Skip to content

Commit 8231b90

Browse files
attiasasattiasas
committed
ca result are general, clean todo and refactor
1 parent 98971f6 commit 8231b90

29 files changed

+834
-406
lines changed

audit_test.go

Lines changed: 48 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -368,7 +368,7 @@ func TestXrayAuditGoJson(t *testing.T) {
368368

369369
func TestXrayAuditGoSimpleJson(t *testing.T) {
370370
output := testXrayAuditGo(t, true, string(format.SimpleJson), "simple-project")
371-
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Licenses: 3, Vulnerabilities: 4, NotCovered: 2, NotApplicable: 2})
371+
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Licenses: 3, Vulnerabilities: 4, NotCoveredVulnerabilities: 2, NotApplicableVulnerabilities: 2})
372372
}
373373

374374
func testXrayAuditGo(t *testing.T, noCreds bool, format, project string) string {
@@ -414,15 +414,15 @@ func TestXrayAuditMultiProjects(t *testing.T) {
414414
output := securityTests.PlatformCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(format.SimpleJson), workingDirsFlag)
415415

416416
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
417-
Sast: 1,
418-
Iac: 9,
419-
Secrets: 6,
420-
421-
Vulnerabilities: 35,
422-
Applicable: 3,
423-
Undetermined: 0,
424-
NotCovered: 22,
425-
NotApplicable: 2,
417+
SastVulnerabilities: 1,
418+
IacVulnerabilities: 9,
419+
SecretsVulnerabilities: 6,
420+
421+
Vulnerabilities: 35,
422+
ApplicableVulnerabilities: 3,
423+
UndeterminedVulnerabilities: 0,
424+
NotCoveredVulnerabilities: 22,
425+
NotApplicableVulnerabilities: 2,
426426
})
427427
}
428428

@@ -546,8 +546,8 @@ func addDummyPackageDescriptor(t *testing.T, hasPackageJson bool) {
546546
func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) {
547547
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, true)
548548
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
549-
Vulnerabilities: 1,
550-
Sast: 1,
549+
Vulnerabilities: 1,
550+
SastVulnerabilities: 1,
551551
})
552552
}
553553

@@ -559,7 +559,7 @@ func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) {
559559

560560
func TestXrayAuditJasMissingContextSimpleJson(t *testing.T) {
561561
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "maven", "missing-context"), "3", false, false)
562-
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{MissingContext: 1})
562+
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{MissingContextVulnerabilities: 1})
563563
}
564564

565565
func TestXrayAuditNotEntitledForJas(t *testing.T) {
@@ -589,55 +589,55 @@ func getNoJasAuditMockCommand() components.Command {
589589
func TestXrayAuditJasSimpleJson(t *testing.T) {
590590
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false)
591591
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
592-
Sast: 1,
593-
Iac: 9,
594-
Secrets: 6,
595-
596-
Vulnerabilities: 8,
597-
Applicable: 3,
598-
Undetermined: 1,
599-
NotCovered: 1,
600-
NotApplicable: 2,
592+
SastVulnerabilities: 1,
593+
IacVulnerabilities: 9,
594+
SecretsVulnerabilities: 6,
595+
596+
Vulnerabilities: 8,
597+
ApplicableVulnerabilities: 3,
598+
UndeterminedVulnerabilities: 1,
599+
NotCoveredVulnerabilities: 1,
600+
NotApplicableVulnerabilities: 2,
601601
})
602602
}
603603

604604
func TestXrayAuditJasSimpleJsonWithTokenValidation(t *testing.T) {
605605
integration.InitAuditGeneralTests(t, jasutils.DynamicTokenValidationMinXrayVersion)
606606
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", true, false)
607-
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 5, Inactive: 5})
607+
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 5, InactiveVulnerabilities: 5})
608608
}
609609

610610
func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) {
611611
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "1", false, false)
612612
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
613-
Sast: 1,
614-
Iac: 9,
615-
Secrets: 6,
616-
617-
Vulnerabilities: 8,
618-
Applicable: 3,
619-
Undetermined: 1,
620-
NotCovered: 1,
621-
NotApplicable: 2,
613+
SastVulnerabilities: 1,
614+
IacVulnerabilities: 9,
615+
SecretsVulnerabilities: 6,
616+
617+
Vulnerabilities: 8,
618+
ApplicableVulnerabilities: 3,
619+
UndeterminedVulnerabilities: 1,
620+
NotCoveredVulnerabilities: 1,
621+
NotApplicableVulnerabilities: 2,
622622
})
623623
}
624624

