From 7903e897a1b41a151c0afee3493a7a42fc3e6b6d Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 16:59:39 +0200 Subject: [PATCH 1/7] added an integration test to test recursive scan over a directory with multiple inner projects --- go.mod | 2 +- go.sum | 4 ++-- xray_test.go | 43 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c0459a6cc..d158dccc7 100644 --- a/go.mod +++ b/go.mod @@ -128,7 +128,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231220102935-c8776c613ad8 diff --git a/go.sum b/go.sum index 09ec6fdbc..24686d100 100644 --- a/go.sum +++ b/go.sum @@ -82,6 +82,8 @@ github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdf github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= +github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f h1:ITeTZDkUYBKojU4IidvbcDVexpocAt7CuAjMLcW7gto= +github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -135,8 +137,6 @@ github.com/jfrog/gofrog v1.5.0 h1:OLaXpNaEniliE4Kq8lJ5evVYzzt3zdYtpMIBu6TO++c= github.com/jfrog/gofrog v1.5.0/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f h1:UETEUtFCOm0bhd7AeRgaf9QxPsSgnPgHgjfo7OHOOXQ= -github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240110073910-2461fe7e7b4f/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk= github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= github.com/jszwec/csvutil v1.9.0 h1:iTmq9G1P0e+AUq/MkFg6tetJ+1BH3fOX8Xi0RAcwiGc= diff --git a/xray_test.go b/xray_test.go index 8e19cd5b6..0cba96e7b 100644 --- a/xray_test.go +++ b/xray_test.go @@ -5,6 +5,7 @@ import ( "errors" "flag" "fmt" + "github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit" "net/http" "net/http/httptest" "os" @@ -1123,3 +1124,45 @@ func clearOrRedirectLocalCacheIfNeeded(t *testing.T, projectType project.Project } return } + +func TestXrayRecursiveScan(t *testing.T) { + initXrayTest(t, "") + + tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t) + defer createTempDirCallback() + + // Creating an inner NPM project + npmDirPath, err := os.MkdirTemp(tempDirPath, "npm-project") + assert.NoError(t, err) + npmProjectToCopyPath := filepath.Join("testdata", "npm", "npmproject") + assert.NoError(t, biutils.CopyDir(npmProjectToCopyPath, npmDirPath, true, nil)) + + // Creating an inner .NET project + dotnetDirPath, err := os.MkdirTemp(tempDirPath, "dotnet-project") + assert.NoError(t, err) + dotnetProjectToCopyPath := filepath.Join("testdata", "nuget", "simple-dotnet") + assert.NoError(t, biutils.CopyDir(dotnetProjectToCopyPath, dotnetDirPath, true, nil)) + + expectedScannedTechs := []coreutils.Technology{coreutils.Npm, coreutils.Nuget} + expectedScannedWorkingDirs := []string{npmDirPath, dotnetDirPath} + + server := serverDetails + server.XrayUrl = serverDetails.Url + tests.XrayEndpoint + + auditBasicParams := (&utils.AuditBasicParams{}).SetServerDetails(server) + auditParams := audit.NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{tempDirPath}).SetGraphBasicParams(auditBasicParams) + + // We expect for a recursive scan to be performed so the inner NPM project and the inner .NET project will be scanned + results, err := audit.RunAudit(auditParams) + assert.Len(t, results.ScaResults, 2) + + var scannedTechs []coreutils.Technology + var scannedWorkingDirs []string + for _, scaResult := range results.ScaResults { + scannedTechs = append(scannedTechs, scaResult.Technology) + scannedWorkingDirs = append(scannedWorkingDirs, scaResult.WorkingDirectory) + } + + assert.Equal(t, expectedScannedTechs, scannedTechs) + assert.Equal(t, expectedScannedWorkingDirs, scannedWorkingDirs) +} From 96671dd01de486a398ac60a17dc481bb2787a107 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 