Add .git with remote details before clone if needed (#459)

Author: omerzi

.frogbot/frogbot-config.yml

@@ -4,6 +4,8 @@
       branches:
         - dev
     scan:
+      emailReceivers:
+        - [email protected]
       projects:
         - workingDirs:
             - action

.github/workflows/frogbot-scan-and-fix.yml

@@ -16,9 +16,6 @@ jobs:
         # The repository scanning will be triggered periodically on the following branches.
         branch: [ "dev" ]
     steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: ${{ matrix.branch }}
 
       # Install prerequisites
       - name: Setup Go
@@ -48,6 +45,10 @@ jobs:
           # The GitHub token automatically generated for the job
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+          # [Mandatory]
+          # The name of the branch on which Frogbot will perform the scan
+          JF_GIT_BASE_BRANCH: ${{ matrix.branch }}
+
           # [Optional, default: https://api.github.com]
           # API endpoint to GitHub
           # JF_GIT_API_ENDPOINT: https://github.example.com

.github/workflows/frogbot-scan-pr.yml

@@ -12,10 +12,6 @@ jobs:
     # "frogbot" GitHub environment can approve the pull request to be scanned.
     environment: frogbot
     steps:
-      - uses: actions/checkout@v3
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
       # Install prerequisites
       - name: Setup Go
         uses: actions/setup-go@v3
@@ -35,3 +31,9 @@ jobs:
           # [Mandatory]
           # The GitHub token automatically generated for the job
           JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          JF_SMTP_SERVER: ${{ secrets.JF_SMTP_SERVER }}
+
+          JF_SMTP_PASSWORD: ${{ JF_SMTP_PASSWORD }}
+
+          JF_SMTP_USER: ${{ JF_SMTP_USER }}

go.mod

@@ -7,9 +7,9 @@ require (
 	github.com/golang/mock v1.6.0
 	github.com/google/go-github/v45 v45.2.0
 	github.com/jfrog/build-info-go v1.9.8
-	github.com/jfrog/froggit-go v1.13.2
+	github.com/jfrog/froggit-go v1.13.4
 	github.com/jfrog/gofrog v1.3.0
-	github.com/jfrog/jfrog-cli-core/v2 v2.41.1
+	github.com/jfrog/jfrog-cli-core/v2 v2.41.2
 	github.com/jfrog/jfrog-client-go v1.31.5
 	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/stretchr/testify v1.8.4

go.sum

@@ -877,12 +877,12 @@ github.com/jedib0t/go-pretty/v6 v6.4.6 h1:v6aG9h6Uby3IusSSEjHaZNXpHFhzqMmjXcPq1R
 github.com/jedib0t/go-pretty/v6 v6.4.6/go.mod h1:Ndk3ase2CkQbXLLNf5QDHoYb6J9WtVfmHZu9n8rk2xs=
 github.com/jfrog/build-info-go v1.9.8 h1:D8/ga+YgQpqp/CJj2zteS4/twmSy8zvm1v9lCd2Kv1M=
 github.com/jfrog/build-info-go v1.9.8/go.mod h1:t31QRpH5xUJKw8XkQlAA+Aq7aanyS1rrzpcK8xSNVts=
-github.com/jfrog/froggit-go v1.13.2 h1:L71CPAfkjMn/hst9UdMYxSV1yiED0UmCICJsYbziZ6U=
-github.com/jfrog/froggit-go v1.13.2/go.mod h1:0jRAaZZusaFFnITosmx6CA60SKryuoaCasJyUrP/c1s=
+github.com/jfrog/froggit-go v1.13.4 h1:+pHq3iNkKFvojXCJ74sDV+UsV4Thsi03dsu36jkS7Rc=
+github.com/jfrog/froggit-go v1.13.4/go.mod h1:0jRAaZZusaFFnITosmx6CA60SKryuoaCasJyUrP/c1s=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
-github.com/jfrog/jfrog-cli-core/v2 v2.41.1 h1:jFRuQdqY3DE1hfy6opzRz5dWrAbYJPN4tFnou794PKE=
-github.com/jfrog/jfrog-cli-core/v2 v2.41.1/go.mod h1:YqB9rEJF1P7uGLIPUvF5qdDDf1zM5f4DneIQNkqyAfs=
+github.com/jfrog/jfrog-cli-core/v2 v2.41.2 h1:Gnp93JcDAnHHCN3SHqam2K/S9yJcytS4q+MQd6vv9Ck=
+github.com/jfrog/jfrog-cli-core/v2 v2.41.2/go.mod h1:YqB9rEJF1P7uGLIPUvF5qdDDf1zM5f4DneIQNkqyAfs=
 github.com/jfrog/jfrog-client-go v1.31.5 h1:dYVgIJzMwX+EU9GEELKPSHFLyfW6UrrjZWMEZtAyx6A=
 github.com/jfrog/jfrog-client-go v1.31.5/go.mod h1:icb00ZJN/mMMNkQduHDkzpqsXH9Flwi3f3COYexq3Nc=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