625625
func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) {
626626
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas-config"), "3", false, false)
627627
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
628-
Secrets: 1,
628+
SecretsVulnerabilities: 1,
629629

630-
Vulnerabilities: 8,
631-
Applicable: 3,
632-
Undetermined: 1,
633-
NotCovered: 1,
634-
NotApplicable: 2,
630+
Vulnerabilities: 8,
631+
ApplicableVulnerabilities: 3,
632+
UndeterminedVulnerabilities: 1,
633+
NotCoveredVulnerabilities: 1,
634+
NotApplicableVulnerabilities: 2,
635635
})
636636
}
637637

638638
func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) {
639639
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "npm", "npm"), "3", false, false)
640-
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 1, NotApplicable: 1})
640+
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 1, NotApplicableVulnerabilities: 1})
641641
}
642642

643643
func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string, threads string, validateSecrets, validateSastCpp bool) string {
@@ -725,14 +725,14 @@ func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) {
725725
cliToRun := integration.GetTestCli(cli.GetJfrogCliSecurityApp(), true)
726726
output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false)
727727
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
728-
Sast: 1,
729-
Iac: 9,
730-
Secrets: 6,
731-
732-
Vulnerabilities: 8,
733-
Applicable: 3,
734-
Undetermined: 1,
735-
NotCovered: 1,
736-
NotApplicable: 2,
728+
SastVulnerabilities: 1,
729+
IacVulnerabilities: 9,
730+
SecretsVulnerabilities: 6,
731+
732+
Vulnerabilities: 8,
733+
ApplicableVulnerabilities: 3,
734+
UndeterminedVulnerabilities: 1,
735+
NotCoveredVulnerabilities: 1,
736+
NotApplicableVulnerabilities: 2,
737737
})
738738
}

cli/scancommands.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ import (
2121
"github.com/jfrog/jfrog-client-go/utils/errorutils"
2222
"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
2323
"github.com/jfrog/jfrog-client-go/utils/log"
24+
"github.com/jfrog/jfrog-client-go/xray/services"
2425
"github.com/urfave/cli"
2526
"os"
2627
"strings"
@@ -407,6 +408,8 @@ func AuditCmd(c *components.Context) error {
407408
return pluginsCommon.PrintHelpAndReturnError(fmt.Sprintf("flag '--%s' cannot be used without '--%s'", flags.SecretValidation, flags.Secrets), c)
408409
}
409410

411+
auditCmd.SetGitInfoContext(&services.XscGitInfoContext{GitRepoHttpsCloneUrl: "github.com/jfrog/jfrog-cli-security.git"})
412+
410413
allSubScans := utils.GetAllSupportedScans()
411414
subScans := []utils.SubScanType{}
412415
for _, subScan := range allSubScans {

commands/audit/audit_test.go

Lines changed: 22 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@ import (
3333
"github.com/jfrog/jfrog-client-go/xsc/services"
3434
)
3535

36-
// TODO eran fix test - test is compiling but not passing
3736
func TestDetectScansToPreform(t *testing.T) {
3837

