From a664ea439478a734223b64000105654c657470d9 Mon Sep 17 00:00:00 2001 From: Omer Zidkoni <50792403+omerzi@users.noreply.github.com> Date: Wed, 5 Apr 2023 09:49:30 +0300 Subject: [PATCH 01/54] Promote version to 1.28.1 (#733) --- .github/workflows/analysis.yml | 4 +- .github/workflows/frogbot-fix.yml | 6 +- .github/workflows/frogbot-scan-pr.yml | 6 +- .github/workflows/tests.yml | 10 ++-- artifactory/services/createreplication.go | 5 +- artifactory/services/utils/aqlquerybuilder.go | 4 +- .../services/utils/aqlquerybuilder_test.go | 36 ++++++------ .../services/utils/artifactoryutils.go | 6 +- artifactory/services/utils/deleteutils.go | 2 +- .../services/utils/deleteutils_test.go | 34 +++++------ artifactory/services/utils/properties.go | 2 +- .../services/utils/releasebundleutils.go | 4 +- .../services/utils/repopathfile_test.go | 6 +- artifactory/services/utils/searchutil_test.go | 6 +- auth/cert/loader.go | 1 - .../services/utils/distributionutils_test.go | 2 +- go.mod | 6 +- go.sum | 11 +++- pipelines/services/run.go | 12 ++-- tests/artifactorypermissiontarget_test.go | 12 ++-- tests/artifactorysystem_test.go | 12 ++-- tests/utils_test.go | 2 +- tests/xrayscan_test.go | 2 +- tests/xraysummary_test.go | 4 +- utils/io/content/contentwriter.go | 2 +- utils/io/fileutils/files.go | 56 +++++++++++++------ utils/utils.go | 13 +++-- xray/services/scan.go | 20 +++++++ xray/services/scan_test.go | 31 ++++++++++ 29 files changed, 198 insertions(+), 119 deletions(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index ec02d745f..d376be5c4 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -9,7 +9,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Static Code Analysis uses: dominikh/staticcheck-action@v1 with: @@ -23,7 +23,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Install gosec run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin - name: Run gosec diff --git a/.github/workflows/frogbot-fix.yml b/.github/workflows/frogbot-fix.yml index 5782a988a..3a25fb26c 100644 --- a/.github/workflows/frogbot-fix.yml +++ b/.github/workflows/frogbot-fix.yml @@ -13,18 +13,18 @@ jobs: - name: Setup Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - uses: jfrog/frogbot@v2 env: # [Mandatory] # JFrog platform URL JF_URL: ${{ secrets.FROGBOT_URL }} - + # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - + # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/frogbot-scan-pr.yml b/.github/workflows/frogbot-scan-pr.yml index b5f224aab..8b61e89d1 100644 --- a/.github/workflows/frogbot-scan-pr.yml +++ b/.github/workflows/frogbot-scan-pr.yml @@ -17,18 +17,18 @@ jobs: - name: Setup Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - uses: jfrog/frogbot@v2 env: # [Mandatory] # JFrog platform URL JF_URL: ${{ secrets.FROGBOT_URL }} - + # [Mandatory if JF_USER and JF_PASSWORD are not provided] # JFrog access token with 'read' permissions on Xray service JF_ACCESS_TOKEN: ${{ secrets.FROGBOT_ACCESS_TOKEN }} - + # [Mandatory] # The GitHub token automatically generated for the job JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1fbbb98f5..88e0bb1f2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -28,7 +28,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Go Cache uses: actions/cache@v3 @@ -53,7 +53,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Checkout code uses: actions/checkout@v3 @@ -96,7 +96,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Go Cache uses: actions/cache@v3 @@ -121,7 +121,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Go Cache uses: actions/cache@v3 @@ -141,7 +141,7 @@ jobs: - name: Install Go uses: actions/setup-go@v3 with: - go-version: 1.19.x + go-version: 1.20.x - name: Checkout code uses: actions/checkout@v3 diff --git a/artifactory/services/createreplication.go b/artifactory/services/createreplication.go index ad91cb1f7..bec1b172b 100644 --- a/artifactory/services/createreplication.go +++ b/artifactory/services/createreplication.go @@ -32,8 +32,7 @@ func (rs *CreateReplicationService) performRequest(params *utils.UpdateReplicati httpClientsDetails := rs.ArtDetails.CreateHttpClientDetails() utils.SetContentType("application/vnd.org.jfrog.artifactory.replications.ReplicationConfigRequest+json", &httpClientsDetails.Headers) var url = rs.ArtDetails.GetUrl() + "api/replications/" + params.RepoKey - log.Info("Creating replication..") - operationString := "creating" + log.Info("Creating replication...") resp, body, err := rs.client.SendPut(url, content, &httpClientsDetails) if err != nil { return err @@ -42,7 +41,7 @@ func (rs *CreateReplicationService) performRequest(params *utils.UpdateReplicati return err } log.Debug("Artifactory response:", resp.Status) - log.Info("Done " + operationString + " repository.") + log.Info("Done creating replication.") return nil } diff --git a/artifactory/services/utils/aqlquerybuilder.go b/artifactory/services/utils/aqlquerybuilder.go index fb5ae0619..88e1c7a53 100644 --- a/artifactory/services/utils/aqlquerybuilder.go +++ b/artifactory/services/utils/aqlquerybuilder.go @@ -163,8 +163,8 @@ func CreateAqlQueryForLatestCreated(repo, path string) string { func prepareSearchPattern(pattern string, repositoryExists bool) string { addWildcardIfNeeded(&pattern, repositoryExists) // Remove parenthesis - pattern = strings.Replace(pattern, "(", "", -1) - pattern = strings.Replace(pattern, ")", "", -1) + pattern = strings.ReplaceAll(pattern, "(", "") + pattern = strings.ReplaceAll(pattern, ")", "") return pattern } diff --git a/artifactory/services/utils/aqlquerybuilder_test.go b/artifactory/services/utils/aqlquerybuilder_test.go index 916a8b2a6..62502ce52 100644 --- a/artifactory/services/utils/aqlquerybuilder_test.go +++ b/artifactory/services/utils/aqlquerybuilder_test.go @@ -47,26 +47,26 @@ func TestBuildAqlSearchQuery(t *testing.T) { func TestCommonParams(t *testing.T) { artifactoryParams := CommonParams{} - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), false, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), false) artifactoryParams.SortBy = []string{"Vava", "Bubu"} - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), true, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), true) artifactoryParams.SortBy = nil artifactoryParams.Limit = 0 - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), false, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), false) artifactoryParams.Limit = -3 - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), false, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), false) artifactoryParams.Limit = 3 - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), true, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), true) artifactoryParams.SortBy = []string{"Vava", "Bubu"} - assertIsSortLimitSpecBool(!includePropertiesInAqlForSpec(&artifactoryParams), true, t) + assertIsSortLimitSpecBool(t, !includePropertiesInAqlForSpec(&artifactoryParams), true) } -func assertIsSortLimitSpecBool(actual, expected bool, t *testing.T) { +func assertIsSortLimitSpecBool(t *testing.T, actual, expected bool) { if actual != expected { t.Error("The function includePropertiesInAqlForSpec() expected to return " + strconv.FormatBool(expected) + " but returned " + strconv.FormatBool(actual) + ".") } @@ -76,20 +76,20 @@ func TestGetQueryReturnFields(t *testing.T) { artifactoryParams := CommonParams{} minimalFields := []string{"name", "repo", "path", "actual_md5", "actual_sha1", "sha256", "size", "type", "created", "modified"} - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "property"), t) - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, SYMLINK), append(minimalFields, "property"), t) - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, NONE), minimalFields, t) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "property")) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, SYMLINK), append(minimalFields, "property")) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, NONE), minimalFields) artifactoryParams.SortBy = []string{"Vava"} - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, NONE), append(minimalFields, "Vava"), t) - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "Vava"), t) - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, SYMLINK), append(minimalFields, "Vava"), t) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, NONE), append(minimalFields, "Vava")) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "Vava")) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, SYMLINK), append(minimalFields, "Vava")) artifactoryParams.SortBy = []string{"Vava", "Bubu"} - assertEqualFieldsList(getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "Vava", "Bubu"), t) + assertEqualFieldsList(t, getQueryReturnFields(&artifactoryParams, ALL), append(minimalFields, "Vava", "Bubu")) } -func assertEqualFieldsList(actual, expected []string, t *testing.T) { +func assertEqualFieldsList(t *testing.T, actual, expected []string) { if len(actual) != len(expected) { t.Error("The function getQueryReturnFields() expected to return the array:\n" + strings.Join(expected[:], ",") + ".\nbut returned:\n" + strings.Join(actual[:], ",") + ".") } @@ -109,11 +109,11 @@ func assertEqualFieldsList(actual, expected []string, t *testing.T) { } func TestBuildSortBody(t *testing.T) { - assertSortBody(buildSortQueryPart([]string{"bubu"}, ""), `"$asc":["bubu"]`, t) - assertSortBody(buildSortQueryPart([]string{"bubu", "kuku"}, ""), `"$asc":["bubu","kuku"]`, t) + assertSortBody(t, buildSortQueryPart([]string{"bubu"}, ""), `"$asc":["bubu"]`) + assertSortBody(t, buildSortQueryPart([]string{"bubu", "kuku"}, ""), `"$asc":["bubu","kuku"]`) } -func assertSortBody(actual, expected string, t *testing.T) { +func assertSortBody(t *testing.T, actual, expected string) { if actual != expected { t.Error("The function buildSortQueryPart expected to return the string:\n'" + expected + "'.\nbut returned:\n'" + actual + "'.") } diff --git a/artifactory/services/utils/artifactoryutils.go b/artifactory/services/utils/artifactoryutils.go index a851f152c..6fa0c8b6f 100644 --- a/artifactory/services/utils/artifactoryutils.go +++ b/artifactory/services/utils/artifactoryutils.go @@ -107,7 +107,7 @@ func BuildArtifactoryUrl(baseUrl, path string, params map[string]string) (string parsedUrl.RawQuery = q.Encode() // Semicolons are reserved as separators in some Artifactory APIs, so they'd better be encoded when used for other purposes - encodedUrl := strings.Replace(parsedUrl.String(), ";", url.QueryEscape(";"), -1) + encodedUrl := strings.ReplaceAll(parsedUrl.String(), ";", url.QueryEscape(";")) return encodedUrl, nil } @@ -227,8 +227,8 @@ func ParseNameAndVersion(identifier string, useLatestPolicy bool) (string, strin } } // Remove escape chars. - name = strings.Replace(name, "\\/", "/", -1) - version = strings.Replace(version, "\\/", "/", -1) + name = strings.ReplaceAll(name, "\\/", "/") + version = strings.ReplaceAll(version, "\\/", "/") return name, version, nil } diff --git a/artifactory/services/utils/deleteutils.go b/artifactory/services/utils/deleteutils.go index 7d404e613..f19d6f537 100644 --- a/artifactory/services/utils/deleteutils.go +++ b/artifactory/services/utils/deleteutils.go @@ -15,7 +15,7 @@ func WildcardToDirsPath(deletePattern, searchResult string) (string, error) { return "", errors.New("delete pattern must end with \"/\"") } - regexpPattern := "^" + strings.Replace(deletePattern, "*", "([^/]*|.*)", -1) + regexpPattern := "^" + strings.ReplaceAll(deletePattern, "*", "([^/]*|.*)") r, err := regexp.Compile(regexpPattern) if err != nil { return "", errorutils.CheckError(err) diff --git a/artifactory/services/utils/deleteutils_test.go b/artifactory/services/utils/deleteutils_test.go index 65e5061f6..ce197ad15 100644 --- a/artifactory/services/utils/deleteutils_test.go +++ b/artifactory/services/utils/deleteutils_test.go @@ -14,44 +14,44 @@ import ( func TestMatchingDelete(t *testing.T) { var actual string actual, _ = WildcardToDirsPath("s/*/path/", "s/a/path/b.zip") - assertDeletePattern("s/a/path/", actual, t) + assertDeletePattern(t, "s/a/path/", actual) actual, _ = WildcardToDirsPath("s/*/path/", "s/a/b/c/path/b.zip") - assertDeletePattern("s/a/b/c/path/", actual, t) + assertDeletePattern(t, "s/a/b/c/path/", actual) actual, _ = WildcardToDirsPath("s/a/*/", "s/a/b/path/b.zip") - assertDeletePattern("s/a/b/", actual, t) + assertDeletePattern(t, "s/a/b/", actual) actual, _ = WildcardToDirsPath("s/*/path/*/", "s/a/path/a/b.zip") - assertDeletePattern("s/a/path/a/", actual, t) + assertDeletePattern(t, "s/a/path/a/", actual) actual, _ = WildcardToDirsPath("s/*/path/*/", "s/a/a/path/a/b/c/d/b.zip") - assertDeletePattern("s/a/a/path/a/", actual, t) + assertDeletePattern(t, "s/a/a/path/a/", actual) actual, _ = WildcardToDirsPath("s/*/", "s/a/a/path/a/b/c/d/b.zip") - assertDeletePattern("s/a/", actual, t) + assertDeletePattern(t, "s/a/", actual) actual, _ = WildcardToDirsPath("s/*/a/*/", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/a/path/", actual, t) + assertDeletePattern(t, "s/a/a/path/", actual) actual, _ = WildcardToDirsPath("s/*/a/*/*/", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/a/path/k/", actual, t) + assertDeletePattern(t, "s/a/a/path/k/", actual) actual, _ = WildcardToDirsPath("s/*/*l*/*/*/", "s/a/l/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/l/path/k/", actual, t) + assertDeletePattern(t, "s/a/l/path/k/", actual) actual, _ = WildcardToDirsPath("s/*/a*/", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/a/", actual, t) + assertDeletePattern(t, "s/a/a/", actual) actual, _ = WildcardToDirsPath("s/a*/", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/", actual, t) + assertDeletePattern(t, "s/a/", actual) actual, _ = WildcardToDirsPath("s/*/", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/", actual, t) + assertDeletePattern(t, "s/a/", actual) actual, _ = WildcardToDirsPath("s/*/*path*/", "s/a/h/path/k/b/c/d/b.zip") - assertDeletePattern("s/a/h/path/", actual, t) + assertDeletePattern(t, "s/a/h/path/", actual) actual, _ = WildcardToDirsPath("a/b/*********/*******/", "a/b/c/d/e.zip") - assertDeletePattern("a/b/c/d/", actual, t) + assertDeletePattern(t, "a/b/c/d/", actual) _, err := WildcardToDirsPath("s/*/a/*/*", "s/a/a/path/k/b/c/d/b.zip") - assertDeletePatternErr("delete pattern must end with \"/\"", err.Error(), t) + assertDeletePatternErr(t, "delete pattern must end with \"/\"", err.Error()) } -func assertDeletePattern(expected, actual string, t *testing.T) { +func assertDeletePattern(t *testing.T, expected, actual string) { if expected != actual { t.Error("Wrong matching expected: `" + expected + "` Got `" + actual + "`") } } -func assertDeletePatternErr(expected, actual string, t *testing.T) { +func assertDeletePatternErr(t *testing.T, expected, actual string) { if expected != actual { t.Error("Wrong err message expected: `" + expected + "` Got `" + actual + "`") } diff --git a/artifactory/services/utils/properties.go b/artifactory/services/utils/properties.go index bfc682b33..f91724916 100644 --- a/artifactory/services/utils/properties.go +++ b/artifactory/services/utils/properties.go @@ -121,7 +121,7 @@ func (props *Properties) ToEncodedString(concatValues bool) string { } for _, value := range values { if concatValues { - propValue := strings.Replace(value, multiValuesSeparator, fmt.Sprintf("\\%s", multiValuesSeparator), -1) + propValue := strings.ReplaceAll(value, multiValuesSeparator, fmt.Sprintf("\\%s", multiValuesSeparator)) jointProp = fmt.Sprintf("%s%s%s", jointProp, url.QueryEscape(propValue), url.QueryEscape(multiValuesSeparator)) } else { jointProp = fmt.Sprintf("%s%s=%s%s", jointProp, url.QueryEscape(key), url.QueryEscape(value), propsSeparator) diff --git a/artifactory/services/utils/releasebundleutils.go b/artifactory/services/utils/releasebundleutils.go index 72ce49f04..7097876f3 100644 --- a/artifactory/services/utils/releasebundleutils.go +++ b/artifactory/services/utils/releasebundleutils.go @@ -2,11 +2,11 @@ package utils import ( "fmt" - jwt "github.com/golang-jwt/jwt/v4" + "github.com/ProtonMail/go-crypto/openpgp" + "github.com/golang-jwt/jwt/v4" "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/utils/errorutils" - "golang.org/x/crypto/openpgp" "os" "path/filepath" "strings" diff --git a/artifactory/services/utils/repopathfile_test.go b/artifactory/services/utils/repopathfile_test.go index 51ca4699d..de9d30719 100644 --- a/artifactory/services/utils/repopathfile_test.go +++ b/artifactory/services/utils/repopathfile_test.go @@ -90,7 +90,7 @@ var repoPathFilesDataProvider = []createRepoPathFileTriplesTest{ func TestCreatePathFilePairs(t *testing.T) { for _, sample := range pathFilesDataProvider { t.Run(sample.pattern+"_recursive_"+strconv.FormatBool(sample.recursive), func(t *testing.T) { - validateRepoPathFile(createPathFilePairs("r", sample.pattern, sample.recursive), sample.expectedTriples, sample.pattern, t) + validateRepoPathFile(t, createPathFilePairs("r", sample.pattern, sample.recursive), sample.expectedTriples, sample.pattern) }) } } @@ -101,12 +101,12 @@ func TestCreateRepoPathFileTriples(t *testing.T) { repoPathFileTriples, singleRepo, err := createRepoPathFileTriples(sample.pattern, sample.recursive) assert.NoError(t, err) assert.Equal(t, sample.expectedSingleRepo, singleRepo) - validateRepoPathFile(repoPathFileTriples, sample.expectedTriples, sample.pattern, t) + validateRepoPathFile(t, repoPathFileTriples, sample.expectedTriples, sample.pattern) }) } } -func validateRepoPathFile(actual, expected []RepoPathFile, pattern string, t *testing.T) { +func validateRepoPathFile(t *testing.T, actual, expected []RepoPathFile, pattern string) { if len(actual) != len(expected) { t.Errorf("Wrong triple.