From aea8b7c1ab7ffcf62dbc905c9aed3fe2bc37e941 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Wed, 4 Sep 2024 13:56:45 +0300 Subject: [PATCH] Print both vulnerabilities and violations tables if needed (#163) --- commands/audit/audit.go | 5 +++++ commands/scan/buildscan.go | 7 ++++++- commands/scan/dockerscan.go | 2 +- commands/scan/scan.go | 11 ++++++----- utils/resultwriter.go | 21 +++++++++++++++------ 5 files changed, 33 insertions(+), 13 deletions(-) diff --git a/commands/audit/audit.go b/commands/audit/audit.go index 531f18e4..136d8849 100644 --- a/commands/audit/audit.go +++ b/commands/audit/audit.go @@ -134,6 +134,7 @@ func (auditCmd *AuditCommand) Run() (err error) { } if err = utils.NewResultsWriter(auditResults). SetIsMultipleRootProject(auditResults.IsMultipleProject()). + SetHasViolationContext(auditCmd.HasViolationContext()). SetIncludeVulnerabilities(auditCmd.IncludeVulnerabilities). SetIncludeLicenses(auditCmd.IncludeLicenses). SetOutputFormat(auditCmd.OutputFormat()). @@ -160,6 +161,10 @@ func (auditCmd *AuditCommand) CommandName() string { return "generic_audit" } +func (auditCmd *AuditCommand) HasViolationContext() bool { + return len(auditCmd.watches) > 0 || auditCmd.projectKey != "" || auditCmd.targetRepoPath != "" +} + // Runs an audit scan based on the provided auditParams. // Returns an audit Results object containing all the scan results. // If the current server is entitled for JAS, the advanced security results will be included in the scan results. diff --git a/commands/scan/buildscan.go b/commands/scan/buildscan.go index 40149491..f85cf2d0 100644 --- a/commands/scan/buildscan.go +++ b/commands/scan/buildscan.go @@ -155,6 +155,7 @@ func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayS resultsPrinter := utils.NewResultsWriter(scanResults). SetOutputFormat(bsc.outputFormat). + SetHasViolationContext(bsc.hasViolationContext()). SetIncludeVulnerabilities(bsc.includeVulnerabilities). SetIncludeLicenses(false). SetIsMultipleRootProject(true). @@ -187,7 +188,7 @@ func (bsc *BuildScanCommand) runBuildScanAndPrintResults(xrayManager *xray.XrayS scanResults, bsc.serverDetails, bsc.includeVulnerabilities, - bsc.buildConfiguration.GetProject() != "", + bsc.hasViolationContext(), params.BuildName, params.BuildNumber, )) return @@ -197,6 +198,10 @@ func (bsc *BuildScanCommand) CommandName() string { return "xr_build_scan" } +func (bsc *BuildScanCommand) hasViolationContext() bool { + return bsc.buildConfiguration.GetProject() != "" +} + // There are two cases. when serverDetails.Url is configured and when serverDetails.XrayUrl and serverDetails.ArtifactoryUrl are configured // The function will return the Url if configured and will trim xray if serverDetails.Url is not configured func getActualUrl(serverDetails config.ServerDetails) (string, error) { diff --git a/commands/scan/dockerscan.go b/commands/scan/dockerscan.go index 1ba036e4..7d260f24 100644 --- a/commands/scan/dockerscan.go +++ b/commands/scan/dockerscan.go @@ -106,7 +106,7 @@ func (dsc *DockerScanCommand) Run() (err error) { scanResults, dsc.ScanCommand.serverDetails, dsc.ScanCommand.includeVulnerabilities, - hasViolationContext(dsc.ScanCommand.watches, dsc.ScanCommand.projectKey), + dsc.ScanCommand.hasViolationContext(), dsc.imageTag, )) }) diff --git a/commands/scan/scan.go b/commands/scan/scan.go index 6f0ba747..f51a1e39 