3938
dir, cleanUp := createTestDir(t)
@@ -58,14 +57,14 @@ func TestDetectScansToPreform(t *testing.T) {
5857
ScanTarget: results.ScanTarget{
5958
Target: filepath.Join(dir, "Nuget"),
6059
},
61-
JasResults: &results.JasScansResults{},
60+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
6261
},
6362
{
6463
ScanTarget: results.ScanTarget{
6564
Technology: techutils.Go,
6665
Target: filepath.Join(dir, "dir", "go"),
6766
},
68-
JasResults: &results.JasScansResults{},
67+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
6968
ScaResults: &results.ScaScanResults{
7069
Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
7170
},
@@ -75,7 +74,7 @@ func TestDetectScansToPreform(t *testing.T) {
7574
Technology: techutils.Maven,
7675
Target: filepath.Join(dir, "dir", "maven"),
7776
},
78-
JasResults: &results.JasScansResults{},
77+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
7978
ScaResults: &results.ScaScanResults{
8079
Descriptors: []string{
8180
filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -89,7 +88,7 @@ func TestDetectScansToPreform(t *testing.T) {
8988
Technology: techutils.Npm,
9089
Target: filepath.Join(dir, "dir", "npm"),
9190
},
92-
JasResults: &results.JasScansResults{},
91+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
9392
ScaResults: &results.ScaScanResults{
9493
Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
9594
},
@@ -99,7 +98,7 @@ func TestDetectScansToPreform(t *testing.T) {
9998
ScanTarget: results.ScanTarget{
10099
Target: filepath.Join(dir, "yarn"),
101100
},
102-
JasResults: &results.JasScansResults{},
101+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
103102
},
104103
},
105104
},
@@ -117,7 +116,7 @@ func TestDetectScansToPreform(t *testing.T) {
117116
Technology: techutils.Nuget,
118117
Target: filepath.Join(dir, "Nuget"),
119118
},
120-
JasResults: &results.JasScansResults{},
119+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
121120
ScaResults: &results.ScaScanResults{
122121
Descriptors: []string{filepath.Join(dir, "Nuget", "Nuget-sub", "project.csproj"), filepath.Join(dir, "Nuget", "project.sln")},
123122
},
@@ -127,7 +126,7 @@ func TestDetectScansToPreform(t *testing.T) {
127126
Technology: techutils.Go,
128127
Target: filepath.Join(dir, "dir", "go"),
129128
},
130-
JasResults: &results.JasScansResults{},
129+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
131130
ScaResults: &results.ScaScanResults{
132131
Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
133132
},
@@ -137,7 +136,7 @@ func TestDetectScansToPreform(t *testing.T) {
137136
Technology: techutils.Maven,
138137
Target: filepath.Join(dir, "dir", "maven"),
139138
},
140-
JasResults: &results.JasScansResults{},
139+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
141140
ScaResults: &results.ScaScanResults{
142141
Descriptors: []string{
143142
filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -151,7 +150,7 @@ func TestDetectScansToPreform(t *testing.T) {
151150
Technology: techutils.Npm,
152151
Target: filepath.Join(dir, "dir", "npm"),
153152
},
154-
JasResults: &results.JasScansResults{},
153+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
155154
ScaResults: &results.ScaScanResults{
156155
Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
157156
},
@@ -161,7 +160,7 @@ func TestDetectScansToPreform(t *testing.T) {
161160
Technology: techutils.Yarn,
162161
Target: filepath.Join(dir, "yarn"),
163162
},
164-
JasResults: &results.JasScansResults{},
163+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
165164
ScaResults: &results.ScaScanResults{
166165
Descriptors: []string{filepath.Join(dir, "yarn", "package.json")},
167166
},
@@ -171,7 +170,7 @@ func TestDetectScansToPreform(t *testing.T) {
171170
Technology: techutils.Pip,
172171
Target: filepath.Join(dir, "yarn", "Pip"),
173172
},
174-
JasResults: &results.JasScansResults{},
173+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
175174
ScaResults: &results.ScaScanResults{
176175
Descriptors: []string{filepath.Join(dir, "yarn", "Pip", "requirements.txt")},
177176
},
@@ -181,7 +180,7 @@ func TestDetectScansToPreform(t *testing.T) {
181180
Technology: techutils.Pipenv,
182181
Target: filepath.Join(dir, "yarn", "Pipenv"),
183182
},
184-
JasResults: &results.JasScansResults{},
183+
JasResults: &results.JasScansResults{JasVulnerabilities: &results.JasScanResults{}, JasViolations: &results.JasScanResults{}},
185184
ScaResults: &results.ScaScanResults{
186185
Descriptors: []string{filepath.Join(dir, "yarn", "Pipenv", "Pipfile")},
187186
},
@@ -448,16 +447,16 @@ func TestAuditWithConfigProfile(t *testing.T) {
448447
ScaResultsCount = testcase.expectedScaIssues
449448
}
450449
validations.ValidateCommandSummaryOutput(t, validations.ValidationParams{
451-
Actual: summary,
452-
ExactResultsMatch: true,
453-
Vulnerabilities: testcase.expectedSastIssues + testcase.expectedSecretsIssues + testcase.expectedIacIssues + ScaResultsCount,
454-
Sast: testcase.expectedSastIssues,
455-
Secrets: testcase.expectedSecretsIssues,
456-
Iac: testcase.expectedIacIssues,
457-
Applicable: testcase.expectedCaApplicable,
458-
NotApplicable: testcase.expectedCaNotApplicable,
459-
NotCovered: testcase.expectedCaNotCovered,
460-
Undetermined: testcase.expectedCaUndetermined,
450+
Actual: summary,
451+
ExactResultsMatch: true,
452+
Vulnerabilities: testcase.expectedSastIssues + testcase.expectedSecretsIssues + testcase.expectedIacIssues + ScaResultsCount,
453+
SastVulnerabilities: testcase.expectedSastIssues,
454+
SecretsVulnerabilities: testcase.expectedSecretsIssues,
455+
IacVulnerabilities: testcase.expectedIacIssues,
456+
ApplicableVulnerabilities: testcase.expectedCaApplicable,
457+
NotApplicableVulnerabilities: testcase.expectedCaNotApplicable,
458+
NotCoveredVulnerabilities: testcase.expectedCaNotCovered,
459+
UndeterminedVulnerabilities: testcase.expectedCaUndetermined,
461460
})
462461
})
463462
}

