fixes and improvements

jfrog · Aug 30, 2023 · c5e63af · c5e63af
1 parent 7a6082d
commit c5e63af
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 12 deletions.
diff --git a/README.md b/README.md
@@ -255,6 +255,7 @@ Supported package management tools:
 - Go
 - Maven
 - NuGet
+- .NET
 - npm
 - Pip
 - Pipenv

diff --git a/packagehandlers/commonpackagehandler.go b/packagehandlers/commonpackagehandler.go
@@ -47,17 +47,26 @@ func (cph *CommonPackageHandler) UpdateDependency(vulnDetails *utils.Vulnerabili
 	commandArgs := []string{installationCommand}
 	commandArgs = append(commandArgs, extraArgs...)
 	versionOperator := vulnDetails.Technology.GetPackageVersionOperator()
-	fixedPackage := strings.TrimSpace(impactedPackage) + versionOperator + strings.TrimSpace(vulnDetails.SuggestedFixedVersion)
-	commandArgs = append(commandArgs, strings.Split(fixedPackage, " ")...)
-	return runPackageMangerCommand(vulnDetails.Technology.GetExecCommandName(), commandArgs)
+	fixedPackageArgs := getFixedPackage(impactedPackage, versionOperator, vulnDetails.SuggestedFixedVersion)
+	commandArgs = append(commandArgs, fixedPackageArgs...)
+	return runPackageMangerCommand(vulnDetails.Technology.GetExecCommandName(), vulnDetails.Technology.ToString(), commandArgs)
 }
 
-func runPackageMangerCommand(commandName string, commandArgs []string) error {
+func runPackageMangerCommand(commandName string, techName string, commandArgs []string) error {
 	fullCommand := commandName + " " + strings.Join(commandArgs, " ")
 	log.Debug(fmt.Sprintf("Running '%s'", fullCommand))
 	output, err := exec.Command(commandName, commandArgs...).CombinedOutput() // #nosec G204
 	if err != nil {
-		return fmt.Errorf("%s command failed: %s\n%s", fullCommand, err.Error(), output)
+		return fmt.Errorf("failed to update %s dependency: '%s' command failed: %s\n%s", techName, fullCommand, err.Error(), output)
 	}
 	return nil
 }
+
+// Returns the updated package and version as it should be run in the update command:
+// If the package manager expects a single string (example: <packName>@<version>) it returns []string{<packName>@<version>}
+// If the command args suppose to be seperated by spaces (example: <packName> -v <version>) it returns []string{<packName>, "-v", <version>}
+func getFixedPackage(impactedPackage string, versionOperator string, suggestedFixedVersion string) (fixedPackageArgs []string) {
+	fixedPackageString := strings.TrimSpace(impactedPackage) + versionOperator + strings.TrimSpace(suggestedFixedVersion)
+	fixedPackageArgs = strings.Split(fixedPackageString, " ")
+	return
+}
diff --git a/packagehandlers/nugetpackagehandler.go b/packagehandlers/nugetpackagehandler.go
@@ -1,7 +1,6 @@
 package packagehandlers
 
 import (
-	"fmt"
 	"github.com/jfrog/frogbot/utils"
 )
 
@@ -24,9 +23,5 @@ func (nph *NugetPackageHandler) UpdateDependency(vulnDetails *utils.Vulnerabilit
 }
 
 func (nph *NugetPackageHandler) updateDirectDependency(vulnDetails *utils.VulnerabilityDetails) (err error) {
-	err = nph.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand(), dotnetPackageUpgradeExtraArg)
-	if err != nil {
-		err = fmt.Errorf("failed to update NuGet package with error:\n%w", err)
-	}
-	return
+	return nph.CommonPackageHandler.UpdateDependency(vulnDetails, vulnDetails.Technology.GetPackageInstallationCommand(), dotnetPackageUpgradeExtraArg)
 }
diff --git a/packagehandlers/packagehandlers_test.go b/packagehandlers/packagehandlers_test.go
@@ -571,3 +571,30 @@ func uniquePackageManagerChecks(t *testing.T, test dependencyFixTest) {
 	default:
 	}
 }
+
+func TestGetFixedPackage(t *testing.T) {
+	var testcases = []struct {
+		impactedPackage       string
+		versionOperator       string
+		suggestedFixedVersion string
+		expectedOutput        []string
+	}{
+		{
+			impactedPackage:       "snappier",
+			versionOperator:       " -v ",
+			suggestedFixedVersion: "1.1.1",
+			expectedOutput:        []string{"snappier", "-v", "1.1.1"},
+		},
+		{
+			impactedPackage:       "json",
+			versionOperator:       "@",
+			suggestedFixedVersion: "10.0.0",
+			expectedOutput:        []string{"[email protected]"},
+		},
+	}
+
+	for _, test := range testcases {
+		fixedPackageArgs := getFixedPackage(test.impactedPackage, test.versionOperator, test.suggestedFixedVersion)
+		assert.Equal(t, test.expectedOutput, fixedPackageArgs)
+	}
+}
diff --git a/packagehandlers/pythonpackagehandler.go b/packagehandlers/pythonpackagehandler.go
@@ -56,7 +56,7 @@ func (py *PythonPackageHandler) handlePoetry(vulnDetails *utils.VulnerabilityDet
 		return
 	}
 	// Update Poetry lock file as well
-	return runPackageMangerCommand(coreutils.Poetry.GetExecCommandName(), []string{"update"})
+	return runPackageMangerCommand(coreutils.Poetry.GetExecCommandName(), coreutils.Poetry.ToString(), []string{"update"})
 }
 
 func (py *PythonPackageHandler) handlePip(vulnDetails *utils.VulnerabilityDetails) (err error) {