGraphScanParams().IncludeVulnerabilities, params.XrayGraphScanParams().IncludeLicenses, xscEnabled)
if err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion xray/utils/analyzermanager.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,13 +89,14 @@ func (e *ExtendedScanResults) getXrayScanResults() []services.ScanResponse {

type AnalyzerManager struct {
AnalyzerManagerFullPath string
MultiScanId string
}

func (am *AnalyzerManager) Exec(configFile, scanCommand, workingDir string, serverDetails *config.ServerDetails) (err error) {
if err = SetAnalyzerManagerEnvVariables(serverDetails); err != nil {
return err
}
cmd := exec.Command(am.AnalyzerManagerFullPath, scanCommand, configFile)
cmd := exec.Command(am.AnalyzerManagerFullPath, scanCommand, configFile, am.MultiScanId)
defer func() {
if !cmd.ProcessState.Exited() {
if killProcessError := cmd.Process.Kill(); errorutils.CheckError(killProcessError) != nil {
Expand Down

0 comments on commit d1f16cf

Please sign in to comment.