CR

jfrog · Sep 13, 2023 · f51094d · f51094d
1 parent 04432bf
commit f51094d
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 25 deletions.
diff --git a/xray/commands/audit/jas/applicability/applicabilitymanager.go b/xray/commands/audit/jas/applicability/applicabilitymanager.go
@@ -143,7 +143,6 @@ type scanConfiguration struct {
 
 func (asm *ApplicabilityScanManager) createConfigFile(workingDir string) error {
 	skipDirs := jas.SkippedDirs
-	// If set to true, remove third party folders from the scan skip list.
 	if asm.thirdPartyScan {
 		log.Debug("Including node modules in applicability scan")
 		skipDirs = removeElementFromSlice(skipDirs, jas.NodeModulesPattern)

diff --git a/xray/commands/audit/sca/yarn/yarn.go b/xray/commands/audit/sca/yarn/yarn.go
@@ -10,7 +10,7 @@ import (
 )
 
 const (
-	npmPackageTypeIdentifier = "npm://"
+	NpmPackageTypeIdentifier = "npm://"
 )
 
 func BuildDependencyTree() (dependencyTrees []*xrayUtils.GraphNode, uniqueDeps []string, err error) {
@@ -55,5 +55,5 @@ func parseYarnDependenciesMap(dependencies map[string]*biUtils.YarnDependency, r
 }
 
 func getXrayDependencyId(yarnDependency *biUtils.YarnDependency) string {
-	return npmPackageTypeIdentifier + yarnDependency.Name() + ":" + yarnDependency.Details.Version
+	return NpmPackageTypeIdentifier + yarnDependency.Name() + ":" + yarnDependency.Details.Version
 }
diff --git a/xray/commands/audit/sca/yarn/yarn_test.go b/xray/commands/audit/sca/yarn/yarn_test.go
@@ -18,30 +18,30 @@ func TestParseYarnDependenciesList(t *testing.T) {
 		"pack5@npm:5.0.0":        {Value: "pack5@npm:5.0.0", Details: biutils.YarnDepDetails{Version: "5.0.0", Dependencies: []biutils.YarnDependencyPointer{{Locator: "pack2@npm:2.0.0"}}}},
 	}
 
-	rootXrayId := npmPackageTypeIdentifier + "@jfrog/pack3:3.0.0"
+	rootXrayId := NpmPackageTypeIdentifier + "@jfrog/pack3:3.0.0"
 	expectedTree := &xrayUtils.GraphNode{
 		Id: rootXrayId,
 		Nodes: []*xrayUtils.GraphNode{
-			{Id: npmPackageTypeIdentifier + "pack1:1.0.0",
+			{Id: NpmPackageTypeIdentifier + "pack1:1.0.0",
 				Nodes: []*xrayUtils.GraphNode{
-					{Id: npmPackageTypeIdentifier + "pack4:4.0.0",
+					{Id: NpmPackageTypeIdentifier + "pack4:4.0.0",
 						Nodes: []*xrayUtils.GraphNode{}},
 				}},
-			{Id: npmPackageTypeIdentifier + "pack2:2.0.0",
+			{Id: NpmPackageTypeIdentifier + "pack2:2.0.0",
 				Nodes: []*xrayUtils.GraphNode{
-					{Id: npmPackageTypeIdentifier + "pack4:4.0.0",
+					{Id: NpmPackageTypeIdentifier + "pack4:4.0.0",
 						Nodes: []*xrayUtils.GraphNode{}},
-					{Id: npmPackageTypeIdentifier + "pack5:5.0.0",
+					{Id: NpmPackageTypeIdentifier + "pack5:5.0.0",
 						Nodes: []*xrayUtils.GraphNode{}},
 				}},
 		},
 	}
 	expectedUniqueDeps := []string{
-		npmPackageTypeIdentifier + "pack1:1.0.0",
-		npmPackageTypeIdentifier + "pack2:2.0.0",
-		npmPackageTypeIdentifier + "pack4:4.0.0",
-		npmPackageTypeIdentifier + "pack5:5.0.0",
-		npmPackageTypeIdentifier + "@jfrog/pack3:3.0.0",
+		NpmPackageTypeIdentifier + "pack1:1.0.0",
+		NpmPackageTypeIdentifier + "pack2:2.0.0",
+		NpmPackageTypeIdentifier + "pack4:4.0.0",
+		NpmPackageTypeIdentifier + "pack5:5.0.0",
+		NpmPackageTypeIdentifier + "@jfrog/pack3:3.0.0",
 	}
 
 	xrayDependenciesTree, uniqueDeps := parseYarnDependenciesMap(yarnDependencies, rootXrayId)

diff --git a/xray/utils/resultstable.go b/xray/utils/resultstable.go
@@ -2,6 +2,7 @@ package utils
 
 import (
 	"fmt"
+	"github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit/sca/yarn"
 	"os"
 	"path/filepath"
 	"sort"
@@ -27,10 +28,7 @@ const (
 	rootIndex                  = 0
 	directDependencyIndex      = 1
 	directDependencyPathLength = 2
-
-	npmPackageTypeIdentifier = "npm://"
-
-	nodeModules = "node_modules"
+	nodeModules                = "node_modules"
 )
 
 // PrintViolationsTable prints the violations in 4 tables: security violations, license compliance violations, operational risk violations and ignore rule URLs.
@@ -1030,21 +1028,19 @@ func shouldDisqualifyEvidence(components map[string]services.Component, evidence
 		if dependencyName == "" {
 			return
 		}
-		// Check macOS and Linux path
-		linuxPath := nodeModules + "/" + dependencyName
-		if strings.Contains(evidenceFilePath, linuxPath) || strings.Contains(evidenceFilePath, filepath.Join(nodeModules, dependencyName)) {
-			disqualify = true
-			return
+		// Check both Unix & Windows paths.
+		if strings.Contains(evidenceFilePath, nodeModules+"/"+dependencyName) || strings.Contains(evidenceFilePath, filepath.Join(nodeModules, dependencyName)) {
+			return true
 		}
 	}
 	return
 }
 
 func extractNpmDependencyNameFromComponent(key string) (dependencyName string) {
-	if !strings.HasPrefix(key, npmPackageTypeIdentifier) {
+	if !strings.HasPrefix(key, yarn.NpmPackageTypeIdentifier) {
 		return
 	}
-	packageAndVersion := strings.TrimPrefix(key, npmPackageTypeIdentifier)
+	packageAndVersion := strings.TrimPrefix(key, yarn.NpmPackageTypeIdentifier)
 	split := strings.Split(packageAndVersion, ":")
 	if len(split) < 2 {
 		return