From 4bb2460cef132d0079c3c8494f76dca130d62edc Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 15 Aug 2024 14:00:12 +0300 Subject: [PATCH 01/19] Added new configuration profile utilization in Scan-PR flow, for Secrets and Sast scanners only --- commands/audit/audit.go | 2 +- commands/audit/auditparams.go | 7 +++ commands/audit/scarunner.go | 5 ++ jas/runner/jasrunner.go | 47 ++++++++++++----- .../configProfile/configProfileExample.json | 49 ++++++++++++++++++ utils/test_mocks.go | 19 ++++++- utils/xsc/configprofile.go | 50 +++++++++++++++++++ utils/xsc/configprofile_test.go | 36 +++++++++++++ 8 files changed, 200 insertions(+), 15 deletions(-) create mode 100644 tests/testdata/other/configProfile/configProfileExample.json create mode 100644 utils/xsc/configprofile.go create mode 100644 utils/xsc/configprofile_test.go diff --git a/commands/audit/audit.go b/commands/audit/audit.go index 1a5b00f7..c55f430f 100644 --- a/commands/audit/audit.go +++ b/commands/audit/audit.go @@ -268,7 +268,7 @@ func downloadAnalyzerManagerAndRunScanners(auditParallelRunner *utils.SecurityPa if err != nil { return fmt.Errorf("failed to create jas scanner: %s", err.Error()) } - if err = runner.AddJasScannersTasks(auditParallelRunner, scanResults, auditParams.DirectDependencies(), serverDetails, auditParams.thirdPartyApplicabilityScan, scanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, auditParallelRunner.AddErrorToChan, auditParams.ScansToPerform()); err != nil { + if err = runner.AddJasScannersTasks(auditParallelRunner, scanResults, auditParams.DirectDependencies(), serverDetails, auditParams.thirdPartyApplicabilityScan, scanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, auditParallelRunner.AddErrorToChan, auditParams.ScansToPerform(), auditParams.configProfile); err != nil { return fmt.Errorf("%s failed to run JAS scanners: %s", clientutils.GetLogMsgPrefix(threadId, false), err.Error()) } return diff --git a/commands/audit/auditparams.go b/commands/audit/auditparams.go index edc32174..474bf9b3 100644 --- a/commands/audit/auditparams.go +++ b/commands/audit/auditparams.go @@ -5,6 +5,7 @@ import ( "github.com/jfrog/jfrog-cli-security/utils/severityutils" "github.com/jfrog/jfrog-cli-security/utils/xray/scangraph" "github.com/jfrog/jfrog-client-go/xray/services" + clientservices "github.com/jfrog/jfrog-client-go/xsc/services" ) type AuditParams struct { @@ -19,6 +20,7 @@ type AuditParams struct { // Include third party dependencies source code in the applicability scan. thirdPartyApplicabilityScan bool threads int + configProfile *clientservices.ConfigProfile } func NewAuditParams() *AuditParams { @@ -92,6 +94,11 @@ func (params *AuditParams) SetCommonGraphScanParams(commonParams *scangraph.Comm return params } +func (params *AuditParams) SetConfigProfile(configProfile *clientservices.ConfigProfile) *AuditParams { + params.configProfile = configProfile + return params +} + func (params *AuditParams) createXrayGraphScanParams() *services.XrayGraphScanParams { return &services.XrayGraphScanParams{ RepoPath: params.commonGraphScanParams.RepoPath, diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index e8d47507..74a9ded4 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -42,6 +42,11 @@ func buildDepTreeAndRunScaScan(auditParallelRunner *utils.SecurityParallelRunner log.Debug("Skipping SCA scan as requested by input...") return } + if auditParams.configProfile != nil { + // Currently, if a configuration profile is being utilized, the only supported scanners are Secrets and Sast Scanners, therefore SCA scanner is skipped if a config profile exists + return + } + // Prepare currentWorkingDir, err := os.Getwd() if errorutils.CheckError(err) != nil { diff --git a/jas/runner/jasrunner.go b/jas/runner/jasrunner.go index 39a72f12..9c3e98bd 100644 --- a/jas/runner/jasrunner.go +++ b/jas/runner/jasrunner.go @@ -2,7 +2,6 @@ package runner import ( "fmt" - "github.com/jfrog/gofrog/parallel" jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go" "github.com/jfrog/jfrog-cli-core/v2/utils/config" @@ -15,11 +14,13 @@ import ( "github.com/jfrog/jfrog-cli-security/utils/jasutils" clientutils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" + "github.com/jfrog/jfrog-client-go/xsc/services" "golang.org/x/exp/slices" ) func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, scanResults *utils.Results, directDependencies *[]string, - serverDetails *config.ServerDetails, thirdPartyApplicabilityScan bool, scanner *jas.JasScanner, scanType applicability.ApplicabilityScanType, secretsScanType secrets.SecretsScanType, errHandlerFunc func(error), scansToPreform []utils.SubScanType) (err error) { + serverDetails *config.ServerDetails, thirdPartyApplicabilityScan bool, scanner *jas.JasScanner, scanType applicability.ApplicabilityScanType, + secretsScanType secrets.SecretsScanType, errHandlerFunc func(error), scansToPreform []utils.SubScanType, configProfile *services.ConfigProfile) (err error) { if serverDetails == nil || len(serverDetails.Url) == 0 { log.Warn("To include 'Advanced Security' scan as part of the audit output, please run the 'jf c add' command before running this command.") return @@ -31,34 +32,54 @@ func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, s } // Set environments variables for analytics in analyzers manager. // Don't execute other scanners when scanning third party dependencies. + // Currently, if config profile exists, the only possible scanners to run are: Secrets, Sast if !thirdPartyApplicabilityScan { for _, module := range scanner.JFrogAppsConfig.Modules { if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.SecretsScan) { log.Debug("Skipping secrets scan as requested by input...") + } else if configProfile != nil { + // This code section is related to CentralizedConfig integration in CI Next. + log.Debug(fmt.Sprintf("Using config profile '%s' to determine whether to run secrets scan...", configProfile.ProfileName)) + if configProfile.Modules[0].ScanConfig.SecretsScannerConfig.EnableSecretsScan { + err = addModuleJasScanTask(jfrogappsconfig.Module{}, jasutils.Secrets, securityParallelRunner, runSecretsScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module, secretsScanType), errHandlerFunc) + } else { + log.Debug(fmt.Sprintf("Skipping secrets scan as requested by '%s' config profile...", configProfile.ProfileName)) + } } else if err = addModuleJasScanTask(module, jasutils.Secrets, securityParallelRunner, runSecretsScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module, secretsScanType), errHandlerFunc); err != nil { return } if runAllScanners { - if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.IacScan) { - log.Debug("Skipping Iac scan as requested by input...") - } else if err = addModuleJasScanTask(module, jasutils.IaC, securityParallelRunner, runIacScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module), errHandlerFunc); err != nil { - return + if configProfile == nil { + if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.IacScan) { + log.Debug("Skipping