diff --git a/audit_test.go b/audit_test.go index 76e01a53..c83c81fe 100644 --- a/audit_test.go +++ b/audit_test.go @@ -17,6 +17,7 @@ import ( "github.com/jfrog/jfrog-cli-security/utils/formats" "github.com/jfrog/jfrog-cli-security/utils/validations" + testsUtils "github.com/jfrog/jfrog-cli-security/tests/utils" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" "github.com/stretchr/testify/assert" @@ -566,7 +567,7 @@ func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) { } func TestXrayAuditNotEntitledForJas(t *testing.T) { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand) + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, false, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) @@ -739,3 +740,31 @@ func TestAuditOnEmptyProject(t *testing.T) { // No issues should be found in an empty project validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) } + +// xray-url only - the following tests check the case of adding "xray-url", instead of "url", which is the more common one + +func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) + defer cleanUp() + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) + // Verify that scan results are printed + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) + // Verify that JAS results are not printed + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) +} + +func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { + cliToRun := testsUtils.GetTestCli(cli.GetJfrogCliSecurityApp(), true) + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ + Sast: 1, + Iac: 9, + Secrets: 6, + + Vulnerabilities: 8, + Applicable: 3, + Undetermined: 1, + NotCovered: 1, + NotApplicable: 2, + }) +} diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 6fe6d694..a99f8237 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -24,7 +24,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.9.11" + defaultAnalyzerManagerVersion = "1.10.2" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" @@ -33,6 +33,7 @@ const ( jfPasswordEnvVariable = "JF_PASS" jfTokenEnvVariable = "JF_TOKEN" jfPlatformUrlEnvVariable = "JF_PLATFORM_URL" + jfPlatformXrayUrlEnvVariable = "JF_PLATFORM_XRAY_URL" logDirEnvVariable = "AM_LOG_DIRECTORY" notEntitledExitCode = 31 unsupportedCommandExitCode = 13 @@ -138,10 +139,11 @@ func GetAnalyzerManagerExecutableName() string { func GetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) (envVars map[string]string, err error) { envVars = map[string]string{ - jfUserEnvVariable: serverDetails.User, - jfPasswordEnvVariable: serverDetails.Password, - jfPlatformUrlEnvVariable: serverDetails.Url, - jfTokenEnvVariable: serverDetails.AccessToken, + jfUserEnvVariable: serverDetails.User, + jfPasswordEnvVariable: serverDetails.Password, + jfPlatformUrlEnvVariable: serverDetails.Url, + jfPlatformXrayUrlEnvVariable: serverDetails.XrayUrl, + jfTokenEnvVariable: serverDetails.AccessToken, } if !utils.IsCI() { analyzerManagerLogFolder, err := coreutils.CreateDirInJfrogHome(filepath.Join(coreutils.JfrogLogsDirName, analyzerManagerLogDirName)) diff --git a/jas/common.go b/jas/common.go index a6499900..2154f3c1 100644 --- a/jas/common.go +++ b/jas/common.go @@ -54,12 +54,13 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool, if len(serverDetails.Url) == 0 { if len(serverDetails.XrayUrl) != 0 { log.Debug("Xray URL provided without platform URL") + } else { + if len(serverDetails.ArtifactoryUrl) != 0 { + log.Debug("Artifactory URL provided without platform URL") + } + log.Warn(NoServerUrlWarn) + return } - if len(serverDetails.ArtifactoryUrl) != 0 { - log.Debug("Artifactory URL provided without platform URL") - } - log.Warn(NoServerUrlWarn) - return } scanner = &JasScanner{} if scanner.EnvVars, err = getJasEnvVars(serverDetails, validateSecrets, envVars); err != nil { @@ -81,6 +82,7 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool, func getJasEnvVars(serverDetails *config.ServerDetails, validateSecrets bool, vars map[string]string) (map[string]string, error) { amBasicVars, err := GetAnalyzerManagerEnvVariables(serverDetails) + log.Debug("Adding the following environment variables to the analyzer manager", amBasicVars) if err != nil { return nil, err } diff --git a/jas/common_test.go b/jas/common_test.go index f499db8e..2c504abc 100644 --- a/jas/common_test.go +++ b/jas/common_test.go @@ -157,6 +157,40 @@ func TestGetJasEnvVars(t *testing.T) { "test": "testValue", }, }, + { + name: "Valid server details xray only", + serverDetails: &config.ServerDetails{ + Url: "", + XrayUrl: "url/xray", + User: "user", + Password: "password", + AccessToken: "token", + }, + expectedOutput: map[string]string{ + jfPlatformUrlEnvVariable: "", + jfPlatformXrayUrlEnvVariable: "url/xray", + jfUserEnvVariable: "user", + jfPasswordEnvVariable: "password", + jfTokenEnvVariable: "token", + }, + }, + { + name: "Valid server details both url and xray", + serverDetails: &config.ServerDetails{ + Url: "url", + XrayUrl: "url/xray", + User: "user", + Password: "password", + AccessToken: "token", + }, + expectedOutput: map[string]string{ + jfPlatformUrlEnvVariable: "url", + jfPlatformXrayUrlEnvVariable: "url/xray", + jfUserEnvVariable: "user", + jfPasswordEnvVariable: "password", + jfTokenEnvVariable: "token", + }, + }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { diff --git a/scans_test.go b/scans_test.go index 939a6e67..3668326c 100644 --- a/scans_test.go +++ b/scans_test.go @@ -162,7 +162,7 @@ func initNativeDockerWithXrayTest(t *testing.T) (mockCli *coreTests.JfrogCli, cl if !*securityTests.TestDockerScan || !*securityTests.TestSecurity { t.Skip("Skipping Docker scan test. To run Xray Docker test add the '-test.dockerScan=true' and '-test.security=true' options.") } - return securityTestUtils.InitTestWithMockCommandOrParams(t, cli.DockerScanMockCommand) + return securityTestUtils.InitTestWithMockCommandOrParams(t, false, cli.DockerScanMockCommand) } func runDockerScan(t *testing.T, testCli *coreTests.JfrogCli, imageName, watchName string, minViolations, minVulnerabilities, minLicenses int, minInactives int, validateSecrets bool) { diff --git a/tests/utils/test_config.go b/tests/utils/test_config.go index be583877..a9addb12 100644 --- a/tests/utils/test_config.go +++ b/tests/utils/test_config.go @@ -50,19 +50,25 @@ func CreateJfrogHomeConfig(t *testing.T, encryptPassword bool) { func InitTestCliDetails(testApplication components.App) { configTests.TestApplication = &testApplication if configTests.PlatformCli == nil { - configTests.PlatformCli = GetTestCli(testApplication) + configTests.PlatformCli = GetTestCli(testApplication, false) } } -func GetTestCli(testApplication components.App) (testCli *coreTests.JfrogCli) { - creds := authenticateXray() +func GetTestCli(testApplication components.App, xrayUrlOnly bool) (testCli *coreTests.JfrogCli) { + creds := authenticateXray(xrayUrlOnly) return coreTests.NewJfrogCli(func() error { return plugins.RunCliWithPlugin(testApplication)() }, "", creds) } -func authenticateXray() string { +func authenticateXray(xrayUrlOnly bool) string { *configTests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*configTests.JfrogUrl) - configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} - cred := fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl) + var cred string + if xrayUrlOnly { + configTests.XrDetails = &config.ServerDetails{XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + cred = fmt.Sprintf("--xray-url=%s", configTests.XrDetails.XrayUrl) + } else { + configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + cred = fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl) + } if *configTests.JfrogAccessToken != "" { configTests.XrDetails.AccessToken = *configTests.JfrogAccessToken cred += fmt.Sprintf(" --access-token=%s", configTests.XrDetails.AccessToken) diff --git a/tests/utils/test_utils.go b/tests/utils/test_utils.go index 9d7a5fa5..7eca74c1 100644 --- a/tests/utils/test_utils.go +++ b/tests/utils/test_utils.go @@ -78,7 +78,7 @@ func ValidateXscVersion(t *testing.T, minVersion string) { } } -func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) { +func InitTestWithMockCommandOrParams(t *testing.T, xrayUrlOnly bool, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) { oldHomeDir := os.Getenv(coreutils.HomeDir) // Create server config to use with the command. CreateJfrogHomeConfig(t, true) @@ -87,7 +87,7 @@ func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() compon for _, mockCommand := range mockCommands { commands = append(commands, mockCommand()) } - return GetTestCli(components.CreateEmbeddedApp("security", commands)), func() { + return GetTestCli(components.CreateEmbeddedApp("security", commands), xrayUrlOnly), func() { clientTests.SetEnvAndAssert(t, coreutils.HomeDir, oldHomeDir) } }