diff --git a/audit_test.go b/audit_test.go index cc8692e3..83feddf6 100644 --- a/audit_test.go +++ b/audit_test.go @@ -73,6 +73,7 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string { } func TestXrayAuditConanJson(t *testing.T) { + integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) output := testAuditConan(t, string(format.Json), true) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 8, @@ -81,6 +82,7 @@ func TestXrayAuditConanJson(t *testing.T) { } func TestXrayAuditConanSimpleJson(t *testing.T) { + integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) output := testAuditConan(t, string(format.SimpleJson), true) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 8, @@ -89,7 +91,6 @@ func TestXrayAuditConanSimpleJson(t *testing.T) { } func testAuditConan(t *testing.T, format string, withVuln bool) string { - integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "conan")) defer cleanUp() // Run conan install before executing jfrog audit @@ -104,6 +105,7 @@ func testAuditConan(t *testing.T, format string, withVuln bool) string { } func TestXrayAuditPnpmJson(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPnpm(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -112,6 +114,7 @@ func TestXrayAuditPnpmJson(t *testing.T) { } func TestXrayAuditPnpmSimpleJson(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPnpm(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -120,7 +123,6 @@ func TestXrayAuditPnpmSimpleJson(t *testing.T) { } func testXrayAuditPnpm(t *testing.T, format string) string { - integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "npm", "npm-no-lock")) defer cleanUp() // Run pnpm install before executing audit @@ -131,6 +133,7 @@ func testXrayAuditPnpm(t *testing.T, format string) string { } func TestXrayAuditYarnV2Json(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) testXrayAuditYarn(t, "yarn-v2", func() { output := runXrayAuditYarnWithOutput(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ @@ -141,6 +144,7 @@ func TestXrayAuditYarnV2Json(t *testing.T) { } func TestXrayAuditYarnV2SimpleJson(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) testXrayAuditYarn(t, "yarn-v3", func() { output := runXrayAuditYarnWithOutput(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ @@ -151,6 +155,7 @@ func TestXrayAuditYarnV2SimpleJson(t *testing.T) { } func TestXrayAuditYarnV1Json(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) testXrayAuditYarn(t, "yarn-v1", func() { output := runXrayAuditYarnWithOutput(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ @@ -161,6 +166,7 @@ func TestXrayAuditYarnV1Json(t *testing.T) { } func TestXrayAuditYarnV1JsonWithoutDevDependencies(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) unsetEnv := clientTests.SetEnvWithCallbackAndAssert(t, "NODE_ENV", "production") defer unsetEnv() testXrayAuditYarn(t, "yarn-v1", func() { @@ -173,6 +179,7 @@ func TestXrayAuditYarnV1JsonWithoutDevDependencies(t *testing.T) { } func TestXrayAuditYarnV1SimpleJson(t *testing.T) { + integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) testXrayAuditYarn(t, "yarn-v1", func() { output := runXrayAuditYarnWithOutput(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ @@ -183,7 +190,6 @@ func TestXrayAuditYarnV1SimpleJson(t *testing.T) { } func testXrayAuditYarn(t *testing.T, projectDirName string, yarnCmd func()) { - integration.InitAuditJavaScriptTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "yarn", projectDirName)) defer cleanUp() // Run yarn install before executing jf audit --yarn. Return error to assert according to test. @@ -199,6 +205,7 @@ func runXrayAuditYarnWithOutput(t *testing.T, format string) string { // Tests NuGet audit by providing simple NuGet project + multi-project NuGet project and asserts any error. func TestXrayAuditNugetJson(t *testing.T) { + integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) var testdata = []struct { projectName string format string @@ -256,6 +263,7 @@ func TestXrayAuditNugetJson(t *testing.T) { } func TestXrayAuditNugetSimpleJson(t *testing.T) { + integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) var testdata = []struct { projectName string format string @@ -299,7 +307,6 @@ func TestXrayAuditNugetSimpleJson(t *testing.T) { } func testXrayAuditNuget(t *testing.T, projectName, format string, restoreTech string) string { - integration.InitAuditCTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "nuget", projectName)) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -313,6 +320,7 @@ func testXrayAuditNuget(t *testing.T, projectName, format string, restoreTech st } func TestXrayAuditGradleJson(t *testing.T) { + integration.InitAuditJavaTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditGradle(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -321,6 +329,7 @@ func TestXrayAuditGradleJson(t *testing.T) { } func TestXrayAuditGradleSimpleJson(t *testing.T) { + integration.InitAuditJavaTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditGradle(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -329,7 +338,6 @@ func TestXrayAuditGradleSimpleJson(t *testing.T) { } func testXrayAuditGradle(t *testing.T, format string) string { - integration.InitAuditJavaTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "gradle", "gradle")) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -364,17 +372,18 @@ func testAuditMaven(t *testing.T, format string) string { } func TestXrayAuditGoJson(t *testing.T) { + integration.InitAuditGoTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditGo(t, false, string(format.Json), "simple-project") validations.VerifyJsonResults(t, output, validations.ValidationParams{Licenses: 1, Vulnerabilities: 4}) } func TestXrayAuditGoSimpleJson(t *testing.T) { + integration.InitAuditGoTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditGo(t, true, string(format.SimpleJson), "simple-project") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Licenses: 3, Vulnerabilities: 4, NotCovered: 2, NotApplicable: 2}) } func testXrayAuditGo(t *testing.T, noCreds bool, format, project string) string { - integration.InitAuditGoTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "go", project)) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -429,6 +438,7 @@ func TestXrayAuditMultiProjects(t *testing.T) { } func TestXrayAuditPipJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPip(t, string(format.Json), "") validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -437,6 +447,7 @@ func TestXrayAuditPipJson(t *testing.T) { } func TestXrayAuditCocoapods(t *testing.T) { + integration.InitAuditCocoapodsTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditCocoapods(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -444,6 +455,7 @@ func TestXrayAuditCocoapods(t *testing.T) { } func TestXrayAuditPipSimpleJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPip(t, string(format.SimpleJson), "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -452,17 +464,18 @@ func TestXrayAuditPipSimpleJson(t *testing.T) { } func TestXrayAuditPipJsonWithRequirementsFile(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPip(t, string(format.Json), "requirements.txt") validations.VerifyJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 2}) } func TestXrayAuditPipSimpleJsonWithRequirementsFile(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPip(t, string(format.SimpleJson), "requirements.txt") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 2}) } func testXrayAuditPip(t *testing.T, format, requirementsFile string) string { - integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "python", "pip", "pip-project")) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -475,7 +488,6 @@ func testXrayAuditPip(t *testing.T, format, requirementsFile string) string { } func testXrayAuditCocoapods(t *testing.T, format string) string { - integration.InitAuditCocoapodsTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "cocoapods")) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -484,6 +496,7 @@ func testXrayAuditCocoapods(t *testing.T, format string) string { } func TestXrayAuditPipenvJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPipenv(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -492,6 +505,7 @@ func TestXrayAuditPipenvJson(t *testing.T) { } func TestXrayAuditPipenvSimpleJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPipenv(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -500,7 +514,6 @@ func TestXrayAuditPipenvSimpleJson(t *testing.T) { } func testXrayAuditPipenv(t *testing.T, format string) string { - integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "python", "pipenv", "pipenv-project")) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -509,6 +522,7 @@ func testXrayAuditPipenv(t *testing.T, format string) string { } func TestXrayAuditPoetryJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPoetry(t, string(format.Json)) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -517,6 +531,7 @@ func TestXrayAuditPoetryJson(t *testing.T) { } func TestXrayAuditPoetrySimpleJson(t *testing.T) { + integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditPoetry(t, string(format.SimpleJson)) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 3, @@ -525,7 +540,6 @@ func TestXrayAuditPoetrySimpleJson(t *testing.T) { } func testXrayAuditPoetry(t *testing.T, format string) string { - integration.InitAuditPythonTest(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "package-managers", "python", "poetry", "poetry-project")) defer cleanUp() // Add dummy descriptor file to check that we run only specific audit @@ -546,15 +560,37 @@ func addDummyPackageDescriptor(t *testing.T, hasPackageJson bool) { // JAS func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) { - output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, true, false, "") - validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ - Vulnerabilities: 1, - Sast: 1, - }) + integration.InitAuditJasTest(t, scangraph.GraphScanMinXrayVersion) + testCase := []struct { + name string + withFlag bool + expectedResults validations.ValidationParams + }{ + { + name: "withFlag", + withFlag: true, + expectedResults: validations.ValidationParams{ + Vulnerabilities: 1, + Sast: 1, + }, + }, + { + name: "withoutFlag", + withFlag: false, + expectedResults: validations.ValidationParams{}, + }, + } + for _, tc := range testCase { + t.Run(tc.name, func(t *testing.T) { + output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, tc.withFlag, false, "") + validations.VerifySimpleJsonResults(t, output, tc.expectedResults) + }) + } } func TestXrayAuditSastCSharpFlagSimpleJson(t *testing.T) { // Placeholder until C# Sast is implemented t.Skip() + integration.InitAuditJasTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "dotnet", "dotnet-single"), "3", false, false, true, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -562,13 +598,8 @@ func TestXrayAuditSastCSharpFlagSimpleJson(t *testing.T) { }) } -func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) { - output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "c"), "3", false, false, false, "") - // verify no results for Sast - validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) -} - func TestXrayAuditJasMissingContextSimpleJson(t *testing.T) { + integration.InitAuditJasTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "maven", "missing-context"), "3", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{MissingContext: 1}) } @@ -598,6 +629,7 @@ func getNoJasAuditMockCommand() components.Command { } func TestXrayAuditJasSimpleJson(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, @@ -619,6 +651,7 @@ func TestXrayAuditJasSimpleJsonWithTokenValidation(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "1", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, @@ -634,6 +667,7 @@ func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas-config"), "3", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Secrets: 1, @@ -647,12 +681,12 @@ func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) { } func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "npm", "npm"), "3", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 1, NotApplicable: 1}) } func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string, threads string, validateSecrets bool, validateSastCpp bool, validateSastCSharp bool, customExclusion string) string { - integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), filepath.Join("projects", project))) defer cleanUp() // Configure a new server named "default" @@ -730,6 +764,7 @@ func TestAuditOnEmptyProject(t *testing.T) { // xray-url only - the following tests check the case of adding "xray-url", instead of "url", which is the more common one func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) cliToRun, cleanUp := integration.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false, false, "") @@ -740,6 +775,7 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { + integration.InitAuditGeneralTests(t, scangraph.GraphScanMinXrayVersion) cliToRun := integration.GetTestCli(cli.GetJfrogCliSecurityApp(), true) output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false, false, "") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ @@ -758,6 +794,7 @@ func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { // custom excluded folders func TestXrayAuditJasSimpleJsonWithCustomExclusions(t *testing.T) { + integration.InitAuditJasTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false, false, "non_existing_folder") validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 2, diff --git a/commands/enrich/enrich.go b/commands/enrich/enrich.go index f3c5752d..e4a1e35a 100644 --- a/commands/enrich/enrich.go +++ b/commands/enrich/enrich.go @@ -1,10 +1,10 @@ package enrich import ( - "encoding/json" "encoding/xml" "errors" "fmt" + "github.com/jfrog/jfrog-cli-security/utils/results/output" "os" "os/exec" "path/filepath" @@ -17,7 +17,6 @@ import ( "github.com/jfrog/jfrog-cli-security/commands/enrich/enrichgraph" "github.com/jfrog/jfrog-cli-security/utils" "github.com/jfrog/jfrog-cli-security/utils/results" - "github.com/jfrog/jfrog-cli-security/utils/results/output" "github.com/jfrog/jfrog-cli-security/utils/techutils" "github.com/jfrog/jfrog-cli-security/utils/xray" "github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns" @@ -27,6 +26,7 @@ import ( "github.com/jfrog/jfrog-client-go/utils/io/fileutils" "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/services" + orderedJson "github.com/virtuald/go-ordered-json" ) type FileContext func(string) parallel.TaskFunc @@ -75,8 +75,8 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error { if err != nil { return fmt.Errorf("error reading file: %s", err.Error()) } - var data map[string]interface{} - err = json.Unmarshal(fileContent, &data) + var data orderedJson.OrderedObject + err = orderedJson.Unmarshal(fileContent, &data) if err != nil { return fmt.Errorf("error parsing JSON: %s", err.Error()) } @@ -93,7 +93,7 @@ func AppendVulnsToJson(cmdResults *results.SecurityCommandResults) error { vulnerabilities = append(vulnerabilities, vulnerability) } } - data["vulnerabilities"] = vulnerabilities + data = append(data, orderedJson.Member{Key: "vulnerabilities", Value: vulnerabilities}) return output.PrintJson(data) } diff --git a/go.mod b/go.mod index 2072de20..2f69c265 100644 --- a/go.mod +++ b/go.mod @@ -16,6 +16,7 @@ require ( github.com/owenrumney/go-sarif/v2 v2.3.0 github.com/stretchr/testify v1.9.0 github.com/urfave/cli v1.22.16 + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f golang.org/x/sync v0.9.0 golang.org/x/text v0.20.0 diff --git a/go.sum b/go.sum index f88b8d6e..0b6b9be1 100644 --- a/go.sum +++ b/go.sum @@ -257,6 +257,8 @@ github.com/urfave/cli v1.22.16 h1:MH0k6uJxdwdeWQTwhSO42Pwr4YLrNLwBtg1MRgTqPdQ= github.com/urfave/cli v1.22.16/go.mod h1:EeJR6BKodywf4zciqrdw6hpCPk68JO9z5LazXZMn5Po= github.com/vbauerster/mpb/v8 v8.8.3 