From 9e46fc90553d4e67241def1e01185c6384db76bb Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 11 Jan 2024 12:13:03 +0200 Subject: [PATCH 1/5] improved and updated recursive scan detection for frogbot --- go.mod | 12 ++++++------ go.sum | 26 +++++++++++++++----------- scanpullrequest/scanpullrequest.go | 4 ++-- scanrepository/scanrepository.go | 2 +- utils/params.go | 3 +++ utils/scandetails.go | 3 ++- 6 files changed, 29 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index e98fed70c..ee4b03a8d 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/stretchr/testify v1.8.4 github.com/urfave/cli/v2 v2.27.1 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/exp v0.0.0-20231226003508-02704c960a9b + golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc gopkg.in/yaml.v3 v3.0.1 ) @@ -55,7 +55,7 @@ require ( github.com/hashicorp/go-retryablehttp v0.7.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/jedib0t/go-pretty/v6 v6.4.0 // indirect + github.com/jedib0t/go-pretty/v6 v6.5.0 // indirect github.com/jfrog/archiver/v3 v3.5.3 // indirect github.com/jfrog/jfrog-apps-config v1.0.1 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect @@ -76,7 +76,7 @@ require ( github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/pierrec/lz4/v4 v4.1.15 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/term v1.1.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/rivo/uniseg v0.4.3 // indirect @@ -107,8 +107,8 @@ require ( golang.org/x/net v0.19.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sync v0.5.0 // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.16.0 // indirect @@ -118,7 +118,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.15.3-0.20240107114345-333de0c77d95 +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231119150101-5cfbe8fca39e diff --git a/go.sum b/go.sum index 60f4d350f..434a79700 100644 --- a/go.sum +++ b/go.sum @@ -612,6 +612,8 @@ github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX7IL/m9Y5LO+KQYv+t1CQOiFe6+SV2J7bE= github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= @@ -698,6 +700,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e h1:01Xx37GqGrUBEBgJD4ZHnu4WgeEm4cFlFZ9HP01kvr8= +github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -873,8 +877,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= -github.com/jedib0t/go-pretty/v6 v6.4.0 h1:YlI/2zYDrweA4MThiYMKtGRfT+2qZOO65ulej8GTcVI= -github.com/jedib0t/go-pretty/v6 v6.4.0/go.mod h1:MgmISkTWDSFu0xOqiZ0mKNntMQ2mDgOcwOkwBEkMDJI= +github.com/jedib0t/go-pretty/v6 v6.5.0 h1:FI0L5PktzbafnZKuPae/D3150x3XfYbFe2hxMT+TbpA= +github.com/jedib0t/go-pretty/v6 v6.5.0/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs= github.com/jfrog/archiver/v3 v3.5.3 h1:Udz6+z/YIhTFmcEp1TeW2DEwNyo7JSAnrGUsrbL2FZI= github.com/jfrog/archiver/v3 v3.5.3/go.mod h1:/MbmBhPzkliu9PtweAg9lCYHGcKdapwMMZS/QS09T5c= github.com/jfrog/build-info-go v1.9.20 h1:tQF6EMjt/EEX8syTrgpL/c7FjhlBSjtv848jNvxpMp8= @@ -885,8 +889,6 @@ github.com/jfrog/gofrog v1.4.1 h1:jz4kXBdsvVCNRDVkGLRiZIQ+uTO6/DSxQ9LjfvmLfoY= github.com/jfrog/gofrog v1.4.1/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.47.10 h1:14d6nQBU4zVV2c6ieH7pc/efDKybIgW0RnoXcsaU28A= -github.com/jfrog/jfrog-cli-core/v2 v2.47.10/go.mod h1:ZcyEfF9CuSsLCx1XiVd1xbwUdHlLH6Y6zvuXVipn+SE= github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk= github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= @@ -974,8 +976,8 @@ github.com/pierrec/lz4/v4 v4.1.15 h1:MO0/ucJhngq7299dKLwIMtgTfbkoSPF6AoMYDd8Q4q0 github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= -github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= +github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -1052,6 +1054,7 @@ github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= github.com/urfave/cli/v2 v2.27.1 