17:05:48 +0200 Subject: [PATCH 2/7] fix --- xray_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/xray_test.go b/xray_test.go index 0cba96e7b..a0ac4396f 100644 --- a/xray_test.go +++ b/xray_test.go @@ -1154,6 +1154,7 @@ func TestXrayRecursiveScan(t *testing.T) { // We expect for a recursive scan to be performed so the inner NPM project and the inner .NET project will be scanned results, err := audit.RunAudit(auditParams) + assert.NoError(t, err) assert.Len(t, results.ScaResults, 2) var scannedTechs []coreutils.Technology From ffbda8ca5c2625d63756dba030cd4e5de7c3bcba Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 17:16:13 +0200 Subject: [PATCH 3/7] fix --- build/bump-version.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/build/bump-version.sh b/build/bump-version.sh index 03a00bae4..755b25ff4 100755 --- a/build/bump-version.sh +++ b/build/bump-version.sh @@ -7,6 +7,7 @@ populateFromVersion() { } # Function to validate arguments +# shellcheck disable=SC2120 validateArg() { # Check if both arguments are provided if [ $# -ne 1 ]; then From 84a3a7a3452f628fb51c4a595906c5fb2048a7cb Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 17:22:04 +0200 Subject: [PATCH 4/7] fix --- build/bump-version.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/build/bump-version.sh b/build/bump-version.sh index 755b25ff4..8b347a895 100755 --- a/build/bump-version.sh +++ b/build/bump-version.sh @@ -3,11 +3,9 @@ # Function to get fromVersion from a file populateFromVersion() { build/build.sh - fromVersion=$(./jf -v | tr -d 'jfrog version' | tr -d '\n') + fromVersion=$(./jf -v | sed 's/jfrog version//' | tr -d "\n") } -# Function to validate arguments -# shellcheck disable=SC2120 validateArg() { # Check if both arguments are provided if [ $# -ne 1 ]; then From d4346829e7129b81b499cd8d66cd79c057b349a7 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 14 Jan 2024 17:23:38 +0200 Subject: [PATCH 5/7] fix --- build/bump-version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/bump-version.sh b/build/bump-version.sh index 8b347a895..f266c23c8 100755 --- a/build/bump-version.sh +++ b/build/bump-version.sh @@ -3,7 +3,7 @@ # Function to get fromVersion from a file populateFromVersion() { build/build.sh - fromVersion=$(./jf -v | sed 's/jfrog version//' | tr -d "\n") + fromVersion=$(./jf -v | tr -d "jfrog version" | tr -d "\n") } validateArg() { From f8be0f87beb5952949ba4d6e5f5a1a4669c7f7ff Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 15 Jan 2024 11:37:21 +0200 Subject: [PATCH 6/7] fixed test --- xray_test.go | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/xray_test.go b/xray_test.go index a0ac4396f..1c8baabba 100644 --- a/xray_test.go +++ b/xray_test.go @@ -5,7 +5,6 @@ import ( "errors" "flag" "fmt" - "github.com/jfrog/jfrog-cli-core/v2/xray/commands/audit" "net/http" "net/http/httptest" "os" @@ -1126,7 +1125,7 @@ func clearOrRedirectLocalCacheIfNeeded(t *testing.T, projectType project.Project } func TestXrayRecursiveScan(t *testing.T) { - initXrayTest(t, "") + initXrayTest(t, scangraph.GraphScanMinXrayVersion) tempDirPath, createTempDirCallback := coretests.CreateTempDirWithCallbackAndAssert(t) defer createTempDirCallback() @@ -1143,27 +1142,21 @@ func TestXrayRecursiveScan(t *testing.T) { dotnetProjectToCopyPath := filepath.Join("testdata", "nuget", "simple-dotnet") assert.NoError(t, biutils.CopyDir(dotnetProjectToCopyPath, dotnetDirPath, true, nil)) - expectedScannedTechs := []coreutils.Technology{coreutils.Npm, coreutils.Nuget} - expectedScannedWorkingDirs := []string{npmDirPath, dotnetDirPath} - - server := serverDetails - server.XrayUrl = serverDetails.Url + tests.XrayEndpoint + curWd, err := os.Getwd() + assert.NoError(t, err) - auditBasicParams := (&utils.AuditBasicParams{}).SetServerDetails(server) - auditParams := audit.NewAuditParams().SetIsRecursiveScan(true).SetWorkingDirs([]string{tempDirPath}).SetGraphBasicParams(auditBasicParams) + chDirCallback := clientTestUtils.ChangeDirWithCallback(t, curWd, tempDirPath) + defer chDirCallback() - // We expect for a recursive scan to be performed so the inner NPM project and the inner .NET project will be scanned - results, err := audit.RunAudit(auditParams) - assert.NoError(t, err) - assert.Len(t, results.ScaResults, 2) + // We anticipate the execution of a recursive scan to encompass both the inner NPM project and the inner .NET project. + output := xrayCli.RunCliCmdWithOutput(t, "audit", "--format=json") - var scannedTechs []coreutils.Technology - var scannedWorkingDirs []string - for _, scaResult := range results.ScaResults { - scannedTechs = append(scannedTechs, scaResult.Technology) - scannedWorkingDirs = append(scannedWorkingDirs, scaResult.WorkingDirectory) - } + // We anticipate the identification of five vulnerabilities: four originating from the .NET project and one from the NPM project. + verifyJsonScanResults(t, output, 0, 5, 0) - assert.Equal(t, expectedScannedTechs, scannedTechs) - assert.Equal(t, expectedScannedWorkingDirs, scannedWorkingDirs) + var results []services.ScanResponse + err = json.Unmarshal([]byte(output), &results) + assert.NoError(t, err) + // We anticipate receiving an array with a length of 2 to confirm that we have obtained results from two distinct inner projects. + assert.Len(t, results, 2) } From dabcd6c7e8a57d82599e8c509b503509285ff778 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Tue, 16 Jan 2024 09:54:56 +0200 Subject: [PATCH 7/7] updated go.mod to latest dev --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d158dccc7..a3b9105ad 100644 --- a/go.mod +++ b/go.mod @@ -128,7 +128,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace github.com/jfrog/jfrog-cli-core/v2 => github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f +replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20231220102935-c8776c613ad8 diff --git a/go.sum b/go.sum index 24686d100..49226870e 100644 --- a/go.sum +++ b/go.sum @@ -82,8 +82,6 @@ github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdf github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= -github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f h1:ITeTZDkUYBKojU4IidvbcDVexpocAt7CuAjMLcW7gto= -github.com/eranturgeman/jfrog-cli-core/v2 v2.0.0-20240114110018-39c6f9df4e8f/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/forPelevin/gomoji v1.1.8 h1:JElzDdt0TyiUlecy6PfITDL6eGvIaxqYH1V52zrd0qQ= github.com/forPelevin/gomoji v1.1.8/go.mod h1:8+Z3KNGkdslmeGZBC3tCrwMrcPy5GRzAD+gL9NAwMXg= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= @@ -137,6 +135,8 @@ github.com/jfrog/gofrog v1.5.0 h1:OLaXpNaEniliE4Kq8lJ5evVYzzt3zdYtpMIBu6TO++c= github.com/jfrog/gofrog v1.5.0/go.mod h1:wQqagqq2VpuCWRPlq/65GbH9gsRz+7Bgc1Q+PKD4Y+k= github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY= github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc h1:YAW8UfyS3lKchgXgPMSYIIrUu0q4FM3ovpNc3Mc0/1A= +github.com/jfrog/jfrog-cli-core/v2 v2.31.1-0.20240116074500-2653d8805fcc/go.mod h1:dFpRoGR5/Qe+bvszvRPYGqMEdwmjNhjFLXlovGs9sII= github.com/jfrog/jfrog-client-go v1.35.6 h1:nVS94x6cwSRkhtj8OM3elbUcGgQhqsK8YMPvC/gf5sk= github.com/jfrog/jfrog-client-go v1.35.6/go.mod h1:V+XKC27k6GA5OcWIAItpnxZAZnCigg8xCkpXKP905Fk= github.com/jszwec/csvutil v1.9.0 h1:iTmq9G1P0e+AUq/MkFg6tetJ+1BH3fOX8Xi0RAcwiGc=