jfrog · omerzi · Apr 5, 2023 · Jan 15, 2023 · Jan 30, 2023 · Feb 6, 2023
diff --git a/artifactory/commands/gradle/gradle.go b/artifactory/commands/gradle/gradle.go
@@ -56,7 +56,7 @@ func (gc *GradleCommand) SetServerDetails(serverDetails *config.ServerDetails) *
 
 func (gc *GradleCommand) init() (vConfig *viper.Viper, err error) {
 	// Read config
-	vConfig, err = utils.ReadGradleConfig(gc.configPath, nil)
+	vConfig, err = utils.ReadConfigFile(gc.configPath, utils.YAML)
 	if err != nil {
 		return
 	}

diff --git a/artifactory/utils/buildinfoproperties.go b/artifactory/utils/buildinfoproperties.go
@@ -155,15 +155,6 @@ func ReadConfigFile(configPath string, configType ConfigType) (config *viper.Vip
 	return config, errorutils.CheckError(err)
 }
 
-func ReadGradleConfig(path string, gradleConfigParams map[string]any) (config *viper.Viper, err error) {
-	if path == "" {
-		config = createDefaultConfigWithParams(YAML, Gradle.String(), gradleConfigParams)
-	} else {
-		config, err = ReadConfigFile(path, YAML)
-	}
-	return
-}
-
 func ReadMavenConfig(path string, mvnProps map[string]any) (config *viper.Viper, err error) {
 	if path == "" {
 		config = createDefaultConfigWithParams(YAML, Maven.String(), mvnProps)

diff --git a/go.mod b/go.mod
@@ -92,7 +92,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go v1.28.1-0.20230404093618-e0aec23ce1c3
+replace github.com/jfrog/jfrog-client-go => github.com/omerzi/jfrog-client-go v1.13.2-0.20230404093739-610cb3af8862
 
 replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e
 

diff --git a/go.sum b/go.sum
@@ -202,8 +202,6 @@ github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e h1:MB5u0Kbq9
 github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e/go.mod h1:HIrpwf4p4XHpAx+N+rb8SX9yrWYWs7X4rT/s0GOJfW8=
 github.com/jfrog/gofrog v1.2.5 h1:jCgJC0iGQ8bU7jCC+YEFJTNINyngApIrhd8BjZAVRIE=
 github.com/jfrog/gofrog v1.2.5/go.mod h1:o00tSRff6IapTgaCMuX1Cs9MH08Y1JqnsKgRtx91Gc4=
-github.com/jfrog/jfrog-client-go v1.28.1-0.20230404093618-e0aec23ce1c3 h1:I2cxiZvfEF5Gc5sL3nPsV+04ONjLVVG7v4nUn6HAVeU=
-github.com/jfrog/jfrog-client-go v1.28.1-0.20230404093618-e0aec23ce1c3/go.mod h1:XJhlPfi6iayIVc2SQ/RbztDQOnbnNatsUSQr7wbJ8Ag=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
@@ -256,6 +254,8 @@ github.com/mmcloughlin/avo v0.5.0/go.mod h1:ChHFdoV7ql95Wi7vuq2YT1bwCJqiWdZrQ1im
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nwaples/rardecode v1.1.0 h1:vSxaY8vQhOcVr4mm5e8XllHWTiM4JF507A0Katqw7MQ=
 github.com/nwaples/rardecode v1.1.0/go.mod h1:5DzqNKiOdpKKBH87u8VlvAnPZMXcGRhxWkRpHbbfGS0=
+github.com/omerzi/jfrog-client-go v1.13.2-0.20230404093739-610cb3af8862 h1:lQb9V8FxJ5YUvufcvdzkcNV4jWIHh3vo6xFvWFGwqpc=
+github.com/omerzi/jfrog-client-go v1.13.2-0.20230404093739-610cb3af8862/go.mod h1:XJhlPfi6iayIVc2SQ/RbztDQOnbnNatsUSQr7wbJ8Ag=
 github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U=
 github.com/owenrumney/go-sarif/v2 v2.1.3 h1:1guchw824yg1CwjredY8pnzcE0SG+sfNzFY5CUYWgE4=
 github.com/owenrumney/go-sarif/v2 v2.1.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w=

diff --git a/utils/config/config.go b/utils/config/config.go
@@ -589,7 +589,7 @@ type MissionControlDetails struct {
 }
 
 func (serverDetails *ServerDetails) IsEmpty() bool {
-	return len(serverDetails.ServerId) == 0
+	return len(serverDetails.ServerId) == 0 && serverDetails.Url == ""
 }
 
 func (serverDetails *ServerDetails) SetUser(username string) {

diff --git a/utils/coreutils/techutils.go b/utils/coreutils/techutils.go
@@ -58,9 +58,9 @@ var technologiesData = map[Technology]TechData{
 		execCommand:       "mvn",
 	},
 	Gradle: {
-		indicators:        []string{".gradle"},
+		indicators:        []string{".gradle", ".gradle.kts"},
 		ciSetupSupport:    true,
-		packageDescriptor: "build.gradle",
+		packageDescriptor: "build.gradle, build.gradle.kts",
 	},
 	Npm: {
 		indicators:                 []string{"package.json", "package-lock.json", "npm-shrinkwrap.json"},

diff --git a/utils/mvn/utils.go b/utils/mvn/utils.go
@@ -14,7 +14,8 @@ import (
 	"github.com/spf13/viper"
 )
 
