diff --git a/commands.go b/commands.go index b5041ea95..ce8cf8784 100644 --- a/commands.go +++ b/commands.go @@ -106,7 +106,7 @@ func Exec(command FrogbotCommand, commandName string) (err error) { waitForUsageResponse() if err != nil && usage.ShouldReportUsage() { - if reportError := xsc.ReportError(frogbotDetails.ServerDetails, err, "frogbot"); reportError != nil { + if reportError := xsc.ReportError(frogbotDetails.XrayVersion, frogbotDetails.XscVersion, frogbotDetails.ServerDetails, err, "frogbot"); reportError != nil { log.Debug(reportError) } } else { diff --git a/go.mod b/go.mod index e63b83293..b9002c208 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/jfrog/frogbot/v2 -go 1.22.7 +go 1.22.9 + +toolchain go1.23.3 require ( github.com/go-git/go-git/v5 v5.12.0 @@ -17,7 +19,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/urfave/cli/v2 v2.27.4 github.com/xeipuuv/gojsonschema v1.2.0 - golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f gopkg.in/yaml.v3 v3.0.1 ) @@ -26,8 +28,11 @@ require ( github.com/BurntSushi/toml v1.4.0 // indirect github.com/CycloneDX/cyclonedx-go v0.9.0 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v1.0.0 // indirect + github.com/ProtonMail/go-crypto v1.1.2 // indirect + github.com/VividCortex/ewma v1.2.0 // indirect + github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/andybalholm/brotli v1.1.0 // indirect + github.com/beevik/etree v1.4.0 // indirect github.com/buger/jsonparser v1.1.1 // indirect github.com/c-bata/go-prompt v0.2.5 // indirect github.com/chzyer/readline v1.5.1 // indirect @@ -93,6 +98,7 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/ulikunitz/xz v0.5.12 // indirect github.com/urfave/cli v1.22.16 // indirect + github.com/vbauerster/mpb/v8 v8.8.3 // indirect github.com/xanzy/go-gitlab v0.110.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect @@ -102,26 +108,26 @@ require ( github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.30.0 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.31.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.26.0 // indirect + golang.org/x/tools v0.27.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev +replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.13.2-0.20241125090915-8dbf035c0394 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev -// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev +replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20241124172451-50bd3e54f1e0 // replace github.com/jfrog/froggit-go => github.com/jfrog/froggit-go dev diff --git a/go.sum b/go.sum index e6bf265df..2270007ca 100644 --- a/go.sum +++ b/go.sum @@ -9,8 +9,8 @@ github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKc github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= -github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= +github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= @@ -22,11 +22,12 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs= +github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA= github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M= github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/c-bata/go-prompt v0.2.5 h1:3zg6PecEywxNn0xiqcXHD96fkbxghD+gdB2tbsYfl+Y= github.com/c-bata/go-prompt v0.2.5/go.mod h1:vFnjEGDIIA/Lib7giyE4E9c50Lvl8j0S+7FVlAwDAVw= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -38,7 +39,6 @@ github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObk github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= @@ -133,10 +133,10 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.56.7 h1:pB4ronzVk60k/lf9bUL9HxBZ8PbMW6LhbIFld9NXNNc= github.com/jfrog/jfrog-cli-core/v2 v2.56.7/go.mod h1:puLwWcnXYCJqUOvhscXRJiKNzPdj0adP+zadKy6A/gU= -github.com/jfrog/jfrog-cli-security v1.13.1 h1:hz0x/p0kE2L7g6ZsF7/ORRmkpJ5ztXgj6hhiQZoCpVU= -github.com/jfrog/jfrog-cli-security v1.13.1/go.mod h1:5LBGwth7TXkEH8MO0JJXvpoRktMAV2BK7Q5nQePNrv4= -github.com/jfrog/jfrog-client-go v1.47.6 h1:nEMwJvjsuuY6LpOV3e33P4c4irPHkG8Qxw27bgeCl/Y= -github.com/jfrog/jfrog-client-go v1.47.6/go.mod h1:jCpvS83DZHAin2aSG7VroTsILJsyq7AOcFfx++P241E= +github.com/jfrog/jfrog-cli-security v1.13.2-0.20241125090915-8dbf035c0394 h1:ws3gGhXezgv4/zhNt9zSOaKgpZel8qR1T9y8m0ZXIsE= +github.com/jfrog/jfrog-cli-security v1.13.2-0.20241125090915-8dbf035c0394/go.mod h1:dfwS1m/MCz0dHQKmLQhSK1ZcPhuQE0gKAOPug3jLV3Q= +github.com/jfrog/jfrog-client-go v1.28.1-0.20241124172451-50bd3e54f1e0 h1:YROG+bJY4QJEz9KdKUbBlbOHXY1vnDhhi0/cXrEgu9E= +github.com/jfrog/jfrog-client-go v1.28.1-0.20241124172451-50bd3e54f1e0/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A= github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= @@ -297,19 +297,17 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -320,15 +318,13 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -338,8 +334,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -364,38 +360,32 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -403,8 +393,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/scanpullrequest/scanallpullrequests_test.go b/scanpullrequest/scanallpullrequests_test.go index cd42f8aa3..606608b11 100644 --- a/scanpullrequest/scanallpullrequests_test.go +++ b/scanpullrequest/scanallpullrequests_test.go @@ -3,6 +3,10 @@ package scanpullrequest import ( "context" "fmt" + "path/filepath" + "testing" + "time" + "github.com/golang/mock/gomock" biutils "github.com/jfrog/build-info-go/utils" "github.com/jfrog/frogbot/v2/testdata" @@ -10,10 +14,8 @@ import ( "github.com/jfrog/frogbot/v2/utils/outputwriter" "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/froggit-go/vcsutils" + "github.com/jfrog/jfrog-cli-security/cli" "github.com/stretchr/testify/assert" - "path/filepath" - "testing" - "time" ) var ( @@ -101,11 +103,15 @@ func TestShouldNotScanPullRequestError(t *testing.T) { func TestScanAllPullRequestsMultiRepo(t *testing.T) { server, restoreEnv := utils.VerifyEnv(t) defer restoreEnv() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&server) + assert.NoError(t, err) + _, restoreJfrogHomeFunc := utils.CreateTempJfrogHomeWithCallback(t) defer restoreJfrogHomeFunc() failOnSecurityIssues := false firstRepoParams := utils.Params{ + JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ FailOnSecurityIssues: &failOnSecurityIssues, Projects: []utils.Project{{ @@ -118,7 +124,8 @@ func TestScanAllPullRequestsMultiRepo(t *testing.T) { Git: gitParams.Git, } secondRepoParams := utils.Params{ - Git: gitParams.Git, + Git: gitParams.Git, + JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ FailOnSecurityIssues: &failOnSecurityIssues, Projects: []utils.Project{{WorkingDirs: []string{utils.RootDir}, UseWrapper: &utils.TrueVal}}}, @@ -143,7 +150,7 @@ func TestScanAllPullRequestsMultiRepo(t *testing.T) { var frogbotMessages []string client := getMockClient(t, &frogbotMessages, mockParams...) scanAllPullRequestsCmd := &ScanAllPullRequestsCmd{} - err := scanAllPullRequestsCmd.Run(configAggregator, client, utils.MockHasConnection()) + err = scanAllPullRequestsCmd.Run(configAggregator, client, utils.MockHasConnection()) if assert.NoError(t, err) { assert.Len(t, frogbotMessages, 4) expectedMessage := outputwriter.GetOutputFromFile(t, filepath.Join(allPrIntegrationPath, "test_proj_with_vulnerability_standard.md")) @@ -161,9 +168,13 @@ func TestScanAllPullRequests(t *testing.T) { // This integration test, requires JFrog platform connection details server, restoreEnv := utils.VerifyEnv(t) defer restoreEnv() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&server) + assert.NoError(t, err) + falseVal := false gitParams.Git.GitProvider = vcsutils.BitbucketServer params := utils.Params{ + JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ FailOnSecurityIssues: &falseVal, Projects: []utils.Project{{ @@ -185,7 +196,7 @@ func TestScanAllPullRequests(t *testing.T) { var frogbotMessages []string client := getMockClient(t, &frogbotMessages, MockParams{repoParams.RepoName, repoParams.RepoOwner, "test-proj-with-vulnerability", "test-proj"}) scanAllPullRequestsCmd := &ScanAllPullRequestsCmd{} - err := scanAllPullRequestsCmd.Run(paramsAggregator, client, utils.MockHasConnection()) + err = scanAllPullRequestsCmd.Run(paramsAggregator, client, utils.MockHasConnection()) assert.NoError(t, err) assert.Len(t, frogbotMessages, 2) expectedMessage := outputwriter.GetOutputFromFile(t, filepath.Join(allPrIntegrationPath, "test_proj_with_vulnerability_simplified.md")) diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go index 43cdd3c61..6e7e7baf0 100644 --- a/scanpullrequest/scanpullrequest.go +++ b/scanpullrequest/scanpullrequest.go @@ -26,7 +26,9 @@ const ( analyticsScanPrScanType = "PR" ) -type ScanPullRequestCmd struct{} +type ScanPullRequestCmd struct { + XrayVersion string +} // Run ScanPullRequest method only works for a single repository scan. // Therefore, the first repository config represents the repository on which Frogbot runs, and it is the only one that matters. @@ -91,13 +93,8 @@ func scanPullRequest(repo *utils.Repository, client vcsclient.VcsClient) (err er pullRequestDetails.Target.Owner, pullRequestDetails.Target.Repository, pullRequestDetails.Target.Name)) log.Info("-----------------------------------------------------------") - analyticsService := utils.AddAnalyticsGeneralEvent(nil, &repo.Server, analyticsScanPrScanType) - defer func() { - analyticsService.UpdateAndSendXscAnalyticsGeneralEventFinalize(err) - }() - // Audit PR code - issues, err := auditPullRequest(repo, client, analyticsService) + issues, err := auditPullRequest(repo, client) if err != nil { return } @@ -130,7 +127,7 @@ func toFailTaskStatus(repo *utils.Repository, issues *utils.IssuesCollection) bo } // Downloads Pull Requests branches code and audits them -func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient, analyticsService *xsc.AnalyticsMetricsService) (issuesCollection *utils.IssuesCollection, err error) { +func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient) (issuesCollection *utils.IssuesCollection, err error) { scanDetails := utils.NewScanDetails(client, &repoConfig.Server, &repoConfig.Git). SetXrayGraphScanParams(repoConfig.Watches, repoConfig.JFrogProjectKey, len(repoConfig.AllowedLicenses) > 0). SetFixableOnly(repoConfig.FixableOnly). @@ -141,12 +138,21 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient, if scanDetails, err = scanDetails.SetMinSeverity(repoConfig.MinSeverity); err != nil { return } + scanDetails.XrayVersion = repoConfig.XrayVersion + scanDetails.XscVersion = repoConfig.XscVersion - // If MSI exists we always need to report events - if analyticsService.GetMsi() != "" { - // MSI is passed to XrayGraphScanParams, so it can be later used by other analytics events in the scan phase - scanDetails.XrayGraphScanParams.MultiScanId = analyticsService.GetMsi() - } + scanDetails.MultiScanId, scanDetails.StartTime = xsc.SendNewScanEvent( + scanDetails.XrayVersion, + scanDetails.XscVersion, + scanDetails.ServerDetails, + utils.CreateScanEvent(scanDetails.ServerDetails, nil, analyticsScanPrScanType), + ) + + defer func() { + if issuesCollection != nil { + xsc.SendScanEndedEvent(scanDetails.XrayVersion, scanDetails.XscVersion, scanDetails.ServerDetails, scanDetails.MultiScanId, scanDetails.StartTime, issuesCollection.CountIssuesCollectionFindings(), err) + } + }() issuesCollection = &utils.IssuesCollection{} for i := range repoConfig.Projects { @@ -157,9 +163,6 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient, } issuesCollection.Append(projectIssues) } - if