jfrog · eranturgeman · Feb 26, 2024 · Feb 28, 2024 · Feb 28, 2024 · Feb 28, 2024
diff --git a/scanrepository/scanrepository.go b/scanrepository/scanrepository.go
@@ -40,8 +40,8 @@ type ScanRepositoryCmd struct {
 	aggregateFixes bool
 	// The current project technology
 	projectTech []coreutils.Technology
-	// Stores all package manager handlers for detected issues
-	handlers map[coreutils.Technology]packagehandlers.PackageHandler
+	// Stores all package manager handler for detected issues
+	handler packagehandlers.PackageHandler
 }
 
 func (cfp *ScanRepositoryCmd) Run(repoAggregator utils.RepoAggregator, client vcsclient.VcsClient, frogbotRepoConnection *utils.UrlAccessChecker) (err error) {
@@ -83,6 +83,7 @@ func (cfp *ScanRepositoryCmd) scanAndFixBranch(repository *utils.Repository) (er
 	if err = cfp.scanDetails.CreateMultiScanIdForScans(); err != nil {
 		return err
 	}
+
 	for i := range repository.Projects {
 		cfp.scanDetails.Project = &repository.Projects[i]
 		cfp.projectTech = []coreutils.Technology{}
@@ -260,7 +261,7 @@ func (cfp *ScanRepositoryCmd) fixMultiplePackages(fullProjectPath string, vulner
 	return
 }
 
-// fixIssuesSinglePR fixes all the vulnerabilities in a single aggregated pull request.
+// Fixes all the vulnerabilities in a single aggregated pull request.
 // If an existing aggregated fix is present, it checks for different scan results.
 // If the scan results are the same, no action is taken.
 // Otherwise, it performs a force push to the same branch and reopens the pull request if it was closed.
@@ -297,7 +298,7 @@ func (cfp *ScanRepositoryCmd) handleUpdatePackageErrors(err error) error {
 func (cfp *ScanRepositoryCmd) fixSinglePackageAndCreatePR(vulnDetails *utils.VulnerabilityDetails) (err error) {
 	fixVersion := vulnDetails.SuggestedFixedVersion
 	log.Debug("Attempting to fix", fmt.Sprintf("%s:%s", vulnDetails.ImpactedDependencyName, vulnDetails.ImpactedDependencyVersion), "with", fixVersion)
-	fixBranchName, err := cfp.gitManager.GenerateFixBranchName(cfp.scanDetails.BaseBranch(), vulnDetails.ImpactedDependencyName, fixVersion)
+	fixBranchName, err := cfp.gitManager.GenerateFixBranchName(cfp.scanDetails.BaseBranch(), vulnDetails.ImpactedDependencyName, fixVersion, cfp.scanDetails.Project.ProjectName)
 	if err != nil {
 		return
 	}
@@ -397,7 +398,7 @@ func (cfp *ScanRepositoryCmd) preparePullRequestDetails(vulnerabilitiesDetails .
 	}
 	// In separate pull requests there is only one vulnerability
 	vulnDetails := vulnerabilitiesDetails[0]
-	pullRequestTitle := cfp.gitManager.GeneratePullRequestTitle(vulnDetails.ImpactedDependencyName, vulnDetails.SuggestedFixedVersion)
+	pullRequestTitle := cfp.gitManager.GeneratePullRequestTitle(vulnDetails.ImpactedDependencyName, vulnDetails.SuggestedFixedVersion, cfp.scanDetails.ProjectName)
 	return pullRequestTitle, prBody, nil
 }
 
@@ -490,19 +491,26 @@ func (cfp *ScanRepositoryCmd) updatePackageToFixedVersion(vulnDetails *utils.Vul
 		return
 	}
 
-	if cfp.handlers == nil {
-		cfp.handlers = make(map[coreutils.Technology]packagehandlers.PackageHandler)
-	}
+	/*
+		if cfp.handler == nil {
+			cfp.handler = make(map[coreutils.Technology]packagehandlers.PackageHandler)
+		}
 
