From 6aa7ef809aee9feca938a55d87b422f831fc61e9 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 17 Sep 2024 00:39:42 +0300 Subject: [PATCH 01/13] fix env var + add test --- jas/analyzermanager.go | 10 ++++++---- jas/common.go | 1 + jas/common_test.go | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 6fe6d694..def70fbc 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -33,6 +33,7 @@ const ( jfPasswordEnvVariable = "JF_PASS" jfTokenEnvVariable = "JF_TOKEN" jfPlatformUrlEnvVariable = "JF_PLATFORM_URL" + jfPlatformXrayUrlEnvVariable = "JF_PLATFORM_XRAY_URL" logDirEnvVariable = "AM_LOG_DIRECTORY" notEntitledExitCode = 31 unsupportedCommandExitCode = 13 @@ -138,10 +139,11 @@ func GetAnalyzerManagerExecutableName() string { func GetAnalyzerManagerEnvVariables(serverDetails *config.ServerDetails) (envVars map[string]string, err error) { envVars = map[string]string{ - jfUserEnvVariable: serverDetails.User, - jfPasswordEnvVariable: serverDetails.Password, - jfPlatformUrlEnvVariable: serverDetails.Url, - jfTokenEnvVariable: serverDetails.AccessToken, + jfUserEnvVariable: serverDetails.User, + jfPasswordEnvVariable: serverDetails.Password, + jfPlatformUrlEnvVariable: serverDetails.Url, + jfPlatformXrayUrlEnvVariable: serverDetails.XrayUrl, + jfTokenEnvVariable: serverDetails.AccessToken, } if !utils.IsCI() { analyzerManagerLogFolder, err := coreutils.CreateDirInJfrogHome(filepath.Join(coreutils.JfrogLogsDirName, analyzerManagerLogDirName)) diff --git a/jas/common.go b/jas/common.go index a6499900..bee412a1 100644 --- a/jas/common.go +++ b/jas/common.go @@ -81,6 +81,7 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool, func getJasEnvVars(serverDetails *config.ServerDetails, validateSecrets bool, vars map[string]string) (map[string]string, error) { amBasicVars, err := GetAnalyzerManagerEnvVariables(serverDetails) + log.Debug("Adding the following environment variables to the analyzer manager", amBasicVars) if err != nil { return nil, err } diff --git a/jas/common_test.go b/jas/common_test.go index f499db8e..2c504abc 100644 --- a/jas/common_test.go +++ b/jas/common_test.go @@ -157,6 +157,40 @@ func TestGetJasEnvVars(t *testing.T) { "test": "testValue", }, }, + { + name: "Valid server details xray only", + serverDetails: &config.ServerDetails{ + Url: "", + XrayUrl: "url/xray", + User: "user", + Password: "password", + AccessToken: "token", + }, + expectedOutput: map[string]string{ + jfPlatformUrlEnvVariable: "", + jfPlatformXrayUrlEnvVariable: "url/xray", + jfUserEnvVariable: "user", + jfPasswordEnvVariable: "password", + jfTokenEnvVariable: "token", + }, + }, + { + name: "Valid server details both url and xray", + serverDetails: &config.ServerDetails{ + Url: "url", + XrayUrl: "url/xray", + User: "user", + Password: "password", + AccessToken: "token", + }, + expectedOutput: map[string]string{ + jfPlatformUrlEnvVariable: "url", + jfPlatformXrayUrlEnvVariable: "url/xray", + jfUserEnvVariable: "user", + jfPasswordEnvVariable: "password", + jfTokenEnvVariable: "token", + }, + }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { From e9d9825c29f018985f2ad55841f802e672d8bce1 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Mon, 30 Sep 2024 21:47:49 +0300 Subject: [PATCH 02/13] add xrayUrlOnly to audit_test --- audit_test.go | 36 +++++++++++++++++++++++++++++++++++- scans_test.go | 2 +- tests/utils/test_config.go | 14 +++++++++----- tests/utils/test_utils.go | 4 ++-- 4 files changed, 47 insertions(+), 9 deletions(-) diff --git a/audit_test.go b/audit_test.go index 76e01a53..1e8560f7 100644 --- a/audit_test.go +++ b/audit_test.go @@ -566,7 +566,7 @@ func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) { } func TestXrayAuditNotEntitledForJas(t *testing.T) { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand) + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, false, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) @@ -739,3 +739,37 @@ func TestAuditOnEmptyProject(t *testing.T) { // No issues should be found in an empty project validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) } + +//xray-url only + +func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommandWithXrayUrl) + defer cleanUp() + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false) + // Verify that scan results are printed + securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) + // Verify that JAS results are not printed + securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0) +} + +func getNoJasAuditMockCommandWithXrayUrl() components.Command { + return components.Command{ + Name: docs.Audit, + Flags: docs.GetCommandFlags(docs.Audit), + Action: func(c *components.Context) error { + auditCmd, err := cli.CreateAuditCmd(c) + if err != nil { + return err + } + // Disable Jas for this test + auditCmd.SetUseJas(false) + return progressbar.ExecWithProgress(auditCmd) + }, + } +} + +func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { + output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false) + securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) + securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2, 0, 0) +} diff --git a/scans_test.go b/scans_test.go index 939a6e67..3668326c 100644 --- a/scans_test.go +++ b/scans_test.go @@ -162,7 +162,7 @@ func initNativeDockerWithXrayTest(t *testing.T) (mockCli *coreTests.JfrogCli, cl if !*securityTests.TestDockerScan || !*securityTests.TestSecurity { t.Skip("Skipping Docker scan test. To run Xray Docker test add the '-test.dockerScan=true' and '-test.security=true' options.") } - return securityTestUtils.InitTestWithMockCommandOrParams(t, cli.DockerScanMockCommand) + return securityTestUtils.InitTestWithMockCommandOrParams(t, false, cli.DockerScanMockCommand) } func runDockerScan(t *testing.T, testCli *coreTests.JfrogCli, imageName, watchName string, minViolations, minVulnerabilities, minLicenses int, minInactives int, validateSecrets bool) { diff --git a/tests/utils/test_config.go b/tests/utils/test_config.go index be583877..312b9452 100644 --- a/tests/utils/test_config.go +++ b/tests/utils/test_config.go @@ -50,18 +50,22 @@ func CreateJfrogHomeConfig(t *testing.T, encryptPassword bool) { func InitTestCliDetails(testApplication components.App) { configTests.TestApplication = &testApplication if configTests.PlatformCli == nil { - configTests.PlatformCli = GetTestCli(testApplication) + configTests.PlatformCli = GetTestCli(testApplication, false) } } -func GetTestCli(testApplication components.App) (testCli *coreTests.JfrogCli) { - creds := authenticateXray() +func GetTestCli(testApplication components.App, xrayUrlOnly bool) (testCli *coreTests.JfrogCli) { + creds := authenticateXray(xrayUrlOnly) return coreTests.NewJfrogCli(func() error { return plugins.RunCliWithPlugin(testApplication)() }, "", creds) } -func authenticateXray() string { +func authenticateXray(xrayUrlOnly bool) string { *configTests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*configTests.JfrogUrl) - configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + if xrayUrlOnly { + configTests.XrDetails = &config.ServerDetails{XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + } else { + configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + } cred := fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl) if *configTests.JfrogAccessToken != "" { configTests.XrDetails.AccessToken = *configTests.JfrogAccessToken diff --git a/tests/utils/test_utils.go b/tests/utils/test_utils.go index 9d7a5fa5..7eca74c1 100644 --- a/tests/utils/test_utils.go +++ b/tests/utils/test_utils.go @@ -78,7 +78,7 @@ func ValidateXscVersion(t *testing.T, minVersion string) { } } -func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) { +func InitTestWithMockCommandOrParams(t *testing.T, xrayUrlOnly bool, mockCommands ...func() components.Command) (mockCli *coreTests.JfrogCli, cleanUp func()) { oldHomeDir := os.Getenv(coreutils.HomeDir) // Create server config to use with the command. CreateJfrogHomeConfig(t, true) @@ -87,7 +87,7 @@ func InitTestWithMockCommandOrParams(t *testing.T, mockCommands ...func() compon for _, mockCommand := range mockCommands { commands = append(commands, mockCommand()) } - return GetTestCli(components.CreateEmbeddedApp("security", commands)), func() { + return GetTestCli(components.CreateEmbeddedApp("security", commands), xrayUrlOnly), func() { clientTests.SetEnvAndAssert(t, coreutils.HomeDir, oldHomeDir) } } From 0efe7dd6e44eb710c560689a78b55590bbf1100c Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 1 Oct 2024 11:31:11 +0300 Subject: [PATCH 03/13] fix static analysis --- audit_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/audit_test.go b/audit_test.go index 1e8560f7..98e77ada 100644 --- a/audit_test.go +++ b/audit_test.go @@ -740,7 +740,7 @@ func TestAuditOnEmptyProject(t *testing.T) { validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) } -//xray-url only +// xray-url only func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommandWithXrayUrl) From 9d4996a795967c85269bcb16dcf0a1d8f4c743f9 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 15 Oct 2024 15:30:43 +0300 Subject: [PATCH 04/13] fix audit tests for xray-url --- audit_test.go | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/audit_test.go