fix cr

jfrog · Feb 13, 2024 · d60c4eb · d60c4eb
1 parent a33920b
commit d60c4eb
Show file tree

Hide file tree

Showing 4 changed files with 112 additions and 45 deletions.
diff --git a/commands/audit/scarunner.go b/commands/audit/scarunner.go
@@ -19,7 +19,6 @@ import (
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/nuget"
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/python"
 	"github.com/jfrog/jfrog-cli-security/commands/audit/sca/yarn"
-	xrayConfig "github.com/jfrog/jfrog-cli-security/config"
 	"github.com/jfrog/jfrog-cli-security/scangraph"
 	xrayutils "github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/artifactory/services/fspatterns"
@@ -206,7 +205,7 @@ func GetTechDependencyTree(params xrayutils.AuditParams, tech coreutils.Technolo
 	case coreutils.Maven, coreutils.Gradle:
 		curationCacheFolder := ""
 		if params.IsCurationCmd() {
-			curationCacheFolder, err = xrayConfig.GetCurationMavenCacheFolder()
+			curationCacheFolder, err = xrayutils.GetCurationMavenCacheFolder()
 			if err != nil {
 				return
 			}
@@ -235,11 +234,11 @@ func GetTechDependencyTree(params xrayutils.AuditParams, tech coreutils.Technolo
 	default:
 		err = errorutils.CheckErrorf("%s is currently not supported", string(tech))
 	}
-	if err != nil || (len(uniqueDeps) == 0 && uniqDepsWithTypes == nil) {
+	if err != nil || (len(uniqueDeps) == 0 && len(uniqDepsWithTypes) == 0) {
 		return
 	}
 	log.Debug(fmt.Sprintf("Created '%s' dependency tree with %d nodes. Elapsed time: %.1f seconds.", tech.ToFormal(), len(uniqueDeps), time.Since(startTime).Seconds()))
-	if uniqDepsWithTypes != nil {
+	if len(uniqDepsWithTypes) > 0 {
 		flatTree, err = createFlatTreeWithTypes(uniqDepsWithTypes)
 		return
 	}
@@ -334,14 +333,16 @@ func createFlatTree(uniqueDeps []string) (*xrayCmdUtils.GraphNode, error) {
 	return &xrayCmdUtils.GraphNode{Id: "root", Nodes: uniqueNodes}, nil
 }
 
-func logDeps(uniqueDeps any) error {
-	if log.GetLogger().GetLogLevel() == log.DEBUG {
+func logDeps(uniqueDeps any) (err error) {
+	if log.GetLogger().GetLogLevel() != log.DEBUG {
 		// Avoid printing and marshaling if not on DEBUG mode.
-		jsonList, err := json.Marshal(uniqueDeps)
-		if errorutils.CheckError(err) != nil {
-			return err
-		}
-		log.Debug("Unique dependencies list:\n" + clientutils.IndentJsonArray(jsonList))
+		return
+	}
+	jsonList, err := json.Marshal(uniqueDeps)
+	if errorutils.CheckError(err) != nil {
+		return err
 	}
-	return nil
+	log.Debug("Unique dependencies list:\n" + clientutils.IndentJsonArray(jsonList))
+
+	return
 }
diff --git a/commands/curation/curationaudit.go b/commands/curation/curationaudit.go
@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	xrayConfig "github.com/jfrog/jfrog-cli-security/config"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -55,9 +54,9 @@ const (
 var CurationOutputFormats = []string{string(outFormat.Table), string(outFormat.Json)}
 
 var supportedTech = map[coreutils.Technology]func() (bool, error){
-	coreutils.Npm: nil,
+	coreutils.Npm: func() (bool, error) { return true, nil },
 	coreutils.Maven: func() (bool, error) {
-		return clientutils.GetBoolEnvValue(xrayConfig.CurationMavenSupport, false)
+		return clientutils.GetBoolEnvValue(utils.CurationMavenSupport, false)
 	},
 }
 
