Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malicious code scanner #296

Open
wants to merge 19 commits into
base: dev
Choose a base branch
from
Open

Malicious code scanner #296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
2c2320b
send filename to xray in sbom-enrich
barv-jfrog Jan 27, 2025
9290985
send filename to xray in sbom-enrich
barv-jfrog Jan 27, 2025
e0a4eac
malicious-code-scanner
barv-jfrog Jan 29, 2025
70956f9
Merge branch 'dev' into malicious-code-scanner
barv-jfrog Feb 2, 2025
289e2cd
malicious-code-scanner
barv-jfrog Feb 12, 2025
8620964
malicious-code-scanner
barv-jfrog Feb 12, 2025
48bf043
malicious-code-scanner
barv-jfrog Feb 12, 2025
d13464d
malicious-code-scanner
barv-jfrog Feb 12, 2025
3b13941
malicious-code-scanner
barv-jfrog Feb 13, 2025
5572259
Merge branch 'dev' into malicious-code-scanner
barv-jfrog Feb 20, 2025
e4b2484
malicious-code-scanner
barv-jfrog Feb 27, 2025
887b34b
malicious-code-scanner
barv-jfrog Feb 27, 2025
2e773c7
Merge remote-tracking branch 'origin/malicious-code-scanner' into mal…
barv-jfrog Feb 27, 2025
06b1175
malicious-code-scanner
barv-jfrog Feb 27, 2025
5f1bc0f
malicious-code-scanner
barv-jfrog Mar 2, 2025
52f4073
malicious-code-scanner
barv-jfrog Mar 4, 2025
3701604
malicious-code-scanner
barv-jfrog Mar 4, 2025
0d80189
malicious-code-scanner
barv-jfrog Mar 4, 2025
6acdd3c
malicious-code-scanner
barv-jfrog Mar 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions audit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -415,9 +415,9 @@ func TestXrayAuditMultiProjects(t *testing.T) {
output := securityTests.PlatformCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(format.SimpleJson), workingDirsFlag)

validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Total: &validations.TotalCount{Vulnerabilities: 43},
Total: &validations.TotalCount{Vulnerabilities: 44},
Vulnerabilities: &validations.VulnerabilityCount{
ValidateScan: &validations.ScanCount{Sca: 27, Sast: 1, Iac: 9, Secrets: 6},
ValidateScan: &validations.ScanCount{Sca: 27, Sast: 1, Iac: 9, Secrets: 6, Malicious: 1},
ValidateApplicabilityStatus: &validations.ApplicabilityStatusCount{Applicable: 3, NotCovered: 22, NotApplicable: 2},
},
})
Expand Down
11 changes: 6 additions & 5 deletions cli/docs/flags.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ const (
Iac = "iac"
Sast = "sast"
Secrets = "secrets"
Malicious = "malicious-code"
WithoutCA = "without-contextual-analysis"
)