b/audit_test.go index 98e77ada..43dd8b21 100644 --- a/audit_test.go +++ b/audit_test.go @@ -740,10 +740,10 @@ func TestAuditOnEmptyProject(t *testing.T) { validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) } -// xray-url only +// xray-url only - the following tests check the case of adding "xray-url", instead of "url", which is the more common one func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommandWithXrayUrl) + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false) // Verify that scan results are printed @@ -752,24 +752,10 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0) } -func getNoJasAuditMockCommandWithXrayUrl() components.Command { - return components.Command{ - Name: docs.Audit, - Flags: docs.GetCommandFlags(docs.Audit), - Action: func(c *components.Context) error { - auditCmd, err := cli.CreateAuditCmd(c) - if err != nil { - return err - } - // Disable Jas for this test - auditCmd.SetUseJas(false) - return progressbar.ExecWithProgress(auditCmd) - }, - } -} - func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { - output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false) + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) + defer cleanUp() + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false) securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2, 0, 0) } From 521e5c85c19b29421df82483ae4b60cf977f33d0 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 15 Oct 2024 15:39:40 +0300 Subject: [PATCH 05/13] fix audit tests for xray-url after merge --- audit_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/audit_test.go b/audit_test.go index 43dd8b21..89e323b0 100644 --- a/audit_test.go +++ b/audit_test.go @@ -745,7 +745,7 @@ func TestAuditOnEmptyProject(t *testing.T) { func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() - output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false) + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) // Verify that scan results are printed securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) // Verify that JAS results are not printed @@ -755,7 +755,7 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() - output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false) + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2, 0, 0) } From e0af854760b6489828285aa5c91943caca79ef61 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 15 Oct 2024 15:46:40 +0300 Subject: [PATCH 06/13] fix audit tests for xray-url after merge 2 --- audit_test.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/audit_test.go b/audit_test.go index 89e323b0..2ba4f6fc 100644 --- a/audit_test.go +++ b/audit_test.go @@ -747,15 +747,25 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) // Verify that scan results are printed - securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) + securityTestUtils.VerifySimpleJsonScanResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) // Verify that JAS results are not printed - securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0) + securityTestUtils.VerifySimpleJsonJasResults(t, output, validations.ValidationParams{}) } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) - securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0) - securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2, 0, 0) + securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, validations.ValidationParams{Vulnerabilities: 8}) + securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, validations.ValidationParams{ + Sast: 1, + Iac: 9, + Secrets: 6, + + Vulnerabilities: 8, + Applicable: 3, + Undetermined: 1, + NotCovered: 1, + NotApplicable: 2, + }) } From 3f10cf62f2da4c54e272e1ee60287a0f1636fabd Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 15 Oct 2024 16:13:27 +0300 Subject: [PATCH 07/13] fix audit tests for xray-url after merge 3 --- audit_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/audit_test.go b/audit_test.go index 2ba4f6fc..0de9319c 100644 --- a/audit_test.go +++ b/audit_test.go @@ -747,17 +747,17 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) // Verify that scan results are printed - securityTestUtils.VerifySimpleJsonScanResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) // Verify that JAS results are not printed - securityTestUtils.VerifySimpleJsonJasResults(t, output, validations.ValidationParams{}) + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{}) } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) defer cleanUp() output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) - securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, validations.ValidationParams{Vulnerabilities: 