start cleaning

Author: attiasas

commands/audit/audit.go

@@ -169,7 +169,7 @@ func (auditCmd *AuditCommand) CommandName() string {
 }
 
 func (auditCmd *AuditCommand) HasViolationContext() bool {
-	return len(auditCmd.watches) > 0 || auditCmd.projectKey != "" || auditCmd.targetRepoPath != ""
+	return len(auditCmd.watches) > 0 || auditCmd.projectKey != "" || auditCmd.targetRepoPath != "" || (auditCmd.gitInfoContext != nil && auditCmd.gitInfoContext.GitRepoUrl != "")
 }
 
 // Runs an audit scan based on the provided auditParams.

commands/audit/audit_test.go

@@ -2,17 +2,18 @@ package audit
 
 import (
 	"fmt"
-	commonCommands "github.com/jfrog/jfrog-cli-core/v2/common/commands"
-	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	configTests "github.com/jfrog/jfrog-cli-security/tests"
-	securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils"
-	clientTests "github.com/jfrog/jfrog-client-go/utils/tests"
 	"net/http"
 	"path/filepath"
 	"sort"
 	"strings"
 	"testing"
 
+	commonCommands "github.com/jfrog/jfrog-cli-core/v2/common/commands"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
+	configTests "github.com/jfrog/jfrog-cli-security/tests"
+	securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils"
+	clientTests "github.com/jfrog/jfrog-client-go/utils/tests"
+
 	"github.com/stretchr/testify/assert"
 
 	"github.com/jfrog/jfrog-cli-security/utils"
@@ -57,14 +58,14 @@ func TestDetectScansToPreform(t *testing.T) {
 					ScanTarget: results.ScanTarget{
 						Target: filepath.Join(dir, "Nuget"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 				},
 				{
 					ScanTarget: results.ScanTarget{
 						Technology: techutils.Go,
 						Target:     filepath.Join(dir, "dir", "go"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
 					},
@@ -74,7 +75,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Maven,
 						Target:     filepath.Join(dir, "dir", "maven"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{
 							filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -88,7 +89,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Npm,
 						Target:     filepath.Join(dir, "dir", "npm"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
 					},
@@ -98,7 +99,7 @@ func TestDetectScansToPreform(t *testing.T) {
 					ScanTarget: results.ScanTarget{
 						Target: filepath.Join(dir, "yarn"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 				},
 			},
 		},
@@ -116,7 +117,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Nuget,
 						Target:     filepath.Join(dir, "Nuget"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "Nuget", "Nuget-sub", "project.csproj"), filepath.Join(dir, "Nuget", "project.sln")},
 					},
@@ -126,7 +127,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Go,
 						Target:     filepath.Join(dir, "dir", "go"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "go", "go.mod")},
 					},
@@ -136,7 +137,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Maven,
 						Target:     filepath.Join(dir, "dir", "maven"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{
 							filepath.Join(dir, "dir", "maven", "maven-sub", "pom.xml"),
@@ -150,7 +151,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Npm,
 						Target:     filepath.Join(dir, "dir", "npm"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "dir", "npm", "package.json")},
 					},
@@ -160,7 +161,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Yarn,
 						Target:     filepath.Join(dir, "yarn"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "package.json")},
 					},
@@ -170,7 +171,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Pip,
 						Target:     filepath.Join(dir, "yarn", "Pip"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "Pip", "requirements.txt")},
 					},
@@ -180,7 +181,7 @@ func TestDetectScansToPreform(t *testing.T) {
 						Technology: techutils.Pipenv,
 						Target:     filepath.Join(dir, "yarn", "Pipenv"),
 					},
-					JasResultsNew: &results.JasScansResultsNew{},
+					JasResults: &results.JasScansResults{},
 					ScaResults: &results.ScaScanResults{
 						Descriptors: []string{filepath.Join(dir, "yarn", "Pipenv", "Pipfile")},
 					},

jas/common.go

@@ -3,7 +3,6 @@ package jas
 import (
 	"errors"
 	"fmt"
-	"io"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -137,10 +136,10 @@ func ReadJasScanRunsFromFile(fileName, wd, informationUrlSuffix string, minSever
 	processSarifRuns(vulnerabilitiesSarifRuns, wd, informationUrlSuffix, minSeverity)
 