\nPattern: %v\nExpected: %v\nActual: %v", pattern, expected, actual) } diff --git a/artifactory/services/utils/searchutil_test.go b/artifactory/services/utils/searchutil_test.go index 987309b48..637a6b310 100644 --- a/artifactory/services/utils/searchutil_test.go +++ b/artifactory/services/utils/searchutil_test.go @@ -68,7 +68,7 @@ func TestReduceTopChainDirResult(t *testing.T) { oldMaxSize := utils.MaxBufferSize defer func() { utils.MaxBufferSize = oldMaxSize }() - //Test buffer + sort + // Test buffer + sort utils.MaxBufferSize = 3 reader = content.NewContentReader(filepath.Join(testDataPath, "reduce_top_chain_step4.json"), content.DefaultKey) resultReader, err = ReduceTopChainDirResult(ResultItem{}, reader) @@ -79,7 +79,7 @@ func TestReduceTopChainDirResult(t *testing.T) { assert.True(t, isMatch) readerCloseAndAssert(t, resultReader) - //Two files in the same folder and one is a prefix to another. + // Two files in the same folder and one is a prefix to another. reader = content.NewContentReader(filepath.Join(testDataPath, "reduce_top_chain_step5.json"), content.DefaultKey) resultReader, err = ReduceTopChainDirResult(ResultItem{}, reader) assert.NoError(t, err) @@ -89,7 +89,7 @@ func TestReduceTopChainDirResult(t *testing.T) { assert.True(t, isMatch) readerCloseAndAssert(t, resultReader) - //Two files in the same folder and one is a prefix to another and their folder. + // Two files in the same folder and one is a prefix to another and their folder. reader = content.NewContentReader(filepath.Join(testDataPath, "reduce_top_chain_step6.json"), content.DefaultKey) resultReader, err = ReduceTopChainDirResult(ResultItem{}, reader) assert.NoError(t, err) diff --git a/auth/cert/loader.go b/auth/cert/loader.go index c12eebdad..b8afcd915 100644 --- a/auth/cert/loader.go +++ b/auth/cert/loader.go @@ -60,7 +60,6 @@ func GetTransportWithLoadedCert(certificatesDirPath string, insecureTls bool, tr ClientSessionCache: tls.NewLRUClientSessionCache(1), InsecureSkipVerify: insecureTls, } - transport.TLSClientConfig.BuildNameToCertificate() return transport, nil } diff --git a/distribution/services/utils/distributionutils_test.go b/distribution/services/utils/distributionutils_test.go index ae4adab3f..c99d1ae2c 100644 --- a/distribution/services/utils/distributionutils_test.go +++ b/distribution/services/utils/distributionutils_test.go @@ -24,7 +24,7 @@ func TestCreateBundleBody(t *testing.T) { assert.Equal(t, "storing-repo", releaseBundleBody.StoringRepository) assert.Equal(t, "Release bundle description", releaseBundleBody.Description) assert.Equal(t, "Release notes", releaseBundleBody.ReleaseNotes.Content) - assert.Equal(t, ReleaseNotesSyntax(Asciidoc), releaseBundleBody.ReleaseNotes.Syntax) + assert.Equal(t, Asciidoc, releaseBundleBody.ReleaseNotes.Syntax) assert.Len(t, releaseBundleBody.BundleSpec.Queries, 0) } diff --git a/go.mod b/go.mod index c6c0ad6dc..63aa633af 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,9 @@ module github.com/jfrog/jfrog-client-go -go 1.19 +go 1.20 require ( + github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec github.com/buger/jsonparser v1.1.1 github.com/forPelevin/gomoji v1.1.8 github.com/go-git/go-git/v5 v5.6.1 @@ -21,7 +22,6 @@ require ( require ( github.com/CycloneDX/cyclonedx-go v0.7.0 // indirect github.com/Microsoft/go-winio v0.5.2 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/acomagu/bufpipe v1.0.4 // indirect github.com/andybalholm/brotli v1.0.1 // indirect github.com/cloudflare/circl v1.1.0 // indirect @@ -55,6 +55,6 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -// replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230330091550-a452f54ba1cc +replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e // replace github.com/jfrog/gofrog => github.com/jfrog/gofrog v1.2.5-0.20221107113836-a4c9225c690e diff --git a/go.sum b/go.sum index 82a562a02..05c435ea6 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,9 @@ github.com/CycloneDX/cyclonedx-go v0.7.0 h1:jNxp8hL7UpcvPDFXjY+Y1ibFtsW+e5zyF9Qo github.com/CycloneDX/cyclonedx-go v0.7.0/go.mod h1:W5Z9w8pTTL+t+yG3PCiFRGlr8PUlE0pGWzKSJbsyXkg= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= +github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec h1:eQusauqzE1cAFR5hGnwkuSmFxKoy3+j9/cVaDeYfjjs= +github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/acomagu/bufpipe v1.0.4 h1:e3H4WUzM3npvo5uv95QuJM3cQspFNtFBzvJ2oNjKIDQ= github.com/acomagu/bufpipe v1.0.4/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/andybalholm/brotli v1.0.1 h1:KqhlKozYbRtJvsPrrEeXcO+N2l6NYT5A2QAFmSULpEc= @@ -54,8 +55,8 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= -github.com/jfrog/build-info-go v1.9.0 h1:gLxBfp4C6pVz+bKTmsqwFGZAueVMuzGw+/M9HZgtGG4= -github.com/jfrog/build-info-go v1.9.0/go.mod h1:dQ8OKddrbgtO3jK9uLYoqmRGNEjuDuNXV0bSRdpeTCI= +github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e h1:MB5u0Kbq9IIDIlnpDYUq+SHTZ+/ossTOCK7z/t8S0l8= +github.com/jfrog/build-info-go v1.8.9-0.20230403064815-ea83b399ac8e/go.mod h1:HIrpwf4p4XHpAx+N+rb8SX9yrWYWs7X4rT/s0GOJfW8= github.com/jfrog/gofrog v1.2.5 h1:jCgJC0iGQ8bU7jCC+YEFJTNINyngApIrhd8BjZAVRIE= github.com/jfrog/gofrog v1.2.5/go.mod h1:o00tSRff6IapTgaCMuX1Cs9MH08Y1JqnsKgRtx91Gc4= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= @@ -135,6 +136,7 @@ golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAb golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -147,6 +149,7 @@ golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -180,10 +183,12 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/pipelines/services/run.go b/pipelines/services/run.go index 8eae4c2d7..fe766a844 100644 --- a/pipelines/services/run.go +++ b/pipelines/services/run.go @@ -25,13 +25,11 @@ func NewRunService(client *jfroghttpclient.JfrogHttpClient) *RunService { } const ( - runStatus = "api/v1/search/pipelines/" - triggerpipeline = "api/v1/pipelines/trigger" - pipelineSyncStatus = "api/v1/pipelineSyncStatuses" - pipelineResources = "api/v1/pipelineSources" - cancelRunPath = "api/v1/runs/:runId/cancel" - syncPipelineResource = "api/v1/pipelineSources" - resourceVersions = "api/v1/resourceVersions" + runStatus = "api/v1/search/pipelines/" + triggerpipeline = "api/v1/pipelines/trigger" + pipelineSyncStatus = "api/v1/pipelineSyncStatuses" + pipelineResources = "api/v1/pipelineSources" + cancelRunPath = "api/v1/runs/:runId/cancel" ) func (rs *RunService) GetRunStatus(branch, pipeName string, isMultiBranch bool) (*PipelineRunStatusResponse, error) { diff --git a/tests/artifactorypermissiontarget_test.go b/tests/artifactorypermissiontarget_test.go index 7ad1246d4..74ea398e9 100644 --- a/tests/artifactorypermissiontarget_test.go +++ b/tests/artifactorypermissiontarget_test.go @@ -159,7 +159,7 @@ func TestDocumentationExampleCreateUpdateAndDeletePermissionTarget(t *testing.T) } func createRandomUser(t *testing.T) string { - name := fmt.Sprintf("test-%s-%s", timestampStr, randomString(16)) + name := fmt.Sprintf("test-%s-%s", timestampStr, randomString(t, 16)) userDetails := services.User{ Name: name, Email: name + "@jfrog.com", @@ -186,20 +186,19 @@ func createRandomUser(t *testing.T) string { } func createRandomRepo(t *testing.T) string { - repoKey := fmt.Sprintf("test-%s-%s", timestampStr, randomString(16)) + repoKey := fmt.Sprintf("test-%s-%s", timestampStr, randomString(t, 16)) glp := services.NewGenericLocalRepositoryParams() glp.Key = repoKey setLocalRepositoryBaseParams(&glp.LocalRepositoryBaseParams, false) err := testsCreateLocalRepositoryService.Generic(glp) - assert.NoError(t, err) return repoKey } func createRandomGroup(t *testing.T) string { - name := fmt.Sprintf("test-%s-%s", timestampStr, randomString(16)) + name := fmt.Sprintf("test-%s-%s", timestampStr, randomString(t, 16)) groupDetails := services.Group{ Name: name, @@ -221,8 +220,9 @@ func createRandomGroup(t *testing.T) string { return name } -func randomString(length int) string { +func randomString(t *testing.T, length int) string { b := make([]byte, length) - rand.Read(b) + _, err := rand.Read(b) + assert.NoError(t, err) return fmt.Sprintf("%x", b)[:length] } diff --git a/tests/artifactorysystem_test.go b/tests/artifactorysystem_test.go index 2cc2fdece..c31b20303 100644 --- a/tests/artifactorysystem_test.go +++ b/tests/artifactorysystem_test.go @@ -50,7 +50,8 @@ func testGetConfigDescriptor(t *testing.T) { // Send response 200 OK w.WriteHeader(http.StatusOK) - w.Write([]byte("")) + _, err := w.Write([]byte("")) + assert.NoError(t, err) }) ts := httptest.NewServer(handler) defer ts.Close() @@ -71,7 +72,8 @@ func testActivateKeyEncryption(t *testing.T) { // Send response 200 OK w.WriteHeader(http.StatusOK) - w.Write([]byte("Done")) + _, err := w.Write([]byte("Done")) + assert.NoError(t, err) }) ts := httptest.NewServer(handler) defer ts.Close() @@ -90,7 +92,8 @@ func testDeactivateKeyEncryption(t *testing.T) { // Send response 200 OK w.WriteHeader(http.StatusOK) - w.Write([]byte("Done")) + _, err := w.Write([]byte("Done")) + assert.NoError(t, err) }) ts := httptest.NewServer(handler) defer ts.Close() @@ -111,7 +114,8 @@ func testDeactivateKeyEncryptionNotEncrypted(t *testing.T) { // Send response 200 OK w.WriteHeader(http.StatusConflict) - w.Write([]byte("Cannot decrypt without artifactory key file")) + _, err := w.Write([]byte("Cannot decrypt without artifactory key file")) + assert.NoError(t, err) }) ts := httptest.NewServer(handler) defer ts.Close() diff --git a/tests/utils_test.go b/tests/utils_test.go index 837dd5649..9c6d006bb 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -678,7 +678,7 @@ func teardownIntegrationTests() { repo := getRtTargetRepoKey() err := testsDeleteRepositoryService.Delete(repo) if err != nil { - fmt.Printf("teardownIntegrationTests failed for:" + err.Error()) + fmt.Print("teardownIntegrationTests failed for:" + err.Error()) os.Exit(1) } } diff --git a/tests/xrayscan_test.go b/tests/xrayscan_test.go index e14131e67..687f75057 100644 --- a/tests/xrayscan_test.go +++ b/tests/xrayscan_test.go @@ -55,7 +55,7 @@ func scanBuild(t *testing.T, buildName, buildNumber, expected string) { t.Error(err) } - expected = strings.Replace(expected, "\n", "", -1) + expected = strings.ReplaceAll(expected, "\n", "") if string(result) != expected { t.Error("Expected:", string(result), "Got: ", expected) } diff --git a/tests/xraysummary_test.go b/tests/xraysummary_test.go index 72b96a3c2..f5d7ea4f3 100644 --- a/tests/xraysummary_test.go +++ b/tests/xraysummary_test.go @@ -3,6 +3,7 @@ package tests import ( "bytes" "encoding/json" + "github.com/stretchr/testify/assert" "strconv" "strings" "testing" @@ -63,7 +64,8 @@ func artifactSummary(t *testing.T, checksums []string, paths []string, expected } buf := bytes.NewBuffer([]byte{}) - json.Compact(buf, []byte(expected)) + err = json.Compact(buf, []byte(expected)) + assert.NoError(t, err) expected = buf.String() expected = strings.ReplaceAll(expected, "\n", "") diff --git a/utils/io/content/contentwriter.go b/utils/io/content/contentwriter.go index 3eaaaea62..4918dc8c7 100644 --- a/utils/io/content/contentwriter.go +++ b/utils/io/content/contentwriter.go @@ -149,7 +149,7 @@ func (rw *ContentWriter) run() { firstRecord = false } } - closeString = closeString + jsonArraySuffix + closeString += jsonArraySuffix if rw.isCompleteFile { closeString += "}\n" } diff --git a/utils/io/fileutils/files.go b/utils/io/fileutils/files.go index 2e8e3d105..b85be9b0f 100644 --- a/utils/io/fileutils/files.go +++ b/utils/io/fileutils/files.go @@ -77,13 +77,13 @@ func GetFileInfo(path string, preserveSymLink bool) (fileInfo os.FileInfo, err e fileInfo, err = os.Stat(path) } // We should not do CheckError here, because the error is checked by the calling functions. - return fileInfo, err + return } func IsDirEmpty(path string) (isEmpty bool, err error) { dir, err := os.Open(path) - if err != nil { - return false, errorutils.CheckError(err) + if errorutils.CheckError(err) != nil { + return } defer func() { e := dir.Close() @@ -94,9 +94,12 @@ func IsDirEmpty(path string) (isEmpty bool, err error) { _, err = dir.Readdirnames(1) if err == io.EOF { - return true, nil + isEmpty = true + err = nil + return } - return false, errorutils.CheckError(err) + err = errorutils.CheckError(err) + return } func IsPathSymlink(path string) bool { @@ -282,16 +285,17 @@ func CreateDirIfNotExist(path string) error { // Reads the content of the file in the source path and appends it to // the file in the destination path. -func AppendFile(srcPath string, destFile *os.File) error { +func AppendFile(srcPath string, destFile *os.File) (err error) { srcFile, err := os.Open(srcPath) - err = errorutils.CheckError(err) - if err != nil { - return err + if errorutils.CheckError(err) != nil { + return } - defer func() error { - err := srcFile.Close() - return errorutils.CheckError(err) + defer func() { + e := srcFile.Close() + if err == nil { + err = e + } }() reader := bufio.NewReader(srcFile) @@ -299,7 +303,8 @@ func AppendFile(srcPath string, destFile *os.File) error { writer := bufio.NewWriter(destFile) buf := make([]byte, 1024000) for { - n, err := reader.Read(buf) + var n int + n, err = reader.Read(buf) if err != io.EOF { err = errorutils.CheckError(err) if err != nil { @@ -397,10 +402,20 @@ func GetFileDetailsFromReader(reader io.Reader, includeChecksums bool) (*FileDet details := new(FileDetails) pr, pw := io.Pipe() - defer pr.Close() + defer func() { + e := pr.Close() + if err == nil { + err = errorutils.CheckError(e) + } + }() go func() { - defer pw.Close() + defer func() { + e := pw.Close() + if err == nil { + err = errorutils.CheckError(e) + } + }() details.Size, err = io.Copy(pw, reader) }() @@ -529,8 +544,13 @@ func FindUpstream(itemToFInd string, itemType ItemType) (wd string, exists bool, if err != nil { return } - defer os.Chdir(wd) - + origWd := wd + defer func() { + e := os.Chdir(origWd) + if err == nil { + err = e + } + }() // Get the OS root. osRoot := os.Getenv("SYSTEMDRIVE") if osRoot != "" { @@ -567,7 +587,7 @@ func FindUpstream(itemToFInd string, itemType ItemType) (wd string, exists bool, visitedPaths[wd] = true // CD to the parent directory. wd = filepath.Dir(wd) - err := os.Chdir(wd) + err = os.Chdir(wd) if err != nil { return "", false, err } diff --git a/utils/utils.go b/utils/utils.go index f69e5a71c..b84e6dc40 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -26,7 +26,7 @@ import ( const ( Development = "development" Agent = "jfrog-client-go" - Version = "1.28.0" + Version = "1.28.1" ) // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit. @@ -205,6 +205,7 @@ func cleanPath(path string) string { if io.IsWindows() { // Since filepath.Clean replaces \\ with \, we revert this action. path = strings.ReplaceAll(path, `\`, `\\`) + path = strings.ReplaceAll(path, `\\\\`, `\\`) } return path } @@ -316,10 +317,10 @@ func GetLogMsgPrefix(threadId int, dryRun bool) string { } func TrimPath(path string) string { - path = strings.Replace(path, "\\", "/", -1) - path = strings.Replace(path, "//", "/", -1) - path = strings.Replace(path, "../", "", -1) - path = strings.Replace(path, "./", "", -1) + path = strings.ReplaceAll(path, "\\", "/") + path = strings.ReplaceAll(path, "//", "/") + path = strings.ReplaceAll(path, "../", "") + path = strings.ReplaceAll(path, "./", "") return path } @@ -343,7 +344,7 @@ func GetUserHomeDir() string { if home == "" { home = os.Getenv("USERPROFILE") } - return strings.Replace(home, "\\", "\\\\", -1) + return strings.ReplaceAll(home, "\\", "\\\\") } return os.Getenv("HOME") } diff --git a/xray/services/scan.go b/xray/services/scan.go index 60cb495c5..91f77bb22 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -3,6 +3,7 @@ package services import ( "encoding/json" "github.com/jfrog/jfrog-client-go/utils/log" + "golang.org/x/exp/maps" "net/http" "strings" "time" @@ -189,6 +190,25 @@ type GraphNode struct { Parent *GraphNode `json:"-"` } +// FlattenGraph creates a map of dependencies from the given graph, and returns a flat graph of dependencies with one level. +func FlattenGraph(graph []*GraphNode) []*GraphNode { + allDependencies := map[string]*GraphNode{} + for _, node := range graph { + populateUniqueDependencies(node, allDependencies) + } + return []*GraphNode{{Id: "root", Nodes: maps.Values(allDependencies)}} +} + +func populateUniqueDependencies(node *GraphNode, allDependencies map[string]*GraphNode) { + if _, exist := allDependencies[node.Id]; exist { + return + } + allDependencies[node.Id] = &GraphNode{Id: node.Id} + for _, dependency := range node.Nodes { + populateUniqueDependencies(dependency, allDependencies) + } +} + type OtherComponentIds struct { Id string `json:"component_id,omitempty"` Origin int `json:"origin,omitempty"` diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 1eafe2a21..9f793460b 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -2,6 +2,8 @@ package services import ( "fmt" + "github.com/jfrog/gofrog/datastructures" + "github.com/stretchr/testify/assert" "testing" ) @@ -47,3 +49,32 @@ func TestCreateScanGraphQueryParams(t *testing.T) { }) } } + +func TestFlattenGraph(t *testing.T) { + nodeA := &GraphNode{Id: "A"} + nodeB := &GraphNode{Id: "B"} + nodeC := &GraphNode{Id: "C"} + nodeD := &GraphNode{Id: "D"} + nodeE := &GraphNode{Id: "E"} + nodeF := &GraphNode{Id: "F"} + + // Set dependencies + nodeA.Nodes = []*GraphNode{nodeB, nodeC} + nodeB.Nodes = []*GraphNode{nodeC, nodeD} + nodeC.Nodes = []*GraphNode{nodeD} + nodeD.Nodes = []*GraphNode{nodeE, nodeF} + nodeF.Nodes = []*GraphNode{nodeA, nodeB, nodeC} + + // Create graph + graph := []*GraphNode{nodeA, nodeB, nodeC} + flatGraph := FlattenGraph(graph) + + // Check that the graph has been flattened correctly + assert.Equal(t, len(flatGraph[0].Nodes), 6) + set := datastructures.MakeSet[string]() + for _, node := range flatGraph[0].Nodes { + assert.Len(t, node.Nodes, 0) + assert.False(t, set.Exists(node.Id)) + set.Add(node.Id) + } +} From 0b22cb3773a5db8107db220b02d1e6301b8c7eda Mon Sep 17 00:00:00 2001 From: Eyal Ben Moshe Date: Thu, 13 Apr 2023 12:48:44 +0300 Subject: [PATCH 02/54] Added the Frogbot badge to the README (#740) --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 70f93b276..d07831f42 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ # JFrog Go Client +[![Scanned by Frogbot](https://raw.github.com/jfrog/frogbot/master/images/frogbot-badge.svg)](https://github.com/jfrog/frogbot#readme) + | Branch | Status | From b71c2803fbdf80504f4b4bce0450cb13477db1ea Mon Sep 17 00:00:00 2001 From: yahavi Date: Tue, 23 May 2023 18:44:41 +0300 Subject: [PATCH 03/54] Promoted version to 1.29.1 --- utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/utils.go b/utils/utils.go index 7e8932389..1e09afead 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -26,7 +26,7 @@ import ( const ( Development = "development" Agent = "jfrog-client-go" - Version = "1.29.0" + Version = "1.29.1" ) // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit. From f75002534808ee349c90adefcee62b267ee54f9b Mon Sep 17 00:00:00 2001 From: Omer Zidkoni Date: Wed, 12 Jul 2023 14:18:28 +0300 Subject: [PATCH 04/54] Promoted version to 1.31.1 --- utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/utils.go b/utils/utils.go index d30dfd5ce..7328edef6 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -26,7 +26,7 @@ import ( const ( Development = "development" Agent = "jfrog-client-go" - Version = "1.31.0" + Version = "1.31.1" ) // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit. From b1ae83639655298e5dd149a0b3d3f7e4c0a3511e Mon Sep 17 00:00:00 2001 From: eyalbe4 Date: Mon, 31 Jul 2023 21:00:52 +0300 Subject: [PATCH 05/54] Promoted version to 1.31.3 --- utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/utils.go b/utils/utils.go index 9c1d7246f..654bf095f 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -26,7 +26,7 @@ import ( const ( Development = "development" Agent = "jfrog-client-go" - Version = "1.31.2" + Version = "1.31.3" ) // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit. From 0ca9b47a698678ed5e5e2d56e34a970958a7a3a9 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 15 Aug 2023 16:02:40 +0300 Subject: [PATCH 06/54] Refactor to interface --- xray/auth/xraydetails.go | 4 +-- xray/manager/manager.go | 38 ++++++++++++++++++++++++++++ xray/{manager.go => manager/xray.go} | 4 +-- xray/manager/xsc.go | 23 +++++++++++++++++ 4 files changed, 65 insertions(+), 4 deletions(-) create mode 100644 xray/manager/manager.go rename xray/{manager.go => manager/xray.go} (99%) create mode 100644 xray/manager/xsc.go diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index eefe1497c..bcc7289c1 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -4,7 +4,7 @@ import ( "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray" + "github.com/jfrog/jfrog-client-go/xray/manager" ) // NewXrayDetails creates a struct of the Xray details @@ -37,7 +37,7 @@ func (ds *xrayDetails) getXrayVersion() (string, error) { if err != nil { return "", err } - sm, err := xray.New(serviceConfig) + sm, err := manager.New(serviceConfig) if err != nil { return "", err } diff --git a/xray/manager/manager.go b/xray/manager/manager.go new file mode 100644 index 000000000..a6ae73a8d --- /dev/null +++ b/xray/manager/manager.go @@ -0,0 +1,38 @@ +package manager + +import ( + "github.com/jfrog/jfrog-client-go/config" + "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/xray/services" + "github.com/jfrog/jfrog-client-go/xray/services/utils" +) + +type SecurityServiceManager interface { + // Getters + Client() *jfroghttpclient.JfrogHttpClient + Config() config.Config + GetVersion() (string, error) + // Watches + CreateWatch(params utils.WatchParams) error + GetWatch(watchName string) (*utils.WatchParams, error) + UpdateWatch(params utils.WatchParams) error + DeleteWatch(watchName string) error + // Policies + CreatePolicy(params utils.PolicyParams) error + GetPolicy(policyName string) (*utils.PolicyParams, error) + UpdatePolicy(params utils.PolicyParams) error + DeletePolicy(policyName string) error + // Scan + ScanGraph(params services.XrayGraphScanParams) (scanId string, err error) + GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*services.ScanResponse, error) + BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) + // Report + GenerateVulnerabilitiesReport(params services.ReportRequestParams) (resp *services.ReportResponse, err error) + ReportDetails(reportId string) (details *services.ReportDetails, err error) + ReportContent(params services.ReportContentRequestParams) (content *services.ReportContent, err error) + DeleteReport(reportId string) error + // Utilities + AddBuildsToIndexing(buildNames []string) error + ArtifactSummary(params services.ArtifactSummaryParams) (*services.ArtifactSummaryResponse, error) + IsEntitled(featureId string) (bool, error) +} diff --git a/xray/manager.go b/xray/manager/xray.go similarity index 99% rename from xray/manager.go rename to xray/manager/xray.go index 676fe1585..80faf1a41 100644 --- a/xray/manager.go +++ b/xray/manager/xray.go @@ -1,4 +1,4 @@ -package xray +package manager import ( "github.com/jfrog/jfrog-client-go/config" @@ -14,7 +14,7 @@ type XrayServicesManager struct { } // New creates a service manager to interact with Xray -func New(config config.Config) (*XrayServicesManager, error) { +func New(config config.Config) (SecurityServiceManager, error) { details := config.GetServiceDetails() var err error manager := &XrayServicesManager{config: config} diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go new file mode 100644 index 000000000..624b43b61 --- /dev/null +++ b/xray/manager/xsc.go @@ -0,0 +1,23 @@ +package manager + +import "github.com/jfrog/jfrog-client-go/xray/services" + +type XscServicesManger struct { + XrayServicesManager +} + +// ScanGraph will send Xray the given graph for scan +// Returns a string represents the scan ID. +func (xsc *XscServicesManger) ScanGraph(params services.XrayGraphScanParams) (scanId string, err error) { + scanService := services.NewScanService(xsc.client) + scanService.XrayDetails = xsc.config.GetServiceDetails() + return scanService.ScanGraph(params) +} + +// GetScanGraphResults returns an Xray scan output of the requested graph scan. +// The scanId input should be received from ScanGraph request. +func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*services.ScanResponse, error) { + scanService := services.NewScanService(xsc.client) + scanService.XrayDetails = xsc.config.GetServiceDetails() + return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) +} From a911794249b72e21636ba87c3cf3e9d72657931b Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 15 Aug 2023 17:32:46 +0300 Subject: [PATCH 07/54] Split scan service --- http/jfroghttpclient/client.go | 5 + xray/manager/manager.go | 5 +- xray/manager/xray.go | 11 +- xray/manager/xsc.go | 18 +-- xray/{services => scan}/scan.go | 177 ++++++++++++++++++++++----- xray/{services => scan}/scan_test.go | 2 +- xray/services/buildscan.go | 19 +-- 7 files changed, 176 insertions(+), 61 deletions(-) rename xray/{services => scan}/scan.go (71%) rename xray/{services => scan}/scan_test.go (99%) diff --git a/http/jfroghttpclient/client.go b/http/jfroghttpclient/client.go index 52ec2fe7c..bc606b536 100644 --- a/http/jfroghttpclient/client.go +++ b/http/jfroghttpclient/client.go @@ -166,3 +166,8 @@ func (rtc *JfrogHttpClient) runPreRequestInterceptors(httpClientDetails *httputi } return nil } + +func (rtc *JfrogHttpClient) XscEnabled() bool { + // TODO CHANGE THIS OR MOVE THIS FUNCTION + return true +} diff --git a/xray/manager/manager.go b/xray/manager/manager.go index a6ae73a8d..7193f8310 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -3,6 +3,7 @@ package manager import ( "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/xray/scan" "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" ) @@ -23,8 +24,8 @@ type SecurityServiceManager interface { UpdatePolicy(params utils.PolicyParams) error DeletePolicy(policyName string) error // Scan - ScanGraph(params services.XrayGraphScanParams) (scanId string, err error) - GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*services.ScanResponse, error) + ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) + GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) // Report GenerateVulnerabilitiesReport(params services.ReportRequestParams) (resp *services.ReportResponse, err error) diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 80faf1a41..895f78a53 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -3,6 +3,7 @@ package manager import ( "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/xray/scan" "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" ) @@ -119,17 +120,15 @@ func (sm *XrayServicesManager) AddBuildsToIndexing(buildNames []string) error { // ScanGraph will send Xray the given graph for scan // Returns a string represents the scan ID. -func (sm *XrayServicesManager) ScanGraph(params services.XrayGraphScanParams) (scanId string, err error) { - scanService := services.NewScanService(sm.client) - scanService.XrayDetails = sm.config.GetServiceDetails() +func (sm *XrayServicesManager) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { + scanService := scan.NewScanService(sm.client, sm.config.GetServiceDetails()) return scanService.ScanGraph(params) } // GetScanGraphResults returns an Xray scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. -func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*services.ScanResponse, error) { - scanService := services.NewScanService(sm.client) - scanService.XrayDetails = sm.config.GetServiceDetails() +func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { + scanService := scan.NewScanService(sm.client, sm.config.GetServiceDetails()) return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 624b43b61..bb7cb1b8d 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -1,23 +1,23 @@ package manager -import "github.com/jfrog/jfrog-client-go/xray/services" +import ( + "github.com/jfrog/jfrog-client-go/xray/scan" +) type XscServicesManger struct { XrayServicesManager } -// ScanGraph will send Xray the given graph for scan +// ScanGraph will send XSC the given graph for scan // Returns a string represents the scan ID. -func (xsc *XscServicesManger) ScanGraph(params services.XrayGraphScanParams) (scanId string, err error) { - scanService := services.NewScanService(xsc.client) - scanService.XrayDetails = xsc.config.GetServiceDetails() +func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { + scanService := scan.NewScanService(xsc.client, xsc.config.GetServiceDetails()) return scanService.ScanGraph(params) } -// GetScanGraphResults returns an Xray scan output of the requested graph scan. +// GetScanGraphResults returns an XSC scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. -func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*services.ScanResponse, error) { - scanService := services.NewScanService(xsc.client) - scanService.XrayDetails = xsc.config.GetServiceDetails() +func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { + scanService := scan.NewScanService(xsc.client, xsc.config.GetServiceDetails()) return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } diff --git a/xray/services/scan.go b/xray/scan/scan.go similarity index 71% rename from xray/services/scan.go rename to xray/scan/scan.go index f295f246e..7de9ae10c 100644 --- a/xray/services/scan.go +++ b/xray/scan/scan.go @@ -1,4 +1,4 @@ -package services +package scan import ( "encoding/json" @@ -32,53 +32,120 @@ const ( andIncludeLicensesParam = "&include_licenses=true" // Get scan results timeouts - defaultMaxWaitMinutes = 45 * time.Minute // 45 minutes - defaultSyncSleepInterval = 5 * time.Second // 5 seconds + DefaultMaxWaitMinutes = 45 * time.Minute // 45 minutes + DefaultSyncSleepInterval = 5 * time.Second // 5 seconds // ScanType values Dependency ScanType = "dependency" Binary ScanType = "binary" - xrayScanStatusFailed = "failed" + XrayScanStatusFailed = "failed" ) -type ScanType string - -type ScanService struct { - client *jfroghttpclient.JfrogHttpClient - XrayDetails auth.ServiceDetails +type ScanServiceInterface interface { + ScanGraph(scanParams XrayGraphScanParams) (string, error) + GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) } -// NewScanService creates a new service to scan binaries and audit code projects' dependencies. -func NewScanService(client *jfroghttpclient.JfrogHttpClient) *ScanService { - return &ScanService{client: client} +type XscScanService struct { + ScanService } -func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { - var params []string - switch { - case scanParams.ProjectKey != "": - params = append(params, projectQueryParam+scanParams.ProjectKey) - case scanParams.RepoPath != "": - params = append(params, repoPathQueryParam+scanParams.RepoPath) - case len(scanParams.Watches) > 0: - for _, watch := range scanParams.Watches { - if watch != "" { - params = append(params, watchesQueryParam+watch) - } +func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { + httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() + utils.SetContentType("application/json", &httpClientsDetails.Headers) + requestBody, err := json.Marshal(scanParams.Graph) + if err != nil { + return "", errorutils.CheckError(err) + } + url := xsc.XrayDetails.GetUrl() + scanGraphAPI + url += createScanGraphQueryParams(scanParams) + resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) + if err != nil { + return "", err + } + + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { + scanErrorJson := ScanErrorJson{} + if e := json.Unmarshal(body, &scanErrorJson); e == nil { + return "", errorutils.CheckErrorf(scanErrorJson.Error) } + return "", err + } + scanResponse := RequestScanResponse{} + if err = json.Unmarshal(body, &scanResponse); err != nil { + return "", errorutils.CheckError(err) } + return scanResponse.ScanId, err +} - if scanParams.ScanType != "" { - params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) +func (xsc *XscScanService) GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { + httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() + utils.SetContentType("application/json", &httpClientsDetails.Headers) + + // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. + endPoint := xsc.XrayDetails.GetUrl() + scanGraphAPI + "/" + scanId + if includeVulnerabilities { + endPoint += includeVulnerabilitiesParam + if includeLicenses { + endPoint += andIncludeLicensesParam + } + } else if includeLicenses { + endPoint += includeLicensesParam + } + log.Info("Waiting for scan to complete on JFrog Xray...") + pollingAction := func() (shouldStop bool, responseBody []byte, err error) { + resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) + if err != nil { + return true, nil, err + } + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusAccepted); err != nil { + return true, nil, err + } + // Got the full valid response. + if resp.StatusCode == http.StatusOK { + return true, body, nil + } + return false, nil, nil + } + pollingExecutor := &httputils.PollingExecutor{ + Timeout: DefaultMaxWaitMinutes, + PollingInterval: DefaultSyncSleepInterval, + PollingAction: pollingAction, + MsgPrefix: "Get Dependencies Scan results... ", } - if len(params) == 0 { - return "" + body, err := pollingExecutor.Execute() + if err != nil { + return nil, err } - return "?" + strings.Join(params, "&") + scanResponse := ScanResponse{} + if err = json.Unmarshal(body, &scanResponse); err != nil { + return nil, errorutils.CheckErrorf("couldn't parse JFrog Xray server response: " + err.Error()) + } + if scanResponse.ScannedStatus == XrayScanStatusFailed { + // Failed due to an internal Xray error + return nil, errorutils.CheckErrorf("received a failure status from JFrog Xray server:\n%s", errorutils.GenerateErrorString(body)) + } + return &scanResponse, err } +type ScanType string + +type ScanService struct { + client *jfroghttpclient.JfrogHttpClient + XrayDetails auth.ServiceDetails +} + +// NewScanService creates a new service to scan binaries and audit code projects' dependencies. +func NewScanService(client *jfroghttpclient.JfrogHttpClient, details auth.ServiceDetails) ScanServiceInterface { + // TODO check if this is okay,maybe change to details + // TODO for dev always true + if client.XscEnabled() { + return &XscScanService{ScanService{client: client, XrayDetails: details}} + } + return &ScanService{client: client, XrayDetails: details} +} func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { httpClientsDetails := ss.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) @@ -137,8 +204,8 @@ func (ss *ScanService) GetScanGraphResults(scanId string, includeVulnerabilities return false, nil, nil } pollingExecutor := &httputils.PollingExecutor{ - Timeout: defaultMaxWaitMinutes, - PollingInterval: defaultSyncSleepInterval, + Timeout: DefaultMaxWaitMinutes, + PollingInterval: DefaultSyncSleepInterval, PollingAction: pollingAction, MsgPrefix: "Get Dependencies Scan results... ", } @@ -151,7 +218,7 @@ func (ss *ScanService) GetScanGraphResults(scanId string, includeVulnerabilities if err = json.Unmarshal(body, &scanResponse); err != nil { return nil, errorutils.CheckErrorf("couldn't parse JFrog Xray server response: " + err.Error()) } - if scanResponse.ScannedStatus == xrayScanStatusFailed { + if scanResponse.ScannedStatus == XrayScanStatusFailed { // Failed due to an internal Xray error return nil, errorutils.CheckErrorf("received a failure status from JFrog Xray server:\n%s", errorutils.GenerateErrorString(body)) } @@ -168,6 +235,36 @@ type XrayGraphScanParams struct { Graph *xrayUtils.GraphNode IncludeVulnerabilities bool IncludeLicenses bool + xscContextDetails *XscGitInfoContext +} + +func (gp *XrayGraphScanParams) GetProjectKey() string { + return gp.ProjectKey +} + +func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { + var params []string + switch { + case scanParams.ProjectKey != "": + params = append(params, projectQueryParam+scanParams.ProjectKey) + case scanParams.RepoPath != "": + params = append(params, repoPathQueryParam+scanParams.RepoPath) + case len(scanParams.Watches) > 0: + for _, watch := range scanParams.Watches { + if watch != "" { + params = append(params, watchesQueryParam+watch) + } + } + } + + if scanParams.ScanType != "" { + params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) + } + + if len(params) == 0 { + return "" + } + return "?" + strings.Join(params, "&") } // FlattenGraph creates a map of dependencies from the given graph, and returns a flat graph of dependencies with one level. @@ -305,6 +402,18 @@ type JfrogResearchSeverityReason struct { IsPositive bool `json:"is_positive,omitempty"` } -func (gp *XrayGraphScanParams) GetProjectKey() string { - return gp.ProjectKey +type XscGitInfoContext struct { + GitRepoUrl string `json:"git_repo_url"` + GitRepoName string `json:"git_repo_name"` + GitTargetRepoName string `json:"git_target_repo_name"` + GitProject string `json:"git_project"` + GitProvider string `json:"git_provider"` + Technologies []string `json:"technologies"` + BranchName string `json:"branch_name"` + TargetBranchName string `json:"target_branch_name"` + LastCommit string `json:"last_commit"` + CommitHash string `json:"commit_hash"` + CommitMessage string `json:"commit_message"` + CommitAuthor string `json:"commit_author"` + Date int64 `json:"date"` } diff --git a/xray/services/scan_test.go b/xray/scan/scan_test.go similarity index 99% rename from xray/services/scan_test.go rename to xray/scan/scan_test.go index bc8fb5c47..6663d643f 100644 --- a/xray/services/scan_test.go +++ b/xray/scan/scan_test.go @@ -1,4 +1,4 @@ -package services +package scan import ( "fmt" diff --git a/xray/services/buildscan.go b/xray/services/buildscan.go index 3861803df..d850d2da5 100644 --- a/xray/services/buildscan.go +++ b/xray/services/buildscan.go @@ -11,6 +11,7 @@ import ( "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/io/httputils" "github.com/jfrog/jfrog-client-go/utils/log" + "github.com/jfrog/jfrog-client-go/xray/scan" "net/http" "strings" ) @@ -121,8 +122,8 @@ func (bs *BuildScanService) getBuildScanResults(reqFunc func() (*http.Response, return false, nil, nil } pollingExecutor := &httputils.PollingExecutor{ - Timeout: defaultMaxWaitMinutes, - PollingInterval: defaultSyncSleepInterval, + Timeout: scan.DefaultMaxWaitMinutes, + PollingInterval: scan.DefaultSyncSleepInterval, PollingAction: pollingAction, MsgPrefix: fmt.Sprintf("Get Build Scan results for Build: %s/%s...", params.BuildName, params.BuildNumber), } @@ -135,7 +136,7 @@ func (bs *BuildScanService) getBuildScanResults(reqFunc func() (*http.Response, if err = json.Unmarshal(body, &buildScanResponse); err != nil { return nil, errorutils.CheckError(err) } - if buildScanResponse.Status == xrayScanStatusFailed { + if buildScanResponse.Status == scan.XrayScanStatusFailed { return nil, errorutils.CheckErrorf("Xray build scan failed") } return &buildScanResponse, err @@ -178,10 +179,10 @@ type RequestBuildScanResponse struct { } type BuildScanResponse struct { - Status string `json:"status,omitempty"` - MoreDetailsUrl string `json:"more_details_url,omitempty"` - FailBuild bool `json:"fail_build,omitempty"` - Violations []Violation `json:"violations,omitempty"` - Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"` - Info string `json:"info,omitempty"` + Status string `json:"status,omitempty"` + MoreDetailsUrl string `json:"more_details_url,omitempty"` + FailBuild bool `json:"fail_build,omitempty"` + Violations []scan.Violation `json:"violations,omitempty"` + Vulnerabilities []scan.Vulnerability `json:"vulnerabilities,omitempty"` + Info string `json:"info,omitempty"` } From 5386aaa93191b805cfa74394616fc2142f2263c7 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 11:24:54 +0300 Subject: [PATCH 08/54] Working XSC call --- access/auth/accessdetails.go | 4 + artifactory/auth/rtdetails.go | 4 + auth/servicedetails.go | 2 + distribution/auth/dsdetails.go | 4 + lifecycle/auth/lifecycledetails.go | 4 + pipelines/auth/pipelinesdetails.go | 4 + xray/auth/xraydetails.go | 23 +++-- xray/manager/manager.go | 4 +- xray/manager/xray.go | 27 ++++-- xray/manager/xsc.go | 17 +++- xray/scan/scan.go | 98 ++------------------- xray/scan/xscScan.go | 136 +++++++++++++++++++++++++++++ 12 files changed, 221 insertions(+), 106 deletions(-) create mode 100644 xray/scan/xscScan.go diff --git a/access/auth/accessdetails.go b/access/auth/accessdetails.go index f278eaac7..65c8ed492 100644 --- a/access/auth/accessdetails.go +++ b/access/auth/accessdetails.go @@ -12,6 +12,10 @@ type accessDetails struct { auth.CommonConfigFields } +func (rt *accessDetails) GetXscUrl() string { + panic("Failed: Method is not implemented") +} + func (rt *accessDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } diff --git a/artifactory/auth/rtdetails.go b/artifactory/auth/rtdetails.go index affe86baa..cad3d05b7 100644 --- a/artifactory/auth/rtdetails.go +++ b/artifactory/auth/rtdetails.go @@ -15,6 +15,10 @@ type artifactoryDetails struct { auth.CommonConfigFields } +func (rt *artifactoryDetails) GetXscUrl() string { + panic("Failed: Method is not implemented") +} + func (rt *artifactoryDetails) GetVersion() (string, error) { var err error if rt.Version == "" { diff --git a/auth/servicedetails.go b/auth/servicedetails.go index dc3b391aa..dd94a731e 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -53,10 +53,12 @@ type ServiceDetails interface { RunPreRequestFunctions(httpClientDetails *httputils.HttpClientDetails) error CreateHttpClientDetails() httputils.HttpClientDetails + GetXscUrl() string } type CommonConfigFields struct { Url string `json:"-"` + XscUrl string `json:"-"` User string `json:"-"` Password string `json:"-"` ApiKey string `json:"-"` diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index 25e2b7c8a..da7bb9104 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -15,6 +15,10 @@ type distributionDetails struct { auth.CommonConfigFields } +func (ds *distributionDetails) GetXscUrl() string { + panic("Failed: Method is not implemented") +} + func (ds *distributionDetails) GetVersion() (string, error) { var err error if ds.Version == "" { diff --git a/lifecycle/auth/lifecycledetails.go b/lifecycle/auth/lifecycledetails.go index 1fa007404..f5f8f85cf 100644 --- a/lifecycle/auth/lifecycledetails.go +++ b/lifecycle/auth/lifecycledetails.go @@ -12,6 +12,10 @@ type lifecycleDetails struct { auth.CommonConfigFields } +func (rt *lifecycleDetails) GetXscUrl() string { + panic("Failed: Method is not implemented") +} + func (rt *lifecycleDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } diff --git a/pipelines/auth/pipelinesdetails.go b/pipelines/auth/pipelinesdetails.go index 7eb58010a..a7cc7ba4f 100644 --- a/pipelines/auth/pipelinesdetails.go +++ b/pipelines/auth/pipelinesdetails.go @@ -15,6 +15,10 @@ type pipelinesDetails struct { auth.CommonConfigFields } +func (pd *pipelinesDetails) GetXscUrl() string { + panic("Failed: Method is not implemented") +} + func (pd *pipelinesDetails) GetVersion() (string, error) { var err error if pd.Version == "" { diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index bcc7289c1..97522f8cd 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -8,15 +8,20 @@ import ( ) // NewXrayDetails creates a struct of the Xray details -func NewXrayDetails() *xrayDetails { - return &xrayDetails{} +func NewXrayDetails() *XrayDetails { + return &XrayDetails{} } -type xrayDetails struct { +type XrayDetails struct { auth.CommonConfigFields } -func (ds *xrayDetails) GetVersion() (string, error) { +type XscDetails struct { + auth.CommonConfigFields + XscUrl string +} + +func (ds *XrayDetails) GetVersion() (string, error) { var err error if ds.Version == "" { ds.Version, err = ds.getXrayVersion() @@ -28,7 +33,7 @@ func (ds *xrayDetails) GetVersion() (string, error) { return ds.Version, nil } -func (ds *xrayDetails) getXrayVersion() (string, error) { +func (ds *XrayDetails) getXrayVersion() (string, error) { cd := auth.ServiceDetails(ds) serviceConfig, err := config.NewConfigBuilder(). SetServiceDetails(cd). @@ -43,3 +48,11 @@ func (ds *xrayDetails) getXrayVersion() (string, error) { } return sm.GetVersion() } + +func (ds *XrayDetails) GetXscUrl() string { + return ds.XscUrl +} + +func (ds *XrayDetails) SetXscUrl(url string) { + ds.XscUrl = url +} diff --git a/xray/manager/manager.go b/xray/manager/manager.go index 7193f8310..5bc55e69c 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -8,9 +8,11 @@ import ( "github.com/jfrog/jfrog-client-go/xray/services/utils" ) +// SecurityServiceManager holds operations to Xray ( regrading if for Xray backend or XSC ) type SecurityServiceManager interface { - // Getters + // Attributes Client() *jfroghttpclient.JfrogHttpClient + SetClient(client *jfroghttpclient.JfrogHttpClient) Config() config.Config GetVersion() (string, error) // Watches diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 895f78a53..51a7a8e2f 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -15,11 +15,15 @@ type XrayServicesManager struct { } // New creates a service manager to interact with Xray -func New(config config.Config) (SecurityServiceManager, error) { +func New(config config.Config) (manager SecurityServiceManager, err error) { details := config.GetServiceDetails() - var err error - manager := &XrayServicesManager{config: config} - manager.client, err = jfroghttpclient.JfrogClientBuilder(). + if details.GetXscUrl() != "" { + manager = &XscServicesManger{XrayServicesManager{config: config}} + } else { + manager = &XrayServicesManager{config: config} + } + + client, err := jfroghttpclient.JfrogClientBuilder(). SetCertificatesPath(config.GetCertificatesPath()). SetInsecureTls(config.IsInsecureTls()). SetContext(config.GetContext()). @@ -30,6 +34,11 @@ func New(config config.Config) (SecurityServiceManager, error) { SetRetries(config.GetHttpRetries()). SetRetryWaitMilliSecs(config.GetHttpRetryWaitMilliSecs()). Build() + + if err != nil { + return + } + manager.SetClient(client) return manager, err } @@ -38,6 +47,10 @@ func (sm *XrayServicesManager) Client() *jfroghttpclient.JfrogHttpClient { return sm.client } +func (sm *XrayServicesManager) SetClient(client *jfroghttpclient.JfrogHttpClient) { + sm.client = client +} + func (sm *XrayServicesManager) Config() config.Config { return sm.config } @@ -121,14 +134,16 @@ func (sm *XrayServicesManager) AddBuildsToIndexing(buildNames []string) error { // ScanGraph will send Xray the given graph for scan // Returns a string represents the scan ID. func (sm *XrayServicesManager) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { - scanService := scan.NewScanService(sm.client, sm.config.GetServiceDetails()) + scanService := scan.NewScanService(sm.client) + scanService.XrayDetails = sm.config.GetServiceDetails() return scanService.ScanGraph(params) } // GetScanGraphResults returns an Xray scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { - scanService := scan.NewScanService(sm.client, sm.config.GetServiceDetails()) + scanService := scan.NewScanService(sm.client) + scanService.XrayDetails = sm.config.GetServiceDetails() return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index bb7cb1b8d..465bc62d0 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -1,6 +1,7 @@ package manager import ( + "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/xray/scan" ) @@ -8,16 +9,26 @@ type XscServicesManger struct { XrayServicesManager } +func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) { + xsc.XrayServicesManager.SetClient(client) +} + // ScanGraph will send XSC the given graph