analyticsService.ShouldReportEvents() { - analyticsService.AddScanFindingsToXscAnalyticsGeneralEventFinalize(issuesCollection.CountIssuesCollectionFindings()) - } return } diff --git a/scanpullrequest/scanpullrequest_test.go b/scanpullrequest/scanpullrequest_test.go index e85fa0a12..d39948cb7 100644 --- a/scanpullrequest/scanpullrequest_test.go +++ b/scanpullrequest/scanpullrequest_test.go @@ -19,6 +19,7 @@ import ( "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/froggit-go/vcsutils" coreconfig "github.com/jfrog/jfrog-cli-core/v2/utils/config" + "github.com/jfrog/jfrog-cli-security/cli" "github.com/jfrog/jfrog-cli-security/utils/formats" "github.com/jfrog/jfrog-cli-security/utils/formats/sarifutils" "github.com/jfrog/jfrog-cli-security/utils/jasutils" @@ -635,11 +636,14 @@ func testScanPullRequest(t *testing.T, configPath, projectName string, failOnSec params, restoreEnv := utils.VerifyEnv(t) defer restoreEnv() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(¶ms) + assert.NoError(t, err) + // Create mock GitLab server server := httptest.NewServer(createGitLabHandler(t, projectName)) defer server.Close() - configAggregator, client := prepareConfigAndClient(t, configPath, server, params) + configAggregator, client := prepareConfigAndClient(t, xrayVersion, xscVersion, configPath, server, params) testDir, cleanUp := utils.CopyTestdataProjectsToTemp(t, "scanpullrequest") defer cleanUp() @@ -722,7 +726,7 @@ func TestVerifyGitHubFrogbotEnvironmentOnPrem(t *testing.T) { assert.NoError(t, err) } -func prepareConfigAndClient(t *testing.T, configPath string, server *httptest.Server, serverParams coreconfig.ServerDetails) (utils.RepoAggregator, vcsclient.VcsClient) { +func prepareConfigAndClient(t *testing.T, xrayVersion, xscVersion, configPath string, server *httptest.Server, serverParams coreconfig.ServerDetails) (utils.RepoAggregator, vcsclient.VcsClient) { gitTestParams := &utils.Git{ GitProvider: vcsutils.GitHub, RepoOwner: "jfrog", @@ -739,7 +743,7 @@ func prepareConfigAndClient(t *testing.T, configPath string, server *httptest.Se configData, err := utils.ReadConfigFromFileSystem(configPath) assert.NoError(t, err) - configAggregator, err := utils.BuildRepoAggregator(client, configData, gitTestParams, &serverParams, utils.ScanPullRequest) + configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, gitTestParams, &serverParams, utils.ScanPullRequest) assert.NoError(t, err) return configAggregator, client diff --git a/scanrepository/scanmultiplerepositories.go b/scanrepository/scanmultiplerepositories.go index 901f06ca6..2541613c2 100644 --- a/scanrepository/scanmultiplerepositories.go +++ b/scanrepository/scanmultiplerepositories.go @@ -15,8 +15,11 @@ type ScanMultipleRepositories struct { func (saf *ScanMultipleRepositories) Run(repoAggregator utils.RepoAggregator, client vcsclient.VcsClient, frogbotRepoConnection *utils.UrlAccessChecker) (err error) { scanRepositoryCmd := &ScanRepositoryCmd{dryRun: saf.dryRun, dryRunRepoPath: saf.dryRunRepoPath, baseWd: saf.dryRunRepoPath} + for repoNum := range repoAggregator { repoAggregator[repoNum].OutputWriter.SetHasInternetConnection(frogbotRepoConnection.IsConnected()) + scanRepositoryCmd.XrayVersion = repoAggregator[repoNum].XrayVersion + scanRepositoryCmd.XscVersion = repoAggregator[repoNum].XscVersion if e := scanRepositoryCmd.scanAndFixRepository(&repoAggregator[repoNum], client); e != nil { err = errors.Join(err, e) } diff --git a/scanrepository/scanmultiplerepositories_test.go b/scanrepository/scanmultiplerepositories_test.go index bc8e2ff6f..b8a049d55 100644 --- a/scanrepository/scanmultiplerepositories_test.go +++ b/scanrepository/scanmultiplerepositories_test.go @@ -4,19 +4,21 @@ import ( "bytes" "encoding/json" "fmt" + "net/http" + "net/http/httptest" + "os" + "path/filepath" + "strings" + "testing" + "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/protocol/packp" "github.com/go-git/go-git/v5/plumbing/protocol/packp/capability" "github.com/jfrog/frogbot/v2/utils" "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/froggit-go/vcsutils" + "github.com/jfrog/jfrog-cli-security/cli" "github.com/stretchr/testify/assert" - "net/http" - "net/http/httptest" - "os" - "path/filepath" - "strings" - "testing" ) var testScanMultipleRepositoriesConfigPath = filepath.Join("..", "testdata", "config", "frogbot-config-scan-multiple-repositories.yml") @@ -28,6 +30,9 @@ func TestScanAndFixRepos(t *testing.T) { _, restoreJfrogHomeFunc := utils.CreateTempJfrogHomeWithCallback(t) defer restoreJfrogHomeFunc() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&serverParams) + assert.NoError(t, err) + baseWd, err := os.Getwd() assert.NoError(t, err) @@ -57,7 +62,7 @@ func TestScanAndFixRepos(t *testing.T) { }() utils.CreateDotGitWithCommit(t, testDir, port, testRepositories...) - configAggregator, err := utils.BuildRepoAggregator(client, configData, &gitTestParams, &serverParams, utils.ScanMultipleRepositories) + configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, &gitTestParams, &serverParams, utils.ScanMultipleRepositories) assert.NoError(t, err) var cmd = ScanMultipleRepositories{dryRun: true, dryRunRepoPath: testDir} diff --git a/scanrepository/scanrepository.go b/scanrepository/scanrepository.go index ae23bd39c..08abee411 100644 --- a/scanrepository/scanrepository.go +++ b/scanrepository/scanrepository.go @@ -51,8 +51,9 @@ type ScanRepositoryCmd struct { projectTech []techutils.Technology // Stores all package manager handlers for detected issues handlers map[techutils.Technology]packagehandlers.PackageHandler - // The AnalyticsMetricsService used for analytics event report - analyticsService *xsc.AnalyticsMetricsService + + XrayVersion string + XscVersion string } func (cfp *ScanRepositoryCmd) Run(repoAggregator utils.RepoAggregator, client vcsclient.VcsClient, frogbotRepoConnection *utils.UrlAccessChecker) (err error) { @@ -61,6 +62,8 @@ func (cfp *ScanRepositoryCmd) Run(repoAggregator utils.RepoAggregator, client vc } repository := repoAggregator[0] repository.OutputWriter.SetHasInternetConnection(frogbotRepoConnection.IsConnected()) + cfp.XrayVersion = repository.XrayVersion + cfp.XscVersion = repository.XscVersion return cfp.scanAndFixRepository(&repository, client) } @@ -79,11 +82,6 @@ func (cfp *ScanRepositoryCmd) scanAndFixRepository(repository *utils.Repository, } func (cfp *ScanRepositoryCmd) scanAndFixBranch(repository *utils.Repository) (err error) { - cfp.analyticsService = utils.AddAnalyticsGeneralEvent(cfp.scanDetails.XscGitInfoContext, cfp.scanDetails.ServerDetails, analyticsScanRepositoryScanType) - defer func() { - cfp.analyticsService.UpdateAndSendXscAnalyticsGeneralEventFinalize(err) - }() - repoDir, restoreBaseDir, err := cfp.cloneRepositoryOrUseLocalAndCheckoutToBranch() if err != nil { return @@ -97,23 +95,29 @@ func (cfp *ScanRepositoryCmd) scanAndFixBranch(repository *utils.Repository) (er err = errors.Join(err, restoreBaseDir(), fileutils.RemoveTempDir(repoDir)) }() - // If MSI exists we always need to report events - if cfp.analyticsService.GetMsi() != "" { - // MSI is passed to XrayGraphScanParams, so it can be later used by other analytics events in the scan phase - cfp.scanDetails.XrayGraphScanParams.MultiScanId = cfp.analyticsService.GetMsi() - cfp.scanDetails.XrayGraphScanParams.XscVersion, err = cfp.analyticsService.XscManager().GetVersion() - if err != nil { - return - } - } + cfp.scanDetails.MultiScanId, cfp.scanDetails.StartTime = xsc.SendNewScanEvent( + cfp.scanDetails.XrayVersion, + cfp.scanDetails.XscVersion, + cfp.scanDetails.ServerDetails, + utils.CreateScanEvent(cfp.scanDetails.ServerDetails, cfp.scanDetails.XscGitInfoContext, analyticsScanRepositoryScanType), + ) + + totalFindings := 0 + + defer func() { + xsc.SendScanEndedEvent(cfp.scanDetails.XrayVersion, cfp.scanDetails.XscVersion, cfp.scanDetails.ServerDetails, cfp.scanDetails.MultiScanId, cfp.scanDetails.StartTime, totalFindings, err) + }() for i := range repository.Projects { cfp.scanDetails.Project = &repository.Projects[i] cfp.projectTech = []techutils.Technology{} - if err = cfp.scanAndFixProject(repository); err != nil { - return + if findings, e := cfp.scanAndFixProject(repository); e != nil { + return e + } else { + totalFindings += findings } } + return } @@ -126,6 +130,10 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito SetSkipAutoInstall(repository.SkipAutoInstall). SetAllowPartialResults(repository.AllowPartialResults). SetDisableJas(repository.DisableJas) + + cfp.scanDetails.XrayVersion = cfp.XrayVersion + cfp.scanDetails.XscVersion = cfp.XscVersion + if cfp.scanDetails, err = cfp.scanDetails.SetMinSeverity(repository.MinSeverity); err != nil { return } @@ -151,8 +159,9 @@ func (cfp *ScanRepositoryCmd) setCommandPrerequisites(repository *utils.Reposito return } -func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) error { +func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) (int, error) { var fixNeeded bool + totalFindings := 0 // A map that contains the full project paths as a keys // The value is a map of vulnerable package names -> the scanDetails of the vulnerable packages. // That means we have a map of all the vulnerabilities that were found in a specific folder, along with their full scanDetails. @@ -162,20 +171,18 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er scanResults, err := cfp.scan(fullPathWd) if err != nil { if err = utils.CreateErrorIfPartialResultsDisabled(cfp.scanDetails.AllowPartialResults(), fmt.Sprintf("An error occurred during Audit execution for '%s' working directory. Fixes will be skipped for this working directory", fullPathWd), err); err != nil { - return err + return totalFindings, err } continue } - if cfp.analyticsService.ShouldReportEvents() { - if summary, err := conversion.NewCommandResultsConvertor(conversion.ResultConvertParams{IncludeVulnerabilities: true, HasViolationContext: cfp.scanDetails.HasViolationContext()}).ConvertToSummary(scanResults); err != nil { - return err - } else { - totalFindings := summary.GetTotalViolations() - if totalFindings == 0 { - totalFindings = summary.GetTotalVulnerabilities() - } - cfp.analyticsService.AddScanFindingsToXscAnalyticsGeneralEventFinalize(totalFindings) + if summary, err := conversion.NewCommandResultsConvertor(conversion.ResultConvertParams{IncludeVulnerabilities: true, HasViolationContext: cfp.scanDetails.HasViolationContext()}).ConvertToSummary(scanResults); err != nil { + return totalFindings, err + } else { + findingCount := summary.GetTotalViolations() + if findingCount == 0 { + findingCount = summary.GetTotalVulnerabilities() } + totalFindings += findingCount } if scanResults.EntitledForJas && repository.GitProvider.String() == vcsutils.GitHub.String() { @@ -193,7 +200,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er currPathVulnerabilities, err := cfp.getVulnerabilitiesMap(scanResults) if err != nil { if err = utils.CreateErrorIfPartialResultsDisabled(cfp.scanDetails.AllowPartialResults(), fmt.Sprintf("An error occurred while preparing the vulnerabilities map for '%s' working directory. Fixes will be skipped for this working directory", fullPathWd), err); err != nil { - return err + return totalFindings, err } continue } @@ -205,9 +212,9 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er if repository.DetectionOnly { log.Info(fmt.Sprintf("This command is running in detection mode only. To