100644 --- a/commands/scan/scan.go +++ b/commands/scan/scan.go @@ -161,6 +161,10 @@ func (scanCmd *ScanCommand) SetAnalyticsMetricsService(analyticsMetricsService * return scanCmd } +func (scanCmd *ScanCommand) hasViolationContext() bool { + return len(scanCmd.watches) > 0 || scanCmd.projectKey != "" +} + func (scanCmd *ScanCommand) indexFile(filePath string) (*xrayUtils.BinaryGraphNode, error) { var indexerResults xrayUtils.BinaryGraphNode indexerCmd := exec.Command(scanCmd.indexerPath, indexingCommand, filePath, "--temp-dir", scanCmd.indexerTempDir) @@ -195,15 +199,11 @@ func (scanCmd *ScanCommand) Run() (err error) { scanResults, scanCmd.serverDetails, scanCmd.includeVulnerabilities, - hasViolationContext(scanCmd.watches, scanCmd.projectKey), + scanCmd.hasViolationContext(), )) }) } -func hasViolationContext(watches []string, projectKey string) bool { - return len(watches) > 0 || projectKey != "" -} - func (scanCmd *ScanCommand) RunAndRecordResults(recordResFunc func(scanResults *utils.Results) error) (err error) { defer func() { if err != nil { @@ -318,6 +318,7 @@ func (scanCmd *ScanCommand) RunAndRecordResults(recordResFunc func(scanResults * if err = utils.NewResultsWriter(scanResults). SetOutputFormat(scanCmd.outputFormat). + SetHasViolationContext(scanCmd.hasViolationContext()). SetIncludeVulnerabilities(scanCmd.includeVulnerabilities). SetIncludeLicenses(scanCmd.includeLicenses). SetPrintExtendedTable(scanCmd.printExtendedTable). diff --git a/utils/resultwriter.go b/utils/resultwriter.go index 53a21d62..cad4a751 100644 --- a/utils/resultwriter.go +++ b/utils/resultwriter.go @@ -40,6 +40,8 @@ type ResultsWriter struct { format format.OutputFormat // IncludeVulnerabilities If true, include all vulnerabilities as part of the output. Else, include violations only. includeVulnerabilities bool + // + hasViolationContext bool // IncludeLicenses If true, also include license violations as part of the output. includeLicenses bool // IsMultipleRoots multipleRoots is set to true, in case the given results array contains (or may contain) results of several projects (like in binary scan). @@ -65,6 +67,11 @@ func GetScaScanFileName(r *Results) string { return "" } +func (rw *ResultsWriter) SetHasViolationContext(hasViolationContext bool) *ResultsWriter { + rw.hasViolationContext = hasViolationContext + return rw +} + func (rw *ResultsWriter) SetOutputFormat(f format.OutputFormat) *ResultsWriter { rw.format = f return rw @@ -142,13 +149,15 @@ func (rw *ResultsWriter) printScanResultsTables() (err error) { } log.Output() if shouldPrintTable(rw.subScansPreformed, ScaScan, rw.scanType) { - if rw.includeVulnerabilities { - err = PrintVulnerabilitiesTable(vulnerabilities, rw.results, rw.isMultipleRoots, rw.printExtended, rw.scanType) - } else { - err = PrintViolationsTable(violations, rw.results, rw.isMultipleRoots, rw.printExtended, rw.scanType) + if rw.hasViolationContext { + if err = PrintViolationsTable(violations, rw.results, rw.isMultipleRoots, rw.printExtended, rw.scanType); err != nil { + return + } } - if err != nil { - return + if rw.includeVulnerabilities { + if err = PrintVulnerabilitiesTable(vulnerabilities, rw.results, rw.isMultipleRoots, rw.printExtended, rw.scanType); err != nil { + return + } } if rw.includeLicenses { if err = PrintLicensesTable(licenses, rw.printExtended, rw.scanType); err != nil {