-	handler := cfp.handlers[vulnDetails.Technology]
-	if handler == nil {
-		handler = packagehandlers.GetCompatiblePackageHandler(vulnDetails, cfp.scanDetails)
-		cfp.handlers[vulnDetails.Technology] = handler
-	} else if _, unsupported := handler.(*packagehandlers.UnsupportedPackageHandler); unsupported {
+		handler := cfp.handler[vulnDetails.Technology]
+		if handler == nil {
+			handler = packagehandlers.GetCompatiblePackageHandler(vulnDetails, cfp.scanDetails)
+			cfp.handler[vulnDetails.Technology] = handler
+		} else if _, unsupported := handler.(*packagehandlers.UnsupportedPackageHandler); unsupported {
+			return
+		}
+	*/
+	handler := packagehandlers.GetCompatiblePackageHandler(vulnDetails, cfp.scanDetails)
+	if _, unsupported := handler.(*packagehandlers.UnsupportedPackageHandler); unsupported {
 		return
 	}
+	cfp.handler = handler
 
-	return cfp.handlers[vulnDetails.Technology].UpdateDependency(vulnDetails)
+	return cfp.handler.UpdateDependency(vulnDetails)
 }
 
 // The getRemoteBranchScanHash function extracts the checksum written inside the pull request body and returns it.

diff --git a/scanrepository/scanrepository_test.go b/scanrepository/scanrepository_test.go
@@ -341,19 +341,21 @@ func TestParseVersionChangeString(t *testing.T) {
 
 func TestGenerateFixBranchName(t *testing.T) {
 	tests := []struct {
-		baseBranch      string
-		impactedPackage string
-		fixVersion      string
-		expectedName    string
+		baseBranch       string
+		impactedPackage  string
+		fixVersion       string
+		expectedName     string
+		uniqueIdentifier string
 	}{
-		{"dev", "gopkg.in/yaml.v3", "3.0.0", "frogbot-gopkg.in/yaml.v3-d61bde82dc594e5ccc5a042fe224bf7c"},
-		{"master", "gopkg.in/yaml.v3", "3.0.0", "frogbot-gopkg.in/yaml.v3-41405528994061bd108e3bbd4c039a03"},
-		{"dev", "replace:colons:colons", "3.0.0", "frogbot-replace_colons_colons-89e555131b4a70a32fe9d9c44d6ff0fc"},
+		{"dev", "gopkg.in/yaml.v3", "3.0.0", "frogbot-gopkg.in/yaml.v3-d61bde82dc594e5ccc5a042fe224bf7c", ""},
+		{"master", "gopkg.in/yaml.v3", "3.0.0", "frogbot-gopkg.in/yaml.v3-41405528994061bd108e3bbd4c039a03", ""},
+		{"dev", "replace:colons:colons", "3.0.0", "frogbot-replace_colons_colons-89e555131b4a70a32fe9d9c44d6ff0fc", ""},
+		{"master", "mquery", "3.4.5", "frogbot-mquery-75fc8c6d4e3368833be20a46fe5b5cb0", "my-identifier"},
 	}
 	gitManager := utils.GitManager{}
 	for _, test := range tests {
 		t.Run(test.expectedName, func(t *testing.T) {
-			branchName, err := gitManager.GenerateFixBranchName(test.baseBranch, test.impactedPackage, test.fixVersion)
+			branchName, err := gitManager.GenerateFixBranchName(test.baseBranch, test.impactedPackage, test.fixVersion, test.uniqueIdentifier)
 			assert.NoError(t, err)
 			assert.Equal(t, test.expectedName, branchName)
 		})
@@ -596,7 +598,11 @@ random body
 }
 
