Disable generating SARIF for GitHub advance security tab if not entit…

…led for JAS (#166)
jfrog · Sep 5, 2024 · 40f53cc · 40f53cc
1 parent 2243ace
commit 40f53cc
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 0 deletions.
diff --git a/utils/securityJobSummary.go b/utils/securityJobSummary.go
@@ -178,6 +178,10 @@ func RecordSarifOutput(cmdResults *Results) (err error) {
 	if err != nil || manager == nil {
 		return
 	}
+	if cmdResults.ExtendedScanResults == nil || !cmdResults.ExtendedScanResults.EntitledForJas {
+		// If no JAS no GHAS
+		return
+	}
 	extended := true
 	if !extended && !commandsummary.StaticMarkdownConfig.IsExtendedSummary() {
 		log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.")

diff --git a/utils/securityJobSummary_test.go b/utils/securityJobSummary_test.go
@@ -8,9 +8,12 @@ import (
 	"testing"
 
 	"github.com/jfrog/jfrog-cli-core/v2/artifactory/utils/commandsummary"
+	coreUtils "github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	coreTests "github.com/jfrog/jfrog-cli-core/v2/utils/tests"
 	"github.com/jfrog/jfrog-cli-security/formats"
 	"github.com/jfrog/jfrog-cli-security/utils/jasutils"
+	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
+	clientTests "github.com/jfrog/jfrog-client-go/utils/tests"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -37,6 +40,51 @@ var (
 	}
 )
 
+func TestSaveSarifOutputOnlyForJasEntitled(t *testing.T) {
+	testCases := []struct {
+		name          string
+		isJasEntitled bool
+	}{
+		{
+			name:          "JAS entitled",
+			isJasEntitled: true,
+		},
+		{
+			name:          "JAS not entitled",
+			isJasEntitled: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			tempDir, cleanUpDir := coreTests.CreateTempDirWithCallbackAndAssert(t)
+			defer cleanUpDir()
+			cleanUp := clientTests.SetEnvWithCallbackAndAssert(t, coreUtils.SummaryOutputDirPathEnv, tempDir)
+			defer cleanUp()
+
+			assert.NoError(t, RecordSarifOutput(createDummyJasResult(testCase.isJasEntitled)))
+			assert.Equal(t, testCase.isJasEntitled, hasFilesInDir(t, filepath.Join(tempDir, commandsummary.OutputDirName, "security", string(commandsummary.SarifReport))))
+		})
+	}
+}
+
+func createDummyJasResult(entitled bool) *Results {
+	return &Results{
+		ExtendedScanResults: &ExtendedScanResults{EntitledForJas: entitled},
+	}
+}
+
+func hasFilesInDir(t *testing.T, dir string) bool {
+	exists, err := fileutils.IsDirExists(dir, false)
+	assert.NoError(t, err)
+	if !exists {
+		return false
+	}
+	files, err := os.ReadDir(dir)
+	assert.NoError(t, err)
+	return len(files) > 0
+}
+
 func TestSaveLoadData(t *testing.T) {
 	testDockerScanSummary := ScanCommandResultSummary{
 		ResultType: DockerImage,