-func RunMvn(vConfig *viper.Viper, buildArtifactsDetailsFile string, buildConf *utils.BuildConfiguration, goals []string, threads int, insecureTls, disableDeploy bool) error {
+func RunMvn(vConfig *viper.Viper, buildArtifactsDetailsFile string, buildConf *utils.BuildConfiguration,
+	goals []string, threads int, insecureTls, disableDeploy bool) error {
 	buildInfoService := utils.CreateBuildInfoService()
 	buildName, err := buildConf.GetBuildName()
 	if err != nil {

diff --git a/xray/audit/commonutils.go b/xray/audit/commonutils.go
@@ -134,3 +134,94 @@ func GetExecutableVersion(executable string) (version string, err error) {
 	log.Debug(fmt.Sprintf("Used %q version: %s", executable, version))
 	return
 }
+
+// BuildImpactPathsForScanResponse builds the full impact paths for each vulnerability found in the scanResult argument, using the dependencyTrees argument.
+// Returns the updated services.ScanResponse slice.
+func BuildImpactPathsForScanResponse(scanResult []services.ScanResponse, dependencyTrees []*services.GraphNode) []services.ScanResponse {
+	for _, result := range scanResult {
+		if len(result.Vulnerabilities) > 0 {
+			buildVulnerabilitiesImpactPaths(result.Vulnerabilities, dependencyTrees)
+		}
+		if len(result.Violations) > 0 {
+			buildViolationsImpactPaths(result.Violations, dependencyTrees)
+		}
+		if len(result.Licenses) > 0 {
+			buildLicensesImpactPaths(result.Licenses, dependencyTrees)
+		}
+	}
+	return scanResult
+}
+
+func buildVulnerabilitiesImpactPaths(vulnerabilities []services.Vulnerability, dependencyTrees []*services.GraphNode) {
+	vulnerabilitiesMap := setVulnerabilitiesPathsMap(vulnerabilities, dependencyTrees)
+	for i := range vulnerabilities {
+		for dependencyName := range vulnerabilities[i].Components {
+			updateVulnerableComponent(vulnerabilities[i].Components, vulnerabilitiesMap[dependencyName], dependencyName)
+		}
+	}
+}
+
+func buildViolationsImpactPaths(violations []services.Violation, dependencyTrees []*services.GraphNode) {
+	violationsMap := setVulnerabilitiesPathsMap(violations, dependencyTrees)
+	for i := range violations {
+		for dependencyName := range violations[i].Components {
+			updateVulnerableComponent(violations[i].Components, violationsMap[dependencyName], dependencyName)
+		}
+	}
+}
+
+func buildLicensesImpactPaths(licenses []services.License, dependencyTrees []*services.GraphNode) {
+	licensesMap := setVulnerabilitiesPathsMap(licenses, dependencyTrees)
+	for i := range licenses {
+		for dependencyName := range licenses[i].Components {
+			updateVulnerableComponent(licenses[i].Components, licensesMap[dependencyName], dependencyName)
+		}
+	}
+}
+
+func setVulnerabilitiesPathsMap(issues interface{}, dependencyTrees []*services.GraphNode) map[string][][]services.ImpactPathNode {
+	issueMap := make(map[string][][]services.ImpactPathNode)
+	switch v := issues.(type) {
+	case []services.Vulnerability:
+		for _, vulnerability := range v {
+			for dependencyName := range vulnerability.Components {
+				issueMap[dependencyName] = [][]services.ImpactPathNode{}
+			}
+		}
+	case []services.Violation:
+		for _, violation := range v {
+			for dependencyName := range violation.Components {
+				issueMap[dependencyName] = [][]services.ImpactPathNode{}
+			}
+		}
+	case []services.License:
+		for _, license := range v {
+			for dependencyName := range license.Components {
+				issueMap[dependencyName] = [][]services.ImpactPathNode{}
+			}
+		}
+	}
+
+	for _, dependency := range dependencyTrees {
+		setPathsForIssues(dependency, issueMap, []services.ImpactPathNode{})
+	}
+	return issueMap
+}
+
+func updateVulnerableComponent(components map[string]services.Component, impactPaths [][]services.ImpactPathNode, dependencyName string) {
+	components[dependencyName] = services.Component{
+		FixedVersions: components[dependencyName].FixedVersions,
+		ImpactPaths:   impactPaths,
+		Cpes:          components[dependencyName].Cpes,
+	}
+}
+
+func setPathsForIssues(dependency *services.GraphNode, issuesMap map[string][][]services.ImpactPathNode, impactPath []services.ImpactPathNode) {
+	impactPath = append(impactPath, services.ImpactPathNode{ComponentId: dependency.Id})
+	if _, exists := issuesMap[dependency.Id]; exists {
+		issuesMap[dependency.Id] = append(issuesMap[dependency.Id], impactPath)
+	}
+	for _, depChild := range dependency.Nodes {