8}) - securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, validations.ValidationParams{ + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) + validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, Iac: 9, Secrets: 6, From 6ea39e4335bab2c709f476b0baeb6e733cdf0eea Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Wed, 16 Oct 2024 14:44:18 +0300 Subject: [PATCH 08/13] fix audit tests for xray-url - with jas --- audit_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/audit_test.go b/audit_test.go index 0de9319c..5e631dc3 100644 --- a/audit_test.go +++ b/audit_test.go @@ -753,9 +753,7 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getNoJasAuditMockCommand) - defer cleanUp() - output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) + output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, From 3e173086290a330e7e3a0ca2d1429c856c6c7517 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Fri, 18 Oct 2024 11:47:02 +0300 Subject: [PATCH 09/13] fix audit tests for xray-url - with jas - test --- audit_test.go | 22 ++++++++++++++++++++-- jas/common.go | 3 ++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/audit_test.go b/audit_test.go index 5e631dc3..ba3518ec 100644 --- a/audit_test.go +++ b/audit_test.go @@ -753,8 +753,9 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { - output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3", false, false) - validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8}) + cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getRealAuditCommand) + defer cleanUp() + output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, Iac: 9, @@ -767,3 +768,20 @@ func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { NotApplicable: 2, }) } + +func getRealAuditCommand() components.Command { + return components.Command{ + Name: docs.Audit, + Flags: docs.GetCommandFlags(docs.Audit), + Category: "Security", + Action: cli.AuditCmd, + } +} + +//func getRealAuditCommand() []components.Command { +// var cmds []components.Command +// for i := range cli.GetJfrogCliSecurityApp().Subcommands { +// cmds = append(cmds, cli.GetJfrogCliSecurityApp().Subcommands[i].Commands...) +// } +// return cmds +//} diff --git a/jas/common.go b/jas/common.go index bee412a1..7fda7e00 100644 --- a/jas/common.go +++ b/jas/common.go @@ -54,11 +54,12 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool, if len(serverDetails.Url) == 0 { if len(serverDetails.XrayUrl) != 0 { log.Debug("Xray URL provided without platform URL") + } else { + log.Warn(NoServerUrlWarn) } if len(serverDetails.ArtifactoryUrl) != 0 { log.Debug("Artifactory URL provided without platform URL") } - log.Warn(NoServerUrlWarn) return } scanner = &JasScanner{} From 539adc7e2422357f3cc8caac2e3ad82ceada31bc Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Sun, 20 Oct 2024 20:30:10 +0300 Subject: [PATCH 10/13] am 110 + fix xray-url cred and test jas-scanner --- audit_test.go | 21 ++------------------- jas/analyzermanager.go | 2 +- jas/common.go | 8 ++++---- tests/utils/test_config.go | 3 ++- 4 files changed, 9 insertions(+), 25 deletions(-) diff --git a/audit_test.go b/audit_test.go index ba3518ec..c83c81fe 100644 --- a/audit_test.go +++ b/audit_test.go @@ -17,6 +17,7 @@ import ( "github.com/jfrog/jfrog-cli-security/utils/formats" "github.com/jfrog/jfrog-cli-security/utils/validations" + testsUtils "github.com/jfrog/jfrog-cli-security/tests/utils" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" "github.com/stretchr/testify/assert" @@ -753,8 +754,7 @@ func TestXrayAuditNotEntitledForJasWithXrayUrl(t *testing.T) { } func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { - cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, true, getRealAuditCommand) - defer cleanUp() + cliToRun := testsUtils.GetTestCli(cli.GetJfrogCliSecurityApp(), true) output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3", false, false) validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{ Sast: 1, @@ -768,20 +768,3 @@ func TestXrayAuditJasSimpleJsonWithXrayUrl(t *testing.T) { NotApplicable: 2, }) } - -func getRealAuditCommand() components.Command { - return components.Command{ - Name: docs.Audit, - Flags: docs.GetCommandFlags(docs.Audit), - Category: "Security", - Action: cli.AuditCmd, - } -} - -//func getRealAuditCommand() []components.Command { -// var cmds []components.Command -// for i := range cli.GetJfrogCliSecurityApp().Subcommands { -// cmds = append(cmds, cli.GetJfrogCliSecurityApp().Subcommands[i].Commands...) -// } -// return cmds -//} diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index def70fbc..b531fdaa 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -24,7 +24,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.9.11" + defaultAnalyzerManagerVersion = "1.10.0" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" diff --git a/jas/common.go b/jas/common.go index 7fda7e00..2154f3c1 100644 --- a/jas/common.go +++ b/jas/common.go @@ -55,12 +55,12 @@ func CreateJasScanner(serverDetails *config.ServerDetails, validateSecrets bool, if len(serverDetails.XrayUrl) != 0 { log.Debug("Xray URL provided without platform URL") } else { + if len(serverDetails.ArtifactoryUrl) != 0 { + log.Debug("Artifactory URL provided without platform URL") + } log.Warn(NoServerUrlWarn) + return } - if len(serverDetails.ArtifactoryUrl) != 0 { - log.Debug("Artifactory URL provided without platform URL") - } - return } scanner = &JasScanner{} if scanner.EnvVars, err = getJasEnvVars(serverDetails, validateSecrets, envVars); err != nil { diff --git a/tests/utils/test_config.go b/tests/utils/test_config.go index 312b9452..9a8966da 100644 --- a/tests/utils/test_config.go +++ b/tests/utils/test_config.go @@ -61,12 +61,13 @@ func GetTestCli(testApplication components.App, xrayUrlOnly bool) (testCli *core func authenticateXray(xrayUrlOnly bool) string { *configTests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*configTests.JfrogUrl) + cred := fmt.Sprintf("--url=%s", *configTests.JfrogUrl) if xrayUrlOnly { + cred = fmt.Sprintf("--xray-url=%s", configTests.XrDetails.XrayUrl) configTests.XrDetails = &config.ServerDetails{XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} } else { configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} } - cred := fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl) if *configTests.JfrogAccessToken != "" { configTests.XrDetails.AccessToken = *configTests.JfrogAccessToken cred += fmt.Sprintf(" --access-token=%s", configTests.XrDetails.AccessToken) From b8c32876915932a7060e0ff34fa3a8a0cf3ef3a0 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Mon, 28 Oct 2024 12:59:34 +0200 Subject: [PATCH 11/13] update AM to 1.10.1 --- jas/analyzermanager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index b531fdaa..079074e1 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -24,7 +24,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.10.0" + defaultAnalyzerManagerVersion = "1.10.1" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager" From 0429494f39930eac7187e03b3e5091754da391e3 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Tue, 29 Oct 2024 11:09:41 +0200 Subject: [PATCH 12/13] fix audit tests for xray-url - authenticateXray --- tests/utils/test_config.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/utils/test_config.go b/tests/utils/test_config.go index 9a8966da..a9addb12 100644 --- a/tests/utils/test_config.go +++ b/tests/utils/test_config.go @@ -61,12 +61,13 @@ func GetTestCli(testApplication components.App, xrayUrlOnly bool) (testCli *core func authenticateXray(xrayUrlOnly bool) string { *configTests.JfrogUrl = clientUtils.AddTrailingSlashIfNeeded(*configTests.JfrogUrl) - cred := fmt.Sprintf("--url=%s", *configTests.JfrogUrl) + var cred string if xrayUrlOnly { - cred = fmt.Sprintf("--xray-url=%s", configTests.XrDetails.XrayUrl) configTests.XrDetails = &config.ServerDetails{XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + cred = fmt.Sprintf("--xray-url=%s", configTests.XrDetails.XrayUrl) } else { configTests.XrDetails = &config.ServerDetails{Url: *configTests.JfrogUrl, ArtifactoryUrl: *configTests.JfrogUrl + configTests.ArtifactoryEndpoint, XrayUrl: *configTests.JfrogUrl + configTests.XrayEndpoint} + cred = fmt.Sprintf("--url=%s", configTests.XrDetails.XrayUrl) } if *configTests.JfrogAccessToken != "" { configTests.XrDetails.AccessToken = *configTests.JfrogAccessToken From 05f4dab8655f13a500bb6ab0c37cc390d4a2d174 Mon Sep 17 00:00:00 2001 From: Hadar Shpivak Date: Thu, 31 Oct 2024 11:01:40 +0200 Subject: [PATCH 13/13] fix audit tests for xray-url - with AM 1.10.2 --- jas/analyzermanager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jas/analyzermanager.go b/jas/analyzermanager.go index 079074e1..a99f8237 100644 --- a/jas/analyzermanager.go +++ b/jas/analyzermanager.go @@ -24,7 +24,7 @@ import ( const ( ApplicabilityFeatureId = "contextual_analysis" AnalyzerManagerZipName = "analyzerManager.zip" - defaultAnalyzerManagerVersion = "1.10.1" + defaultAnalyzerManagerVersion = "1.10.2" analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1" analyzerManagerDirName = "analyzerManager" analyzerManagerExecutableName = "analyzerManager"