 	// TODO eran delete
-	err = createViolationsFile(fileName)
-	if err != nil {
-		return
-	}
+	// err = createViolationsFile(fileName)
+	// if err != nil {
+	// 	return
+	// }
 
 	var violationsSarifExists bool
 	violationsSarifFileName := fileName + "_violations"
@@ -156,32 +155,32 @@ func ReadJasScanRunsFromFile(fileName, wd, informationUrlSuffix string, minSever
 }
 
 // TODO eran delete this func
-func createViolationsFile(filePath string) (err error) {
-	// Open the original file for reading.
-	originalFile, err := os.Open(filePath)
-	if err != nil {
-		return fmt.Errorf("failed to open original file: %w", err)
-	}
-	defer originalFile.Close() // Ensure the original file is closed
-
-	// Create a new file name by appending "_violations" to the original filename
-	newFileName := filePath + "_violations" // Simply append "_violations"
-
-	// Create the new file for writing
-	newFile, err := os.Create(newFileName)
-	if err != nil {
-		return fmt.Errorf("failed to create copy file: %w", err)
-	}
-	defer newFile.Close() // Ensure the new file is closed
-
-	// Copy the original file to the new file
-	_, err = io.Copy(newFile, originalFile)
-	if err != nil {
-		return fmt.Errorf("failed to copy file content: %w", err)
-	}
-
-	return nil
-}
+// func createViolationsFile(filePath string) (err error) {
+// 	// Open the original file for reading.
+// 	originalFile, err := os.Open(filePath)
+// 	if err != nil {
+// 		return fmt.Errorf("failed to open original file: %w", err)
+// 	}
+// 	defer originalFile.Close() // Ensure the original file is closed
+
+// 	// Create a new file name by appending "_violations" to the original filename
+// 	newFileName := filePath + "_violations" // Simply append "_violations"
+
+// 	// Create the new file for writing
+// 	newFile, err := os.Create(newFileName)
+// 	if err != nil {
+// 		return fmt.Errorf("failed to create copy file: %w", err)
+// 	}
+// 	defer newFile.Close() // Ensure the new file is closed
+
+// 	// Copy the original file to the new file
+// 	_, err = io.Copy(newFile, originalFile)
+// 	if err != nil {
+// 		return fmt.Errorf("failed to copy file content: %w", err)
+// 	}
+
+// 	return nil
+// }
 
 // This function processes the Sarif runs results: update invocations, fill missing information, exclude results and adding scores to rules
 func processSarifRuns(sarifRuns []*sarif.Run, wd string, informationUrlSuffix string, minSeverity severityutils.Severity) {

jas/runner/jasrunner.go

@@ -63,16 +63,16 @@ func AddJasScannersTasks(params JasRunnerParams) (generalError error) {
 		// Don't execute other scanners when scanning third party dependencies.
 		return
 	}
-	if generalError = addJasScanTaskForModuleIfNeeded(params, utils.SecretsScan, runSecretsScan(params.Runner, params.Scanner, params.ScanResults.JasResultsNew, params.Module, params.SecretsScanType, params.TargetOutputDir)); generalError != nil {
+	if generalError = addJasScanTaskForModuleIfNeeded(params, utils.SecretsScan, runSecretsScan(params.Runner, params.Scanner, params.ScanResults.JasResults, params.Module, params.SecretsScanType, params.TargetOutputDir)); generalError != nil {
 		return
 	}
 	if !runAllScanners {
 		return
 	}
-	if generalError = addJasScanTaskForModuleIfNeeded(params, utils.IacScan, runIacScan(params.Runner, params.Scanner, params.ScanResults.JasResultsNew, params.Module, params.TargetOutputDir)); generalError != nil {
+	if generalError = addJasScanTaskForModuleIfNeeded(params, utils.IacScan, runIacScan(params.Runner, params.Scanner, params.ScanResults.JasResults, params.Module, params.TargetOutputDir)); generalError != nil {
 		return
 	}
-	return addJasScanTaskForModuleIfNeeded(params, utils.SastScan, runSastScan(params.Runner, params.Scanner, params.ScanResults.JasResultsNew, params.Module, params.TargetOutputDir, params.SignedDescriptions))
+	return addJasScanTaskForModuleIfNeeded(params, utils.SastScan, runSastScan(params.Runner, params.Scanner, params.ScanResults.JasResults, params.Module, params.TargetOutputDir, params.SignedDescriptions))
 }
 
 func addJasScanTaskForModuleIfNeeded(params JasRunnerParams, subScan utils.SubScanType, task parallel.TaskFunc) (generalError error) {
@@ -127,7 +127,7 @@ func addModuleJasScanTask(scanType jasutils.JasScanType, securityParallelRunner
 	return
 }
 