Expand Down Expand Up @@ -160,7 +161,7 @@ var commandFlags = map[string][]string{
url, xrayUrl, user, password, accessToken, ServerId, InsecureTls, Project, Watches, RepoPath, Sbom, Licenses, OutputFormat, ExcludeTestDeps,
useWrapperAudit, DepType, RequirementsFile, Fail, ExtendedTable, WorkingDirs, ExclusionsAudit, Mvn, Gradle, Npm,
Pnpm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
Sca, Iac, Sast, Secrets, WithoutCA, ScanVuln, SecretValidation, OutputDir, SkipAutoInstall, AllowPartialResults, MaxTreeDepth,
Sca, Iac, Sast, Secrets, Malicious, WithoutCA, ScanVuln, SecretValidation, OutputDir, SkipAutoInstall, AllowPartialResults, MaxTreeDepth,
},
GitAudit: {
// Connection params
Expand Down Expand Up @@ -276,13 +277,13 @@ var flagsMap = map[string]components.Flag{
),
RequirementsFile: components.NewStringFlag(RequirementsFile, "[Pip] Defines pip requirements file name. For example: 'requirements.txt'."),
CurationOutput: components.NewStringFlag(OutputFormat, "Defines the output format of the command. Acceptable values are: table, json.", components.WithStrDefaultValue("table")),
Sca: components.NewBoolFlag(Sca, fmt.Sprintf("Selective scanners mode: Execute SCA (Software Composition Analysis) sub-scan. Use --%s to run both SCA and Contextual Analysis. Use --%s --%s to to run SCA. Can be combined with --%s, --%s, --%s.", Sca, Sca, WithoutCA, Secrets, Sast, Iac)),
Iac: components.NewBoolFlag(Iac, fmt.Sprintf("Selective scanners mode: Execute IaC sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Secrets, Sast)),
Sast: components.NewBoolFlag(Sast, fmt.Sprintf("Selective scanners mode: Execute SAST sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Secrets, Iac)),
Sca: components.NewBoolFlag(Sca, fmt.Sprintf("Selective scanners mode: Execute SCA (Software Composition Analysis) sub-scan. Use --%s to run both SCA and Contextual Analysis. Use --%s --%s to to run SCA. Can be combined with --%s, --%s, --%s, --%s.", Sca, Sca, WithoutCA, Secrets, Malicious, Sast, Iac)),
Iac: components.NewBoolFlag(Iac, fmt.Sprintf("Selective scanners mode: Execute IaC sub-scan. Can be combined with --%s, --%s, --%s and --%s.", Sca, Secrets, Malicious, Sast)),
Sast: components.NewBoolFlag(Sast, fmt.Sprintf("Selective scanners mode: Execute SAST sub-scan. Can be combined with --%s, --%s, --%s and --%s.", Sca, Secrets, Malicious, Iac)),
Secrets: components.NewBoolFlag(Secrets, fmt.Sprintf("Selective scanners mode: Execute Secrets sub-scan. Can be combined with --%s, --%s and --%s.", Sca, Sast, Iac)),
WithoutCA: components.NewBoolFlag(WithoutCA, fmt.Sprintf("Selective scanners mode: Disable Contextual Analysis scanner after SCA. Relevant only with --%s flag.", Sca)),
SecretValidation: components.NewBoolFlag(SecretValidation, fmt.Sprintf("Selective scanners mode: Triggers token validation on found secrets. Relevant only with --%s flag.", Secrets)),

Malicious: components.NewBoolFlag(Malicious, fmt.Sprintf("Selective scanners mode: Executes Malicious code sub scan. Relevant only with --%s flag.", Malicious)),
// Git flags
InputFile: components.NewStringFlag(InputFile, "Path to an input file in YAML format contains multiple git providers. With this option, all other scm flags will be ignored and only git servers mentioned in the file will be examined.."),
ScmType: components.NewStringFlag(ScmType, fmt.Sprintf("SCM type. Possible values are: %s.", contributors.NewScmType().GetValidScmTypeString()), components.SetMandatory()),
Expand Down
4 changes: 3 additions & 1 deletion commands/audit/audit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package audit
import (
"errors"
"fmt"
"github.com/jfrog/jfrog-cli-security/jas/maliciouscode"
"strings"