for scan +// Sends ContextDetails before scanning in order to show relevant information about the scan in the platform, +// getting multi-scan-id to pass in the calls. // Returns a string represents the scan ID. func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { - scanService := scan.NewScanService(xsc.client, xsc.config.GetServiceDetails()) - return scanService.ScanGraph(params) + var multiScanId string + scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) + if multiScanId, err = scanService.SendScanContext(params.ContextDetails); err != nil { + return + } + return scanService.ScanGraph(params, multiScanId) } // GetScanGraphResults returns an XSC scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { - scanService := scan.NewScanService(xsc.client, xsc.config.GetServiceDetails()) + scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 7de9ae10c..c72fddf69 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -47,89 +47,6 @@ type ScanServiceInterface interface { GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) } -type XscScanService struct { - ScanService -} - -func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { - httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() - utils.SetContentType("application/json", &httpClientsDetails.Headers) - requestBody, err := json.Marshal(scanParams.Graph) - if err != nil { - return "", errorutils.CheckError(err) - } - url := xsc.XrayDetails.GetUrl() + scanGraphAPI - url += createScanGraphQueryParams(scanParams) - resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) - if err != nil { - return "", err - } - - if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { - scanErrorJson := ScanErrorJson{} - if e := json.Unmarshal(body, &scanErrorJson); e == nil { - return "", errorutils.CheckErrorf(scanErrorJson.Error) - } - return "", err - } - scanResponse := RequestScanResponse{} - if err = json.Unmarshal(body, &scanResponse); err != nil { - return "", errorutils.CheckError(err) - } - return scanResponse.ScanId, err -} - -func (xsc *XscScanService) GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { - httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() - utils.SetContentType("application/json", &httpClientsDetails.Headers) - - // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. - endPoint := xsc.XrayDetails.GetUrl() + scanGraphAPI + "/" + scanId - if includeVulnerabilities { - endPoint += includeVulnerabilitiesParam - if includeLicenses { - endPoint += andIncludeLicensesParam - } - } else if includeLicenses { - endPoint += includeLicensesParam - } - log.Info("Waiting for scan to complete on JFrog Xray...") - pollingAction := func() (shouldStop bool, responseBody []byte, err error) { - resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) - if err != nil { - return true, nil, err - } - if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusAccepted); err != nil { - return true, nil, err - } - // Got the full valid response. - if resp.StatusCode == http.StatusOK { - return true, body, nil - } - return false, nil, nil - } - pollingExecutor := &httputils.PollingExecutor{ - Timeout: DefaultMaxWaitMinutes, - PollingInterval: DefaultSyncSleepInterval, - PollingAction: pollingAction, - MsgPrefix: "Get Dependencies Scan results... ", - } - - body, err := pollingExecutor.Execute() - if err != nil { - return nil, err - } - scanResponse := ScanResponse{} - if err = json.Unmarshal(body, &scanResponse); err != nil { - return nil, errorutils.CheckErrorf("couldn't parse JFrog Xray server response: " + err.Error()) - } - if scanResponse.ScannedStatus == XrayScanStatusFailed { - // Failed due to an internal Xray error - return nil, errorutils.CheckErrorf("received a failure status from JFrog Xray server:\n%s", errorutils.GenerateErrorString(body)) - } - return &scanResponse, err -} - type ScanType string type ScanService struct { @@ -138,13 +55,8 @@ type ScanService struct { } // NewScanService creates a new service to scan binaries and audit code projects' dependencies. -func NewScanService(client *jfroghttpclient.JfrogHttpClient, details auth.ServiceDetails) ScanServiceInterface { - // TODO check if this is okay,maybe change to details - // TODO for dev always true - if client.XscEnabled() { - return &XscScanService{ScanService{client: client, XrayDetails: details}} - } - return &ScanService{client: client, XrayDetails: details} +func NewScanService(client *jfroghttpclient.JfrogHttpClient) *ScanService { + return &ScanService{client: client} } func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { httpClientsDetails := ss.XrayDetails.CreateHttpClientDetails() @@ -235,7 +147,7 @@ type XrayGraphScanParams struct { Graph *xrayUtils.GraphNode IncludeVulnerabilities bool IncludeLicenses bool - xscContextDetails *XscGitInfoContext + ContextDetails *XscGitInfoContext } func (gp *XrayGraphScanParams) GetProjectKey() string { @@ -310,6 +222,10 @@ type RequestScanResponse struct { ScanId string `json:"scan_id,omitempty"` } +type XscPostContextResponse struct { + MultiScanId string `json:"multi_scan_id,omitempty"` +} + type ScanErrorJson struct { Error string `json:"error"` } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go new file mode 100644 index 000000000..714de2bd2 --- /dev/null +++ b/xray/scan/xscScan.go @@ -0,0 +1,136 @@ +package scan + +import ( + "encoding/json" + "github.com/jfrog/jfrog-client-go/artifactory/services/utils" + "github.com/jfrog/jfrog-client-go/auth" + "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/io/httputils" + "github.com/jfrog/jfrog-client-go/utils/log" + "net/http" +) + +const ( + postScanContextAPI = "api/v1/gitinfo" + + postGraphAPI = "api/v1/sca/scan/graph" +) + +type XscScanService struct { + ScanService +} + +func (xsc *XscScanService) GetUrl() string { + return "" +} + +func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.ServiceDetails) *XscScanService { + return &XscScanService{ScanService{client: client, XrayDetails: details}} +} + +func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (string, error) { + httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() + utils.SetContentType("application/json", &httpClientsDetails.Headers) + requestBody, err := json.Marshal(details) + if err != nil { + return "", errorutils.CheckError(err) + } + url := xsc.XrayDetails.GetXscUrl() + postScanContextAPI + resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) + if err != nil { + return "", err + } + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { + scanErrorJson := ScanErrorJson{} + if e := json.Unmarshal(body, &scanErrorJson); e == nil { + return "", errorutils.CheckErrorf(scanErrorJson.Error) + } + return "", err + } + scanResponse := XscPostContextResponse{} + if err = json.Unmarshal(body, &scanResponse); err != nil { + return "", errorutils.CheckError(err) + } + return scanResponse.MultiScanId, err +} + +func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams, id string) (string, error) { + httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() + utils.SetContentType("application/json", &httpClientsDetails.Headers) + requestBody, err := json.Marshal(scanParams.Graph) + if err != nil { + return "", errorutils.CheckError(err) + } + url := xsc.XrayDetails.GetXscUrl() + postGraphAPI + // TODO fix this + url += "?multi_scan_id=" + id + resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) + if err != nil { + return "", err + } + + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { + scanErrorJson := ScanErrorJson{} + if e := json.Unmarshal(body, &scanErrorJson); e == nil { + return "", errorutils.CheckErrorf(scanErrorJson.Error) + } + return "", err + } + scanResponse := RequestScanResponse{} + if err = json.Unmarshal(body, &scanResponse); err != nil { + return "", errorutils.CheckError(err) + } + return scanResponse.ScanId, err +} + +func (xsc *XscScanService) GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { + httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() + utils.SetContentType("application/json", &httpClientsDetails.Headers) + + // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. + endPoint := xsc.XrayDetails.GetUrl() + scanGraphAPI + "/" + scanId + if includeVulnerabilities { + endPoint += includeVulnerabilitiesParam + if includeLicenses { + endPoint += andIncludeLicensesParam + } + } else if includeLicenses { + endPoint += includeLicensesParam + } + log.Info("Waiting for scan to complete on JFrog Xray...") + pollingAction := func() (shouldStop bool, responseBody []byte, err error) { + resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) + if err != nil { + return true, nil, err + } + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusAccepted); err != nil { + return true, nil, err + } + // Got the full valid response. + if resp.StatusCode == http.StatusOK { + return true, body, nil + } + return false, nil, nil + } + pollingExecutor := &httputils.PollingExecutor{ + Timeout: DefaultMaxWaitMinutes, + PollingInterval: DefaultSyncSleepInterval, + PollingAction: pollingAction, + MsgPrefix: "Get Dependencies Scan results... ", + } + + body, err := pollingExecutor.Execute() + if err != nil { + return nil, err + } + scanResponse := ScanResponse{} + if err = json.Unmarshal(body, &scanResponse); err != nil { + return nil, errorutils.CheckErrorf("couldn't parse JFrog Xray server response: " + err.Error()) + } + if scanResponse.ScannedStatus == XrayScanStatusFailed { + // Failed due to an internal Xray error + return nil, errorutils.CheckErrorf("received a failure status from JFrog Xray server:\n%s", errorutils.GenerateErrorString(body)) + } + return &scanResponse, err +} From a80d5b9cc52c69e6e53868db1a6b3fa559e69a66 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 12:38:19 +0300 Subject: [PATCH 09/54] optional multi-scan-id --- xray/manager/xsc.go | 3 ++- xray/scan/scan.go | 3 +++ xray/scan/xscScan.go | 12 +++++++++--- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 465bc62d0..1bdc826ba 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -23,7 +23,8 @@ func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId if multiScanId, err = scanService.SendScanContext(params.ContextDetails); err != nil { return } - return scanService.ScanGraph(params, multiScanId) + params.ContextDetails.MultiScanId = multiScanId + return scanService.ScanGraph(params) } // GetScanGraphResults returns an XSC scan output of the requested graph scan. diff --git a/xray/scan/scan.go b/xray/scan/scan.go index c72fddf69..24ef281f6 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -167,6 +167,8 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, watchesQueryParam+watch) } } + case scanParams.ContextDetails != nil && scanParams.ContextDetails.MultiScanId != "": + params = append(params, multiScanIdParam+scanParams.ContextDetails.MultiScanId) } if scanParams.ScanType != "" { @@ -332,4 +334,5 @@ type XscGitInfoContext struct { CommitMessage string `json:"commit_message"` CommitAuthor string `json:"commit_author"` Date int64 `json:"date"` + MultiScanId string `json:"omit_empty"` } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 714de2bd2..0a15ce742 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -15,6 +15,8 @@ const ( postScanContextAPI = "api/v1/gitinfo" postGraphAPI = "api/v1/sca/scan/graph" + + multiScanIdParam = "multi_scan_id=" ) type XscScanService struct { @@ -30,6 +32,9 @@ func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.Ser } func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (string, error) { + if details == nil { + return "", nil + } httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(details) @@ -55,16 +60,17 @@ func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (string, return scanResponse.MultiScanId, err } -func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams, id string) (string, error) { +func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(scanParams.Graph) if err != nil { return "", errorutils.CheckError(err) } + url := xsc.XrayDetails.GetXscUrl() + postGraphAPI - // TODO fix this - url += "?multi_scan_id=" + id + url += createScanGraphQueryParams(scanParams) + resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { return "", err From c660dc9d14d7d642fe487fc260f91a74ab2b14d3 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 17:44:06 +0300 Subject: [PATCH 10/54] refactor --- access/auth/accessdetails.go | 4 ++++ artifactory/auth/rtdetails.go | 4 ++++ auth/servicedetails.go | 2 ++ distribution/auth/dsdetails.go | 4 ++++ http/jfroghttpclient/client.go | 5 ----- lifecycle/auth/lifecycledetails.go | 4 ++++ pipelines/auth/pipelinesdetails.go | 4 ++++ xray/auth/xraydetails.go | 4 ++++ xray/manager/manager.go | 1 + xray/manager/xsc.go | 8 +++++--- xray/scan/scan.go | 6 +++++- xray/scan/xscScan.go | 19 +++++++++++-------- 12 files changed, 48 insertions(+), 17 deletions(-) diff --git a/access/auth/accessdetails.go b/access/auth/accessdetails.go index 65c8ed492..81241f6ae 100644 --- a/access/auth/accessdetails.go +++ b/access/auth/accessdetails.go @@ -19,3 +19,7 @@ func (rt *accessDetails) GetXscUrl() string { func (rt *accessDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } + +func (rt *accessDetails) GetPlatformUrl() string { + return rt.PlatformUrl +} diff --git a/artifactory/auth/rtdetails.go b/artifactory/auth/rtdetails.go index cad3d05b7..c9e26dc19 100644 --- a/artifactory/auth/rtdetails.go +++ b/artifactory/auth/rtdetails.go @@ -52,3 +52,7 @@ func (rt *artifactoryDetails) getArtifactoryVersion() (string, error) { } return sm.GetVersion() } + +func (rt *artifactoryDetails) GetPlatformUrl() string { + return rt.PlatformUrl +} diff --git a/auth/servicedetails.go b/auth/servicedetails.go index dd94a731e..64d654d90 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -54,6 +54,7 @@ type ServiceDetails interface { CreateHttpClientDetails() httputils.HttpClientDetails GetXscUrl() string + GetPlatformUrl() string } type CommonConfigFields struct { @@ -74,6 +75,7 @@ type CommonConfigFields struct { TokenMutex sync.Mutex client *jfroghttpclient.JfrogHttpClient httpTimeout time.Duration + PlatformUrl string } func (ccf *CommonConfigFields) GetUrl() string { diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index da7bb9104..b3434934d 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -46,3 +46,7 @@ func (ds *distributionDetails) getDistributionVersion() (string, error) { } return sm.GetDistributionVersion() } + +func (ds *distributionDetails) GetPlatformUrl() string { + return ds.PlatformUrl +} diff --git a/http/jfroghttpclient/client.go b/http/jfroghttpclient/client.go index bc606b536..52ec2fe7c 100644 --- a/http/jfroghttpclient/client.go +++ b/http/jfroghttpclient/client.go @@ -166,8 +166,3 @@ func (rtc *JfrogHttpClient) runPreRequestInterceptors(httpClientDetails *httputi } return nil } - -func (rtc *JfrogHttpClient) XscEnabled() bool { - // TODO CHANGE THIS OR MOVE THIS FUNCTION - return true -} diff --git a/lifecycle/auth/lifecycledetails.go b/lifecycle/auth/lifecycledetails.go index f5f8f85cf..a8433e2cf 100644 --- a/lifecycle/auth/lifecycledetails.go +++ b/lifecycle/auth/lifecycledetails.go @@ -19,3 +19,7 @@ func (rt *lifecycleDetails) GetXscUrl() string { func (rt *lifecycleDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } + +func (rt *lifecycleDetails) GetPlatformUrl() string { + return rt.PlatformUrl +} diff --git a/pipelines/auth/pipelinesdetails.go b/pipelines/auth/pipelinesdetails.go index a7cc7ba4f..6cf6bca2a 100644 --- a/pipelines/auth/pipelinesdetails.go +++ b/pipelines/auth/pipelinesdetails.go @@ -50,3 +50,7 @@ func (pd *pipelinesDetails) getPipelinesVersion() (string, error) { } return sys.Version, nil } + +func (pd *pipelinesDetails) GetPlatformUrl() string { + return pd.PlatformUrl +} diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index 97522f8cd..549d6e92e 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -56,3 +56,7 @@ func (ds *XrayDetails) GetXscUrl() string { func (ds *XrayDetails) SetXscUrl(url string) { ds.XscUrl = url } + +func (ds *XrayDetails) GetPlatformUrl() string { + return ds.PlatformUrl +} diff --git a/xray/manager/manager.go b/xray/manager/manager.go index 5bc55e69c..3e60b4edb 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -38,4 +38,5 @@ type SecurityServiceManager interface { AddBuildsToIndexing(buildNames []string) error ArtifactSummary(params services.ArtifactSummaryParams) (*services.ArtifactSummaryResponse, error) IsEntitled(featureId string) (bool, error) + IsXscEnabled() (bool, string) } diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 1bdc826ba..d20da77e6 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -9,6 +9,10 @@ type XscServicesManger struct { XrayServicesManager } +func (xsc *XscServicesManger) IsXscEnabled() (bool, string) { + return xsc.XrayServicesManager.IsXscEnabled() +} + func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) { xsc.XrayServicesManager.SetClient(client) } @@ -18,12 +22,10 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) // getting multi-scan-id to pass in the calls. // Returns a string represents the scan ID. func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { - var multiScanId string scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) - if multiScanId, err = scanService.SendScanContext(params.ContextDetails); err != nil { + if err = scanService.SendScanContext(params.ContextDetails); err != nil { return } - params.ContextDetails.MultiScanId = multiScanId return scanService.ScanGraph(params) } diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 24ef281f6..254cd3a11 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -225,7 +225,11 @@ type RequestScanResponse struct { } type XscPostContextResponse struct { - MultiScanId string `json:"multi_scan_id,omitempty"` + MultiScanId string +} + +type XscVersionResponse struct { + Version string `json:"xsc_version"` } type ScanErrorJson struct { diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 0a15ce742..302685a64 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -31,33 +31,36 @@ func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.Ser return &XscScanService{ScanService{client: client, XrayDetails: details}} } -func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (string, error) { +func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) error { if details == nil { - return "", nil + return nil } httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(details) if err != nil { - return "", errorutils.CheckError(err) + return errorutils.CheckError(err) } url := xsc.XrayDetails.GetXscUrl() + postScanContextAPI resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { - return "", err + return err } if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { scanErrorJson := ScanErrorJson{} if e := json.Unmarshal(body, &scanErrorJson); e == nil { - return "", errorutils.CheckErrorf(scanErrorJson.Error) + return errorutils.CheckErrorf(scanErrorJson.Error) } - return "", err + return err } scanResponse := XscPostContextResponse{} if err = json.Unmarshal(body, &scanResponse); err != nil { - return "", errorutils.CheckError(err) + return errorutils.CheckError(err) + } + if scanResponse.MultiScanId != "" { + details.MultiScanId = scanResponse.MultiScanId } - return scanResponse.MultiScanId, err + return err } func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { From c57e00d49585ae5506e9012700cda19c1cfd5310 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 17:47:27 +0300 Subject: [PATCH 11/54] Check XSC --- xray/manager/xray.go | 28 ++++++++++++++++++++++++++++ xray/scan/xscScan.go | 2 ++ 2 files changed, 30 insertions(+) diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 51a7a8e2f..7dff2fbce 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -1,11 +1,15 @@ package manager import ( + "encoding/json" + "fmt" "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/xray/scan" "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" + "net/http" ) // XrayServicesManager defines the http client and general configuration @@ -197,3 +201,27 @@ func (sm *XrayServicesManager) IsEntitled(featureId string) (bool, error) { entitlementsService.XrayDetails = sm.config.GetServiceDetails() return entitlementsService.IsEntitled(featureId) } + +// IsXscEnabled Trying to get XSC version, if route is not available, user is not entitled for XSC. +func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion string) { + httpDetails := sm.config.GetServiceDetails().CreateHttpClientDetails() + serverDetails := sm.config.GetServiceDetails() + + resp, body, _, err := sm.client.SendGet(serverDetails.GetXscUrl()+scan.XscVersionAPI, true, &httpDetails) + if err != nil { + return + } + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { + err = fmt.Errorf("failed while attempting to get XSC entitlements response with error:%s", err.Error()) + return + } + versionResponse := scan.XscVersionResponse{} + if err = json.Unmarshal(body, &versionResponse); err != nil { + err = errorutils.CheckErrorf("couldn't parse Xray server response: " + err.Error()) + return + } + if versionResponse.Version != "" { + return true, versionResponse.Version + } + return +} diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 302685a64..defe94523 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -17,6 +17,8 @@ const ( postGraphAPI = "api/v1/sca/scan/graph" multiScanIdParam = "multi_scan_id=" + + XscVersionAPI = "/api/v1/system/version" ) type XscScanService struct { From 6b23b57f37dc5b1822f91f640f1726e47a6b3ff2 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 19:28:09 +0300 Subject: [PATCH 12/54] fix multi-scan-id --- access/auth/accessdetails.go | 4 ---- artifactory/auth/rtdetails.go | 4 ---- auth/servicedetails.go | 1 - distribution/auth/dsdetails.go | 4 ---- lifecycle/auth/lifecycledetails.go | 4 ---- pipelines/auth/pipelinesdetails.go | 4 ---- xray/auth/xraydetails.go | 4 ---- xray/manager/xsc.go | 4 ++-- xray/scan/scan.go | 10 +++++----- xray/scan/xscScan.go | 19 ++++++++----------- 10 files changed, 15 insertions(+), 43 deletions(-) diff --git a/access/auth/accessdetails.go b/access/auth/accessdetails.go index 81241f6ae..65c8ed492 100644 --- a/access/auth/accessdetails.go +++ b/access/auth/accessdetails.go @@ -19,7 +19,3 @@ func (rt *accessDetails) GetXscUrl() string { func (rt *accessDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } - -func (rt *accessDetails) GetPlatformUrl() string { - return rt.PlatformUrl -} diff --git a/artifactory/auth/rtdetails.go b/artifactory/auth/rtdetails.go index c9e26dc19..cad3d05b7 100644 --- a/artifactory/auth/rtdetails.go +++ b/artifactory/auth/rtdetails.go @@ -52,7 +52,3 @@ func (rt *artifactoryDetails) getArtifactoryVersion() (string, error) { } return sm.GetVersion() } - -func (rt *artifactoryDetails) GetPlatformUrl() string { - return rt.PlatformUrl -} diff --git a/auth/servicedetails.go b/auth/servicedetails.go index 64d654d90..1648fb370 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -54,7 +54,6 @@ type ServiceDetails interface { CreateHttpClientDetails() httputils.HttpClientDetails GetXscUrl() string - GetPlatformUrl() string } type CommonConfigFields struct { diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index b3434934d..da7bb9104 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -46,7 +46,3 @@ func (ds *distributionDetails) getDistributionVersion() (string, error) { } return sm.GetDistributionVersion() } - -func (ds *distributionDetails) GetPlatformUrl() string { - return ds.PlatformUrl -} diff --git a/lifecycle/auth/lifecycledetails.go b/lifecycle/auth/lifecycledetails.go index a8433e2cf..f5f8f85cf 100644 --- a/lifecycle/auth/lifecycledetails.go +++ b/lifecycle/auth/lifecycledetails.go @@ -19,7 +19,3 @@ func (rt *lifecycleDetails) GetXscUrl() string { func (rt *lifecycleDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } - -func (rt *lifecycleDetails) GetPlatformUrl() string { - return rt.PlatformUrl -} diff --git a/pipelines/auth/pipelinesdetails.go b/pipelines/auth/pipelinesdetails.go index 6cf6bca2a..a7cc7ba4f 100644 --- a/pipelines/auth/pipelinesdetails.go +++ b/pipelines/auth/pipelinesdetails.go @@ -50,7 +50,3 @@ func (pd *pipelinesDetails) getPipelinesVersion() (string, error) { } return sys.Version, nil } - -func (pd *pipelinesDetails) GetPlatformUrl() string { - return pd.PlatformUrl -} diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index 549d6e92e..97522f8cd 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -56,7 +56,3 @@ func (ds *XrayDetails) GetXscUrl() string { func (ds *XrayDetails) SetXscUrl(url string) { ds.XscUrl = url } - -func (ds *XrayDetails) GetPlatformUrl() string { - return ds.PlatformUrl -} diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index d20da77e6..39d20323c 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -18,12 +18,12 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) } // ScanGraph will send XSC the given graph for scan -// Sends ContextDetails before scanning in order to show relevant information about the scan in the platform, +// Sends XscGitInfoContext before scanning in order to show relevant information about the scan in the platform, // getting multi-scan-id to pass in the calls. // Returns a string represents the scan ID. func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) - if err = scanService.SendScanContext(params.ContextDetails); err != nil { + if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { return } return scanService.ScanGraph(params) diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 254cd3a11..11791f662 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -147,7 +147,8 @@ type XrayGraphScanParams struct { Graph *xrayUtils.GraphNode IncludeVulnerabilities bool IncludeLicenses bool - ContextDetails *XscGitInfoContext + XscGitInfoContext *XscGitInfoContext + MultiScanId string } func (gp *XrayGraphScanParams) GetProjectKey() string { @@ -167,8 +168,8 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, watchesQueryParam+watch) } } - case scanParams.ContextDetails != nil && scanParams.ContextDetails.MultiScanId != "": - params = append(params, multiScanIdParam+scanParams.ContextDetails.MultiScanId) + case scanParams.XscGitInfoContext != nil && scanParams.MultiScanId != "": + params = append(params, multiScanIdParam+scanParams.MultiScanId) } if scanParams.ScanType != "" { @@ -225,7 +226,7 @@ type RequestScanResponse struct { } type XscPostContextResponse struct { - MultiScanId string + MultiScanId string `json:"multi_scan_id,omitempty"` } type XscVersionResponse struct { @@ -338,5 +339,4 @@ type XscGitInfoContext struct { CommitMessage string `json:"commit_message"` CommitAuthor string `json:"commit_author"` Date int64 `json:"date"` - MultiScanId string `json:"omit_empty"` } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index defe94523..1a4d0be61 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -33,36 +33,33 @@ func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.Ser return &XscScanService{ScanService{client: client, XrayDetails: details}} } -func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) error { +func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (multiScanId string, err error) { if details == nil { - return nil + return } httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(details) if err != nil { - return errorutils.CheckError(err) + return "", errorutils.CheckError(err) } url := xsc.XrayDetails.GetXscUrl() + postScanContextAPI resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { - return err + return } if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusCreated); err != nil { scanErrorJson := ScanErrorJson{} if e := json.Unmarshal(body, &scanErrorJson); e == nil { - return errorutils.CheckErrorf(scanErrorJson.Error) + return "", errorutils.CheckErrorf(scanErrorJson.Error) } - return err + return } scanResponse := XscPostContextResponse{} if err = json.Unmarshal(body, &scanResponse); err != nil { - return errorutils.CheckError(err) - } - if scanResponse.MultiScanId != "" { - details.MultiScanId = scanResponse.MultiScanId + return "", errorutils.CheckError(err) } - return err + return scanResponse.MultiScanId, err } func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { From a72281b03bb218908d4260f5c9e84922d80f267c Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 16 Aug 2023 19:29:42 +0300 Subject: [PATCH 13/54] Fix code analysis errors --- distribution/auth/dsdetails.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index da7bb9104..c4c89a959 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -7,19 +7,19 @@ import ( "github.com/jfrog/jfrog-client-go/utils/log" ) -func NewDistributionDetails() *distributionDetails { - return &distributionDetails{} +func NewDistributionDetails() *DistributionDetails { + return &DistributionDetails{} } -type distributionDetails struct { +type DistributionDetails struct { auth.CommonConfigFields } -func (ds *distributionDetails) GetXscUrl() string { +func (ds *DistributionDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } -func (ds *distributionDetails) GetVersion() (string, error) { +func (ds *DistributionDetails) GetVersion() (string, error) { var err error if ds.Version == "" { ds.Version, err = ds.getDistributionVersion() @@ -31,7 +31,7 @@ func (ds *distributionDetails) GetVersion() (string, error) { return ds.Version, nil } -func (ds *distributionDetails) getDistributionVersion() (string, error) { +func (ds *DistributionDetails) getDistributionVersion() (string, error) { cd := auth.ServiceDetails(ds) serviceConfig, err := config.NewConfigBuilder(). SetServiceDetails(cd). From b0358b2d012c7d0a5788e4e936844eca3689ab4a Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 10:24:05 +0300 Subject: [PATCH 14/54] fix always using xsc --- xray/manager/xray.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 7dff2fbce..0d0950831 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -21,12 +21,7 @@ type XrayServicesManager struct { // New creates a service manager to interact with Xray func New(config config.Config) (manager SecurityServiceManager, err error) { details := config.GetServiceDetails() - if details.GetXscUrl() != "" { - manager = &XscServicesManger{XrayServicesManager{config: config}} - } else { - manager = &XrayServicesManager{config: config} - } - + manager = &XrayServicesManager{config: config} client, err := jfroghttpclient.JfrogClientBuilder(). SetCertificatesPath(config.GetCertificatesPath()). SetInsecureTls(config.IsInsecureTls()). @@ -38,7 +33,6 @@ func New(config config.Config) (manager SecurityServiceManager, err error) { SetRetries(config.GetHttpRetries()). SetRetryWaitMilliSecs(config.GetHttpRetryWaitMilliSecs()). Build() - if err != nil { return } From 18c6c93c40ff3f4a08e77a56e0235e097b00c000 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 10:33:44 +0300 Subject: [PATCH 15/54] fix static check --- auth/servicedetails.go | 4 +--- xray/manager/manager.go | 2 +- xray/manager/xray.go | 6 ++++-- xray/manager/xsc.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/auth/servicedetails.go b/auth/servicedetails.go index 1648fb370..eacc79c1c 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -30,6 +30,7 @@ type ServiceDetails interface { GetSshAuthHeaders() map[string]string GetClient() *jfroghttpclient.JfrogHttpClient GetVersion() (string, error) + GetXscUrl() string SetUrl(url string) SetUser(user string) @@ -51,9 +52,7 @@ type ServiceDetails interface { AuthenticateSsh(sshKey, sshPassphrase string) error InitSsh() error RunPreRequestFunctions(httpClientDetails *httputils.HttpClientDetails) error - CreateHttpClientDetails() httputils.HttpClientDetails - GetXscUrl() string } type CommonConfigFields struct { @@ -74,7 +73,6 @@ type CommonConfigFields struct { TokenMutex sync.Mutex client *jfroghttpclient.JfrogHttpClient httpTimeout time.Duration - PlatformUrl string } func (ccf *CommonConfigFields) GetUrl() string { diff --git a/xray/manager/manager.go b/xray/manager/manager.go index 3e60b4edb..a2ec18c56 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -38,5 +38,5 @@ type SecurityServiceManager interface { AddBuildsToIndexing(buildNames []string) error ArtifactSummary(params services.ArtifactSummaryParams) (*services.ArtifactSummaryResponse, error) IsEntitled(featureId string) (bool, error) - IsXscEnabled() (bool, string) + IsXscEnabled() (bool, string, error) } diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 0d0950831..c7b1fe3dc 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -197,7 +197,7 @@ func (sm *XrayServicesManager) IsEntitled(featureId string) (bool, error) { } // IsXscEnabled Trying to get XSC version, if route is not available, user is not entitled for XSC. -func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion string) { +func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion string, err error) { httpDetails := sm.config.GetServiceDetails().CreateHttpClientDetails() serverDetails := sm.config.GetServiceDetails() @@ -215,7 +215,9 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri return } if versionResponse.Version != "" { - return true, versionResponse.Version + xscEntitled = true + xsxVersion = versionResponse.Version + return } return } diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 39d20323c..d29a90523 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -9,7 +9,7 @@ type XscServicesManger struct { XrayServicesManager } -func (xsc *XscServicesManger) IsXscEnabled() (bool, string) { +func (xsc *XscServicesManger) IsXscEnabled() (bool, string, error) { return xsc.XrayServicesManager.IsXscEnabled() } From ebc2382f46a0ac285e8042c01a59ae44d1cbc2aa Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 12:32:30 +0300 Subject: [PATCH 16/54] Fix choose XSC server when enabled --- access/auth/accessdetails.go | 4 ++++ artifactory/auth/rtdetails.go | 4 ++++ auth/servicedetails.go | 1 + distribution/auth/dsdetails.go | 16 ++++++++++------ lifecycle/auth/lifecycledetails.go | 4 ++++ pipelines/auth/pipelinesdetails.go | 4 ++++ xray/auth/xraydetails.go | 13 ++++++++----- xray/manager/manager.go | 2 +- xray/manager/xray.go | 13 +++++++++---- xray/manager/xsc.go | 11 +++++++---- xray/scan/xscScan.go | 1 + 11 files changed, 53 insertions(+), 20 deletions(-) diff --git a/access/auth/accessdetails.go b/access/auth/accessdetails.go index 65c8ed492..93fcf6389 100644 --- a/access/auth/accessdetails.go +++ b/access/auth/accessdetails.go @@ -19,3 +19,7 @@ func (rt *accessDetails) GetXscUrl() string { func (rt *accessDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } + +func (rt *accessDetails) GetXscVersion() string { + panic("Failed: Method is not implemented") +} diff --git a/artifactory/auth/rtdetails.go b/artifactory/auth/rtdetails.go index cad3d05b7..a23f8fc50 100644 --- a/artifactory/auth/rtdetails.go +++ b/artifactory/auth/rtdetails.go @@ -19,6 +19,10 @@ func (rt *artifactoryDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (rt *artifactoryDetails) GetXscVersion() string { + panic("Failed: Method is not implemented") +} + func (rt *artifactoryDetails) GetVersion() (string, error) { var err error if rt.Version == "" { diff --git a/auth/servicedetails.go b/auth/servicedetails.go index eacc79c1c..eb8e29b9c 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -31,6 +31,7 @@ type ServiceDetails interface { GetClient() *jfroghttpclient.JfrogHttpClient GetVersion() (string, error) GetXscUrl() string + GetXscVersion() string SetUrl(url string) SetUser(user string) diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index c4c89a959..a5b529774 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -7,19 +7,23 @@ import ( "github.com/jfrog/jfrog-client-go/utils/log" ) -func NewDistributionDetails() *DistributionDetails { - return &DistributionDetails{} +func NewDistributionDetails() *distributionDetails { + return &distributionDetails{} } -type DistributionDetails struct { +type distributionDetails struct { auth.CommonConfigFields } -func (ds *DistributionDetails) GetXscUrl() string { +func (ds *distributionDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } -func (ds *DistributionDetails) GetVersion() (string, error) { +func (ds *distributionDetails) GetXscVersion() string { + panic("Failed: Method is not implemented") +} + +func (ds *distributionDetails) GetVersion() (string, error) { var err error if ds.Version == "" { ds.Version, err = ds.getDistributionVersion() @@ -31,7 +35,7 @@ func (ds *DistributionDetails) GetVersion() (string, error) { return ds.Version, nil } -func (ds *DistributionDetails) getDistributionVersion() (string, error) { +func (ds *distributionDetails) getDistributionVersion() (string, error) { cd := auth.ServiceDetails(ds) serviceConfig, err := config.NewConfigBuilder(). SetServiceDetails(cd). diff --git a/lifecycle/auth/lifecycledetails.go b/lifecycle/auth/lifecycledetails.go index f5f8f85cf..ac2fc57c4 100644 --- a/lifecycle/auth/lifecycledetails.go +++ b/lifecycle/auth/lifecycledetails.go @@ -19,3 +19,7 @@ func (rt *lifecycleDetails) GetXscUrl() string { func (rt *lifecycleDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } + +func (rt *lifecycleDetails) GetXscVersion() string { + panic("Failed: Method is not implemented") +} diff --git a/pipelines/auth/pipelinesdetails.go b/pipelines/auth/pipelinesdetails.go index a7cc7ba4f..e537b650d 100644 --- a/pipelines/auth/pipelinesdetails.go +++ b/pipelines/auth/pipelinesdetails.go @@ -19,6 +19,10 @@ func (pd *pipelinesDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (pd *pipelinesDetails) GetXscVersion() string { + panic("Failed: Method is not implemented") +} + func (pd *pipelinesDetails) GetVersion() (string, error) { var err error if pd.Version == "" { diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index 97522f8cd..0d3286573 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -14,11 +14,7 @@ func NewXrayDetails() *XrayDetails { type XrayDetails struct { auth.CommonConfigFields -} - -type XscDetails struct { - auth.CommonConfigFields - XscUrl string + XscVersion string } func (ds *XrayDetails) GetVersion() (string, error) { @@ -56,3 +52,10 @@ func (ds *XrayDetails) GetXscUrl() string { func (ds *XrayDetails) SetXscUrl(url string) { ds.XscUrl = url } + +func (ds *XrayDetails) GetXscVersion() string { + return ds.XscVersion +} +func (ds *XrayDetails) SetXscVersion(version string) { + ds.XscVersion = version +} diff --git a/xray/manager/manager.go b/xray/manager/manager.go index a2ec18c56..e6b91f6b6 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -8,7 +8,7 @@ import ( "github.com/jfrog/jfrog-client-go/xray/services/utils" ) -// SecurityServiceManager holds operations to Xray ( regrading if for Xray backend or XSC ) +// SecurityServiceManager manages JFrog Xray service operations (Xray backend or XSC). type SecurityServiceManager interface { // Attributes Client() *jfroghttpclient.JfrogHttpClient diff --git a/xray/manager/xray.go b/xray/manager/xray.go index c7b1fe3dc..e69287fd1 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -2,10 +2,10 @@ package manager import ( "encoding/json" - "fmt" "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/scan" "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" @@ -21,7 +21,12 @@ type XrayServicesManager struct { // New creates a service manager to interact with Xray func New(config config.Config) (manager SecurityServiceManager, err error) { details := config.GetServiceDetails() - manager = &XrayServicesManager{config: config} + if details.GetXscVersion() != "" { + manager = &XscServicesManger{XrayServicesManager{config: config}} + } else { + manager = &XrayServicesManager{config: config} + } + client, err := jfroghttpclient.JfrogClientBuilder(). SetCertificatesPath(config.GetCertificatesPath()). SetInsecureTls(config.IsInsecureTls()). @@ -206,8 +211,8 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri return } if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { - err = fmt.Errorf("failed while attempting to get XSC entitlements response with error:%s", err.Error()) - return + log.Debug("XSC service is not enabled for this server") + return false, "", nil } versionResponse := scan.XscVersionResponse{} if err = json.Unmarshal(body, &versionResponse); err != nil { diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index d29a90523..17578e9d4 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -2,6 +2,7 @@ package manager import ( "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/utils/log" "github.com/jfrog/jfrog-client-go/xray/scan" ) @@ -17,14 +18,16 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) xsc.XrayServicesManager.SetClient(client) } -// ScanGraph will send XSC the given graph for scan -// Sends XscGitInfoContext before scanning in order to show relevant information about the scan in the platform, -// getting multi-scan-id to pass in the calls. +// ScanGraph scans dependency graph with XscGitInfoContext. +// XscGitInfoContext allows linking of scans and other data to the corresponding git repository. +// By passing multi-scan-id in the api calls. // Returns a string represents the scan ID. func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { + log.Debug("Scanning graph using XSC service...") scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { - return + // Don't fail on when failed to send XscGitInfoContext + log.Warn("failed to pass git info context with error:%s", err.Error()) } return scanService.ScanGraph(params) } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 1a4d0be61..3770444cd 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -34,6 +34,7 @@ func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.Ser } func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (multiScanId string, err error) { + // XscGitInfoContext is optional if details == nil { return } From 692ffe557494a84c80ed20166916811f363b4865 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 13:33:43 +0300 Subject: [PATCH 17/54] Handle XSC/XRAY url provided from flags and config. --- utils/utils.go | 6 ++++++ xray/manager/manager.go | 1 + 2 files changed, 7 insertions(+) diff --git a/utils/utils.go b/utils/utils.go index ebd6488c1..3ec31571b 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -146,6 +146,12 @@ func AddTrailingSlashIfNeeded(url string) string { return url } +// GenerateXscUrl Generate XSC url provided from flags. +// Replacing Xray suffix with Xsc. +func GenerateXscUrl(url string) string { + return strings.Replace(url, "xray/", "xsc/", 1) +} + func IndentJson(jsonStr []byte) string { return doIndentJson(jsonStr, "", " ") } diff --git a/xray/manager/manager.go b/xray/manager/manager.go index e6b91f6b6..bfca9ca7e 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -15,6 +15,7 @@ type SecurityServiceManager interface { SetClient(client *jfroghttpclient.JfrogHttpClient) Config() config.Config GetVersion() (string, error) + // Watches CreateWatch(params utils.WatchParams) error GetWatch(watchName string) (*utils.WatchParams, error) From 29442bd5887b05bac9673321310ca341a0346de8 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 13:53:45 +0300 Subject: [PATCH 18/54] fix static check --- xray/manager/xray.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/manager/xray.go b/xray/manager/xray.go index e69287fd1..08826ae91 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -210,7 +210,7 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri if err != nil { return } - if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { + if resp.StatusCode != http.StatusOK { log.Debug("XSC service is not enabled for this server") return false, "", nil } From a9a7d9244926abf32405f71dd348efb6fe90e768 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 17 Aug 2023 14:32:35 +0300 Subject: [PATCH 19/54] Refactor --- utils/utils.go | 4 +--- xray/manager/manager.go | 27 +++++++++++++++++++++++++++ xray/manager/xray.go | 29 +---------------------------- 3 files changed, 29 insertions(+), 31 deletions(-) diff --git a/utils/utils.go b/utils/utils.go index 3ec31571b..84146ca44 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -146,9 +146,7 @@ func AddTrailingSlashIfNeeded(url string) string { return url } -// GenerateXscUrl Generate XSC url provided from flags. -// Replacing Xray suffix with Xsc. -func GenerateXscUrl(url string) string { +func ReplaceXraySuffixWithXsc(url string) string { return strings.Replace(url, "xray/", "xsc/", 1) } diff --git a/xray/manager/manager.go b/xray/manager/manager.go index bfca9ca7e..5d31183b8 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -41,3 +41,30 @@ type SecurityServiceManager interface { IsEntitled(featureId string) (bool, error) IsXscEnabled() (bool, string, error) } + +// New creates a service manager to interact with Xray +// When XSC is enabled returns XscServicesManger. +func New(config config.Config) (manager SecurityServiceManager, err error) { + details := config.GetServiceDetails() + if details.GetXscVersion() != "" { + manager = &XscServicesManger{XrayServicesManager{config: config}} + } else { + manager = &XrayServicesManager{config: config} + } + client, err := jfroghttpclient.JfrogClientBuilder(). + SetCertificatesPath(config.GetCertificatesPath()). + SetInsecureTls(config.IsInsecureTls()). + SetContext(config.GetContext()). + SetTimeout(config.GetHttpTimeout()). + SetClientCertPath(details.GetClientCertPath()). + SetClientCertKeyPath(details.GetClientCertKeyPath()). + AppendPreRequestInterceptor(details.RunPreRequestFunctions). + SetRetries(config.GetHttpRetries()). + SetRetryWaitMilliSecs(config.GetHttpRetryWaitMilliSecs()). + Build() + if err != nil { + return + } + manager.SetClient(client) + return manager, err +} diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 08826ae91..31f4d4a3b 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -18,33 +18,6 @@ type XrayServicesManager struct { config config.Config } -// New creates a service manager to interact with Xray -func New(config config.Config) (manager SecurityServiceManager, err error) { - details := config.GetServiceDetails() - if details.GetXscVersion() != "" { - manager = &XscServicesManger{XrayServicesManager{config: config}} - } else { - manager = &XrayServicesManager{config: config} - } - - client, err := jfroghttpclient.JfrogClientBuilder(). - SetCertificatesPath(config.GetCertificatesPath()). - SetInsecureTls(config.IsInsecureTls()). - SetContext(config.GetContext()). - SetTimeout(config.GetHttpTimeout()). - SetClientCertPath(details.GetClientCertPath()). - SetClientCertKeyPath(details.GetClientCertKeyPath()). - AppendPreRequestInterceptor(details.RunPreRequestFunctions). - SetRetries(config.GetHttpRetries()). - SetRetryWaitMilliSecs(config.GetHttpRetryWaitMilliSecs()). - Build() - if err != nil { - return - } - manager.SetClient(client) - return manager, err -} - // Client will return the http client func (sm *XrayServicesManager) Client() *jfroghttpclient.JfrogHttpClient { return sm.client @@ -201,7 +174,7 @@ func (sm *XrayServicesManager) IsEntitled(featureId string) (bool, error) { return entitlementsService.IsEntitled(featureId) } -// IsXscEnabled Trying to get XSC version, if route is not available, user is not entitled for XSC. +// IsXscEnabled will try to get XSC version. If route is not available, user is not entitled for XSC. func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion string, err error) { httpDetails := sm.config.GetServiceDetails().CreateHttpClientDetails() serverDetails := sm.config.GetServiceDetails() From a469339fb68b4dd4bb3e19379f1e7f0626463789 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 20 Aug 2023 11:50:21 +0300 Subject: [PATCH 20/54] Comment --- xray/manager/xsc.