commands/audit/scarunner.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -160,6 +160,7 @@ func runScaWithTech(tech techutils.Technology, params *AuditParams, serverDetail
160160
if err != nil {
161161
return
162162
}
163+
log.Debug(fmt.Sprintf("Finished '%s' dependency tree scan. Found %d vulnerabilities. %d violations.", tech.ToFormal(), len(techResults[0].Vulnerabilities), len(techResults[0].Violations)))
163164
techResults = sca.BuildImpactPathsForScanResponse(techResults, fullDependencyTrees)
164165
return
165166
}

jas/applicability/applicabilitymanager.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ type ApplicabilityScanManager struct {
4848
// bool: true if the user is entitled to the applicability scan, false otherwise.
4949
// error: An error object (if any).
5050
func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencies []string,
51-
scanner *jas.JasScanner, thirdPartyContextualAnalysis bool, scanType ApplicabilityScanType, module jfrogappsconfig.Module, threadId int) (vulnerabilitiesResults []*sarif.Run, err error) {
51+
scanner *jas.JasScanner, thirdPartyContextualAnalysis bool, scanType ApplicabilityScanType, module jfrogappsconfig.Module, threadId int) (results []*sarif.Run, err error) {
5252
var scannerTempDir string
5353
if scannerTempDir, err = jas.CreateScannerTempDirectory(scanner, jasutils.Applicability.String()); err != nil {
5454
return
@@ -59,13 +59,13 @@ func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencie
5959
return
6060
}
6161
log.Info(clientutils.GetLogMsgPrefix(threadId, false) + "Running applicability scan...")
62-
// Applicability scanner cannot incur violations, therefore we ignore the empty violationsSarifRuns that are returned from Run and return only vulnerabilitiesResults from this function
63-
if vulnerabilitiesResults, _, err = applicabilityScanManager.scanner.Run(applicabilityScanManager, module); err != nil {
62+
// Applicability scan does not produce violations.
63+
if results, _, err = applicabilityScanManager.scanner.Run(applicabilityScanManager, module); err != nil {
6464
err = jas.ParseAnalyzerManagerError(jasutils.Applicability, err)
6565
return
6666
}
67-
if len(vulnerabilitiesResults) > 0 {
68-
log.Info(clientutils.GetLogMsgPrefix(threadId, false)+"Found", sarifutils.GetRulesPropertyCount("applicability", "applicable", vulnerabilitiesResults...), "applicable cves")
67+
if len(results) > 0 {
68+
log.Info(clientutils.GetLogMsgPrefix(threadId, false)+"Found", sarifutils.GetRulesPropertyCount("applicability", "applicable", results...), "applicable cves")
6969
}
7070
return
7171
}

0 commit comments

Comments
 (0)