@@ -195,16 +194,15 @@ func (ca *CurationAuditCommand) doCurateAudit(results map[string][]*PackageStatu
 			log.Info(fmt.Sprintf(errorTemplateUnsupportedTech, tech))
 			continue
 		}
-		if supportedFunc != nil {
-			supported, err := supportedFunc()
-			if err != nil {
-				return err
-			}
-			if !supported {
-				log.Info(fmt.Sprintf(errorTemplateUnsupportedTech, tech))
-				continue
-			}
+		supported, err := supportedFunc()
+		if err != nil {
+			return err
+		}
+		if !supported {
+			log.Info(fmt.Sprintf(errorTemplateUnsupportedTech, tech))
+			continue
 		}
+
 		if err := ca.auditTree(coreutils.Technology(tech), results); err != nil {
 			return err
 		}
@@ -278,6 +276,7 @@ func (ca *CurationAuditCommand) auditTree(tech coreutils.Technology, results map
 	}
 	// Fetch status for each node from a flatten graph which, has no duplicate nodes.
 	packagesStatusMap := sync.Map{}
+	// if error returned we still want to produce a report, so we don't fail the next step
 	err = analyzer.fetchNodesStatus(flattenGraph, &packagesStatusMap, rootNodes)
 	analyzer.GraphsRelations(fullDependenciesTrees, &packagesStatusMap,
 		&packagesStatus)
@@ -371,11 +370,7 @@ func (ca *CurationAuditCommand) getRepoParams(projectType project.ProjectType) (
 	if err != nil {
 		return nil, err
 	}
-	resolverParams, err := project.GetRepoConfigByPrefix(configFilePath, project.ProjectConfigResolverPrefix, vConfig)
-	if err != nil {
-		return nil, err
-	}
-	return resolverParams, nil
+	return project.GetRepoConfigByPrefix(configFilePath, project.ProjectConfigResolverPrefix, vConfig)
 }
 
 func (nc *treeAnalyzer) GraphsRelations(fullDependenciesTrees []*xrayUtils.GraphNode, preProcessMap *sync.Map, packagesStatus *[]*PackageStatus) {
@@ -557,11 +552,10 @@ func makeLegiblePolicyDetails(explanation, recommendation string) (string, strin
 }
 
 func getUrlNameAndVersionByTech(tech coreutils.Technology, node *xrayUtils.GraphNode, artiUrl, repo string) (downloadUrls []string, name string, scope string, version string) {
-	if tech == coreutils.Npm {
-		downloadUrl, name, scope, version := getNpmNameScopeAndVersion(node.Id, artiUrl, repo, coreutils.Npm.String())
-		return []string{downloadUrl}, name, scope, version
-	}
-	if tech == coreutils.Maven {
+	switch tech {
+	case coreutils.Npm:
+		return getNpmNameScopeAndVersion(node.Id, artiUrl, repo, coreutils.Npm.String())
+	case coreutils.Maven:
 		return getMavenNameScopeAndVersion(node.Id, artiUrl, repo, node.Types)
 	}
 	return
@@ -573,7 +567,7 @@ func getUrlNameAndVersionByTech(tech coreutils.Technology, node *xrayUtils.Graph
 func getMavenNameScopeAndVersion(id, artiUrl, repo string, types *[]string) (downloadUrls []string, name, scope, version string) {
 	id = strings.TrimPrefix(id, "gav://")
 	allParts := strings.Split(id, ":")
-	if len(allParts) < 2 {
+	if len(allParts) < 3 {
 		return
 	}
 	nameVersion := allParts[1] + "-" + allParts[2]
@@ -593,7 +587,7 @@ func getMavenNameScopeAndVersion(id, artiUrl, repo string, types *[]string) (dow
 