"github.com/jfrog/gofrog/parallel"
Expand Down Expand Up @@ -203,7 +204,7 @@ func (auditCmd *AuditCommand) Run() (err error) {
func (auditCmd *AuditCommand) getResultWriter(cmdResults *results.SecurityCommandResults) *output.ResultsWriter {
var messages []string
if !cmdResults.EntitledForJas {
messages = []string{coreutils.PrintTitle("The ‘jf audit’ command also supports JFrog Advanced Security features, such as 'Contextual Analysis', 'Secret Detection', 'IaC Scan' and ‘SAST’.\nThis feature isn't enabled on your system. Read more - ") + coreutils.PrintLink(utils.JasInfoURL)}
messages = []string{coreutils.PrintTitle("The ‘jf audit’ command also supports JFrog Advanced Security features, such as 'Contextual Analysis', 'Secret Detection', 'Malicious Code Scan', 'IaC Scan' and ‘SAST’.\nThis feature isn't enabled on your system. Read more - ") + coreutils.PrintLink(utils.JasInfoURL)}
}
return output.NewResultsWriter(cmdResults).
SetOutputFormat(auditCmd.OutputFormat()).
Expand Down Expand Up @@ -352,6 +353,7 @@ func createJasScansTasks(auditParallelRunner *utils.SecurityParallelRunner, scan
ConfigProfile: auditParams.configProfile,
ScansToPerform: auditParams.ScansToPerform(),
SecretsScanType: secrets.SecretsScannerType,
MaliciousScanType: maliciouscode.MaliciousScannerType,
DirectDependencies: auditParams.DirectDependencies(),
ThirdPartyApplicabilityScan: auditParams.thirdPartyApplicabilityScan,
ApplicableScanType: applicability.ApplicabilityScannerType,
Expand Down
8 changes: 5 additions & 3 deletions commands/audit/audit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,7 +457,7 @@ func TestAuditWithConfigProfile(t *testing.T) {

// This test tests audit flow when providing --output-dir flag
func TestAuditWithScansOutputDir(t *testing.T) {
mockServer, serverDetails := validations.XrayServer(t, validations.MockServerParams{XrayVersion: utils.EntitlementsMinVersion})
mockServer, serverDetails := validations.XrayServer(t, validations.MockServerParams{XrayVersion: utils.NewJasBinaryMinVersion})
defer mockServer.Close()

outputDirPath, removeOutputDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t)
Expand All @@ -471,7 +471,7 @@ func TestAuditWithScansOutputDir(t *testing.T) {
auditBasicParams := (&utils.AuditBasicParams{}).
SetServerDetails(serverDetails).
SetOutputFormat(format.Table).
SetXrayVersion(utils.EntitlementsMinVersion).
SetXrayVersion(utils.NewJasBinaryMinVersion).
SetUseJas(true)

auditParams := NewAuditParams().
Expand All @@ -487,13 +487,15 @@ func TestAuditWithScansOutputDir(t *testing.T) {

filesList, err := fileutils.ListFiles(outputDirPath, false)
assert.NoError(t, err)
assert.Len(t, filesList, 5)
assert.Len(t, filesList, 6)

searchForStrWithSubString(t, filesList, "sca_results")
searchForStrWithSubString(t, filesList, "iac_results")
searchForStrWithSubString(t, filesList, "sast_results")
searchForStrWithSubString(t, filesList, "secrets_results")
searchForStrWithSubString(t, filesList, "applicability_results")
searchForStrWithSubString(t, filesList, "maliciouscode_results")

}

func searchForStrWithSubString(t *testing.T, filesList []string, subString string) {
Expand Down
4 changes: 3 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ require (
gopkg.in/warnings.v0 v0.1.2 // indirect
)

// replace github.com/jfrog/jfrog-client-go => github.com/jfrog/jfrog-client-go dev
replace github.com/jfrog/jfrog-client-go => github.com/barv-jfrog/jfrog-client-go v0.0.0-20250227080554-3796e0126a92

// replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev

Expand All @@ -120,3 +120,5 @@ require (
// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev

// replace github.com/jfrog/froggit-go => github.com/jfrog/froggit-go dev

replace github.com/jfrog/jfrog-apps-config => github.com/barv-jfrog/jfrog-apps-config v0.0.0-20250128142442-6fd49006bb85
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW
github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/barv-jfrog/jfrog-apps-config v0.0.0-20250128142442-6fd49006bb85 h1:kNdHaJdeD1QBQ0czgrfKqrcND3T+6dInSI8s23lW4Cw=
github.com/barv-jfrog/jfrog-apps-config v0.0.0-20250128142442-6fd49006bb85/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
github.com/barv-jfrog/jfrog-client-go v0.0.0-20250227080554-3796e0126a92 h1:XueIjtY5Q95SuqHUNhRfDdrIKqCALzNAPaqz306vGzg=
github.com/barv-jfrog/jfrog-client-go v0.0.0-20250227080554-3796e0126a92/go.mod h1:2tQPwRhGS/F357BOKFfZrQbjd4XbzHPYUQm/OFNwLHg=
github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs=
github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
Expand Down Expand Up @@ -126,14 +130,10 @@ github.com/jfrog/froggit-go v1.16.2 h1:F//S83iXH14qsCwYzv0zB2JtjS2pJVEsUoEmYA+37
github.com/jfrog/froggit-go v1.16.2/go.mod h1:5VpdQfAcbuyFl9x/x8HGm7kVk719kEtW/8YJFvKcHPA=
github.com/jfrog/gofrog v1.7.6 h1:QmfAiRzVyaI7JYGsB7cxfAJePAZTzFz0gRWZSE27c6s=
github.com/jfrog/gofrog v1.7.6/go.mod h1:ntr1txqNOZtHplmaNd7rS4f8jpA5Apx8em70oYEe7+4=
github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYLipdsOFMY=
github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
github.com/jfrog/jfrog-cli-artifactory v0.2.0 h1:4jEbIpJIeu8HsduZHr8L6e0bKQrhn6BLyq/aCRoKPQk=
github.com/jfrog/jfrog-cli-artifactory v0.2.0/go.mod h1:U9gkQhxSPv6tXYEdj0kdsCrmFUjcvYmizrh+DztDxXc=
github.com/jfrog/jfrog-cli-core/v2 v2.58.1 h1:ZktHuEVDBkM21JNp/0V3HGcMAMt7DLl1iQlbyBNKucE=
github.com/jfrog/jfrog-cli-core/v2 v2.58.1/go.mod h1:75J6/Z5sMuRAloMAqJtMJIXqNTC1eFh/SulgLGm2fIY=
github.com/jfrog/jfrog-client-go v1.51.0 h1:O9sgpgEDBW9t05brGYwNR/NMqJ/e3WZY9G8Wge2xR+Q=
github.com/jfrog/jfrog-client-go v1.51.0/go.mod h1:2tQPwRhGS/F357BOKFfZrQbjd4XbzHPYUQm/OFNwLHg=
github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k=
github.com/k0kubun/pp v3.0.1+incompatible/go.mod h1:GWse8YhT0p8pT4ir3ZgBbfZild3tgzSScAn6HmfYukg=
github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
Expand Down
2 changes: 1 addition & 1 deletion jas/analyzermanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
const (
ApplicabilityFeatureId = "contextual_analysis"
AnalyzerManagerZipName = "analyzerManager.zip"
defaultAnalyzerManagerVersion = "1.14.1"
defaultAnalyzerManagerVersion = "1.15.0"
analyzerManagerDownloadPath = "xsc-gen-exe-analyzer-manager-local/v1"
analyzerManagerDirName = "analyzerManager"
analyzerManagerExecutableName = "analyzerManager"
Expand Down
99 changes: 99 additions & 0 deletions jas/maliciouscode/maliciouscodescanner.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
package maliciouscode

import (
clientutils "github.com/jfrog/jfrog-client-go/utils"
"path/filepath"

jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go"
"github.com/jfrog/jfrog-cli-security/jas"
"github.com/jfrog/jfrog-cli-security/utils"
"github.com/jfrog/jfrog-cli-security/utils/formats/sarifutils"
"github.com/jfrog/jfrog-cli-security/utils/jasutils"
"github.com/jfrog/jfrog-client-go/utils/log"
"github.com/owenrumney/go-sarif/v2/sarif"
)

const (
maliciousScanCommand = "mal"
maliciousDocsUrlSuffix = "malicious"
MaliciousScannerType MaliciousScanType = "malicious-scan" // #nosec
)

type MaliciousScanType string

type MaliciousScanManager struct {
scanner *jas.JasScanner
scanType MaliciousScanType
configFileName string
resultsFileName string
}