h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho= github.com/urfave/cli/v2 v2.27.1/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= +github.com/vbauerster/mpb/v7 v7.5.3 h1:BkGfmb6nMrrBQDFECR/Q7RkKCw7ylMetCb4079CGs4w= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/xanzy/go-gitlab v0.95.2 h1:4p0IirHqEp5f0baK/aQqr4TR57IsD+8e4fuyAA1yi88= @@ -1129,8 +1132,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4= -golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM= +golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1341,7 +1344,6 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1379,8 +1381,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1391,8 +1394,9 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go index 940132542..09ed8ea22 100644 --- a/scanpullrequest/scanpullrequest.go +++ b/scanpullrequest/scanpullrequest.go @@ -154,7 +154,7 @@ func auditPullRequestInProject(repoConfig *utils.Repository, scanDetails *utils. var sourceResults *xrayutils.Results workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, sourceBranchWd) log.Info("Scanning source branch...") - sourceResults, err = scanDetails.RunInstallAndAudit(workingDirs...) + sourceResults, err = scanDetails.RunInstallAndAudit(workingDirs...) //TODO ERAN entry point 3 if err != nil { return } @@ -197,7 +197,7 @@ func auditTargetBranch(repoConfig *utils.Repository, scanDetails *utils.ScanDeta var targetResults *xrayutils.Results workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, targetBranchWd) log.Info("Scanning target branch...") - targetResults, err = scanDetails.RunInstallAndAudit(workingDirs...) + targetResults, err = scanDetails.RunInstallAndAudit(workingDirs...) //TODO ERAN entry point 2 if err != nil { return } diff --git a/scanrepository/scanrepository.go b/scanrepository/scanrepository.go index badb1d3a0..48fa4f63b 100644 --- a/scanrepository/scanrepository.go +++ b/scanrepository/scanrepository.go @@ -158,7 +158,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er // Audit the dependencies of the current commit. func (cfp *ScanRepositoryCmd) scan(currentWorkingDir string) (*xrayutils.Results, error) { // Audit commit code - auditResults, err := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir) + auditResults, err := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir) // TODO ERAN entry point 1 if err != nil { return nil, err } diff --git a/utils/params.go b/utils/params.go index 747966d88..f247f1c43 100644 --- a/utils/params.go +++ b/utils/params.go @@ -85,13 +85,16 @@ type Project struct { DepsRepo string `yaml:"repository,omitempty"` InstallCommandName string InstallCommandArgs []string + ApplyRecursiveScan bool } func (p *Project) setDefaultsIfNeeded() error { + // TODO ERAN : this is where we suppose to fix it for frogbot (michael) if len(p.WorkingDirs) == 0 { workingDir := getTrimmedEnv(WorkingDirectoryEnv) if workingDir == "" { workingDir = RootDir + p.ApplyRecursiveScan = true } p.WorkingDirs = append(p.WorkingDirs, workingDir) } diff --git a/utils/scandetails.go b/utils/scandetails.go index 42c7eff83..1cf6dcd37 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -123,7 +123,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetExclusions(sc.PathExclusions). SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). - SetGraphBasicParams(auditBasicParams) + SetGraphBasicParams(auditBasicParams). + SetApplyRecursiveScan(sc.ApplyRecursiveScan) // TODO ERAN : set applyRecursiveScan here auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { From a124bb4757f74eeb14899a8d33c291823c25cae4 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 11 Jan 2024 12:39:40 +0200 Subject: [PATCH 2/5] added a check in a test and deleted comments --- scanpullrequest/scanpullrequest.go | 4 ++-- scanrepository/scanrepository.go | 2 +- utils/params.go | 1 - utils/params_test.go | 2 ++ utils/scandetails.go | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go index 09ed8ea22..940132542 100644 --- a/scanpullrequest/scanpullrequest.go +++ b/scanpullrequest/scanpullrequest.go @@ -154,7 +154,7 @@ func auditPullRequestInProject(repoConfig *utils.Repository, scanDetails *utils. var sourceResults *xrayutils.Results workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, sourceBranchWd) log.Info("Scanning source branch...") - sourceResults, err = scanDetails.RunInstallAndAudit(workingDirs...) //TODO ERAN entry point 3 + sourceResults, err = scanDetails.RunInstallAndAudit(workingDirs...) if err != nil { return } @@ -197,7 +197,7 @@ func auditTargetBranch(repoConfig *utils.Repository, scanDetails *utils.ScanDeta var targetResults *xrayutils.Results workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, targetBranchWd) log.Info("Scanning target branch...") - targetResults, err = scanDetails.RunInstallAndAudit(workingDirs...) //TODO ERAN entry point 2 + targetResults, err = scanDetails.RunInstallAndAudit(workingDirs...) if err != nil { return } diff --git a/scanrepository/scanrepository.go b/scanrepository/scanrepository.go index 48fa4f63b..badb1d3a0 100644 --- a/scanrepository/scanrepository.go +++ b/scanrepository/scanrepository.go @@ -158,7 +158,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er // Audit the dependencies of the current commit. func (cfp *ScanRepositoryCmd) scan(currentWorkingDir string) (*xrayutils.Results, error) { // Audit commit code - auditResults, err := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir) // TODO ERAN entry point 1 + auditResults, err := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir) if err != nil { return nil, err } diff --git a/utils/params.go b/utils/params.go index f247f1c43..254aaf714 100644 --- a/utils/params.go +++ b/utils/params.go @@ -89,7 +89,6 @@ type Project struct { } func (p *Project) setDefaultsIfNeeded() error { - // TODO ERAN : this is where we suppose to fix it for frogbot (michael) if len(p.WorkingDirs) == 0 { workingDir := getTrimmedEnv(WorkingDirectoryEnv) if workingDir == "" { diff --git a/utils/params_test.go b/utils/params_test.go index 72300db1e..d9a331f20 100644 --- a/utils/params_test.go +++ b/utils/params_test.go @@ -432,6 +432,7 @@ func TestExtractProjectParamsFromEnv(t *testing.T) { assert.Equal(t, "", project.PipRequirementsFile) assert.Equal(t, "", project.InstallCommandName) assert.Equal(t, []string(nil), project.InstallCommandArgs) + assert.True(t, project.ApplyRecursiveScan) // Test value extraction SetEnvAndAssert(t, map[string]string{ @@ -451,6 +452,7 @@ func TestExtractProjectParamsFromEnv(t *testing.T) { assert.Equal(t, "nuget", project.InstallCommandName) assert.Equal(t, []string{"restore"}, project.InstallCommandArgs) assert.Equal(t, "repository", project.DepsRepo) + assert.False(t, project.ApplyRecursiveScan) } func TestFrogbotConfigAggregator_unmarshalFrogbotConfigYaml(t *testing.T) { diff --git a/utils/scandetails.go b/utils/scandetails.go index 1cf6dcd37..5a411a206 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -124,7 +124,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). - SetApplyRecursiveScan(sc.ApplyRecursiveScan) // TODO ERAN : set applyRecursiveScan here + SetApplyRecursiveScan(sc.ApplyRecursiveScan) auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { From feaaf4eff5760aadd017d5c43d8a701636f01404 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 17:37:50 +0200 Subject: [PATCH 3/5] pr fixes --- utils/params.go | 7 +++++-- utils/params_test.go | 4 ++-- utils/scandetails.go | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/utils/params.go b/utils/params.go index 254aaf714..a024b3e07 100644 --- a/utils/params.go +++ b/utils/params.go @@ -85,15 +85,18 @@ type Project struct { DepsRepo string `yaml:"repository,omitempty"` InstallCommandName string InstallCommandArgs []string - ApplyRecursiveScan bool + IsRecursiveScan bool } func (p *Project) setDefaultsIfNeeded() error { if len(p.WorkingDirs) == 0 { workingDir := getTrimmedEnv(WorkingDirectoryEnv) if workingDir == "" { + + // If no working directories are provided, and none exist in the environment variable, we designate the project's root directory as our sole working directory. + // We then execute a recursive scan across the entire project, commencing from the root. workingDir = RootDir - p.ApplyRecursiveScan = true + p.IsRecursiveScan = true } p.WorkingDirs = append(p.WorkingDirs, workingDir) } diff --git a/utils/params_test.go b/utils/params_test.go index d9a331f20..9dac92353 100644 --- a/utils/params_test.go +++ b/utils/params_test.go @@ -432,7 +432,7 @@ func TestExtractProjectParamsFromEnv(t *testing.T) { assert.Equal(t, "", project.PipRequirementsFile) assert.Equal(t, "", project.InstallCommandName) assert.Equal(t, []string(nil), project.InstallCommandArgs) - assert.True(t, project.ApplyRecursiveScan) + assert.True(t, project.IsRecursiveScan) // Test value extraction SetEnvAndAssert(t, map[string]string{ @@ -452,7 +452,7 @@ func TestExtractProjectParamsFromEnv(t *testing.T) { assert.Equal(t, "nuget", project.InstallCommandName) assert.Equal(t, []string{"restore"}, project.InstallCommandArgs) assert.Equal(t, "repository", project.DepsRepo) - assert.False(t, project.ApplyRecursiveScan) + assert.False(t, project.IsRecursiveScan) } func TestFrogbotConfigAggregator_unmarshalFrogbotConfigYaml(t *testing.T) { diff --git a/utils/scandetails.go b/utils/scandetails.go index 5a411a206..d3d1ea443 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -124,7 +124,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). - SetApplyRecursiveScan(sc.ApplyRecursiveScan) + SetApplyRecursiveScan(sc.IsRecursiveScan) auditResults, err = audit.RunAudit(auditParams) if auditResults != nil { From 40794d2439cc1f8d7f6df7805212fd98c620ca8a Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Tue, 16 Jan 2024 09:52:49 +0200 Subject: [PATCH 4/5] updated go.mod to latest dev --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ee4b03a8d..8eb2b0935 100644 --- a/go.mod +++ b/go.mod @@ -118,7 +118,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231119150101-5cfbe8fca39e diff --git a/go.sum b/go.sum index 434a79700..c8e554225 100644 --- a/go.sum +++ b/go.sum @@ -700,8 +700,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e h1:01Xx37GqGrUBEBgJD4ZHnu4WgeEm4cFlFZ9HP01kvr8= -github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240111095257-687fabc3ce4e/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -889,6 +887,8 @@ github.com/jfrog/gofrog v1.4.1 h1:jz4kXBdsvVCNRDVkGLRiZIQ+uTO6/DSxQ9LjfvmLfoY= github.com/jfrog/gofrog v1.4.1/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc h1:YAW8UfyS3lKchgXgPMSYIIrUu0q4FM3ovpNc3Mc0/1A= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk= github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= From 72ed3c3fbe14a33484975bc488c5e565db7c1206 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Tue, 16 Jan 2024 10:11:23 +0200 Subject: [PATCH 5/5] fix incorrect method name --- utils/scandetails.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/scandetails.go b/utils/scandetails.go index d3d1ea443..96d3afa8d 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -124,7 +124,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetMinSeverityFilter(sc.MinSeverityFilter()). SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). - SetApplyRecursiveScan(sc.IsRecursiveScan) + SetIsRecursiveScan(sc.IsRecursiveScan) auditResults, err = audit.RunAudit(auditParams) if auditResults != nil {