Iac scan as requested by input...") + } else if err = addModuleJasScanTask(module, jasutils.IaC, securityParallelRunner, runIacScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module), errHandlerFunc); err != nil { + return + } } if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.SastScan) { log.Debug("Skipping Sast scan as requested by input...") + } else if configProfile != nil { + log.Debug(fmt.Sprintf("Using config profile '%s' to determine whether to run Sast scan...", configProfile.ProfileName)) + if configProfile.Modules[0].ScanConfig.SastScannerConfig.EnableSastScan { + err = addModuleJasScanTask(jfrogappsconfig.Module{}, jasutils.Sast, securityParallelRunner, runSastScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module), errHandlerFunc) + } else { + log.Debug(fmt.Sprintf("Skipping Sast scan as requested by '%s' config profile...", configProfile.ProfileName)) + } } else if err = addModuleJasScanTask(module, jasutils.Sast, securityParallelRunner, runSastScan(securityParallelRunner, scanner, scanResults.ExtendedScanResults, module), errHandlerFunc); err != nil { return } } } } - if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.ContextualAnalysisScan) { - log.Debug("Skipping contextual analysis scan as requested by input...") - return err - } - for _, module := range scanner.JFrogAppsConfig.Modules { - if err = addModuleJasScanTask(module, jasutils.Applicability, securityParallelRunner, runContextualScan(securityParallelRunner, scanner, scanResults, module, directDependencies, thirdPartyApplicabilityScan, scanType), errHandlerFunc); err != nil { - return + if configProfile == nil { + if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.ContextualAnalysisScan) { + log.Debug("Skipping contextual analysis scan as requested by input...") + return err + } + for _, module := range scanner.JFrogAppsConfig.Modules { + if err = addModuleJasScanTask(module, jasutils.Applicability, securityParallelRunner, runContextualScan(securityParallelRunner, scanner, scanResults, module, directDependencies, thirdPartyApplicabilityScan, scanType), errHandlerFunc); err != nil { + return + } } } return err diff --git a/tests/testdata/other/configProfile/configProfileExample.json b/tests/testdata/other/configProfile/configProfileExample.json new file mode 100644 index 00000000..e4fb139c --- /dev/null +++ b/tests/testdata/other/configProfile/configProfileExample.json @@ -0,0 +1,49 @@ +{ + "profile_name": "default-profile", + "frogbot_config": { + "email_author": "my-user@jfrog.com", + "aggregate_fixes": true, + "avoid_previous_pr_comments_deletion": true, + "branch_name_template": "frogbot-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}", + "pr_title_template": "[🐸 Frogbot] Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}", + "pr_comment_title": "Frogbot notes:", + "commit_message_template": "Upgrade {IMPACTED_PACKAGE} to {FIX_VERSION}", + "show_secrets_as_pr_comment": false + }, + "modules": [ + { + "module_name": "default-module", + "path_from_root": ".", + "releases_repo": "nuget-remote", + "analyzer_manager_version": "1.8.1", + "additional_paths_for_module": ["lib1", "utils/lib2"], + "exclude_paths": ["**/.git/**", "**/*test*/**", "**/*venv*/**", "**/*node_modules*/**", "**/target/**"], + "scan_config": { + "scan_timeout": 600, + "exclude_pattern": "*.md", + "enable_sca_scan": true, + "enable_contextual_analysis_scan": true, + "sast_scanner_config": { + "enable_sast_scan": true + }, + "secrets_scanner_config": { + "enable_secrets_scan": true + }, + "iac_scanner_config": { + "enable_iac_scan": true + }, + "applications_scanner_config": { + "enable_applications_scan": true + }, + "services_scanner_config": { + "enable_services_scan": true + } + }, + "protected_branches": ["main", "master"], + "include_exclude_mode": 0, + "include_exclude_pattern": "*test*", + "report_analytics": true + } + ], + "is_default": true +} \ No newline at end of file diff --git a/utils/test_mocks.go b/utils/test_mocks.go index 5774f9b3..4d0f17d6 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -8,10 +8,14 @@ import ( "github.com/stretchr/testify/assert" "net/http" "net/http/httptest" + "os" "testing" ) -const TestMsi = "27e175b8-e525-11ee-842b-7aa2c69b8f1f" +const ( + TestMsi = "27e175b8-e525-11ee-842b-7aa2c69b8f1f" + TestConfigProfileName = "default-profile" +) type restsTestHandler func(w http.ResponseWriter, r *http.Request) @@ -46,6 +50,19 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve } } } + if r.RequestURI == "/xsc/api/v1/profile/"+TestConfigProfileName { + if r.Method == http.MethodGet { + w.WriteHeader(http.StatusOK) + content, err := os.ReadFile("../xsc/configProfileExample.json") + if err != nil { + return + } + _, err = w.Write(content) + if err != nil { + return + } + } + } }) return serverMock, serverDetails } diff --git a/utils/xsc/configprofile.go b/utils/xsc/configprofile.go new file mode 100644 index 00000000..859a553e --- /dev/null +++ b/utils/xsc/configprofile.go @@ -0,0 +1,50 @@ +package xsc + +import ( + "encoding/json" + "fmt" + "github.com/jfrog/jfrog-cli-core/v2/utils/config" + clientutils "github.com/jfrog/jfrog-client-go/utils" + "github.com/jfrog/jfrog-client-go/utils/log" + "github.com/jfrog/jfrog-client-go/xsc/services" + "os" +) + +func GetConfigProfile(serverDetails *config.ServerDetails, profileName string) (*services.ConfigProfile, error) { + xscManager, err := CreateXscServiceManager(serverDetails) + if err != nil { + return nil, err + } + + xscVersion, err := xscManager.GetVersion() + if err != nil { + return nil, fmt.Errorf("failed to get XSC service version '%s': %q", profileName, err) + } + + if err = clientutils.ValidateMinimumVersion(clientutils.Xsc, xscVersion, services.ConfigProfileMinXscVersion); err != nil { + log.Info("Minimal Xsc version required to utilize config profile is '%s'. All configurations will be induced from provided Env vars and files") + return nil, err + } + + configProfile, err := xscManager.GetConfigProfile(profileName) + if err != nil { + err = fmt.Errorf("failed to get config profile '%s': %q", profileName, err) + } + return configProfile, err +} + +// TODO delete when done testing agains an operating server with the new ConfigProfile endpoints +func MockGetConfigProfile() (*services.ConfigProfile, error) { + var configProfile *services.ConfigProfile + content, err := os.ReadFile("/Users/erant/Desktop/jfrog/jfrog-cli-security/tests/testdata/other/configProfile/configProfileExample.json") + if err != nil { + err = fmt.Errorf("failed to read config profile json file: %q", err) + return nil, err + } + err = json.Unmarshal(content, &configProfile) + if err != nil { + err = fmt.Errorf("failed to unmarshal config profile json: %q", err) + return nil, err + } + return configProfile, nil +} diff --git a/utils/xsc/configprofile_test.go b/utils/xsc/configprofile_test.go new file mode 100644 index 00000000..86afca0a --- /dev/null +++ b/utils/xsc/configprofile_test.go @@ -0,0 +1,36 @@ +package xsc + +import ( + "encoding/json" + "github.com/jfrog/jfrog-cli-security/utils" + "github.com/jfrog/jfrog-client-go/xsc/services" + "github.com/stretchr/testify/assert" + "os" + "testing" +) + +func TestGetConfigProfile_ValidRequest_SuccessExpected(t *testing.T) { + mockServer, serverDetails := utils.XscServer(t, services.ConfigProfileMinXscVersion) + defer mockServer.Close() + + configProfile, err := GetConfigProfile(serverDetails, utils.TestConfigProfileName) + assert.NoError(t, err) + + profileFileContent, err := os.ReadFile("../../tests/testdata/other/configProfile/configProfileExample.json") + assert.NoError(t, err) + + var configProfileForComparison services.ConfigProfile + err = json.Unmarshal(profileFileContent, &configProfileForComparison) + assert.NoError(t, err) + + assert.Equal(t, &configProfileForComparison, configProfile) +} + +func TestGetConfigProfile_TooLowXscVersion_FailureExpected(t *testing.T) { + mockServer, serverDetails := utils.XscServer(t, "1.0.0") + defer mockServer.Close() + + configProfile, err := GetConfigProfile(serverDetails, utils.TestConfigProfileName) + assert.Error(t, err) + assert.Nil(t, configProfile) +} From 2ecb0f9a1ffebfa80b83003897e5ed997058bbb1 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 15 Aug 2024 14:00:52 +0300 Subject: [PATCH 02/19] New argument with nil value added to match the new AddJasScannersTasks signature --- commands/scan/scan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/commands/scan/scan.go b/commands/scan/scan.go index 3accf686..544ecef0 100644 --- a/commands/scan/scan.go +++ b/commands/scan/scan.go @@ -430,7 +430,7 @@ func (scanCmd *ScanCommand) createIndexerHandlerFunc(file *spec.File, entitledFo log.Error(fmt.Sprintf("failed to create jas scanner: %s", err.Error())) indexedFileErrors[threadId] = append(indexedFileErrors[threadId], formats.SimpleJsonError{FilePath: filePath, ErrorMessage: err.Error()}) } - err = runner.AddJasScannersTasks(jasFileProducerConsumer, &scanResults, &depsList, scanCmd.serverDetails, false, scanner, applicability.ApplicabilityDockerScanScanType, secrets.SecretsScannerDockerScanType, jasErrHandlerFunc, utils.GetAllSupportedScans()) + err = runner.AddJasScannersTasks(jasFileProducerConsumer, &scanResults, &depsList, scanCmd.serverDetails, false, scanner, applicability.ApplicabilityDockerScanScanType, secrets.SecretsScannerDockerScanType, jasErrHandlerFunc, utils.GetAllSupportedScans(), nil) if err != nil { log.Error(fmt.Sprintf("scanning '%s' failed with error: %s", graph.Id, err.Error())) indexedFileErrors[threadId] = append(indexedFileErrors[threadId], formats.SimpleJsonError{FilePath: filePath, ErrorMessage: err.Error()}) From efeed5dfe37685a0d53386270631c1db5f2cb53b Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 15 Aug 2024 14:01:40 +0300 Subject: [PATCH 03/19] Functions moved from xscmanager.go to errorreport.go to match the other xsc services files --- utils/xsc/errorreport.go | 29 ++++++++++++++++++++++++++++- utils/xsc/xscmanager.go | 33 +-------------------------------- 2 files changed, 29 insertions(+), 33 deletions(-) diff --git a/utils/xsc/errorreport.go b/utils/xsc/errorreport.go index a2654893..ee14e889 100644 --- a/utils/xsc/errorreport.go +++ b/utils/xsc/errorreport.go @@ -3,7 +3,9 @@ package xsc import ( "fmt" "github.com/jfrog/jfrog-cli-core/v2/utils/config" + clientutils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" + "github.com/jfrog/jfrog-client-go/xsc" "github.com/jfrog/jfrog-client-go/xsc/services" ) @@ -21,5 +23,30 @@ func ReportError(serverDetails *config.ServerDetails, errorToReport error, sourc Source: source, Message: errorToReport.Error(), } - return SendXscLogMessageIfEnabled(errorLog, xscManager) + return sendXscLogMessageIfEnabled(errorLog, xscManager) +} + +func sendXscLogMessageIfEnabled(errorLog *services.ExternalErrorLog, xscManager *xsc.XscServicesManager) error { + if !IsReportLogErrorEventPossible(xscManager) { + return nil + } + return xscManager.SendXscLogErrorRequest(errorLog) +} + +// Determines if reporting the error is feasible. +func IsReportLogErrorEventPossible(xscManager *xsc.XscServicesManager) bool { + xscVersion, err := xscManager.GetVersion() + if err != nil { + log.Debug(fmt.Sprintf("failed to check availability of Xsc service:%s\nReporting to JFrog analytics is skipped...", err.Error())) + return false + } + if xscVersion == "" { + log.Debug("Xsc service is not available. Reporting to JFrog analytics is skipped...") + return false + } + if err = clientutils.ValidateMinimumVersion(clientutils.Xsc, xscVersion, minXscVersionForErrorReport); err != nil { + log.Debug(err.Error()) + return false + } + return true } diff --git a/utils/xsc/xscmanager.go b/utils/xsc/xscmanager.go index 909e87fa..f213e63e 100644 --- a/utils/xsc/xscmanager.go +++ b/utils/xsc/xscmanager.go @@ -1,16 +1,10 @@ package xsc import ( - "fmt" - "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" - clientutils "github.com/jfrog/jfrog-client-go/utils" - "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xsc" - "github.com/jfrog/jfrog-client-go/xsc/services" - clientconfig "github.com/jfrog/jfrog-client-go/config" + "github.com/jfrog/jfrog-client-go/xsc" ) const minXscVersionForErrorReport = "1.7.7" @@ -34,28 +28,3 @@ func CreateXscServiceManager(serviceDetails *config.ServerDetails) (*xsc.XscServ } return xsc.New(serviceConfig) } - -func SendXscLogMessageIfEnabled(errorLog *services.ExternalErrorLog, xscManager *xsc.XscServicesManager) error { - if !IsReportLogErrorEventPossible(xscManager) { - return nil - } - return xscManager.SendXscLogErrorRequest(errorLog) -} - -// Determines if reporting the error is feasible. -func IsReportLogErrorEventPossible(xscManager *xsc.XscServicesManager) bool { - xscVersion, err := xscManager.GetVersion() - if err != nil { - log.Debug(fmt.Sprintf("failed to check availability of Xsc service:%s\nReporting to JFrog analytics is skipped...", err.Error())) - return false - } - if xscVersion == "" { - log.Debug("Xsc service is not available. Reporting to JFrog analytics is skipped...") - return false - } - if err = clientutils.ValidateMinimumVersion(clientutils.Xsc, xscVersion, minXscVersionForErrorReport); err != nil { - log.Debug(err.Error()) - return false - } - return true -} From b327ccce6b97ffa866b2301ce0bcfa75852d2418 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 18 Aug 2024 12:15:28 +0300 Subject: [PATCH 04/19] fixed a test and updated go.mod --- go.mod | 26 +++++++++--------- go.sum | 52 ++++++++++++++++++------------------ jas/runner/jasrunner_test.go | 2 +- 3 files changed, 40 insertions(+), 40 deletions(-) diff --git a/go.mod b/go.mod index dfa53f0e..7441ae97 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/beevik/etree v1.4.0 github.com/google/go-github/v56 v56.0.0 github.com/gookit/color v1.5.4 - github.com/jfrog/build-info-go v1.9.32 + github.com/jfrog/build-info-go v1.9.33 github.com/jfrog/froggit-go v1.16.1 github.com/jfrog/gofrog v1.7.5 github.com/jfrog/jfrog-apps-config v1.0.1 @@ -15,9 +15,9 @@ require ( github.com/magiconair/properties v1.8.7 github.com/owenrumney/go-sarif/v2 v2.3.0 github.com/stretchr/testify v1.9.0 - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - golang.org/x/sync v0.7.0 - golang.org/x/text v0.16.0 + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa + golang.org/x/sync v0.8.0 + golang.org/x/text v0.17.