enable automatic fixing of issues, set the '%s' environment variable to 'false'.", utils.DetectionOnlyEnv)) } else if fixNeeded { - return cfp.fixVulnerablePackages(repository, vulnerabilitiesByPathMap) + return totalFindings, cfp.fixVulnerablePackages(repository, vulnerabilitiesByPathMap) } - return nil + return totalFindings, nil } // Audit the dependencies of the current commit. diff --git a/scanrepository/scanrepository_test.go b/scanrepository/scanrepository_test.go index 990e23386..f4e8d37dd 100644 --- a/scanrepository/scanrepository_test.go +++ b/scanrepository/scanrepository_test.go @@ -3,6 +3,13 @@ package scanrepository import ( "errors" "fmt" + "net/http/httptest" + "os" + "os/exec" + "path/filepath" + "strings" + "testing" + "github.com/google/go-github/v45/github" biutils "github.com/jfrog/build-info-go/utils" "github.com/jfrog/frogbot/v2/utils" @@ -10,6 +17,7 @@ import ( "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/froggit-go/vcsutils" "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" + "github.com/jfrog/jfrog-cli-security/cli" "github.com/jfrog/jfrog-cli-security/utils/formats" "github.com/jfrog/jfrog-cli-security/utils/results" "github.com/jfrog/jfrog-cli-security/utils/techutils" @@ -18,12 +26,6 @@ import ( "github.com/jfrog/jfrog-client-go/xray/services" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "net/http/httptest" - "os" - "os/exec" - "path/filepath" - "strings" - "testing" ) const rootTestDir = "scanrepository" @@ -170,6 +172,9 @@ func TestScanRepositoryCmd_Run(t *testing.T) { assert.NoError(t, os.Setenv(utils.AllowPartialResultsEnv, "false")) }() } + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&serverParams) + assert.NoError(t, err) + var port string server := httptest.NewServer(createScanRepoGitHubHandler(t, &port, nil, test.testName)) defer server.Close() @@ -198,10 +203,10 @@ func TestScanRepositoryCmd_Run(t *testing.T) { } utils.CreateDotGitWithCommit(t, testDir, port, test.testName) - configAggregator, err := utils.BuildRepoAggregator(client, configData, &gitTestParams, &serverParams, utils.ScanRepository) + configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, &gitTestParams, &serverParams, utils.ScanRepository) assert.NoError(t, err) // Run - var cmd = ScanRepositoryCmd{dryRun: true, dryRunRepoPath: testDir} + var cmd = ScanRepositoryCmd{XrayVersion: xrayVersion, XscVersion: xscVersion, dryRun: true, dryRunRepoPath: testDir} err = cmd.Run(configAggregator, client, utils.MockHasConnection()) defer func() { assert.NoError(t, os.Chdir(baseDir)) @@ -299,6 +304,8 @@ pr body defer restoreEnv() testDir, cleanup := utils.CopyTestdataProjectsToTemp(t, filepath.Join(rootTestDir, "aggregate-pr-lifecycle")) defer cleanup() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&serverParams) + assert.NoError(t, err) for _, test := range tests { t.Run(test.testName, func(t *testing.T) { var port string @@ -326,7 +333,7 @@ pr body // Load default configurations var configData []byte gitTestParams.Branches = []string{"master"} - configAggregator, err := utils.BuildRepoAggregator(client, configData, gitTestParams, &serverParams, utils.ScanRepository) + configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, gitTestParams, &serverParams, utils.ScanRepository) assert.NoError(t, err) // Run var cmd = ScanRepositoryCmd{dryRun: true, dryRunRepoPath: testDir} @@ -392,6 +399,9 @@ func TestGenerateFixBranchName(t *testing.T) { func TestPackageTypeFromScan(t *testing.T) { environmentVars, restoreEnv := utils.VerifyEnv(t) defer restoreEnv() + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&environmentVars) + assert.NoError(t, err) + testScan := &ScanRepositoryCmd{OutputWriter: &outputwriter.StandardOutput{}} trueVal := true params := utils.Params{ @@ -424,9 +434,12 @@ func TestPackageTypeFromScan(t *testing.T) { frogbotParams.Projects[0].InstallCommandName = pkg.commandName frogbotParams.Projects[0].InstallCommandArgs = pkg.commandArgs scanSetup := utils.ScanDetails{ - XrayGraphScanParams: &services.XrayGraphScanParams{}, - Project: &frogbotParams.Projects[0], - ServerDetails: &frogbotParams.Server, + XrayGraphScanParams: &services.XrayGraphScanParams{ + XrayVersion: xrayVersion, + XscVersion: xscVersion, + }, + Project: &frogbotParams.Projects[0], + ServerDetails: &frogbotParams.Server, } testScan.scanDetails = &scanSetup scanResponse, err := testScan.scan(tmpDir) diff --git a/utils/analytics.go b/utils/analytics.go index ae2f54945..aeaf31e4e 100644 --- a/utils/analytics.go +++ b/utils/analytics.go @@ -6,36 +6,20 @@ import ( "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-security/utils/xsc" - "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/services" xscservices "github.com/jfrog/jfrog-client-go/xsc/services" ) -func AddAnalyticsGeneralEvent(gitInfoContext *services.XscGitInfoContext, serverDetails *config.ServerDetails, scanType string) *xsc.AnalyticsMetricsService { - log.Debug("Initiating General Event report to Analytics service") - analyticsService := xsc.NewAnalyticsMetricsService(serverDetails) - if !analyticsService.ShouldReportEvents() { - return analyticsService - } - analyticsService.AddGeneralEvent(createAnalyticsGeneralEvent(analyticsService, gitInfoContext, scanType)) - if analyticsService.GetMsi() != "" { - analyticsService.SetFinalizeEvent(&xscservices.XscAnalyticsGeneralEventFinalize{MultiScanId: analyticsService.GetMsi()}) - } else { - analyticsService.SetShouldReportEvents(false) - } - return analyticsService -} - -func createAnalyticsGeneralEvent(analyticsService *xsc.AnalyticsMetricsService, gitInfo *services.XscGitInfoContext, scanType string) *xscservices.XscAnalyticsGeneralEvent { - generalEvent := analyticsService.CreateGeneralEvent(xscservices.FrogbotProduct, xscservices.FrogbotType) - generalEvent.ProductVersion = FrogbotVersion - generalEvent.FrogbotScanType = scanType - generalEvent.FrogbotCiProvider = resolveCi() +func CreateScanEvent(serviceDetails *config.ServerDetails, gitInfo *services.XscGitInfoContext, scanType string) *xscservices.XscAnalyticsGeneralEvent { + event := xsc.CreateAnalyticsEvent(xscservices.FrogbotProduct, xscservices.FrogbotType, serviceDetails) + event.ProductVersion = FrogbotVersion + event.FrogbotScanType = scanType + event.FrogbotCiProvider = resolveCi() if gitInfo != nil { - generalEvent.GitInfo = gitInfo - generalEvent.IsGitInfoFlow = true + event.GitInfo = gitInfo + event.IsGitInfoFlow = true } - return generalEvent + return event } // Returns the CI system that is currently running the command. diff --git a/utils/analytics_test.go b/utils/analytics_test.go index fbe6b6310..5fc5d48eb 100644 --- a/utils/analytics_test.go +++ b/utils/analytics_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/jfrog/jfrog-cli-core/v2/utils/config" - "github.com/jfrog/jfrog-cli-security/utils/xsc" "github.com/jfrog/jfrog-client-go/xray/services" xscservices "github.com/jfrog/jfrog-client-go/xsc/services" "github.com/stretchr/testify/assert" @@ -32,8 +31,7 @@ func TestCreateAnalyticsGeneralEvent(t *testing.T) { Password: "password", } - analyticsService := xsc.NewAnalyticsMetricsService(serverDetails) - analyticsGeneralEvent := createAnalyticsGeneralEvent(analyticsService, gitInfoContext, "monitor") + analyticsGeneralEvent := CreateScanEvent(serverDetails, gitInfoContext, "monitor") // Comparison is made manually for selected fields since some of the fields are machine-dependent and cannot be known in advance assert.Equal(t, xscservices.FrogbotType, analyticsGeneralEvent.EventType) diff --git a/utils/params.go b/utils/params.go index 54f4255f1..d3f15b2a4 100644 --- a/utils/params.go +++ b/utils/params.go @@ -17,6 +17,7 @@ import ( "golang.org/x/exp/slices" "github.com/jfrog/frogbot/v2/utils/outputwriter" + "github.com/jfrog/jfrog-cli-security/cli" securityutils "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/severityutils" @@ -40,6 +41,8 @@ var ( ) type FrogbotDetails struct { + XrayVersion string + XscVersion string Repositories RepoAggregator ServerDetails *coreconfig.ServerDetails GitClient vcsclient.VcsClient @@ -272,6 +275,8 @@ func (s *Scan) setDefaultsIfNeeded() (err error) { } type JFrogPlatform struct { + XrayVersion string + XscVersion string Watches []string `yaml:"watches,omitempty"` JFrogProjectKey string `yaml:"jfrogProjectKey,omitempty"` } @@ -411,8 +416,12 @@ func GetFrogbotDetails(commandName string) (frogbotDetails *FrogbotDetails, err if err != nil { return } + xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(jfrogServer) + if err != nil { + return + } - configProfile, err := getConfigProfileIfExistsAndValid(jfrogServer) + configProfile, err := getConfigProfileIfExistsAndValid(xrayVersion, xscVersion, jfrogServer) if err != nil { return } @@ -439,7 +448,7 @@ func GetFrogbotDetails(commandName string) (frogbotDetails *FrogbotDetails, err return } - configAggregator, err := getConfigAggregator(client, gitParamsFromEnv, jfrogServer, commandName) + configAggregator, err := getConfigAggregator(xrayVersion, xscVersion, client, gitParamsFromEnv, jfrogServer, commandName) if err != nil { return } @@ -449,12 +458,12 @@ func GetFrogbotDetails(commandName string) (frogbotDetails *FrogbotDetails, err configAggregator[i].Scan.ConfigProfile = configProfile } - frogbotDetails = &FrogbotDetails{Repositories: configAggregator, GitClient: client, ServerDetails: jfrogServer, ReleasesRepo: os.Getenv(jfrogReleasesRepoEnv)} + frogbotDetails = &FrogbotDetails{XrayVersion: xrayVersion, XscVersion: xscVersion, Repositories: configAggregator, GitClient: client, ServerDetails: jfrogServer, ReleasesRepo: os.Getenv(jfrogReleasesRepoEnv)} return } // getConfigAggregator returns a RepoAggregator based on frogbot-config.yml and environment variables. -func getConfigAggregator(gitClient vcsclient.VcsClient, gitParamsFromEnv *Git, jfrogServer *coreconfig.ServerDetails, commandName string) (RepoAggregator, error) { +func getConfigAggregator(xrayVersion, xscVersion string, gitClient vcsclient.VcsClient, gitParamsFromEnv *Git, jfrogServer *coreconfig.ServerDetails, commandName string) (RepoAggregator, error) { configFileContent, err := getConfigFileContent(gitClient, gitParamsFromEnv, commandName) if err != nil { return nil, err @@ -462,7 +471,7 @@ func getConfigAggregator(gitClient vcsclient.VcsClient, gitParamsFromEnv *Git, j if configFileContent != nil { log.Debug(fmt.Sprintf("The content of %s that will be used is:\n%s", FrogbotConfigFile, string(configFileContent))) } - return BuildRepoAggregator(gitClient, configFileContent, gitParamsFromEnv, jfrogServer, commandName) + return BuildRepoAggregator(xrayVersion, xscVersion, gitClient, configFileContent, gitParamsFromEnv, jfrogServer, commandName) } // getConfigFileContent retrieves the content of the frogbot-config.yml file @@ -490,7 +499,7 @@ func getConfigFileContent(gitClient vcsclient.VcsClient, gitParamsFromEnv *Git, // BuildRepoAggregator receives the content of a frogbot-config.yml file, along with the Git (built from environment variables) and ServerDetails parameters. // Returns a RepoAggregator instance with all the defaults and necessary fields. -func BuildRepoAggregator(gitClient vcsclient.VcsClient, configFileContent []byte, gitParamsFromEnv *Git, server *coreconfig.ServerDetails, commandName string) (resultAggregator RepoAggregator, err error) { +func BuildRepoAggregator(xrayVersion, xscVersion string, gitClient vcsclient.VcsClient, configFileContent []byte, gitParamsFromEnv *Git, server *coreconfig.ServerDetails, commandName string) (resultAggregator RepoAggregator, err error) { var cleanAggregator RepoAggregator // Unmarshal the frogbot-config.yml file if exists if cleanAggregator, err = unmarshalFrogbotConfigYaml(configFileContent); err != nil { @@ -498,6 +507,8 @@ func BuildRepoAggregator(gitClient vcsclient.VcsClient, configFileContent []byte } for _, repository := range cleanAggregator { repository.Server = *server + repository.Params.XrayVersion = xrayVersion + repository.Params.XscVersion = xscVersion if err = repository.Params.setDefaultsIfNeeded(gitParamsFromEnv, commandName); err != nil { return } @@ -777,14 +788,14 @@ func readConfigFromTarget(client vcsclient.VcsClient, gitParamsFromEnv *Git) (co // This function fetches a config profile if JF_CONFIG_PROFILE is provided. // If so - it verifies there is only a single module with a '.' path from root. If these conditions doesn't hold we return an error. -func getConfigProfileIfExistsAndValid(jfrogServer *coreconfig.ServerDetails) (configProfile *services.ConfigProfile, err error) { +func getConfigProfileIfExistsAndValid(xrayVersion, xscVersion string, jfrogServer *coreconfig.ServerDetails) (configProfile *services.ConfigProfile, err error) { profileName := getTrimmedEnv(JfrogConfigProfileEnv) if profileName == "" { log.Debug(fmt.Sprintf("No %s environment variable was provided. All configurations will be induced from Env vars and files", JfrogConfigProfileEnv)) return } - if configProfile, err = xsc.GetConfigProfile(jfrogServer, profileName); err != nil { + if configProfile, err = xsc.GetConfigProfile(xrayVersion, xscVersion, jfrogServer, profileName); err != nil { return } diff --git a/utils/params_test.go b/utils/params_test.go index 0fbc703d8..80f5f3571 100644 --- a/utils/params_test.go +++ b/utils/params_test.go @@ -10,6 +10,7 @@ import ( "github.com/jfrog/jfrog-client-go/utils/tests" "github.com/jfrog/jfrog-client-go/xsc/services" + xscutils "github.com/jfrog/jfrog-client-go/xsc/services/utils" "github.com/jfrog/froggit-go/vcsclient" "github.com/jfrog/jfrog-cli-core/v2/utils/config" @@ -182,7 +183,7 @@ func TestExtractAndAssertRepoParams(t *testing.T) { assert.NoError(t, err) configFileContent, err := ReadConfigFromFileSystem(configParamsTestFile) assert.NoError(t, err) - configAggregator, err := BuildRepoAggregator(nil, configFileContent, gitParams, server, ScanRepository) + configAggregator, err := BuildRepoAggregator("xrayVersion", "xscVersion", nil, configFileContent, gitParams, server, ScanRepository) assert.NoError(t, err) for _, repo := range configAggregator { for projectI, project := range repo.Projects { @@ -229,7 +230,7 @@ func TestBuildRepoAggregatorWithEmptyScan(t *testing.T) { assert.NoError(t, err) configFileContent, err := ReadConfigFromFileSystem(configEmptyScanParamsTestFile) assert.NoError(t, err) - configAggregator, err := BuildRepoAggregator(nil, configFileContent, gitParams, server, ScanRepository) + configAggregator, err := BuildRepoAggregator("xrayVersion", "xscVersion", nil, configFileContent, gitParams, server, ScanRepository) assert.NoError(t, err) assert.Len(t, configAggregator, 1) assert.Equal(t, frogbotAuthorEmail, configAggregator[0].EmailAuthor) @@ -263,7 +264,7 @@ func extractAndAssertParamsFromEnv(t *testing.T, platformUrl, basicAuth bool, co assert.NoError(t, err) gitParams, err := extractGitParamsFromEnvs(commandName) assert.NoError(t, err) - configFile, err := BuildRepoAggregator(nil, nil, gitParams, server, commandName) + configFile, err := BuildRepoAggregator("xrayVersion", "xscVersion", nil, nil, gitParams, server, commandName) assert.NoError(t, err) err = SanitizeEnv() assert.NoError(t, err) @@ -379,12 +380,12 @@ func TestGenerateConfigAggregatorFromEnv(t *testing.T) { User: "admin", Password: "password", } - repoAggregator, err := BuildRepoAggregator(nil, nil, &gitParams, &server, ScanRepository) + repoAggregator, err := BuildRepoAggregator("xrayVersion", "xscVersion", nil, nil, &gitParams, &server, ScanRepository) assert.NoError(t, err) repo := repoAggregator[0] validateBuildRepoAggregator(t, &repo, &gitParams, &server, ScanRepository) - repoAggregator, err = BuildRepoAggregator(nil, nil, &gitParams, &server, ScanPullRequest) + repoAggregator, err = BuildRepoAggregator("xrayVersion", "xscVersion", nil, nil, &gitParams, &server, ScanPullRequest) assert.NoError(t, err) repo = repoAggregator[0] validateBuildRepoAggregator(t, &repo, &gitParams, &server, ScanPullRequest) @@ -554,7 +555,7 @@ func TestBuildMergedRepoAggregator(t *testing.T) { User: "admin", Password: "password", } - repoAggregator, err := BuildRepoAggregator(nil, fileContent, gitParams, &server, ScanRepository) + repoAggregator, err := BuildRepoAggregator("xrayVersion", "xscVersion", nil, fileContent, gitParams, &server, ScanRepository) assert.NoError(t, err) repo := repoAggregator[0] @@ -694,32 +695,58 @@ func TestSetEmailDetails(t *testing.T) { func TestGetConfigProfileIfExistsAndValid(t *testing.T) { testcases := []struct { + name string profileName string + xrayVersion string failureExpected bool }{ { + name: "Deprecated Server - Valid ConfigProfile", profileName: ValidConfigProfile, + xrayVersion: "3.0.0", failureExpected: false, }, { + name: "Deprecated Server - Invalid Path From Root ConfigProfile", profileName: InvalidPathConfigProfile, + xrayVersion: "3.0.0", failureExpected: true, }, { + name: "Deprecated Server - Invalid Modules ConfigProfile", profileName: InvalidModulesConfigProfile, + xrayVersion: "3.0.0", + failureExpected: true, + }, + { + name: "Valid ConfigProfile", + profileName: ValidConfigProfile, + xrayVersion: xscutils.MinXrayVersionXscTransitionToXray, + failureExpected: false, + }, + { + name: "Invalid Path From Root ConfigProfile", + profileName: InvalidPathConfigProfile, + xrayVersion: xscutils.MinXrayVersionXscTransitionToXray, + failureExpected: true, + }, + { + name: "Invalid Modules ConfigProfile", + profileName: InvalidModulesConfigProfile, + xrayVersion: xscutils.MinXrayVersionXscTransitionToXray, failureExpected: true, }, } for _, testcase := range testcases { - t.Run(testcase.profileName, func(t *testing.T) { + t.Run(testcase.name, func(t *testing.T) { envCallbackFunc := tests.SetEnvWithCallbackAndAssert(t, JfrogConfigProfileEnv, testcase.profileName) defer envCallbackFunc() - mockServer, serverDetails := CreateXscMockServerForConfigProfile(t) + mockServer, serverDetails := CreateXscMockServerForConfigProfile(t, testcase.xrayVersion) defer mockServer.Close() - configProfile, err := getConfigProfileIfExistsAndValid(serverDetails) + configProfile, err := getConfigProfileIfExistsAndValid(testcase.xrayVersion, services.ConfigProfileMinXscVersion, serverDetails) if testcase.failureExpected { assert.Error(t, err) } else { diff --git a/utils/scandetails.go b/utils/scandetails.go index ca7189559..c71570fae 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "path/filepath" + "time" clientservices "github.com/jfrog/jfrog-client-go/xsc/services" @@ -34,6 +35,7 @@ type ScanDetails struct { baseBranch string configProfile *clientservices.ConfigProfile allowPartialResults bool + StartTime time.Time } func NewScanDetails(client vcsclient.VcsClient, server *config.ServerDetails, git *Git) *ScanDetails { @@ -148,10 +150,6 @@ func (sc *ScanDetails) CreateCommonGraphScanParams() *scangraph.CommonGraphScanP } commonParams.IncludeVulnerabilities = sc.IncludeVulnerabilities commonParams.IncludeLicenses = sc.IncludeLicenses - commonParams.MultiScanId = sc.MultiScanId - if commonParams.MultiScanId != "" { - commonParams.XscVersion = sc.XscVersion - } return commonParams } @@ -178,6 +176,8 @@ func createXrayScanParams(watches []string, project string, includeLicenses bool func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *results.SecurityCommandResults) { auditBasicParams := (&utils.AuditBasicParams{}). + SetXrayVersion(sc.XrayVersion). + SetXscVersion(sc.XscVersion). SetPipRequirementsFile(sc.PipRequirementsFile). SetUseWrapper(*sc.UseWrapper). SetDepsRepo(sc.DepsRepo). @@ -198,7 +198,9 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res SetFixableOnly(sc.FixableOnly()). SetGraphBasicParams(auditBasicParams). SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()). - SetConfigProfile(sc.configProfile) + SetConfigProfile(sc.configProfile). + SetMultiScanId(sc.MultiScanId). + SetStartTime(sc.StartTime) return audit.RunAudit(auditParams) } diff --git a/utils/testsutils.go b/utils/testsutils.go index 566cc4f13..99a6a3c5b 100644 --- a/utils/testsutils.go +++ b/utils/testsutils.go @@ -18,6 +18,7 @@ import ( biutils "github.com/jfrog/build-info-go/utils" "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-client-go/utils/io/fileutils" + xscutils "github.com/jfrog/jfrog-client-go/xsc/services/utils" "github.com/stretchr/testify/assert" ) @@ -154,8 +155,13 @@ func CreateTempJfrogHomeWithCallback(t *testing.T) (string, func()) { } } -func CreateXscMockServerForConfigProfile(t *testing.T) (mockServer *httptest.Server, serverDetails *config.ServerDetails) { +func CreateXscMockServerForConfigProfile(t *testing.T, xrayVersion string) (mockServer *httptest.Server, serverDetails *config.ServerDetails) { mockServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + apiUrlPart := "api/v1/" + if xscutils.IsXscXrayInnerService(xrayVersion) { + apiUrlPart = "" + } + secondModule := services.Module{ ModuleId: 999, ModuleName: "second-module", @@ -169,9 +175,9 @@ func CreateXscMockServerForConfigProfile(t *testing.T) (mockServer *httptest.Ser } switch { - case strings.HasPrefix(r.RequestURI, "/xsc/api/v1/profile/"): + case strings.Contains(r.RequestURI, "/xsc/"+apiUrlPart+"profile/"): assert.Equal(t, http.MethodGet, r.Method) - if r.RequestURI == "/xsc/api/v1/profile/"+ValidConfigProfile { + if strings.Contains(r.RequestURI, "/profile/"+ValidConfigProfile) { w.WriteHeader(http.StatusOK) } else { w.WriteHeader(http.StatusBadRequest) @@ -180,7 +186,7 @@ func CreateXscMockServerForConfigProfile(t *testing.T) (mockServer *httptest.Ser content, err := os.ReadFile("../testdata/configprofile/configProfileExample.json") assert.NoError(t, err) - if r.RequestURI == "/xsc/api/v1/profile/"+InvalidModulesConfigProfile { + if strings.Contains(r.RequestURI, "/profile/"+InvalidModulesConfigProfile) { // Adding a second module to make the profile invalid, as we currently support ONLY profile with a single module var profile services.ConfigProfile err = json.Unmarshal(content, &profile) @@ -190,7 +196,7 @@ func CreateXscMockServerForConfigProfile(t *testing.T) (mockServer *httptest.Ser assert.NoError(t, err) } - if r.RequestURI == "/xsc/api/v1/profile/"+InvalidPathConfigProfile { + if strings.Contains(r.RequestURI, "/profile/"+InvalidPathConfigProfile) { // Changing 'path_from_root' to a path different from '.' to make the module invalid, as we currently support ONLY a single module with '.' path updatedContent := string(content) updatedContent = strings.Replace(updatedContent, `"path_from_root": "."`, `"path_from_root": "backend"`, 1) @@ -200,7 +206,7 @@ func CreateXscMockServerForConfigProfile(t *testing.T) (mockServer *httptest.Ser _, err = w.Write(content) assert.NoError(t, err) - case r.RequestURI == "/xsc/api/v1/system/version": + case r.RequestURI == fmt.Sprintf("/%s/%ssystem/version", apiUrlPart, "xsc"): _, err := w.Write([]byte(fmt.Sprintf(`{"xsc_version": "%s"}`, services.ConfigProfileMinXscVersion))) assert.NoError(t, err) default: