From bd24f7bc04d9f6bfe5006740d24c058d74423707 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 11 Sep 2024 16:24:44 +0300 Subject: [PATCH 1/9] Added project's utilized tech to audit params if an 'install' command was provided by the user --- utils/params.go | 4 ++++ utils/scandetails.go | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/utils/params.go b/utils/params.go index 02fa1190c..c9075fc94 100644 --- a/utils/params.go +++ b/utils/params.go @@ -129,6 +129,10 @@ func (p *Project) setDefaultsIfNeeded() error { return nil } +func (p *Project) GetTechFromInstallCmdIfExists() string { + return p.InstallCommandName +} + type Scan struct { IncludeAllVulnerabilities bool `yaml:"includeAllVulnerabilities,omitempty"` FixableOnly bool `yaml:"fixableOnly,omitempty"` diff --git a/utils/scandetails.go b/utils/scandetails.go index d1a1f11f2..4936532c1 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -153,7 +153,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetIgnoreConfigFile(true). SetServerDetails(sc.ServerDetails). SetInstallCommandName(sc.InstallCommandName). - SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true) + SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true). + SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) auditParams := audit.NewAuditParams(). SetWorkingDirs(workDirs). From b082dedef915f4a8bdfae8d5fd4d8a5f6f547aab Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 11 Sep 2024 17:04:32 +0300 Subject: [PATCH 2/9] checking cause for all failing tests --- utils/scandetails.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/scandetails.go b/utils/scandetails.go index 4936532c1..e31965194 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -153,8 +153,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetIgnoreConfigFile(true). SetServerDetails(sc.ServerDetails). SetInstallCommandName(sc.InstallCommandName). - SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true). - SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) + SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true) + //SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) auditParams := audit.NewAuditParams(). SetWorkingDirs(workDirs). From 51a9c835c2cc62593b1cbf925f649224c1539918 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 11 Sep 2024 17:38:12 +0300 Subject: [PATCH 3/9] re-applying changes --- utils/scandetails.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/scandetails.go b/utils/scandetails.go index e31965194..4936532c1 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -153,8 +153,8 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetIgnoreConfigFile(true). SetServerDetails(sc.ServerDetails). SetInstallCommandName(sc.InstallCommandName). - SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true) - //SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) + SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true). + SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) auditParams := audit.NewAuditParams(). SetWorkingDirs(workDirs). From e56c30bb6f0f7f2ad6ae45396bd9d77395b36b65 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Wed, 11 Sep 2024 18:08:29 +0300 Subject: [PATCH 4/9] . --- utils/params.go | 7 +++++-- utils/scandetails.go | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/utils/params.go b/utils/params.go index c9075fc94..ef56d00b8 100644 --- a/utils/params.go +++ b/utils/params.go @@ -129,8 +129,11 @@ func (p *Project) setDefaultsIfNeeded() error { return nil } -func (p *Project) GetTechFromInstallCmdIfExists() string { - return p.InstallCommandName +func (p *Project) GetTechFromInstallCmdIfExists() []string { + if p.InstallCommandName != "" { + return []string{p.InstallCommandName} + } + return nil } type Scan struct { diff --git a/utils/scandetails.go b/utils/scandetails.go index 4936532c1..182af3a2b 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -154,7 +154,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *xra SetServerDetails(sc.ServerDetails). SetInstallCommandName(sc.InstallCommandName). SetInstallCommandArgs(sc.InstallCommandArgs).SetUseJas(true). - SetTechnologies([]string{sc.GetTechFromInstallCmdIfExists()}) + SetTechnologies(sc.GetTechFromInstallCmdIfExists()) auditParams := audit.NewAuditParams(). SetWorkingDirs(workDirs). From 623390db594efacfcaf32834319c56b120b51db8 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 15 Sep 2024 10:12:34 +0300 Subject: [PATCH 5/9] updating go.mod --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4ce633aa9..7aab4b338 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -// replace github.com/jfrog/jfrog-cli-security => github.com/orz25/jfrog-cli-security dev +replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index a30dea61f..e87ad7625 100644 --- a/go.sum +++ b/go.sum @@ -707,6 +707,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= +github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad h1:YtCyiRArXnmHx3LPLLoaGwwIJYd/9XujezQgp6PIZB8= +github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -901,8 +903,6 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8= github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0= -github.com/jfrog/jfrog-cli-security v1.8.1 h1:VdU3pnI5iufqw1ctcvej7N6ao9dx4ADhwQIPETmtkYg= -github.com/jfrog/jfrog-cli-security v1.8.1/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/jfrog/jfrog-client-go v1.46.2 h1:1rk7PliYGc7zVSFVE2/RO77JOR1KdEtr28os8GQiLyI= github.com/jfrog/jfrog-client-go v1.46.2/go.mod h1:qtQ9ML8xrRJmUwU/t6QRsov7C5mIZndTDY3qulgB5hA= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA= From 833118567e080a3758ecec7d1a33921e19ebd26a Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 15 Sep 2024 15:07:02 +0300 Subject: [PATCH 6/9] added a fix for misidentified tech when dotnet restore command is provided from user --- utils/params.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utils/params.go b/utils/params.go index ef56d00b8..dbfe024a9 100644 --- a/utils/params.go +++ b/utils/params.go @@ -131,7 +131,10 @@ func (p *Project) setDefaultsIfNeeded() error { func (p *Project) GetTechFromInstallCmdIfExists() []string { if p.InstallCommandName != "" { - return []string{p.InstallCommandName} + technologies := []string{p.InstallCommandName} + if strings.ToLower(p.InstallCommandName) == "dotnet" { + technologies = append(technologies, "nuget") + } } return nil } From 682078dc3507b84c617943756a07b768bfc4540c Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 15 Sep 2024 19:58:39 +0300 Subject: [PATCH 7/9] . --- utils/params.go | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/utils/params.go b/utils/params.go index dbfe024a9..248f44716 100644 --- a/utils/params.go +++ b/utils/params.go @@ -4,8 +4,10 @@ import ( "context" "errors" "fmt" + "github.com/jfrog/jfrog-cli-security/utils/techutils" "github.com/jfrog/jfrog-cli-security/utils/xsc" "github.com/jfrog/jfrog-client-go/xsc/services" + "golang.org/x/exp/slices" "net/http" "net/url" "os" @@ -130,13 +132,18 @@ func (p *Project) setDefaultsIfNeeded() error { } func (p *Project) GetTechFromInstallCmdIfExists() []string { + var technologies []string if p.InstallCommandName != "" { - technologies := []string{p.InstallCommandName} + if !slices.Contains(techutils.AllTechnologiesStrings, p.InstallCommandName) { + log.Warn(fmt.Sprintf("The technology ā€˜%sā€™ was inferred from the provided install command but is not listed among the supported technologies. Please provide an install command for one of the following supported technologies: %s", p.InstallCommandName, techutils.AllTechnologiesStrings)) + return technologies + } + technologies = append(technologies, p.InstallCommandName) if strings.ToLower(p.InstallCommandName) == "dotnet" { technologies = append(technologies, "nuget") } } - return nil + return technologies } type Scan struct { From 62f17fcd5ef0eef7b65bc66f0c190ea97a9fe078 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 15 Sep 2024 21:31:57 +0300 Subject: [PATCH 8/9] . --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7aab4b338..9949350b7 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad +replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index e87ad7625..e3e78c317 100644 --- a/go.sum +++ b/go.sum @@ -707,8 +707,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad h1:YtCyiRArXnmHx3LPLLoaGwwIJYd/9XujezQgp6PIZB8= -github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915064209-9a55f2135bad/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= +github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843 h1:2DMJPS8H51Ra4FuxThlvqe+uoyDV/WQ5CqNj3L48Akk= +github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= From 8e4ea8b73a65f98a81b7510662e13ba39b33c9d4 Mon Sep 17 00:00:00 2001 From: Eran Turgeman Date: Sun, 15 Sep 2024 22:55:13 +0300 Subject: [PATCH 9/9] updated cli-security to latest dev --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9949350b7..1e825f84d 100644 --- a/go.mod +++ b/go.mod @@ -119,7 +119,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect ) -replace github.com/jfrog/jfrog-cli-security => github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843 +replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev diff --git a/go.sum b/go.sum index e3e78c317..f109d7bdc 100644 --- a/go.sum +++ b/go.sum @@ -707,8 +707,6 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7 github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= -github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843 h1:2DMJPS8H51Ra4FuxThlvqe+uoyDV/WQ5CqNj3L48Akk= -github.com/eranturgeman/jfrog-cli-security v0.0.0-20240915175227-413008337843/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/fatih/color v1.14.1 h1:qfhVLaG5s+nCROl1zJsZRxFeYrHLqWroPOQ8BWiNb4w= github.com/fatih/color v1.14.1/go.mod h1:2oHN61fhTpgcxD3TSWCgKDiH1+x4OiDVVGH8WlgGZGg= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= @@ -903,6 +901,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w= github.com/jfrog/jfrog-cli-core/v2 v2.55.7 h1:V4dO2FMNIH49lov3dMj3jYRg8KBTG7hyhHI8ftYByf8= github.com/jfrog/jfrog-cli-core/v2 v2.55.7/go.mod h1:DPO5BfWAeOByahFMMy+PcjmbPlcyoRy7Bf2C5sGKVi0= +github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e h1:ez781jDFeMr1/odsF21AcvPDtrypflNQhddP4OnzXio= +github.com/jfrog/jfrog-cli-security v1.8.2-0.20240915195230-f6f8065c192e/go.mod h1:QIHSX8FiuQWYtM6e0JPaREldPk8goNpUFtu9ZF2oG+U= github.com/jfrog/jfrog-client-go v1.46.2 h1:1rk7PliYGc7zVSFVE2/RO77JOR1KdEtr28os8GQiLyI= github.com/jfrog/jfrog-client-go v1.46.2/go.mod h1:qtQ9ML8xrRJmUwU/t6QRsov7C5mIZndTDY3qulgB5hA= github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=