h1:dTOByGoqwaTJYPubhVz3lO5O6MK553XVgUo33LdnNsQ= github.com/vbauerster/mpb/v8 v8.8.3/go.mod h1:JfCCrtcMsJwP6ZwMn9e5LMnNyp3TVNpUWWkN+nd4EWk= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= +github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= diff --git a/scans_test.go b/scans_test.go index 818bbb9c..a389f484 100644 --- a/scans_test.go +++ b/scans_test.go @@ -42,6 +42,7 @@ import ( // Binary scan tests func TestXrayBinaryScanJson(t *testing.T) { + integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayBinaryScan(t, string(format.Json), false) validations.VerifyJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -50,6 +51,7 @@ func TestXrayBinaryScanJson(t *testing.T) { } func TestXrayBinaryScanSimpleJson(t *testing.T) { + integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) output := testXrayBinaryScan(t, string(format.SimpleJson), true) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Vulnerabilities: 1, @@ -59,6 +61,7 @@ func TestXrayBinaryScanSimpleJson(t *testing.T) { } func TestXrayBinaryScanJsonWithProgress(t *testing.T) { + integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) callback := commonTests.MockProgressInitialization() defer callback() output := testXrayBinaryScan(t, string(format.Json), false) @@ -69,6 +72,7 @@ func TestXrayBinaryScanJsonWithProgress(t *testing.T) { } func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) { + integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) callback := commonTests.MockProgressInitialization() defer callback() output := testXrayBinaryScan(t, string(format.SimpleJson), true) @@ -80,7 +84,6 @@ func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) { } func testXrayBinaryScan(t *testing.T, format string, withViolation bool) string { - integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) binariesPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "binaries", "*") args := []string{"scan", binariesPath, "--licenses", "--format=" + format} if withViolation { diff --git a/utils/results/output/resultwriter.go b/utils/results/output/resultwriter.go index ef3488ac..4706321e 100644 --- a/utils/results/output/resultwriter.go +++ b/utils/results/output/resultwriter.go @@ -106,12 +106,17 @@ func (rw *ResultsWriter) PrintScanResults() error { // Don't print if there are no results and only errors. return nil } + // Helper for Debugging purposes, print the raw results to the log + if err := rw.printRawResultsLog(); err != nil { + return err + } + switch rw.format { case format.Table: return rw.printTables() case format.SimpleJson: // Helper for Debugging purposes, print the raw results to the log - if err := rw.printOrSaveRawResults(false); err != nil { + if err := rw.printRawResultsLog(); err != nil { return err } simpleJson, err := rw.createResultsConvertor(false).ConvertToSimpleJson(rw.commandResults) @@ -123,7 +128,7 @@ func (rw *ResultsWriter) PrintScanResults() error { return PrintJson(rw.commandResults.GetScaScansXrayResults()) case format.Sarif: // Helper for Debugging purposes, print the raw results to the log - if err := rw.printOrSaveRawResults(false); err != nil { + if err := rw.printRawResultsLog(); err != nil { return err } return rw.printSarif() @@ -166,22 +171,12 @@ func PrintJson(output interface{}) (err error) { return nil } -// If "CI" env var is true, print raw JSON of the results. Otherwise, save it as a file and print a link to it. -// If printMsg is true, print it to the console. Otherwise, print the message to the log. -func (rw *ResultsWriter) printOrSaveRawResults(printMsg bool) (err error) { +// Log (Debug) the inner results.SecurityCommandResults object object as a JSON string. +func (rw *ResultsWriter) printRawResultsLog() (err error) { if !rw.commandResults.HasInformation() { log.Debug("No information to print") return } - if printMsg && !utils.IsCI() { - // Save the results to a file and print a link to it. - var resultsPath string - if resultsPath, err = WriteJsonResults(rw.commandResults); err != nil { - return - } - printMessage(coreutils.PrintTitle("The full scan results are available here: ") + coreutils.PrintLink(resultsPath)) - return - } // Print the raw results to console. var msg string if msg, err = utils.GetAsJsonString(rw.commandResults, false, true); err != nil { @@ -197,9 +192,6 @@ func (rw *ResultsWriter) printTables() (err error) { return } printMessages(rw.messages) - if err = rw.printOrSaveRawResults(true); err != nil { - return - } if utils.IsScanRequested(rw.commandResults.CmdType, utils.ScaScan, rw.subScansPreformed...) { if rw.hasViolationContext { if err = PrintViolationsTable(tableContent, rw.commandResults.CmdType, rw.printExtended); err != nil { diff --git a/utils/utils.go b/utils/utils.go index aa5f5d2b..1681ae38 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -6,6 +6,7 @@ import ( "encoding/hex" "encoding/json" "fmt" + orderedJson "github.com/virtuald/go-ordered-json" "os" "path/filepath" "strings" @@ -112,7 +113,7 @@ func UniqueUnion[T comparable](arr []T, elements ...T) []T { func GetAsJsonBytes(output interface{}, escapeValues, indent bool) (results []byte, err error) { if escapeValues { - if results, err = json.Marshal(output); errorutils.CheckError(err) != nil { + if results, err = orderedJson.Marshal(output); errorutils.CheckError(err) != nil { return } } else {