 func TestPreparePullRequestDetails(t *testing.T) {
-	cfp := ScanRepositoryCmd{OutputWriter: &outputwriter.StandardOutput{}, gitManager: &utils.GitManager{}}
+	cfp := ScanRepositoryCmd{
+		OutputWriter: &outputwriter.StandardOutput{},
+		gitManager:   &utils.GitManager{}, scanDetails: &utils.ScanDetails{
+			Project: &utils.Project{ProjectName: ""},
+		}}
 	cfp.OutputWriter.SetJasOutputFlags(true, false)
 	vulnerabilities := []*utils.VulnerabilityDetails{
 		{
@@ -618,6 +624,14 @@ func TestPreparePullRequestDetails(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, "[🐸 Frogbot] Update version of package1 to 1.0.0", prTitle)
 	assert.Equal(t, expectedPrBody, prBody)
+
+	cfp.scanDetails.ProjectName = "my-unique-identifier"
+	expectedPrBody = utils.GenerateFixPullRequestDetails(utils.ExtractVulnerabilitiesDetailsToRows(vulnerabilities), cfp.OutputWriter)
+	prTitle, prBody, err = cfp.preparePullRequestDetails(vulnerabilities...)
+	assert.NoError(t, err)
+	assert.Equal(t, "[🐸 Frogbot] Update version of package1 to 1.0.0 (my-unique-identifier)", prTitle)
+	assert.Equal(t, expectedPrBody, prBody)
+
 	vulnerabilities = append(vulnerabilities, &utils.VulnerabilityDetails{
 		VulnerabilityOrViolationRow: formats.VulnerabilityOrViolationRow{
 			Summary: "summary",
@@ -637,6 +651,7 @@ func TestPreparePullRequestDetails(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, cfp.gitManager.GenerateAggregatedPullRequestTitle([]coreutils.Technology{}), prTitle)
 	assert.Equal(t, expectedPrBody, prBody)
+
 	cfp.OutputWriter = &outputwriter.SimplifiedOutput{}
 	expectedPrBody = utils.GenerateFixPullRequestDetails(utils.ExtractVulnerabilitiesDetailsToRows(vulnerabilities), cfp.OutputWriter) + outputwriter.MarkdownComment("Checksum: bec823edaceb5d0478b789798e819bde")
 	prTitle, prBody, err = cfp.preparePullRequestDetails(vulnerabilities...)

diff --git a/schema/frogbot-schema.json b/schema/frogbot-schema.json
@@ -219,6 +219,11 @@
               "type": "string",
               "title": "Virtual Artifactory Repository",
               "description": "Name of a Virtual Repository in Artifactory to resolve (download) the project dependencies from"
+            },
+            "projectName": {
+              "type": "string",
+              "title": "Unique Project Name",
+              "description": "A unique name assigned to the project to establish separation between projects."
             }
           }
         }

diff --git a/utils/git.go b/utils/git.go
@@ -391,11 +391,12 @@ func formatStringWithPlaceHolders(str, impactedPackage, fixVersion, hash, baseBr
 	if baseBranch != "" {
 		str += "-" + baseBranch
 	}
+
 	return str
 }
 
-func (gm *GitManager) GenerateFixBranchName(branch string, impactedPackage string, fixVersion string) (string, error) {
-	hash, err := Md5Hash("frogbot", branch, impactedPackage, fixVersion)
+func (gm *GitManager) GenerateFixBranchName(branch string, impactedPackage string, fixVersion string, projectName string) (string, error) {
+	hash, err := Md5Hash("frogbot", branch, impactedPackage, fixVersion, projectName)
 	if err != nil {
 		return "", err
 	}
@@ -408,8 +409,11 @@ func (gm *GitManager) GenerateFixBranchName(branch string, impactedPackage strin
 	return formatStringWithPlaceHolders(branchFormat, fixedPackageName, fixVersion, hash, "", false), nil
 }
 
-func (gm *GitManager) GeneratePullRequestTitle(impactedPackage string, version string) string {
+func (gm *GitManager) GeneratePullRequestTitle(impactedPackage string, version string, projectName string) string {
 	template := PullRequestTitleTemplate
+	if projectName != "" {
+		template += " (" + projectName + ")"
+	}
 	pullRequestFormat := gm.customTemplates.pullRequestTitleTemplate
 	if pullRequestFormat != "" {
 		template = pullRequestFormat