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -67,7 +67,7 @@ require ( github.com/manifoldco/promptui v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mattn/go-tty v0.0.3 // indirect github.com/microsoft/azure-devops-go-api/azuredevops/v7 v7.1.0 // indirect github.com/minio/sha256-simd v1.0.1 // indirect @@ -93,21 +93,21 @@ require ( github.com/subosito/gotenv v1.6.0 // indirect github.com/ulikunitz/xz v0.5.12 // indirect github.com/urfave/cli v1.22.15 // indirect - github.com/vbauerster/mpb/v8 v8.7.4 // indirect + github.com/vbauerster/mpb/v8 v8.7.5 // indirect github.com/xanzy/go-gitlab v0.95.2 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/mod v0.20.0 // indirect + golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.18.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect + golang.org/x/sys v0.23.0 // indirect + golang.org/x/term v0.23.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/tools v0.24.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -116,7 +116,7 @@ require ( // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev +replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e //replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev diff --git a/go.sum b/go.sum index 9090ea91..e8ff4190 100644 --- a/go.sum +++ b/go.sum @@ -709,6 +709,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e h1:dxLwDwKlLk2nrxdjFMMGoAQSsIkonssnWtW/Tf/b0Xc= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e/go.mod h1:cRCuMvRgWJ6fSdyYs1pknBin41LLcXY94UOl7KHiQ8U= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -890,8 +892,8 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.9.32 h1:PKXAMe84sMdob6eBtwwGz47Fz2cmjMwMPoHW8xuk08Q= -github.com/jfrog/build-info-go v1.9.32/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= +github.com/jfrog/build-info-go v1.9.33 h1:TEeTHDc3tEwZe/7kKhm1hQDd5vA/HnVhp1ZczUOWExk= +github.com/jfrog/build-info-go v1.9.33/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= github.com/jfrog/froggit-go v1.16.1 h1:FBIM1qevX/ag9unfmpGzfmZ36D8ulOJ+DPTSFUk3l5U= github.com/jfrog/froggit-go v1.16.1/go.mod h1:TEJSzgiV+3D/GVGE8Y6j46ut1jrBLD1FL6WdMdKwwCE= github.com/jfrog/gofrog v1.7.5 h1:dFgtEDefJdlq9cqTRoe09RLxS5Bxbe1Ev5+E6SmZHcg= @@ -900,8 +902,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.54.1 h1:oNIsqUVJ/P17qEcHgj9/c1nfO23stqqj1sHB7ldFNmQ= github.com/jfrog/jfrog-cli-core/v2 v2.54.1/go.mod h1:o8Ux0XiXWayxBXbtkMd5Vbs2YJZZDNiS9jtN6yQ4Ur8= -github.com/jfrog/jfrog-client-go v1.43.2 h1:NLSTTSFUkrNiSYs8rpRW7/sd6gDTPOi/eMVkGEarXq0= -github.com/jfrog/jfrog-client-go v1.43.2/go.mod h1:JUevXnjHbGL0MIIPs48L/axJMW/q4ioWMR1e1NuVn8w= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= @@ -955,8 +955,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-tty v0.0.3 h1:5OfyWorkyO7xP52Mq7tB36ajHDG5OHrmBGIS/DtakQI= github.com/mattn/go-tty v0.0.3/go.mod h1:ihxohKRERHTVzN+aSVRwACLCeqIoZAWpoICkkvrWyR0= @@ -1064,8 +1064,8 @@ github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.22.15 h1:nuqt+pdC/KqswQKhETJjo7pvn/k4xMUxgW6liI7XpnM= github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= -github.com/vbauerster/mpb/v8 v8.7.4 h1:p4f16iMfUt3PkAC73SCzAtgtSf8TYDqEbJUT3odPrPo= -github.com/vbauerster/mpb/v8 v8.7.4/go.mod h1:r1B5k2Ljj5KJFCekfihbiqyV4VaaRTANYmvWA2btufI= +github.com/vbauerster/mpb/v8 v8.7.5 h1:hUF3zaNsuaBBwzEFoCvfuX3cpesQXZC0Phm/JcHZQ+c= +github.com/vbauerster/mpb/v8 v8.7.5/go.mod h1:bRCnR7K+mj5WXKsy0NWB6Or+wctYGvVwKn6huwvxKa0= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/xanzy/go-gitlab v0.95.2 h1:4p0IirHqEp5f0baK/aQqr4TR57IsD+8e4fuyAA1yi88= @@ -1123,8 +1123,8 @@ golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2Uz golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1140,8 +1140,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -1184,8 +1184,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91 golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1247,8 +1247,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1299,8 +1299,8 @@ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1392,8 +1392,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1405,8 +1405,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1424,8 +1424,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1495,8 +1495,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/jas/runner/jasrunner_test.go b/jas/runner/jasrunner_test.go index 886b3e3b..4e2a3a06 100644 --- a/jas/runner/jasrunner_test.go +++ b/jas/runner/jasrunner_test.go @@ -39,7 +39,7 @@ func TestGetExtendedScanResults_ServerNotValid(t *testing.T) { scanner := &jas.JasScanner{} jasScanner, err := jas.CreateJasScanner(scanner, nil, &jas.FakeServerDetails, jas.GetAnalyzerManagerXscEnvVars("", scanResults.GetScaScannedTechnologies()...)) assert.NoError(t, err) - err = AddJasScannersTasks(securityParallelRunnerForTest, scanResults, &[]string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, nil, false, jasScanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, securityParallelRunnerForTest.AddErrorToChan, utils.GetAllSupportedScans()) + err = AddJasScannersTasks(securityParallelRunnerForTest, scanResults, &[]string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, nil, false, jasScanner, applicability.ApplicabilityScannerType, secrets.SecretsScannerType, securityParallelRunnerForTest.AddErrorToChan, utils.GetAllSupportedScans(), nil) assert.NoError(t, err) } From de543ec2dfd4bce993bf031467e9e89c1ef860dc Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 19 Aug 2024 11:59:50 +0300 Subject: [PATCH 05/19] removed unused function --- utils/xsc/configprofile.go | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/utils/xsc/configprofile.go b/utils/xsc/configprofile.go index 859a553e..71eebef2 100644 --- a/utils/xsc/configprofile.go +++ b/utils/xsc/configprofile.go @@ -1,13 +1,11 @@ package xsc import ( - "encoding/json" "fmt" "github.com/jfrog/jfrog-cli-core/v2/utils/config" clientutils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xsc/services" - "os" ) func GetConfigProfile(serverDetails *config.ServerDetails, profileName string) (*services.ConfigProfile, error) { @@ -32,19 +30,3 @@ func GetConfigProfile(serverDetails *config.ServerDetails, profileName string) ( } return configProfile, err } - -// TODO delete when done testing agains an operating server with the new ConfigProfile endpoints -func MockGetConfigProfile() (*services.ConfigProfile, error) { - var configProfile *services.ConfigProfile - content, err := os.ReadFile("/Users/erant/Desktop/jfrog/jfrog-cli-security/tests/testdata/other/configProfile/configProfileExample.json") - if err != nil { - err = fmt.Errorf("failed to read config profile json file: %q", err) - return nil, err - } - err = json.Unmarshal(content, &configProfile) - if err != nil { - err = fmt.Errorf("failed to unmarshal config profile json: %q", err) - return nil, err - } - return configProfile, nil -} From 9dfe18e44e5175c5fe82afa49bcd220df76b3022 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 19 Aug 2024 13:27:28 +0300 Subject: [PATCH 06/19] fixed failing test --- utils/test_mocks.