 // The graph holds, for each node, the component ID (xray representation)
 // from which we extract the package name, version, and construct the Artifactory download URL.
-func getNpmNameScopeAndVersion(id, artiUrl, repo, tech string) (downloadUrl, name, scope, version string) {
+func getNpmNameScopeAndVersion(id, artiUrl, repo, tech string) (downloadUrl []string, name, scope, version string) {
 	id = strings.TrimPrefix(id, tech+"://")
 
 	nameVersion := strings.Split(id, ":")
@@ -609,14 +603,14 @@ func getNpmNameScopeAndVersion(id, artiUrl, repo, tech string) (downloadUrl, nam
 	return buildNpmDownloadUrl(artiUrl, repo, name, scope, version), name, scope, version
 }
 
-func buildNpmDownloadUrl(url, repo, name, scope, version string) string {
+func buildNpmDownloadUrl(url, repo, name, scope, version string) []string {
 	var packageUrl string
 	if scope != "" {
 		packageUrl = fmt.Sprintf("%s/api/npm/%s/%s/%s/-/%s-%s.tgz", strings.TrimSuffix(url, "/"), repo, scope, name, name, version)
 	} else {
 		packageUrl = fmt.Sprintf("%s/api/npm/%s/%s/-/%s-%s.tgz", strings.TrimSuffix(url, "/"), repo, name, name, version)
 	}
-	return packageUrl
+	return []string{packageUrl}
 }
 
 func DetectNumOfThreads(threadsCount int) (int, error) {

diff --git a/commands/curation/curationaudit_test.go b/commands/curation/curationaudit_test.go
@@ -159,8 +159,8 @@ func TestGetNameScopeAndVersion(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			gotDownloadUrl, gotName, gotScope, gotVersion := getNpmNameScopeAndVersion(tt.componentId, tt.artiUrl, tt.repo, tt.repo)
-			assert.Equal(t, tt.wantDownloadUrl, gotDownloadUrl, "getNameScopeAndVersion() gotDownloadUrl = %v, want %v", gotDownloadUrl, tt.wantDownloadUrl)
+			gotDownloadUrls, gotName, gotScope, gotVersion := getNpmNameScopeAndVersion(tt.componentId, tt.artiUrl, tt.repo, tt.repo)
+			assert.Equal(t, tt.wantDownloadUrl, gotDownloadUrls[0], "getNameScopeAndVersion() gotDownloadUrl = %v, want %v", gotDownloadUrls[0], tt.wantDownloadUrl)
 			assert.Equal(t, tt.wantName, gotName, "getNpmNameScopeAndVersion() gotName = %v, want %v", gotName, tt.wantName)
 			assert.Equal(t, tt.wantScope, gotScope, "getNpmNameScopeAndVersion() gotScope = %v, want %v", gotScope, tt.wantScope)
 			assert.Equal(t, tt.wantVersion, gotVersion, "getNpmNameScopeAndVersion() gotVersion = %v, want %v", gotVersion, tt.wantVersion)
@@ -641,3 +641,75 @@ func WriteServerDetailsConfigFileBytes(t *testing.T, url string, configPath stri
 	assert.NoError(t, os.WriteFile(confFilePath, detailsByte, 0644))
 	return confFilePath
 }
+
+func Test_getMavenNameScopeAndVersion(t *testing.T) {
+	type args struct {
+		id      string
+		artiUrl string
+		repo    string
+		types   *[]string
+	}
+	tests := []struct {
+		name             string
+		args             args
+		wantDownloadUrls []string
+		wantName         string
+		wantScope        string
+		wantVersion      string
+	}{
+		{
+			name: "maven url jar",
+			args: args{
+				id:      "gav://org.apache.tomcat.embed:tomcat-embed-jasper:8.0.33",
+				artiUrl: "http://test:9000/artifactory",
+				repo:    "maven-remote",
+				types:   &[]string{"jar"},
+			},
+			wantDownloadUrls: []string{"http://test:9000/artifactory/maven-remote/org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33.jar"},
+			wantName:         "org.apache.tomcat.embed:tomcat-embed-jasper",
+			wantVersion:      "8.0.33",
+		},
+		{
+			name: "maven url jar and war",
+			args: args{
+				id:      "gav://org.apache.tomcat.embed:tomcat-embed-jasper:8.0.33",
+				artiUrl: "http://test:9000/artifactory",
+				repo:    "maven-remote",
+				types:   &[]string{"jar", "war"},
+			},
+			wantDownloadUrls: []string{"http://test:9000/artifactory/maven-remote/org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33.jar",
+				"http://test:9000/artifactory/maven-remote/org/apache/tomcat/embed/tomcat-embed-jasper/8.0.33/tomcat-embed-jasper-8.0.33.war"},
+			wantName:    "org.apache.tomcat.embed:tomcat-embed-jasper",
+			wantVersion: "8.0.33",
+		},
+		{
+			name: "maven url pom - no expected url",
+			args: args{
+				id:      "gav://org.apache.tomcat.embed:tomcat-embed-jasper:8.0.33",
+				artiUrl: "http://test:9000/artifactory",
+				repo:    "maven-remote",
+				types:   &[]string{"pom"},
+			},
+			wantName:    "org.apache.tomcat.embed:tomcat-embed-jasper",
+			wantVersion: "8.0.33",
+		},
+		{
+			name: "bad id",
+			args: args{
+				id:      "gav://org.apache.tomcat.embed:8.0.33",
+				artiUrl: "http://test:9000/artifactory",
+				repo:    "maven-remote",
+				types:   &[]string{"jar"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotDownloadUrls, gotName, gotScope, gotVersion := getMavenNameScopeAndVersion(tt.args.id, tt.args.artiUrl, tt.args.repo, tt.args.types)
+			assert.Equalf(t, tt.wantDownloadUrls, gotDownloadUrls, "getMavenNameScopeAndVersion(%v, %v, %v, %v)", tt.args.id, tt.args.artiUrl, tt.args.repo, tt.args.types)
+			assert.Equalf(t, tt.wantName, gotName, "getMavenNameScopeAndVersion(%v, %v, %v, %v)", tt.args.id, tt.args.artiUrl, tt.args.repo, tt.args.types)
+			assert.Equalf(t, tt.wantScope, gotScope, "getMavenNameScopeAndVersion(%v, %v, %v, %v)", tt.args.id, tt.args.artiUrl, tt.args.repo, tt.args.types)
+			assert.Equalf(t, tt.wantVersion, gotVersion, "getMavenNameScopeAndVersion(%v, %v, %v, %v)", tt.args.id, tt.args.artiUrl, tt.args.repo, tt.args.types)
+		})
+	}
+}
diff --git a/config/general.go → utils/paths.go b/config/general.go → utils/paths.go
@@ -1,4 +1,4 @@
-package config
+package utils
 
 import (
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
@@ -16,7 +16,7 @@ const (
 	CurationMavenSupport = "JFROG_CLI_CURATION_MAVEN"
 )
 
-func GetJfrogCurationFolder() (string, error) {
+func getJfrogCurationFolder() (string, error) {
 	dependenciesDir := os.Getenv(CurationsDir)
 	if dependenciesDir != "" {
 		return utils.AddTrailingSlashIfNeeded(dependenciesDir), nil
@@ -28,16 +28,16 @@ func GetJfrogCurationFolder() (string, error) {
 	return filepath.Join(jfrogHome, JfrogCurationDirName), nil
 }
 
-func GetCurationCacheFolder() (string, error) {
-	curationFolder, err := GetJfrogCurationFolder()
+func getCurationCacheFolder() (string, error) {
+	curationFolder, err := getJfrogCurationFolder()
 	if err != nil {
 		return "", err
 	}
 	return filepath.Join(curationFolder, "cache"), nil
 }
 
 func GetCurationMavenCacheFolder() (string, error) {
-	curationFolder, err := GetCurationCacheFolder()
+	curationFolder, err := getCurationCacheFolder()
 	if err != nil {
 		return "", err
 	}