diff --git a/utils/git_test.go b/utils/git_test.go
@@ -71,6 +71,7 @@ func TestGitManager_GenerateFixBranchName(t *testing.T) {
 		fixVersion      VulnerabilityDetails
 		expected        string
 		description     string
+		projectName     string
 	}{
 		{
 			gitManager:      GitManager{customTemplates: CustomTemplates{branchNameTemplate: "[Feature]-${IMPACTED_PACKAGE}-${BRANCH_NAME_HASH}"}},
@@ -85,17 +86,26 @@ func TestGitManager_GenerateFixBranchName(t *testing.T) {
 			fixVersion:      VulnerabilityDetails{SuggestedFixedVersion: "3.4.5"},
 			expected:        "frogbot-mquery-41b1f45136b25e3624b15999bd57a476",
 			description:     "No template",
-		}, {
+		},
+		{
 			gitManager:      GitManager{customTemplates: CustomTemplates{branchNameTemplate: "just-a-branch-${BRANCH_NAME_HASH}"}},
 			impactedPackage: "mquery",
 			fixVersion:      VulnerabilityDetails{SuggestedFixedVersion: "3.4.5"},
 			expected:        "just-a-branch-41b1f45136b25e3624b15999bd57a476",
 			description:     "Custom template without inputs",
 		},
+		{
+			gitManager:      GitManager{customTemplates: CustomTemplates{branchNameTemplate: "just-a-branch-${BRANCH_NAME_HASH}"}},
+			impactedPackage: "mquery",
+			fixVersion:      VulnerabilityDetails{SuggestedFixedVersion: "3.4.5"},
+			expected:        "just-a-branch-576bdc1ddb2ad676551efd7a47f48ece",
+			description:     "Custom template without inputs",
+			projectName:     "my-identifier",
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.expected, func(t *testing.T) {
-			commitMessage, err := test.gitManager.GenerateFixBranchName("md5Branch", test.impactedPackage, test.fixVersion.SuggestedFixedVersion)
+			commitMessage, err := test.gitManager.GenerateFixBranchName("md5Branch", test.impactedPackage, test.fixVersion.SuggestedFixedVersion, test.projectName)
 			assert.NoError(t, err)
 			assert.Equal(t, test.expected, commitMessage)
 		})
@@ -109,6 +119,7 @@ func TestGitManager_GeneratePullRequestTitle(t *testing.T) {
 		fixVersion      VulnerabilityDetails
 		expected        string
 		description     string
+		projectName     string
 	}{
 		{
 			gitManager:      GitManager{customTemplates: CustomTemplates{pullRequestTitleTemplate: "[CustomPR] update ${IMPACTED_PACKAGE} to ${FIX_VERSION}"}},
@@ -131,10 +142,18 @@ func TestGitManager_GeneratePullRequestTitle(t *testing.T) {
 			expected:        "[🐸 Frogbot] Update version of mquery to 3.4.5",
 			description:     "No prefix",
 		},
+		{
+			gitManager:      GitManager{customTemplates: CustomTemplates{pullRequestTitleTemplate: ""}},
+			impactedPackage: "mquery",
+			fixVersion:      VulnerabilityDetails{SuggestedFixedVersion: "3.4.5"},
+			expected:        "[🐸 Frogbot] Update version of mquery to 3.4.5 (my-identifier)",
+			description:     "No prefix",
+			projectName:     "my-identifier",
+		},
 	}
 	for _, test := range testCases {
 		t.Run(test.expected, func(t *testing.T) {
-			titleOutput := test.gitManager.GeneratePullRequestTitle(test.impactedPackage, test.fixVersion.SuggestedFixedVersion)
+			titleOutput := test.gitManager.GeneratePullRequestTitle(test.impactedPackage, test.fixVersion.SuggestedFixedVersion, test.projectName)
 			assert.Equal(t, test.expected, titleOutput)
 		})
 	}

diff --git a/utils/params.go b/utils/params.go
@@ -86,6 +86,7 @@ type Project struct {
 	InstallCommandName  string
 	InstallCommandArgs  []string
 	IsRecursiveScan     bool
+	ProjectName         string `yaml:"projectName,omitempty"`
 }
 
 func (p *Project) setDefaultsIfNeeded() error {