-func runSecretsScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResultsNew,
+func runSecretsScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResults,
 	module jfrogappsconfig.Module, secretsScanType secrets.SecretsScanType, scansOutputDir string) parallel.TaskFunc {
 	return func(threadId int) (err error) {
 		defer func() {
@@ -146,7 +146,7 @@ func runSecretsScan(securityParallelRunner *utils.SecurityParallelRunner, scanne
 	}
 }
 
-func runIacScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResultsNew,
+func runIacScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResults,
 	module jfrogappsconfig.Module, scansOutputDir string) parallel.TaskFunc {
 	return func(threadId int) (err error) {
 		defer func() {
@@ -165,7 +165,7 @@ func runIacScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *j
 	}
 }
 
-func runSastScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResultsNew,
+func runSastScan(securityParallelRunner *utils.SecurityParallelRunner, scanner *jas.JasScanner, extendedScanResults *results.JasScansResults,
 	module jfrogappsconfig.Module, scansOutputDir string, signedDescriptions bool) parallel.TaskFunc {
 	return func(threadId int) (err error) {
 		defer func() {
@@ -198,7 +198,7 @@ func runContextualScan(securityParallelRunner *utils.SecurityParallelRunner, sca
 		}
 		securityParallelRunner.ResultsMu.Lock()
 		defer securityParallelRunner.ResultsMu.Unlock()
-		scanResults.JasResultsNew.JasVulnerabilities.ApplicabilityScanResults = append(scanResults.JasResultsNew.JasVulnerabilities.ApplicabilityScanResults, vulnerabilitiesResults...)
+		scanResults.JasResults.JasVulnerabilities.ApplicabilityScanResults = append(scanResults.JasResults.JasVulnerabilities.ApplicabilityScanResults, vulnerabilitiesResults...)
 		err = dumpSarifRunToFileIfNeeded(vulnerabilitiesResults, scansOutputDir, jasutils.Applicability)
 		return
 	}

tests/utils/test_utils.go

@@ -127,11 +127,11 @@ func ReadCmdScanResults(t *testing.T, path string) *results.SecurityCommandResul
 				targetResults.ScaResults.Descriptors[i] = filepath.FromSlash(descriptor)
 			}
 		}
-		if targetResults.JasResultsNew.JasVulnerabilities != nil {
-			convertSarifRunPathsForOS(targetResults.JasResultsNew.JasVulnerabilities.ApplicabilityScanResults...)
-			convertSarifRunPathsForOS(targetResults.JasResultsNew.JasVulnerabilities.SecretsScanResults...)
-			convertSarifRunPathsForOS(targetResults.JasResultsNew.JasVulnerabilities.IacScanResults...)
-			convertSarifRunPathsForOS(targetResults.JasResultsNew.JasVulnerabilities.SastScanResults...)
+		if targetResults.JasResults.JasVulnerabilities != nil {
+			convertSarifRunPathsForOS(targetResults.JasResults.JasVulnerabilities.ApplicabilityScanResults...)
+			convertSarifRunPathsForOS(targetResults.JasResults.JasVulnerabilities.SecretsScanResults...)
+			convertSarifRunPathsForOS(targetResults.JasResults.JasVulnerabilities.IacScanResults...)
+			convertSarifRunPathsForOS(targetResults.JasResults.JasVulnerabilities.SastScanResults...)
 		}
 	}
 	return cmdResults

utils/formats/simplejsonapi.go

@@ -1,6 +1,10 @@
 package formats
 
-import "github.com/jfrog/jfrog-cli-security/utils/techutils"
+import (
+	"fmt"
+
+	"github.com/jfrog/jfrog-cli-security/utils/techutils"
+)
 
 // Structs in this file should NOT be changed!
 // The structs are used as an API for the simple-json format, thus changing their structure or the 'json' annotation will break the API.
@@ -86,6 +90,10 @@ type Location struct {
 	Snippet     string `json:"snippet,omitempty"`
 }
 