// The getMaliciousScanResults function runs the malicious code scan flow, which includes the following steps:
// Creating an MaliciousSecretManager object.
// Running the analyzer manager executable.
// Parsing the analyzer manager results.
func RunMaliciousScan(scanner *jas.JasScanner, scanType MaliciousScanType, module jfrogappsconfig.Module, threadId int) (vulnerabilitiesResults []*sarif.Run, violationsResults []*sarif.Run, err error) {
var scannerTempDir string
if scannerTempDir, err = jas.CreateScannerTempDirectory(scanner, jasutils.MaliciousCode.String()); err != nil {
return
}
maliciousScanManager := newMaliciousScanManager(scanner, scanType, scannerTempDir)
log.Info(clientutils.GetLogMsgPrefix(threadId, false) + "Running Malicious code scan...")
if vulnerabilitiesResults, violationsResults, err = maliciousScanManager.scanner.Run(maliciousScanManager, module); err != nil {
return
}
log.Info(utils.GetScanFindingsLog(utils.MaliciousCodeScan, sarifutils.GetResultsLocationCount(vulnerabilitiesResults...), sarifutils.GetResultsLocationCount(violationsResults...), threadId))
return
}

func newMaliciousScanManager(scanner *jas.JasScanner, scanType MaliciousScanType, scannerTempDir string) (manager *MaliciousScanManager) {
return &MaliciousScanManager{
scanner: scanner,
scanType: scanType,
configFileName: filepath.Join(scannerTempDir, "config.yaml"),
resultsFileName: filepath.Join(scannerTempDir, "results.sarif"),
}
}

func (msm *MaliciousScanManager) Run(module jfrogappsconfig.Module) (vulnerabilitiesSarifRuns []*sarif.Run, violationsSarifRuns []*sarif.Run, err error) {
if err = msm.createConfigFile(module, msm.scanner.Exclusions...); err != nil {
return
}
if err = msm.runAnalyzerManager(); err != nil {
return
}
return jas.ReadJasScanRunsFromFile(msm.resultsFileName, module.SourceRoot, maliciousDocsUrlSuffix, msm.scanner.MinSeverity)
}

type maliciousScanConfig struct {
Scans []maliciousScanConfiguration `yaml:"scans"`
}

type maliciousScanConfiguration struct {
Roots []string `yaml:"roots"`
Output string `yaml:"output"`
Type string `yaml:"type"`
SkippedDirs []string `yaml:"skipped-folders"`
}

func (m *MaliciousScanManager) createConfigFile(module jfrogappsconfig.Module, exclusions ...string) error {
roots, err := jas.GetSourceRoots(module, module.Scanners.MaliciousCode)
if err != nil {
return err
}
configFileContent := maliciousScanConfig{
Scans: []maliciousScanConfiguration{
{
Roots: roots,
Output: m.resultsFileName,
Type: string(m.scanType),
SkippedDirs: jas.GetExcludePatterns(module, module.Scanners.MaliciousCode, exclusions...),
},
},
}
return jas.CreateScannersConfigFile(m.configFileName, configFileContent, jasutils.MaliciousCode)
}

func (m *MaliciousScanManager) runAnalyzerManager() error {
return m.scanner.AnalyzerManager.Exec(m.configFileName, maliciousScanCommand, filepath.Dir(m.scanner.AnalyzerManager.AnalyzerManagerFullPath), m.scanner.ServerDetails, m.scanner.EnvVars)
}
118 changes: 118 additions & 0 deletions jas/maliciouscode/maliciouscodescanner_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
package maliciouscode

import (
"os"
"path/filepath"
"testing"

"github.com/jfrog/jfrog-cli-security/utils/jasutils"
"github.com/jfrog/jfrog-cli-security/utils/severityutils"
"github.com/stretchr/testify/require"

jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go"
"github.com/jfrog/jfrog-cli-security/jas"