+		setPathsForIssues(depChild, issuesMap, impactPath)
+	}
+}
diff --git a/xray/audit/commonutils_test.go b/xray/audit/commonutils_test.go
@@ -0,0 +1,126 @@
+package audit
+
+import (
+	"github.com/jfrog/jfrog-client-go/xray/services"
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func TestSetPathsForIssues(t *testing.T) {
+	// Create a test dependency tree
+	rootNode := &services.GraphNode{Id: "root"}
+	childNode1 := &services.GraphNode{Id: "child1"}
+	childNode2 := &services.GraphNode{Id: "child2"}
+	childNode3 := &services.GraphNode{Id: "child3"}
+	childNode4 := &services.GraphNode{Id: "child4"}
+	childNode5 := &services.GraphNode{Id: "child5"}
+	rootNode.Nodes = []*services.GraphNode{childNode1, childNode2, childNode3}
+	childNode2.Nodes = []*services.GraphNode{childNode4}
+	childNode3.Nodes = []*services.GraphNode{childNode5}
+
+	// Create a test issues map
+	issuesMap := make(map[string][][]services.ImpactPathNode)
+	issuesMap["child1"] = make([][]services.ImpactPathNode, 0)
+	issuesMap["child4"] = make([][]services.ImpactPathNode, 0)
+	issuesMap["child5"] = make([][]services.ImpactPathNode, 0)
+
+	// Call setPathsForIssues with the test data
+	setPathsForIssues(rootNode, issuesMap, []services.ImpactPathNode{})
+
+	// Check the results
+	assert.Equal(t, issuesMap["child1"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child1"][0][1].ComponentId, "child1")
+
+	assert.Equal(t, issuesMap["child4"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child4"][0][1].ComponentId, "child2")
+	assert.Equal(t, issuesMap["child4"][0][2].ComponentId, "child4")
+
+	assert.Equal(t, issuesMap["child5"][0][0].ComponentId, "root")
+	assert.Equal(t, issuesMap["child5"][0][1].ComponentId, "child3")
+	assert.Equal(t, issuesMap["child5"][0][2].ComponentId, "child5")
+}
+
+func TestUpdateVulnerableComponent(t *testing.T) {
+	// Create test data
+	components := map[string]services.Component{
+		"dependency1": {
+			FixedVersions: []string{"1.0.0"},
+			ImpactPaths:   [][]services.ImpactPathNode{},
+		},
+	}
+	impactPaths := [][]services.ImpactPathNode{
+		{{ComponentId: "dependency2"}},
+	}
+	dependencyName := "dependency1"
+	updateVulnerableComponent(components, impactPaths, dependencyName)
+
+	// Check the result
+	expected := services.Component{
+		FixedVersions: []string{"1.0.0"},
+		ImpactPaths:   impactPaths,
+	}
+	assert.Equal(t, expected, components[dependencyName])
+}
+
+func TestBuildImpactPaths(t *testing.T) {
+	// create sample scan result and dependency trees
+	scanResult := []services.ScanResponse{
+		{
+			Vulnerabilities: []services.Vulnerability{
+				{
+					Components: map[string]services.Component{
+						"dep1": {
+							FixedVersions: []string{"1.2.3"},
+							Cpes:          []string{"cpe:/o:vendor:product:1.2.3"},
+						},
+					},
+				},
+			},
+			Violations: []services.Violation{
+				{
+					Components: map[string]services.Component{
+						"dep2": {
+							FixedVersions: []string{"4.5.6"},
+							Cpes:          []string{"cpe:/o:vendor:product:4.5.6"},
+						},
+					},
+				},
+			},
+			Licenses: []services.License{
+				{
+					Components: map[string]services.Component{
+						"dep3": {
+							FixedVersions: []string{"7.8.9"},
+							Cpes:          []string{"cpe:/o:vendor:product:7.8.9"},
+						},
+					},
+				},
+			},
+		},
+	}
+	dependencyTrees := []*services.GraphNode{
+		{
+			Id: "dep1",
+			Nodes: []*services.GraphNode{
+				{
+					Id: "dep2",
+					Nodes: []*services.GraphNode{
+						{
+							Id:    "dep3",
+							Nodes: []*services.GraphNode{},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	scanResult = BuildImpactPathsForScanResponse(scanResult, dependencyTrees)
+	// assert that the components were updated with impact paths
+	expectedImpactPaths := [][]services.ImpactPathNode{{{ComponentId: "dep1"}}}
+	assert.Equal(t, expectedImpactPaths, scanResult[0].Vulnerabilities[0].Components["dep1"].ImpactPaths)
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}, {ComponentId: "dep2"}}}
+	assert.Equal(t, expectedImpactPaths, scanResult[0].Violations[0].Components["dep2"].ImpactPaths)
+	expectedImpactPaths = [][]services.ImpactPathNode{{{ComponentId: "dep1"}, {ComponentId: "dep2"}, {ComponentId: "dep3"}}}
+	assert.Equal(t, expectedImpactPaths, scanResult[0].Licenses[0].Components["dep3"].ImpactPaths)
+}