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/test_mocks.go b/utils/test_mocks.go index 4d0f17d6..593054ae 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -53,7 +53,7 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve if r.RequestURI == "/xsc/api/v1/profile/"+TestConfigProfileName { if r.Method == http.MethodGet { w.WriteHeader(http.StatusOK) - content, err := os.ReadFile("../xsc/configProfileExample.json") + content, err := os.ReadFile("../../tests/testdata/other/configProfile/configProfileExample.json") if err != nil { return } From a3c82ea5af128a5b54016ebd28b14caadb41ada7 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 19 Aug 2024 17:22:05 +0300 Subject: [PATCH 07/19] resolving conflict --- go.mod | 2 +- go.sum | 4 ++-- utils/xsc/xscmanager.go | 6 +----- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 7441ae97..dfccd3d6 100644 --- a/go.mod +++ b/go.mod @@ -116,7 +116,7 @@ require ( // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e +replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde //replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev diff --git a/go.sum b/go.sum index e8ff4190..9a5f01b7 100644 --- a/go.sum +++ b/go.sum @@ -709,8 +709,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e h1:dxLwDwKlLk2nrxdjFMMGoAQSsIkonssnWtW/Tf/b0Xc= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240818065206-7097ba18232e/go.mod h1:cRCuMvRgWJ6fSdyYs1pknBin41LLcXY94UOl7KHiQ8U= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde h1:dWjDnGUk2j9yrJV8kYyFhp+tc6CLnB45LE8Tw6v/3ag= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde/go.mod h1:cRCuMvRgWJ6fSdyYs1pknBin41LLcXY94UOl7KHiQ8U= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= diff --git a/utils/xsc/xscmanager.go b/utils/xsc/xscmanager.go index e0ddf8c8..985d6788 100644 --- a/utils/xsc/xscmanager.go +++ b/utils/xsc/xscmanager.go @@ -2,15 +2,11 @@ package xsc import ( "fmt" - "github.com/jfrog/jfrog-cli-core/v2/utils/config" "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils" - clientutils "github.com/jfrog/jfrog-client-go/utils" + clientconfig "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xsc" - "github.com/jfrog/jfrog-client-go/xsc/services" - - clientconfig "github.com/jfrog/jfrog-client-go/config" ) const minXscVersionForErrorReport = "1.7.7" From c41e7f8f834be1321f1105230e0ea19f67e9a647 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 21 Aug 2024 09:21:03 +0300 Subject: [PATCH 08/19] update go.mod --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index dfccd3d6..6a9868dc 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/beevik/etree v1.4.0 github.com/google/go-github/v56 v56.0.0 github.com/gookit/color v1.5.4 - github.com/jfrog/build-info-go v1.9.33 + github.com/jfrog/build-info-go v1.9.34 github.com/jfrog/froggit-go v1.16.1 github.com/jfrog/gofrog v1.7.5 github.com/jfrog/jfrog-apps-config v1.0.1 @@ -116,7 +116,7 @@ require ( // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde +replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292 //replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev diff --git a/go.sum b/go.sum index 9a5f01b7..2182ae44 100644 --- a/go.sum +++ b/go.sum @@ -709,8 +709,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde h1:dWjDnGUk2j9yrJV8kYyFhp+tc6CLnB45LE8Tw6v/3ag= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240819141220-e887308e4fde/go.mod h1:cRCuMvRgWJ6fSdyYs1pknBin41LLcXY94UOl7KHiQ8U= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292 h1:6T1fGdfZs70tEugmHO8PGDatIP1uxqNcPjI+bz3xH1E= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292/go.mod h1:f5Jfv+RGKVr4smOp4a4pxyBKdlpLG7R894kx2XW+w8c= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -892,8 +892,8 @@ github.com/jedib0t/go-pretty/v6 v6.5.9 h1:ACteMBRrrmm1gMsXe9PSTOClQ63IXDUt03H5U+ github.com/jedib0t/go-pretty/v6 v6.5.9/go.mod h1:zbn98qrYlh95FIhwwsbIip0LYpwSG8SUOScs+v9/t0E= github.com/jfrog/archiver/v3 v3.6.1 h1:LOxnkw9pOn45DzCbZNFV6K0+6dCsQ0L8mR3ZcujO5eI= github.com/jfrog/archiver/v3 v3.6.1/go.mod h1:VgR+3WZS4N+i9FaDwLZbq+jeU4B4zctXL+gL4EMzfLw= -github.com/jfrog/build-info-go v1.9.33 h1:TEeTHDc3tEwZe/7kKhm1hQDd5vA/HnVhp1ZczUOWExk= -github.com/jfrog/build-info-go v1.9.33/go.mod h1:JTGnENexG1jRhKWCkQtZuDb0PerlzlSzF5OmMLG9kfc= +github.com/jfrog/build-info-go v1.9.34 h1:bPnW58VpclbpBe/x8XEu/2BIviEOoJrJ5PkRRcmU3Co= +github.com/jfrog/build-info-go v1.9.34/go.mod h1:6mdtqjREK76bHNODXakqKR/+ksJ9dvfLS7H57BZtnLY= github.com/jfrog/froggit-go v1.16.1 h1:FBIM1qevX/ag9unfmpGzfmZ36D8ulOJ+DPTSFUk3l5U= github.com/jfrog/froggit-go v1.16.1/go.mod h1:TEJSzgiV+3D/GVGE8Y6j46ut1jrBLD1FL6WdMdKwwCE= github.com/jfrog/gofrog v1.7.5 h1:dFgtEDefJdlq9cqTRoe09RLxS5Bxbe1Ev5+E6SmZHcg= From 926cb318a2ecde0db0733bd7dceea5530f07b1ad Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Thu, 22 Aug 2024 10:28:05 +0300 Subject: [PATCH 09/19] update go.mod --- go.sum | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go.sum b/go.sum index 77d8088e..6d585117 100644 --- a/go.sum +++ b/go.sum @@ -709,6 +709,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292 h1:6T1fGdfZs70tEugmHO8PGDatIP1uxqNcPjI+bz3xH1E= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292/go.mod h1:f5Jfv+RGKVr4smOp4a4pxyBKdlpLG7R894kx2XW+w8c= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -900,8 +902,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.55.2 h1:Pm4mY1UThSyFGklDl6O8qoJgTgH9jL3i2tor/ux+X8c= github.com/jfrog/jfrog-cli-core/v2 v2.55.2/go.mod h1:2/Ccqq0ayMqIuH5AAoneX0CowwdrNWQcs5aKz8iDYkE= -github.com/jfrog/jfrog-client-go v1.44.2 h1:5t8tx6NOth6Xq24SdF3MYSd6vo0bTibW93nads2DEuY= -github.com/jfrog/jfrog-client-go v1.44.2/go.mod h1:f5Jfv+RGKVr4smOp4a4pxyBKdlpLG7R894kx2XW+w8c= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= From 3946cf0f5c14bec7dda0896f1cf10d32c46a81e8 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 25 Aug 2024 10:44:40 +0300 Subject: [PATCH 10/19] update go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 1e509248..a1c246bc 100644 --- a/go.mod +++ b/go.mod @@ -116,7 +116,7 @@ require ( // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292 +replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240825073929-bf5dbce89d93 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev diff --git a/go.sum b/go.sum index 6d585117..465842a9 100644 --- a/go.sum +++ b/go.sum @@ -709,8 +709,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292 h1:6T1fGdfZs70tEugmHO8PGDatIP1uxqNcPjI+bz3xH1E= -github.com/eranturgeman/jfrog-client-go v0.0.0-20240821061855-b77673df1292/go.mod h1:f5Jfv+RGKVr4smOp4a4pxyBKdlpLG7R894kx2XW+w8c= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240825073929-bf5dbce89d93 h1:pxLZtggAcZdsor7ZotV0QhJrTRKZ9+Oo2TMxsnOS3E8= +github.com/eranturgeman/jfrog-client-go