+func (l Location) ToString() string {
+	return fmt.Sprintf("%s|%d|%d|%d|%d|%s", l.File, l.StartLine, l.StartColumn, l.EndLine, l.EndColumn, l.Snippet)
+}
+
 type ComponentRow struct {
 	Name     string    `json:"name"`
 	Version  string    `json:"version"`

utils/results/conversion/convertor.go

@@ -111,38 +111,38 @@ func parseCommandResults[T interface{}](params ResultConvertParams, parser Resul
 
 func parseRequiredJasResults[T interface{}](params ResultConvertParams, parser ResultsStreamFormatParser[T], targetResults *results.TargetResults, cmdType utils.CommandType) (err error) {
 	// Parsing JAS vulnerabilities results
-	if targetResults.JasResultsNew != nil && targetResults.JasResultsNew.JasVulnerabilities != nil {
+	if targetResults.JasResults != nil && targetResults.JasResults.JasVulnerabilities != nil {
 		if utils.IsScanRequested(cmdType, utils.SecretsScan, params.RequestedScans...) {
-			if err = parser.ParseSecrets(targetResults.ScanTarget, false, targetResults.JasResultsNew.JasVulnerabilities.SecretsScanResults...); err != nil {
+			if err = parser.ParseSecrets(targetResults.ScanTarget, false, targetResults.JasResults.JasVulnerabilities.SecretsScanResults...); err != nil {
 				return
 			}
 		}
 		if utils.IsScanRequested(cmdType, utils.IacScan, params.RequestedScans...) {
-			if err = parser.ParseIacs(targetResults.ScanTarget, false, targetResults.JasResultsNew.JasVulnerabilities.IacScanResults...); err != nil {
+			if err = parser.ParseIacs(targetResults.ScanTarget, false, targetResults.JasResults.JasVulnerabilities.IacScanResults...); err != nil {
 				return
 			}
 		}
 		if utils.IsScanRequested(cmdType, utils.SastScan, params.RequestedScans...) {
-			if err = parser.ParseSast(targetResults.ScanTarget, false, targetResults.JasResultsNew.JasVulnerabilities.SastScanResults...); err != nil {
+			if err = parser.ParseSast(targetResults.ScanTarget, false, targetResults.JasResults.JasVulnerabilities.SastScanResults...); err != nil {
 				return
 			}
 		}
 	}
 
 	// Parsing JAS violations results
-	if targetResults.JasResultsNew != nil && targetResults.JasResultsNew.JasViolations != nil && params.HasViolationContext { // TODO eran VERIFY if the last condition is needed
+	if targetResults.JasResults != nil && targetResults.JasResults.JasViolations != nil && params.HasViolationContext { // TODO eran VERIFY if the last condition is needed
 		if utils.IsScanRequested(cmdType, utils.SecretsScan, params.RequestedScans...) {
-			if err = parser.ParseSecrets(targetResults.ScanTarget, true, targetResults.JasResultsNew.JasViolations.SecretsScanResults...); err != nil {
+			if err = parser.ParseSecrets(targetResults.ScanTarget, true, targetResults.JasResults.JasViolations.SecretsScanResults...); err != nil {
 				return
 			}
 		}
 		if utils.IsScanRequested(cmdType, utils.IacScan, params.RequestedScans...) {
-			if err = parser.ParseIacs(targetResults.ScanTarget, true, targetResults.JasResultsNew.JasViolations.IacScanResults...); err != nil {
+			if err = parser.ParseIacs(targetResults.ScanTarget, true, targetResults.JasResults.JasViolations.IacScanResults...); err != nil {
 				return
 			}
 		}
 		if utils.IsScanRequested(cmdType, utils.SastScan, params.RequestedScans...) {
-			if err = parser.ParseSast(targetResults.ScanTarget, true, targetResults.JasResultsNew.JasViolations.SastScanResults...); err != nil {
+			if err = parser.ParseSast(targetResults.ScanTarget, true, targetResults.JasResults.JasViolations.SastScanResults...); err != nil {
 				return
 			}
 		}
@@ -157,8 +157,8 @@ func parseScaResults[T interface{}](params ResultConvertParams, parser ResultsSt
 	for _, scaResults := range targetScansResults.ScaResults.XrayResults {
 		actualTarget := getScaScanTarget(targetScansResults.ScaResults, targetScansResults.ScanTarget)
 		var applicableRuns []*sarif.Run
-		if jasEntitled && targetScansResults.JasResultsNew != nil && targetScansResults.JasResultsNew.JasVulnerabilities != nil {
-			applicableRuns = targetScansResults.JasResultsNew.JasVulnerabilities.ApplicabilityScanResults
+		if jasEntitled && targetScansResults.JasResults != nil && targetScansResults.JasResults.JasVulnerabilities != nil {
+			applicableRuns = targetScansResults.JasResults.JasVulnerabilities.ApplicabilityScanResults
 		}
 		if params.IncludeVulnerabilities {
 			if err = parser.ParseScaVulnerabilities(actualTarget, scaResults, applicableRuns...); err != nil {