fixing bugs adding docker tests

jfrog · Sep 15, 2024 · 2840382 · 2840382
1 parent 3c98706
commit 2840382
Show file tree

Hide file tree

Showing 24 changed files with 2,857 additions and 16,500 deletions.
diff --git a/commands/scan/dockerscan.go b/commands/scan/dockerscan.go
@@ -87,7 +87,7 @@ func (dsc *DockerScanCommand) Run() (err error) {
 		Pattern(imageTarPath).
 		Target(dsc.targetRepoPath).
 		BuildSpec()).SetThreads(1)
-	dsc.ScanCommand.SetRunJasScans(true)
+	dsc.ScanCommand.SetTargetNameOverride(dsc.imageTag).SetRunJasScans(true)
 	err = dsc.setCredentialEnvsForIndexerApp()
 	if err != nil {
 		return errorutils.CheckError(err)
@@ -102,9 +102,6 @@ func (dsc *DockerScanCommand) Run() (err error) {
 		if scanResults == nil {
 			return
 		}
-		for _, scan := range scanResults.Targets {
-			scan.Name = dsc.imageTag
-		}
 		dsc.analyticsMetricsService.UpdateGeneralEvent(dsc.analyticsMetricsService.CreateXscAnalyticsGeneralEventFinalizeFromAuditResults(scanResults))
 		return dsc.recordResults(scanResults)
 	})

diff --git a/commands/scan/scan.go b/commands/scan/scan.go
@@ -72,6 +72,7 @@ type ScanCommand struct {
 	progress               ioUtils.ProgressMgr
 	// JAS is only supported for Docker images.
 	commandSupportsJAS      bool
+	targetNameOverride      string
 	analyticsMetricsService *xsc.AnalyticsMetricsService
 }
 
@@ -90,6 +91,11 @@ func (scanCmd *ScanCommand) SetRunJasScans(run bool) *ScanCommand {
 	return scanCmd
 }
 
+func (scanCmd *ScanCommand) SetTargetNameOverride(targetName string) *ScanCommand {
+	scanCmd.targetNameOverride = targetName
+	return scanCmd
+}
+
 func (scanCmd *ScanCommand) SetProgress(progress ioUtils.ProgressMgr) {
 	scanCmd.progress = progress
 }
@@ -305,10 +311,6 @@ func (scanCmd *ScanCommand) RunAndRecordResults(cmdType utils.CommandType, recor
 		err = errors.New("failed while trying to get Analyzer Manager: " + err.Error())
 	}
 
-	if err = recordResFunc(cmdResults); err != nil {
-		return err
-	}
-
 	if err = output.NewResultsWriter(cmdResults).
 		SetOutputFormat(scanCmd.outputFormat).
 		SetHasViolationContext(scanCmd.hasViolationContext()).
@@ -320,6 +322,10 @@ func (scanCmd *ScanCommand) RunAndRecordResults(cmdType utils.CommandType, recor
 		return
 	}
 
+	if err = recordResFunc(cmdResults); err != nil {
+		return err
+	}
+
 	// If includeVulnerabilities is false it means that context was provided, so we need to check for build violations.
 	// If user provided --fail=false, don't fail the build.
 	if scanCmd.fail && !scanCmd.includeVulnerabilities {
@@ -361,12 +367,19 @@ func (scanCmd *ScanCommand) prepareScanTasks(fileProducer, indexedFileProducer p
 	}()
 }
 
+func (scanCmd *ScanCommand) getBinaryTargetName(binaryPath string) string {
+	if scanCmd.targetNameOverride != "" {
+		return scanCmd.targetNameOverride
+	}
+	return filepath.Base(binaryPath)
+}
+
 func (scanCmd *ScanCommand) createIndexerHandlerFunc(file *spec.File, cmdResults *results.SecurityCommandResults, indexedFileProducer parallel.Runner, jasFileProducerConsumer *utils.SecurityParallelRunner) FileContext {
 	return func(filePath string) parallel.TaskFunc {
 		return func(threadId int) (err error) {
 			logMsgPrefix := clientutils.GetLogMsgPrefix(threadId, false)
 			// Create a scan target for the file.
-			targetResults := cmdResults.NewScanResults(results.ScanTarget{Target: filePath, Name: filepath.Base(filePath)})
+			targetResults := cmdResults.NewScanResults(results.ScanTarget{Target: filePath, Name: scanCmd.getBinaryTargetName(filePath)})
 			log.Info(logMsgPrefix+"Indexing file:", targetResults.Target)
 			if scanCmd.progress != nil {
 				scanCmd.progress.SetHeadlineMsg("Indexing file: " + targetResults.Name + " 🗄")

diff --git a/jas/secrets/secretsscanner.go b/jas/secrets/secretsscanner.go
@@ -127,7 +127,7 @@ func processSecretScanRuns(sarifRuns []*sarif.Run) []*sarif.Run {
 		// Hide discovered secrets value
 		for _, secretResult := range secretRun.Results {
 			for _, location := range secretResult.Locations {
-				sarifutils.SetLocationSnippet(location, maskSecret(sarifutils.GetLocationSnippet(location)))
+				sarifutils.SetLocationSnippet(location, maskSecret(sarifutils.GetLocationSnippetText(location)))
 			}
 		}
 	}

diff --git a/tests/testdata/other/sast-scan/contains-sast-violations.sarif b/tests/testdata/other/sast-scan/contains-sast-violations.sarif
diff --git a/tests/testdata/other/sast-scan/no-violations.sarif b/tests/testdata/other/sast-scan/no-violations.sarif
@@ -11,12 +11,12 @@
                 {
                     "executionSuccessful": true,
                     "arguments": [
-                        "/Users/assafa/.jfrog/dependencies/analyzerManager/zd_scanner/scanner",
+                        "/users/user/.jfrog/dependencies/analyzerManager/zd_scanner/scanner",
                         "scan",
                         "/var/folders/xv/th4cksxn7jv9wjrdnn1h4tj00000gq/T/jfrog.cli.temp.-1693477603-3697552683/results.sarif"
                     ],
                     "workingDirectory": {
-                        "uri": "file:///Users/assafa/Documents/code/terraform"
+                        "uri": "file:///Users/user/testdata/terraform"
                     }
                 }
             ],

diff --git a/tests/testdata/output/audit/audit_results.json b/tests/testdata/output/audit/audit_results.json
diff --git a/tests/testdata/output/dockerscan/docker_results.json b/tests/testdata/output/dockerscan/docker_results.json
diff --git a/tests/testdata/output/dockerscan/docker_sarif.json b/tests/testdata/output/dockerscan/docker_sarif.json