v0.0.0-20240825073929-bf5dbce89d93/go.mod h1:f5Jfv+RGKVr4smOp4a4pxyBKdlpLG7R894kx2XW+w8c= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= From 163876bebe290203ddc5246eb286a45e7efaa08d Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Tue, 27 Aug 2024 14:23:15 +0300 Subject: [PATCH 11/19] fixed partial CR comments --- commands/audit/scarunner.go | 1 + jas/runner/jasrunner.go | 22 +++++++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index 74a9ded4..ed744f82 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -44,6 +44,7 @@ func buildDepTreeAndRunScaScan(auditParallelRunner *utils.SecurityParallelRunner } if auditParams.configProfile != nil { // Currently, if a configuration profile is being utilized, the only supported scanners are Secrets and Sast Scanners, therefore SCA scanner is skipped if a config profile exists + log.Debug("Skipping SCA scan as a configuration profile is being utilized and currently only Secrets and Sast scanners are supported when utilizing a configuration profile") return } diff --git a/jas/runner/jasrunner.go b/jas/runner/jasrunner.go index 9c3e98bd..3e284310 100644 --- a/jas/runner/jasrunner.go +++ b/jas/runner/jasrunner.go @@ -71,15 +71,19 @@ func AddJasScannersTasks(securityParallelRunner *utils.SecurityParallelRunner, s } } } - if configProfile == nil { - if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.ContextualAnalysisScan) { - log.Debug("Skipping contextual analysis scan as requested by input...") - return err - } - for _, module := range scanner.JFrogAppsConfig.Modules { - if err = addModuleJasScanTask(module, jasutils.Applicability, securityParallelRunner, runContextualScan(securityParallelRunner, scanner, scanResults, module, directDependencies, thirdPartyApplicabilityScan, scanType), errHandlerFunc); err != nil { - return - } + + if configProfile != nil { + log.Debug("Config profile is in use. Skipping Contextual Analysis scan as it is not currently supported with a config profile...") + return + } + + if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.ContextualAnalysisScan) { + log.Debug("Skipping contextual analysis scan as requested by input...") + return err + } + for _, module := range scanner.JFrogAppsConfig.Modules { + if err = addModuleJasScanTask(module, jasutils.Applicability, securityParallelRunner, runContextualScan(securityParallelRunner, scanner, scanResults, module, directDependencies, thirdPartyApplicabilityScan, scanType), errHandlerFunc); err != nil { + return } } return err From 105413ebfa8a58620790caee8083a4c83b633959 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 1 Sep 2024 11:30:25 +0300 Subject: [PATCH 12/19] Resolving all conflicts - ready for merge --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 0057d6ea..42caa94e 100644 --- a/go.mod +++ b/go.mod @@ -116,7 +116,7 @@ require ( // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev -replace github.com/jfrog/jfrog-client-go => github.com/eranturgeman/jfrog-client-go v0.0.0-20240825073929-bf5dbce89d93 +// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev From 875baa7756b646fa4f774913765320ef57211708 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 1 Sep 2024 14:23:58 +0300 Subject: [PATCH 13/19] Added new test file for audit integration tests --- commands/audit/audit_test.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 commands/audit/audit_test.go diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go new file mode 100644 index 00000000..e751c665 --- /dev/null +++ b/commands/audit/audit_test.go @@ -0,0 +1,13 @@ +package audit + +import ( + "testing" +) + +// This test checks correct utilization of a Config Profile in Audit scans. +// Currently, if a config profile is provided, the scan will use the profile's settings, IGNORING jfrog-apps-config if exists. +// Currently, the only supported scanners are Secrets and Sast, therefore if a config profile is utilized - all other scanners are disabled. +func TestAuditWithConfigProfile(t *testing.T) { + // create params + +} From 9f31c041fafec919e077749993b5f7e7c51dcbbd Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 2 Sep 2024 16:11:56 +0300 Subject: [PATCH 14/19] added new xray mock server --- utils/test_mocks.go | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/utils/test_mocks.go b/utils/test_mocks.go index 3aa4185d..e1b2057a 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -33,6 +33,12 @@ func CreateXscRestsMockServer(t *testing.T, testHandler restsTestHandler) (*http return testServer, serverDetails, serviceManager } +func CreateXrayRestsMockServer(testHandler restsTestHandler) (*httptest.Server, *config.ServerDetails) { + testServer := CreateRestsMockServer(testHandler) + serverDetails := &config.ServerDetails{Url: testServer.URL + "/", XrayUrl: testServer.URL + "/xray/"} // TODO should I add the 'xray' suffix? + return testServer, serverDetails +} + func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.ServerDetails) { serverMock, serverDetails, _ := CreateXscRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) { if r.RequestURI == "/xsc/api/v1/system/version" { @@ -66,3 +72,33 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve }) return serverMock, serverDetails } + +func XrayServer(t *testing.T, xrayVersion string) (*httptest.Server, *config.ServerDetails) { + serverMock, serverDetails := CreateXrayRestsMockServer(func(w http.ResponseWriter, r *http.Request) { + if r.RequestURI == "/xray/api/v1/system/version" { + _, err := w.Write([]byte(fmt.Sprintf(`{"xray_version": "%s", "xray_revision": "xxx"}`, xrayVersion))) + if !assert.NoError(t, err) { + return + } + } + if r.RequestURI == "/xray/api/v1/entitlements/feature/contextual_analysis" { + if r.Method == http.MethodGet { + w.WriteHeader(http.StatusOK) + _, err := w.Write([]byte(`{"entitled": true, "feature_id": "contextual_analysis"}`)) + if !assert.NoError(t, err) { + return + } + } + } + if r.RequestURI == "/xray/api/v1/scan/graph" { + if r.Method == http.MethodPost { + w.WriteHeader(http.StatusCreated) + _, err := w.Write([]byte(`{"scan_id" : "657692d5-87d1-463f-6654-5a9529d23339"}`)) + if !assert.NoError(t, err) { + return + } + } + } + }) + return serverMock, serverDetails +} From 719c599d070620f2e0aff371a8b7d9de168b281f Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 2 Sep 2024 16:12:10 +0300 Subject: [PATCH 15/19] added new xray mock server --- utils/test_mocks.