"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
"github.com/stretchr/testify/assert"
)

func TestNewMaliciousScanManager(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
maliciousScanManager := newMaliciousScanManager(scanner, MaliciousScannerType, "temoDirPath")

assert.NotEmpty(t, maliciousScanManager)
assert.NotEmpty(t, maliciousScanManager.configFileName)
assert.NotEmpty(t, maliciousScanManager.resultsFileName)
assert.Equal(t, &jas.FakeServerDetails, maliciousScanManager.scanner.ServerDetails)
}

func TestMaliciousScan_CreateConfigFile_VerifyFileWasCreated(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()

scannerTempDir, err := jas.CreateScannerTempDirectory(scanner, jasutils.MaliciousCode.String())
require.NoError(t, err)
MaliciouscanManager := newMaliciousScanManager(scanner, MaliciousScannerType, scannerTempDir)

currWd, err := coreutils.GetWorkingDirectory()
assert.NoError(t, err)
err = MaliciouscanManager.createConfigFile(jfrogappsconfig.Module{SourceRoot: currWd})
assert.NoError(t, err)

defer func() {
err = os.Remove(MaliciouscanManager.configFileName)
assert.NoError(t, err)
}()

_, fileNotExistError := os.Stat(MaliciouscanManager.configFileName)
assert.NoError(t, fileNotExistError)
fileContent, err := os.ReadFile(MaliciouscanManager.configFileName)
assert.NoError(t, err)
assert.True(t, len(fileContent) > 0)
}

func TestRunAnalyzerManager_ReturnsGeneralError(t *testing.T) {
defer func() {
os.Clearenv()
}()

scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()

MaliciouscanManager := newMaliciousScanManager(scanner, MaliciousScannerType, "temoDirPath")
assert.Error(t, MaliciouscanManager.runAnalyzerManager())
}

func TestParseResults_EmptyResults(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
jfrogAppsConfigForTest, err := jas.CreateJFrogAppsConfig([]string{})
assert.NoError(t, err)
// Arrange
MaliciouscanManager := newMaliciousScanManager(scanner, MaliciousScannerType, "temoDirPath")
MaliciouscanManager.resultsFileName = filepath.Join(jas.GetTestDataPath(), "Malicious-scan", "no-Malicious.sarif")

// Act
vulnerabilitiesResults, _, err := jas.ReadJasScanRunsFromFile(MaliciouscanManager.resultsFileName, jfrogAppsConfigForTest.Modules[0].SourceRoot, maliciousDocsUrlSuffix, scanner.MinSeverity)

// Assert
if assert.NoError(t, err) && assert.NotNil(t, vulnerabilitiesResults) {
assert.Len(t, vulnerabilitiesResults, 1)
assert.Empty(t, vulnerabilitiesResults[0].Results)
}

}

func TestParseResults_ResultsContainMalicious(t *testing.T) {
// Arrange
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
jfrogAppsConfigForTest, err := jas.CreateJFrogAppsConfig([]string{})
assert.NoError(t, err)

MaliciouscanManager := newMaliciousScanManager(scanner, MaliciousScannerType, "temoDirPath")
MaliciouscanManager.resultsFileName = filepath.Join(jas.GetTestDataPath(), "Malicious-scan", "contain-Malicious.sarif")

// Act
vulnerabilitiesResults, _, err := jas.ReadJasScanRunsFromFile(MaliciouscanManager.resultsFileName, jfrogAppsConfigForTest.Modules[0].SourceRoot, maliciousDocsUrlSuffix, severityutils.Medium)

// Assert
if assert.NoError(t, err) && assert.NotNil(t, vulnerabilitiesResults) {
assert.Len(t, vulnerabilitiesResults, 1)
assert.NotEmpty(t, vulnerabilitiesResults[0].Results)
}
assert.NoError(t, err)

}

func TestGetMaliciousScanResults_AnalyzerManagerReturnsError(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
jfrogAppsConfigForTest, err := jas.CreateJFrogAppsConfig([]string{})
assert.NoError(t, err)
vulnerabilitiesResults, _, err := RunMaliciousScan(scanner, MaliciousScannerType, jfrogAppsConfigForTest.Modules[0], 0)
assert.Error(t, err)
assert.ErrorContains(t, jas.ParseAnalyzerManagerError(jasutils.MaliciousCode, err), "failed to run MaliciousCode scan")
assert.Nil(t, vulnerabilitiesResults)
}
Loading
Loading