scanpullrequest/scanpullrequest_test.go

@@ -702,6 +702,10 @@ func createGitLabHandler(t *testing.T, projectName string) http.HandlerFunc {
 			assert.NoError(t, err)
 			_, err = w.Write(comments)
 			assert.NoError(t, err)
+		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s", "%2F"+projectName):
+			jsonResponse := `{"id": 3,"visibility": "private","ssh_url_to_repo": "[email protected]:diaspora/diaspora-project-site.git","http_url_to_repo": "https://example.com/diaspora/diaspora-project-site.git"}`
+			_, err := w.Write([]byte(jsonResponse))
+			assert.NoError(t, err)
 		}
 	}
 }

scanrepository/scanmultiplerepositories_test.go

@@ -124,6 +124,12 @@ func createScanRepoGitHubHandler(t *testing.T, port *string, response interface{
 				assert.NoError(t, err)
 				return
 			}
+			if r.RequestURI == fmt.Sprintf("/repos/jfrog/%s", projectName) {
+				jsonResponse := `{"id": 1296269,"node_id": "MDEwOlJlcG9zaXRvcnkxMjk2MjY5","name": "Hello-World","full_name": "octocat/Hello-World","private": false,"description": "This your first repo!","ssh_url": "[email protected]:octocat/Hello-World.git","clone_url": "https://github.com/octocat/Hello-World.git","visibility": "public"}`
+				_, err := w.Write([]byte(jsonResponse))
+				assert.NoError(t, err)
+				return
+			}
 		}
 	}
 }

scanrepository/scanrepository.go

@@ -65,7 +65,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixRepository(repository *utils.Repository,
 }
 
 func (cfp *ScanRepositoryCmd) scanAndFixBranch(repository *utils.Repository) (err error) {
-	clonedRepoDir, restoreBaseDir, err := cfp.cloneRepositoryAndCheckoutToBranch(repository.RepoName)
+	clonedRepoDir, restoreBaseDir, err := cfp.cloneRepositoryAndCheckoutToBranch()
 	if err != nil {
 		return
 	}
@@ -96,7 +96,19 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito
 		SetMinSeverity(repository.MinSeverity)
 	cfp.aggregateFixes = repository.Git.AggregateFixes
 	cfp.OutputWriter = outputwriter.GetCompatibleOutputWriter(repository.GitProvider)
-	cfp.gitManager, err = utils.NewGitManager(cfp.details.Username, cfp.details.Token, cfp.details.Git, cfp.dryRun, cfp.dryRunRepoPath)
+	repositoryInfo, err := client.GetRepositoryInfo(context.Background(), cfp.details.RepoOwner, cfp.details.RepoName)
+	if err != nil {
+		return
+	}
+	remoteHttpsGitUrl := repositoryInfo.CloneInfo.HTTP
+	cfp.gitManager, err = utils.NewGitManager().
+		SetAuth(cfp.details.Username, cfp.details.Token).
+		SetDryRun(cfp.dryRun, cfp.dryRunRepoPath).
+		SetRemoteGitUrl(remoteHttpsGitUrl)
+	if err != nil {
+		return
+	}
+	_, err = cfp.gitManager.SetGitParams(cfp.details.Git)
 	return
 }
 
@@ -359,15 +371,14 @@ func (cfp *ScanRepositoryCmd) preparePullRequestDetails(vulnerabilitiesDetails .
 	return pullRequestTitle, prBody, nil
 }
 
-func (cfp *ScanRepositoryCmd) cloneRepositoryAndCheckoutToBranch(repoName string) (tempWd string, restoreDir func() error, err error) {
+func (cfp *ScanRepositoryCmd) cloneRepositoryAndCheckoutToBranch() (tempWd string, restoreDir func() error, err error) {
 	if cfp.dryRun {
-		tempWd = filepath.Join(cfp.dryRunRepoPath, repoName)
+		tempWd = filepath.Join(cfp.dryRunRepoPath, cfp.details.RepoName)
 	} else {
 		// Create temp working directory
-		tempWd, err = fileutils.CreateTempDir()
-	}
-	if err != nil {
-		return
+		if tempWd, err = fileutils.CreateTempDir(); err != nil {
+			return
+		}
 	}
 	log.Debug("Created temp working directory:", tempWd)
 
@@ -407,7 +418,9 @@ func (cfp *ScanRepositoryCmd) createVulnerabilitiesMap(scanResults *xrayutils.Ex
 			}
 		}
 	}
-	log.Debug("Frogbot will attempt to resolve the following vulnerable dependencies:\n", strings.Join(maps.Keys(vulnerabilitiesMap), ",\n"))
+	if len(vulnerabilitiesMap) > 0 {
+		log.Debug("Frogbot will attempt to resolve the following vulnerable dependencies:\n", strings.Join(maps.Keys(vulnerabilitiesMap), ",\n"))
+	}
 	return vulnerabilitiesMap, nil
 }