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/test_mocks.go b/utils/test_mocks.go index e1b2057a..20070e01 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -35,7 +35,7 @@ func CreateXscRestsMockServer(t *testing.T, testHandler restsTestHandler) (*http func CreateXrayRestsMockServer(testHandler restsTestHandler) (*httptest.Server, *config.ServerDetails) { testServer := CreateRestsMockServer(testHandler) - serverDetails := &config.ServerDetails{Url: testServer.URL + "/", XrayUrl: testServer.URL + "/xray/"} // TODO should I add the 'xray' suffix? + serverDetails := &config.ServerDetails{Url: testServer.URL + "/", XrayUrl: testServer.URL + "/xray/"} return testServer, serverDetails } From 5255449a9f84e2445e0350aa222998b8882f879d Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 2 Sep 2024 16:12:30 +0300 Subject: [PATCH 16/19] added new test for current flow of config profile usage --- commands/audit/audit_test.go | 149 ++++++++++++++++++++++++++++++++++- 1 file changed, 148 insertions(+), 1 deletion(-) diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go index e751c665..5ca7ba7c 100644 --- a/commands/audit/audit_test.go +++ b/commands/audit/audit_test.go @@ -1,13 +1,160 @@ package audit import ( + biutils "github.com/jfrog/build-info-go/utils" + coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" + "github.com/jfrog/jfrog-cli-security/utils" + "github.com/jfrog/jfrog-cli-security/utils/xray/scangraph" + clientTests "github.com/jfrog/jfrog-client-go/utils/tests" + "github.com/jfrog/jfrog-client-go/xsc/services" + "github.com/stretchr/testify/assert" + "os" + "path/filepath" "testing" ) +const minXrayVersionForJas = utils.EntitlementsMinVersion + // This test checks correct utilization of a Config Profile in Audit scans. // Currently, if a config profile is provided, the scan will use the profile's settings, IGNORING jfrog-apps-config if exists. // Currently, the only supported scanners are Secrets and Sast, therefore if a config profile is utilized - all other scanners are disabled. func TestAuditWithConfigProfile(t *testing.T) { - // create params + // Create test cases: only secrets, only sast, both + testcases := []struct { + name string + configProfile services.ConfigProfile + expectedSastIssues int + expectedSecretsIssues int + }{ + { + name: "Enable only secrets scanner", + configProfile: services.ConfigProfile{ + ProfileName: "only-secrets", + Modules: []services.Module{{ + ModuleId: 1, + ModuleName: "only-secrets-module", + PathFromRoot: ".", + ScanConfig: services.ScanConfig{ + SastScannerConfig: services.SastScannerConfig{ + EnableSastScan: false, + }, + SecretsScannerConfig: services.SecretsScannerConfig{ + EnableSecretsScan: true, + }, + }, + }}, + IsDefault: false, + }, + expectedSastIssues: 0, + expectedSecretsIssues: 7, + }, + { + name: "Enable only sast scanner", + configProfile: services.ConfigProfile{ + ProfileName: "only-sast", + Modules: []services.Module{{ + ModuleId: 1, + ModuleName: "only-sast-module", + PathFromRoot: ".", + ScanConfig: services.ScanConfig{ + SastScannerConfig: services.SastScannerConfig{ + EnableSastScan: true, + }, + SecretsScannerConfig: services.SecretsScannerConfig{ + EnableSecretsScan: false, + }, + }, + }}, + IsDefault: false, + }, + expectedSastIssues: 1, + expectedSecretsIssues: 0, + }, + { + name: "Enable secrets and sast", + configProfile: services.ConfigProfile{ + ProfileName: "secrets&sast", + Modules: []services.Module{{ + ModuleId: 1, + ModuleName: "secrets&sast-module", + PathFromRoot: ".", + ScanConfig: services.ScanConfig{ + SastScannerConfig: services.SastScannerConfig{ + EnableSastScan: true, + }, + SecretsScannerConfig: services.SecretsScannerConfig{ + EnableSecretsScan: true, + }, + }, + }}, + IsDefault: false, + }, + expectedSastIssues: 1, + expectedSecretsIssues: 7, + }, + } + + for _, testcase := range testcases { + t.Run(testcase.name, func(t *testing.T) { + // Create a mock server with all necessary calls in audit process + mockServer, serverDetails := utils.XrayServer(t, minXrayVersionForJas) + defer mockServer.Close() + + // Create auditCmd -> auditParams + auditBasicParams := (&utils.AuditBasicParams{}). + SetServerDetails(serverDetails). + SetOutputFormat("table"). + SetUseJas(true) + + auditParams := NewAuditParams(). + SetGraphBasicParams(auditBasicParams). + SetConfigProfile(&testcase.configProfile). + SetCommonGraphScanParams(&scangraph.CommonGraphScanParams{ + RepoPath: "", + ProjectKey: "", + Watches: nil, + ScanType: "dependency", + IncludeVulnerabilities: true, + XscVersion: services.ConfigProfileMinXscVersion, + MultiScanId: "random-msi", + }) + auditParams.SetIsRecursiveScan(true) + + tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t) + defer createTempDirCallback() + testDirPath := filepath.Join("..", "..", "tests", "testdata", "projects", "jas", "jas") + assert.NoError(t, biutils.CopyDir(testDirPath, tempDirPath, true, nil)) + + /* TODO needed? + securityTestUtils.CreateJfrogHomeConfig(t, true) + defer securityTestUtils.CleanTestsHomeEnv() + */ + + baseWd, err := os.Getwd() + assert.NoError(t, err) + chdirCallback := clientTests.ChangeDirWithCallback(t, baseWd, tempDirPath) + defer chdirCallback() + + auditResults, err := RunAudit(auditParams) + assert.NoError(t, err) + + if testcase.expectedSastIssues > 0 { + assert.NotNil(t, auditResults.ExtendedScanResults.SastScanResults) + assert.Equal(t, testcase.expectedSastIssues, len(auditResults.ExtendedScanResults.SastScanResults[0].Results)) + } else { + assert.Nil(t, auditResults.ExtendedScanResults.SastScanResults) + } + + if testcase.expectedSecretsIssues > 0 { + assert.NotNil(t, auditResults.ExtendedScanResults.SecretsScanResults) + assert.Equal(t, testcase.expectedSecretsIssues, len(auditResults.ExtendedScanResults.SecretsScanResults[0].Results)) + } else { + assert.Nil(t, auditResults.ExtendedScanResults.SecretsScanResults) + } + assert.Nil(t, auditResults.ScaResults) + assert.Nil(t, auditResults.ExtendedScanResults.ApplicabilityScanResults) + assert.Nil(t, auditResults.ExtendedScanResults.IacScanResults) + }) + } } From b937cb664f1d63fe5bf5983baeea82c57c296707 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 2 Sep 2024 16:14:29 +0300 Subject: [PATCH 17/19] minor reformatting and improvements to file --- utils/test_mocks.go | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/utils/test_mocks.go b/utils/test_mocks.go index 20070e01..c174a3d8 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -12,10 +12,12 @@ import ( "testing" ) -const TestMsi = "27e175b8-e525-11ee-842b-7aa2c69b8f1f" -const TestScaScanId = "3d90ec4b-cf33-4846-6831-4bf9576f2235" -const TestMoreInfoUrl = "https://www.jfrog.com" -const TestConfigProfileName = "default-profile" +const ( + TestMsi = "27e175b8-e525-11ee-842b-7aa2c69b8f1f" + TestScaScanId = "3d90ec4b-cf33-4846-6831-4bf9576f2235" + TestMoreInfoUrl = "https://www.jfrog.com" + TestConfigProfileName = "default-profile" +) type restsTestHandler func(w http.ResponseWriter, r *http.Request) @@ -43,7 +45,7 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve serverMock, serverDetails, _ := CreateXscRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) { if r.RequestURI == "/xsc/api/v1/system/version" { _, err := w.Write([]byte(fmt.Sprintf(`{"xsc_version": "%s"}`, xscVersion))) - if err != nil { + if !assert.NoError(t, err) { return } } @@ -51,7 +53,7 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve if r.Method == http.MethodPost { w.WriteHeader(http.StatusCreated) _, err := w.Write([]byte(fmt.Sprintf(`{"multi_scan_id": "%s"}`, TestMsi))) - if err != nil { + if !assert.NoError(t, err) { return } } @@ -60,11 +62,11 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve if r.Method == http.MethodGet { w.WriteHeader(http.StatusOK) content, err := os.ReadFile("../../tests/testdata/other/configProfile/configProfileExample.json") - if err != nil { + if !assert.NoError(t, err) { return } _, err = w.Write(content) - if err != nil { + if !assert.NoError(t, err) { return } } From de99b5c1c164e2996d544426375b37f1aa5d17fb Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Mon, 2 Sep 2024 16:26:16 +0300 Subject: [PATCH 18/19] minor fix --- commands/audit/audit_test.