use gofrog for running commands

.github/workflows/test.yml

@@ -33,6 +33,10 @@ jobs:
         uses: actions/setup-node@v3
         with:
           node-version: "16"
+      - name: Setup Pnpm
+        uses: pnpm/action-setup@v3
+        with:
+          version: 8
       - name: Install Java
         uses: actions/setup-java@v3
         with:

commands/audit/sca/common.go

@@ -1,7 +1,6 @@
 package sca
 
 import (
-	"bytes"
 	"fmt"
 	"os/exec"
 	"path/filepath"
@@ -65,34 +64,6 @@ func LogExecutableVersion(executable string) {
 	log.Debug(fmt.Sprintf("Used %q version: %s", executable, version))
 }
 
-func RunCmdAndGetOutput(executablePath, workingDir string, rawArgs ...string) (stdResult, errResult []byte, err error) {
-	// Prepare the command
-	args := make([]string, 0)
-	for i := 0; i < len(rawArgs); i++ {
-		if strings.TrimSpace(rawArgs[i]) != "" {
-			args = append(args, rawArgs[i])
-		}
-	}
-	cmdName := filepath.Base(executablePath)
-	command := exec.Command(executablePath, args...)
-	command.Dir = workingDir
-	outBuffer := bytes.NewBuffer([]byte{})
-	command.Stdout = outBuffer
-	errBuffer := bytes.NewBuffer([]byte{})
-	command.Stderr = errBuffer
-	// Run the command
-	log.Debug(fmt.Sprintf("Running '%s %s' command at %s", cmdName, strings.Join(rawArgs, " "), workingDir))
-	err = command.Run()
-	errResult = errBuffer.Bytes()
-	stdResult = outBuffer.Bytes()
-	if err != nil {
-		err = fmt.Errorf("error while running '%s %s': %s\n%s", executablePath, strings.Join(args, " "), err.Error(), strings.TrimSpace(string(errResult)))
-		return
-	}
-	log.Debug(fmt.Sprintf("%s '%s' standard output is:\n%s", cmdName, strings.Join(args, " "), strings.TrimSpace(string(stdResult))))
-	return
-}
-
 // BuildImpactPathsForScanResponse builds the full impact paths for each vulnerability found in the scanResult argument, using the dependencyTrees argument.
 // Returns the updated services.ScanResponse slice.
 func BuildImpactPathsForScanResponse(scanResult []services.ScanResponse, dependencyTree []*xrayUtils.GraphNode) []services.ScanResponse {

commands/audit/sca/pnpm/pnpm.go

@@ -4,11 +4,15 @@ import (
 	"encoding/json"
 	"errors"
 	"os/exec"
-	"strings"
+
+	// "strings"
 
 	"github.com/jfrog/gofrog/datastructures"
+	"github.com/jfrog/gofrog/io"
+	// "github.com/jfrog/gofrog/version"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
-	"github.com/jfrog/jfrog-cli-security/commands/audit/sca"
+
+	// "github.com/jfrog/jfrog-cli-security/commands/audit/sca"
 	"github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 
@@ -56,23 +60,23 @@ func getPnpmExecPath() (string, error) {
 	if pnpmExecPath == "" {
 		return "", errors.New("could not find the 'pnpm' executable in the system PATH")
 	}
-	log.Debug("Using pnpm executable:", pnpmExecPath)
-	// Validate pnpm version
-	_, _, err = sca.RunCmdAndGetOutput(pnpmExecPath, "", "--version")
+	log.Debug("Using Pnpm executable:", pnpmExecPath)
+	// Validate pnpm version command
+	version, err := getPnpmCmd(pnpmExecPath, "", "--version").RunWithOutput()
 	if err != nil {
 		return "", err
 	}
+	log.Debug("Pnpm version:", string(version))
 	return pnpmExecPath, nil
 }
 
 // Run 'pnpm ls ...' command and parse the returned result to create a dependencies map of.
 func calculateDependencies(executablePath, workingDir string) ([]pnpmLsProject, error) {
-	npmLsCmdContent, errData, err := sca.RunCmdAndGetOutput(executablePath, workingDir, "ls", "--depth", "Infinity", "--json", "--long")
+	npmLsCmdContent, err := getPnpmCmd(executablePath, workingDir, "ls", "--depth", "Infinity", "--json", "--long").RunWithOutput()
 	if err != nil {
 		return nil, err
-	} else if len(errData) > 0 {
-		log.Warn("Encountered some issues while running 'pnpm ls' command:\n" + strings.TrimSpace(string(errData)))
 	}
+	log.Debug("Pnpm ls command output:\n", string(npmLsCmdContent))
 	output := &[]pnpmLsProject{}
 	if err := json.Unmarshal(npmLsCmdContent, output); err != nil {
 		return nil, err
@@ -135,3 +139,11 @@ func appendUniqueChild(children []string, candidateDependency string) []string {
 	}
 	return append(children, candidateDependency)
 }
+
+func getPnpmCmd(pnpmExecPath, workingDir, cmd string, args ...string) *io.Command {
+	command := io.NewCommand(pnpmExecPath, cmd, args)
+	if workingDir != "" {
+		command.Dir = workingDir
+	}
+	return command
+}

go.mod

@@ -98,6 +98,6 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240131150727-f47214b2b342
+replace github.com/jfrog/jfrog-cli-core/v2 => github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240211085821-ef4276849d1f
 
 // replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev

go.sum

@@ -18,8 +18,8 @@ github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer5
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240131150727-f47214b2b342 h1:HgTRNuOWxEXLZ7ydUeviOq5pVD033iNMgE4GNhPznZE=
-github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240131150727-f47214b2b342/go.mod h1:RVn4pIkR5fPUnr8gFXt61ou3pCNrrDdRQUpcolP4lhw=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240211085821-ef4276849d1f h1:CEP7i/QHmzNCYmJefxUHgO/3t7nC4ly1ZHm1QoR7Dsk=
+github.com/attiasas/jfrog-cli-core/v2 v2.0.0-20240211085821-ef4276849d1f/go.mod h1:+eraSKhahQf7tj09+g3rAA2Z+XPnZGfMc0y8uUDecZw=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=