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go index 5ca7ba7c..a30c808d 100644 --- a/commands/audit/audit_test.go +++ b/commands/audit/audit_test.go @@ -96,19 +96,18 @@ func TestAuditWithConfigProfile(t *testing.T) { for _, testcase := range testcases { t.Run(testcase.name, func(t *testing.T) { - // Create a mock server with all necessary calls in audit process mockServer, serverDetails := utils.XrayServer(t, minXrayVersionForJas) defer mockServer.Close() - // Create auditCmd -> auditParams auditBasicParams := (&utils.AuditBasicParams{}). SetServerDetails(serverDetails). SetOutputFormat("table"). SetUseJas(true) + configProfile := testcase.configProfile auditParams := NewAuditParams(). SetGraphBasicParams(auditBasicParams). - SetConfigProfile(&testcase.configProfile). + SetConfigProfile(&configProfile). SetCommonGraphScanParams(&scangraph.CommonGraphScanParams{ RepoPath: "", ProjectKey: "", From b53b5307b66faca1ba4dde61864b6c6c44dcd5d5 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 4 Sep 2024 14:46:36 +0300 Subject: [PATCH 19/19] fix CR comments --- commands/audit/audit_test.go | 18 +++++------------- commands/audit/scarunner.go | 1 - utils/test_mocks.go | 7 ++++--- 3 files changed, 9 insertions(+), 17 deletions(-) diff --git a/commands/audit/audit_test.go b/commands/audit/audit_test.go index a30c808d..1a1b0acc 100644 --- a/commands/audit/audit_test.go +++ b/commands/audit/audit_test.go @@ -2,6 +2,7 @@ package audit import ( biutils "github.com/jfrog/build-info-go/utils" + "github.com/jfrog/jfrog-cli-core/v2/common/format" coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests" "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/xray/scangraph" @@ -13,13 +14,8 @@ import ( "testing" ) -const minXrayVersionForJas = utils.EntitlementsMinVersion - -// This test checks correct utilization of a Config Profile in Audit scans. -// Currently, if a config profile is provided, the scan will use the profile's settings, IGNORING jfrog-apps-config if exists. -// Currently, the only supported scanners are Secrets and Sast, therefore if a config profile is utilized - all other scanners are disabled. +// Note: Currently, if a config profile is provided, the scan will use the profile's settings, IGNORING jfrog-apps-config if exists. func TestAuditWithConfigProfile(t *testing.T) { - // Create test cases: only secrets, only sast, both testcases := []struct { name string configProfile services.ConfigProfile @@ -96,12 +92,12 @@ func TestAuditWithConfigProfile(t *testing.T) { for _, testcase := range testcases { t.Run(testcase.name, func(t *testing.T) { - mockServer, serverDetails := utils.XrayServer(t, minXrayVersionForJas) + mockServer, serverDetails := utils.XrayServer(t, utils.EntitlementsMinVersion) defer mockServer.Close() auditBasicParams := (&utils.AuditBasicParams{}). SetServerDetails(serverDetails). - SetOutputFormat("table"). + SetOutputFormat(format.Table). SetUseJas(true) configProfile := testcase.configProfile @@ -124,11 +120,6 @@ func TestAuditWithConfigProfile(t *testing.T) { testDirPath := filepath.Join("..", "..", "tests", "testdata", "projects", "jas", "jas") assert.NoError(t, biutils.CopyDir(testDirPath, tempDirPath, true, nil)) - /* TODO needed? - securityTestUtils.CreateJfrogHomeConfig(t, true) - defer securityTestUtils.CleanTestsHomeEnv() - */ - baseWd, err := os.Getwd() assert.NoError(t, err) chdirCallback := clientTests.ChangeDirWithCallback(t, baseWd, tempDirPath) @@ -137,6 +128,7 @@ func TestAuditWithConfigProfile(t *testing.T) { auditResults, err := RunAudit(auditParams) assert.NoError(t, err) + // Currently, the only supported scanners are Secrets and Sast, therefore if a config profile is utilized - all other scanners are disabled. if testcase.expectedSastIssues > 0 { assert.NotNil(t, auditResults.ExtendedScanResults.SastScanResults) assert.Equal(t, testcase.expectedSastIssues, len(auditResults.ExtendedScanResults.SastScanResults[0].Results)) diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go index ed744f82..14d203d6 100644 --- a/commands/audit/scarunner.go +++ b/commands/audit/scarunner.go @@ -43,7 +43,6 @@ func buildDepTreeAndRunScaScan(auditParallelRunner *utils.SecurityParallelRunner return } if auditParams.configProfile != nil { - // Currently, if a configuration profile is being utilized, the only supported scanners are Secrets and Sast Scanners, therefore SCA scanner is skipped if a config profile exists log.Debug("Skipping SCA scan as a configuration profile is being utilized and currently only Secrets and Sast scanners are supported when utilizing a configuration profile") return } diff --git a/utils/test_mocks.go b/utils/test_mocks.go index c174a3d8..469b6c19 100644 --- a/utils/test_mocks.go +++ b/utils/test_mocks.go @@ -17,6 +17,7 @@ const ( TestScaScanId = "3d90ec4b-cf33-4846-6831-4bf9576f2235" TestMoreInfoUrl = "https://www.jfrog.com" TestConfigProfileName = "default-profile" + versionApiUrl = "/%s/api/v1/system/version" ) type restsTestHandler func(w http.ResponseWriter, r *http.Request) @@ -43,7 +44,7 @@ func CreateXrayRestsMockServer(testHandler restsTestHandler) (*httptest.Server, func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.ServerDetails) { serverMock, serverDetails, _ := CreateXscRestsMockServer(t, func(w http.ResponseWriter, r *http.Request) { - if r.RequestURI == "/xsc/api/v1/system/version" { + if r.RequestURI == fmt.Sprintf(versionApiUrl, "xsc") { _, err := w.Write([]byte(fmt.Sprintf(`{"xsc_version": "%s"}`, xscVersion))) if !assert.NoError(t, err) { return @@ -77,7 +78,7 @@ func XscServer(t *testing.T, xscVersion string) (*httptest.Server, *config.Serve func XrayServer(t *testing.T, xrayVersion string) (*httptest.Server, *config.ServerDetails) { serverMock, serverDetails := CreateXrayRestsMockServer(func(w http.ResponseWriter, r *http.Request) { - if r.RequestURI == "/xray/api/v1/system/version" { + if r.RequestURI == fmt.Sprintf(versionApiUrl, "xray") { _, err := w.Write([]byte(fmt.Sprintf(`{"xray_version": "%s", "xray_revision": "xxx"}`, xrayVersion))) if !assert.NoError(t, err) { return @@ -95,7 +96,7 @@ func XrayServer(t *testing.T, xrayVersion string) (*httptest.Server, *config.Ser if r.RequestURI == "/xray/api/v1/scan/graph" { if r.Method == http.MethodPost { w.WriteHeader(http.StatusCreated) - _, err := w.Write([]byte(`{"scan_id" : "657692d5-87d1-463f-6654-5a9529d23339"}`)) + _, err := w.Write([]byte(fmt.Sprintf(`{"scan_id" : "%s"}`, TestScaScanId))) if !assert.NoError(t, err) { return }