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 17578e9d4..e21231ce1 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -26,8 +26,8 @@ func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId log.Debug("Scanning graph using XSC service...") scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { - // Don't fail on when failed to send XscGitInfoContext - log.Warn("failed to pass git info context with error:%s", err.Error()) + // Don't fail the entire scan when failed to send XscGitInfoContext + log.Warn("failed to send xsc git info context with the foloowing error: ", err.Error()) } return scanService.ScanGraph(params) } From 58b7b7f50af1dbbfeb62997302afcf2bed45f936 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 20 Aug 2023 20:01:14 +0300 Subject: [PATCH 21/54] Fix date & multi scan on get --- xray/scan/scan.go | 4 ++-- xray/scan/xscScan.go | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 11791f662..3502d4850 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -18,7 +18,7 @@ import ( ) const ( - scanGraphAPI = "api/v1/scan/graph" + scanGraphAPI = "api/v1/sca/scan/graph" // Graph scan query params repoPathQueryParam = "repo_path=" @@ -338,5 +338,5 @@ type XscGitInfoContext struct { CommitHash string `json:"commit_hash"` CommitMessage string `json:"commit_message"` CommitAuthor string `json:"commit_author"` - Date int64 `json:"date"` + Date string `json:"date"` } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 3770444cd..1a6f24a80 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -98,7 +98,8 @@ func (xsc *XscScanService) GetScanGraphResults(scanId string, includeVulnerabili utils.SetContentType("application/json", &httpClientsDetails.Headers) // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. - endPoint := xsc.XrayDetails.GetUrl() + scanGraphAPI + "/" + scanId + // TODO multi scan should be removed here but caused api to crash so dummy value inserted. + endPoint := xsc.XrayDetails.GetXscUrl() + scanGraphAPI + "/" + scanId + "?multi_scan_id=a" if includeVulnerabilities { endPoint += includeVulnerabilitiesParam if includeLicenses { From b6162daf237517d34f34431b31fd70bf75f03ef7 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 21 Aug 2023 16:19:43 +0300 Subject: [PATCH 22/54] Update fields --- xray/manager/xsc.go | 2 +- xray/scan/scan.go | 34 ++++++++++++++++++---------------- xray/scan/xscScan.go | 15 ++++----------- 3 files changed, 23 insertions(+), 28 deletions(-) diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index e21231ce1..9641ceae8 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -27,7 +27,7 @@ func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { // Don't fail the entire scan when failed to send XscGitInfoContext - log.Warn("failed to send xsc git info context with the foloowing error: ", err.Error()) + log.Warn("failed to send xsc git info context with the following error: ", err.Error()) } return scanService.ScanGraph(params) } diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 3502d4850..e967738ba 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -168,10 +168,14 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, watchesQueryParam+watch) } } - case scanParams.XscGitInfoContext != nil && scanParams.MultiScanId != "": - params = append(params, multiScanIdParam+scanParams.MultiScanId) + case scanParams.XscGitInfoContext != nil: + if scanParams.MultiScanId != "" { + params = append(params, multiScanIdParam+scanParams.MultiScanId) + } + if len(scanParams.XscGitInfoContext.Technologies) > 0 { + params = append(params, scanTechQueryParam+scanParams.XscGitInfoContext.Technologies[0]) + } } - if scanParams.ScanType != "" { params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } @@ -326,17 +330,15 @@ type JfrogResearchSeverityReason struct { } type XscGitInfoContext struct { - GitRepoUrl string `json:"git_repo_url"` - GitRepoName string `json:"git_repo_name"` - GitTargetRepoName string `json:"git_target_repo_name"` - GitProject string `json:"git_project"` - GitProvider string `json:"git_provider"` - Technologies []string `json:"technologies"` - BranchName string `json:"branch_name"` - TargetBranchName string `json:"target_branch_name"` - LastCommit string `json:"last_commit"` - CommitHash string `json:"commit_hash"` - CommitMessage string `json:"commit_message"` - CommitAuthor string `json:"commit_author"` - Date string `json:"date"` + GitRepoUrl string `json:"git_repo_url"` + GitRepoName string `json:"git_repo_name"` + GitProject string `json:"git_project"` + GitProvider string `json:"git_provider"` + Technologies []string `json:"technologies"` + BranchName string `json:"branch_name"` + LastCommit string `json:"last_commit"` + CommitHash string `json:"commit_hash"` + CommitMessage string `json:"commit_message"` + CommitAuthor string `json:"commit_author"` + Date string `json:"date"` } diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 1a6f24a80..a31b52626 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -18,6 +18,8 @@ const ( multiScanIdParam = "multi_scan_id=" + scanTechQueryParam = "tech=" + XscVersionAPI = "/api/v1/system/version" ) @@ -93,21 +95,12 @@ func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, er return scanResponse.ScanId, err } -func (xsc *XscScanService) GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { +func (xsc *XscScanService) GetScanGraphResults(scanId string, _, _ bool) (*ScanResponse, error) { httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. - // TODO multi scan should be removed here but caused api to crash so dummy value inserted. - endPoint := xsc.XrayDetails.GetXscUrl() + scanGraphAPI + "/" + scanId + "?multi_scan_id=a" - if includeVulnerabilities { - endPoint += includeVulnerabilitiesParam - if includeLicenses { - endPoint += andIncludeLicensesParam - } - } else if includeLicenses { - endPoint += includeLicensesParam - } + endPoint := xsc.XrayDetails.GetXscUrl() + scanGraphAPI + "/" + scanId + "?multi_scan_id=dummpyIdRemoveme" log.Info("Waiting for scan to complete on JFrog Xray...") pollingAction := func() (shouldStop bool, responseBody []byte, err error) { resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) From a30da83d09c45ba1692ad081d29034f485e101d2 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 21 Aug 2023 17:50:50 +0300 Subject: [PATCH 23/54] Fix wrong url --- xray/scan/scan.go | 2 +- xray/scan/xscScan.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xray/scan/scan.go b/xray/scan/scan.go index e967738ba..83c34054a 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -18,7 +18,7 @@ import ( ) const ( - scanGraphAPI = "api/v1/sca/scan/graph" + scanGraphAPI = "api/v1/scan/graph" // Graph scan query params repoPathQueryParam = "repo_path=" diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index a31b52626..65e2639fd 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -14,7 +14,7 @@ import ( const ( postScanContextAPI = "api/v1/gitinfo" - postGraphAPI = "api/v1/sca/scan/graph" + XscGraphAPI = "api/v1/sca/scan/graph" multiScanIdParam = "multi_scan_id=" @@ -73,7 +73,7 @@ func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, er return "", errorutils.CheckError(err) } - url := xsc.XrayDetails.GetXscUrl() + postGraphAPI + url := xsc.XrayDetails.GetXscUrl() + XscGraphAPI url += createScanGraphQueryParams(scanParams) resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) @@ -100,7 +100,7 @@ func (xsc *XscScanService) GetScanGraphResults(scanId string, _, _ bool) (*ScanR utils.SetContentType("application/json", &httpClientsDetails.Headers) // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. - endPoint := xsc.XrayDetails.GetXscUrl() + scanGraphAPI + "/" + scanId + "?multi_scan_id=dummpyIdRemoveme" + endPoint := xsc.XrayDetails.GetXscUrl() + XscGraphAPI + "/" + scanId + "?multi_scan_id=dummpyIdRemoveme" log.Info("Waiting for scan to complete on JFrog Xray...") pollingAction := func() (shouldStop bool, responseBody []byte, err error) { resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) From c4a3271e4ada0e2f456984e6c9277dcd6ff34006 Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 22 Aug 2023 15:20:15 +0300 Subject: [PATCH 24/54] remove fake param --- go.mod | 2 +- go.sum | 6 ++---- xray/scan/xscScan.go | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index b97707fa3..92e389cc6 100644 --- a/go.mod +++ b/go.mod @@ -52,7 +52,7 @@ require ( golang.org/x/mod v0.11.0 // indirect golang.org/x/net v0.13.0 // indirect golang.org/x/sys v0.10.0 // indirect - golang.org/x/tools v0.6.0 // indirect + golang.org/x/tools v0.7.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 740bca5be..514efb9f2 100644 --- a/go.sum +++ b/go.sum @@ -98,7 +98,6 @@ github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic github.com/skeema/knownhosts v1.2.0 h1:h9r9cf0+u7wSE+M183ZtMGgOJKiL96brpaz5ekfJCpM= github.com/skeema/knownhosts v1.2.0/go.mod h1:g4fPeYpque7P0xefxtGzV81ihjC8sX2IqpAoNkjxbMo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= @@ -133,8 +132,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -175,8 +172,9 @@ golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 65e2639fd..baaa6468f 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -100,7 +100,7 @@ func (xsc *XscScanService) GetScanGraphResults(scanId string, _, _ bool) (*ScanR utils.SetContentType("application/json", &httpClientsDetails.Headers) // The scan request may take some time to complete. We expect to receive a 202 response, until the completion. - endPoint := xsc.XrayDetails.GetXscUrl() + XscGraphAPI + "/" + scanId + "?multi_scan_id=dummpyIdRemoveme" + endPoint := xsc.XrayDetails.GetXscUrl() + XscGraphAPI + "/" + scanId log.Info("Waiting for scan to complete on JFrog Xray...") pollingAction := func() (shouldStop bool, responseBody []byte, err error) { resp, body, _, err := xsc.client.SendGet(endPoint, true, &httpClientsDetails) From c822cb09b9e598cca1dd247dd9f4f8b6bcf90553 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 15:32:39 +0300 Subject: [PATCH 25/54] add xsc tests --- .github/workflows/tests.yml | 4 +- access/auth/accessdetails.go | 4 ++ artifactory/auth/rtdetails.go | 4 ++ .../services/utils/tests/xray/consts.go | 18 +++++ .../services/utils/tests/xray/server.go | 19 ++++++ auth/servicedetails.go | 1 + distribution/auth/dsdetails.go | 4 ++ lifecycle/auth/lifecycledetails.go | 4 ++ pipelines/auth/pipelinesdetails.go | 4 ++ tests/jfrogclient_test.go | 3 + tests/utils_test.go | 36 +++++++++- tests/xrayscan_test.go | 28 ++++++++ tests/xsc_test.go | 65 +++++++++++++++++++ xray/manager/manager.go | 2 +- xray/manager/xray.go | 2 +- xray/manager/xsc.go | 2 +- xray/scan/scan.go | 6 +- xray/scan/xscScan.go | 8 +-- 18 files changed, 199 insertions(+), 15 deletions(-) create mode 100644 tests/xsc_test.go diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3f3209ee9..084afaaea 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -83,13 +83,13 @@ jobs: - name: artifactory tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} - JFrog-Client-Go-Ds-Xr-Tests: + JFrog-Client-Go-Ds-Xr-Xsc-Tests: needs: Pretest name: ${{ matrix.suite }} ${{ matrix.os }} strategy: fail-fast: false matrix: - suite: [ distribution, xray ] + suite: [ distribution, xray , xsc ] os: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: diff --git a/access/auth/accessdetails.go b/access/auth/accessdetails.go index 93fcf6389..5b9013b1b 100644 --- a/access/auth/accessdetails.go +++ b/access/auth/accessdetails.go @@ -16,6 +16,10 @@ func (rt *accessDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (rt *accessDetails) SetXscUrl(url string) { + panic("Failed: Method is not implemented") +} + func (rt *accessDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } diff --git a/artifactory/auth/rtdetails.go b/artifactory/auth/rtdetails.go index a23f8fc50..2c9c42c70 100644 --- a/artifactory/auth/rtdetails.go +++ b/artifactory/auth/rtdetails.go @@ -15,6 +15,10 @@ type artifactoryDetails struct { auth.CommonConfigFields } +func (rt *artifactoryDetails) SetXscUrl(url string) { + panic("Failed: Method is not implemented") +} + func (rt *artifactoryDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 05c836653..95cd8e934 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1368,3 +1368,21 @@ const BuildScanResultsResponse = ` ] } ` + +const gitInfoSentResponse = ` +{ + "multi_scan_id": "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e" +} +` + +const scanGraphResponse = ` +{ + "scan_id": "9c9dbd61-f544-4e33-4613-34727043d71f" +} +` + +const getScanResultsResponse = ` +{ + +} +` diff --git a/artifactory/services/utils/tests/xray/server.go b/artifactory/services/utils/tests/xray/server.go index b584b0477..84f801b92 100644 --- a/artifactory/services/utils/tests/xray/server.go +++ b/artifactory/services/utils/tests/xray/server.go @@ -138,6 +138,23 @@ func entitlementsHandler(w http.ResponseWriter, r *http.Request) { } } +func securityHandler(w http.ResponseWriter, r *http.Request) { + var err error + endpoint := r.URL.Path[strings.LastIndex(r.URL.Path, "/")+1:] + switch endpoint { + case "gitinfo": + _, err = fmt.Fprint(w, gitInfoSentResponse) + case "graph": + _, err = fmt.Fprint(w, scanGraphResponse) + case "9c9dbd61-f544-4e33-4613-34727043d71f": + _, err = fmt.Fprint(w, getScanResultsResponse) + } + if err != nil { + log.Error(err) + http.Error(w, err.Error(), http.StatusInternalServerError) + } +} + func buildScanHandler(w http.ResponseWriter, r *http.Request) { argsSegment := strings.Split(r.URL.Path, services.BuildScanAPI)[1] switch r.Method { @@ -186,6 +203,8 @@ func StartXrayMockServer() int { handlers["/api/xray/scanBuild"] = scanBuildHandler handlers["/api/v2/summary/artifact"] = artifactSummaryHandler handlers["/api/v1/entitlements/feature/"] = entitlementsHandler + handlers["/xsc/"] = securityHandler + handlers["/xray/"] = securityHandler handlers[fmt.Sprintf("/%s/", services.ReportsAPI)] = reportHandler handlers[fmt.Sprintf("/%s/", services.BuildScanAPI)] = buildScanHandler handlers["/"] = http.NotFound diff --git a/auth/servicedetails.go b/auth/servicedetails.go index eb8e29b9c..48993f17c 100644 --- a/auth/servicedetails.go +++ b/auth/servicedetails.go @@ -34,6 +34,7 @@ type ServiceDetails interface { GetXscVersion() string SetUrl(url string) + SetXscUrl(url string) SetUser(user string) SetPassword(password string) SetApiKey(apiKey string) diff --git a/distribution/auth/dsdetails.go b/distribution/auth/dsdetails.go index a5b529774..8bc7d2400 100644 --- a/distribution/auth/dsdetails.go +++ b/distribution/auth/dsdetails.go @@ -19,6 +19,10 @@ func (ds *distributionDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (ds *distributionDetails) SetXscUrl(url string) { + panic("Failed: Method is not implemented") +} + func (ds *distributionDetails) GetXscVersion() string { panic("Failed: Method is not implemented") } diff --git a/lifecycle/auth/lifecycledetails.go b/lifecycle/auth/lifecycledetails.go index ac2fc57c4..a81454213 100644 --- a/lifecycle/auth/lifecycledetails.go +++ b/lifecycle/auth/lifecycledetails.go @@ -16,6 +16,10 @@ func (rt *lifecycleDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (rt *lifecycleDetails) SetXscUrl(url string) { + panic("Failed: Method is not implemented") +} + func (rt *lifecycleDetails) GetVersion() (string, error) { panic("Failed: Method is not implemented") } diff --git a/pipelines/auth/pipelinesdetails.go b/pipelines/auth/pipelinesdetails.go index e537b650d..df699c2f9 100644 --- a/pipelines/auth/pipelinesdetails.go +++ b/pipelines/auth/pipelinesdetails.go @@ -19,6 +19,10 @@ func (pd *pipelinesDetails) GetXscUrl() string { panic("Failed: Method is not implemented") } +func (pd *pipelinesDetails) SetXscUrl(url string) { + panic("Failed: Method is not implemented") +} + func (pd *pipelinesDetails) GetXscVersion() string { panic("Failed: Method is not implemented") } diff --git a/tests/jfrogclient_test.go b/tests/jfrogclient_test.go index f48602460..802fd3943 100644 --- a/tests/jfrogclient_test.go +++ b/tests/jfrogclient_test.go @@ -65,6 +65,9 @@ func setupIntegrationTests() { createXrayPolicyManager() createXrayBinMgrManager() } + if *TestXsc { + createXscServiceManager() + } if *TestPipelines { createPipelinesIntegrationsManager() createPipelinesSourcesManager() diff --git a/tests/utils_test.go b/tests/utils_test.go index ce87597e7..75e48e204 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -5,6 +5,8 @@ import ( "errors" "flag" "fmt" + "github.com/jfrog/jfrog-client-go/config" + "github.com/jfrog/jfrog-client-go/xray/manager" "net/http" "os" "path/filepath" @@ -48,6 +50,7 @@ var ( TestArtifactory *bool TestDistribution *bool TestXray *bool + TestXsc *bool TestPipelines *bool TestAccess *bool TestRepositories *bool @@ -110,6 +113,7 @@ var ( testsXrayWatchService *xrayServices.WatchService testsXrayPolicyService *xrayServices.PolicyService testXrayBinMgrService *xrayServices.BinMgrService + securityServiceManager manager.SecurityServiceManager // Pipelines Services testsPipelinesIntegrationsService *pipelinesServices.IntegrationsService @@ -142,6 +146,7 @@ func init() { TestArtifactory = flag.Bool("test.artifactory", false, "Test Artifactory") TestDistribution = flag.Bool("test.distribution", false, "Test distribution") TestXray = flag.Bool("test.xray", false, "Test xray") + TestXsc = flag.Bool("test.xsc", false, "Test xsc") TestPipelines = flag.Bool("test.pipelines", false, "Test pipelines") TestAccess = flag.Bool("test.access", false, "Test access") TestRepositories = flag.Bool("test.repositories", false, "Test repositories in Artifactory") @@ -542,11 +547,20 @@ func GetDistDetails() auth.ServiceDetails { func GetXrayDetails() auth.ServiceDetails { xrayDetails := xrayAuth.NewXrayDetails() - xrayDetails.SetUrl(clientutils.AddTrailingSlashIfNeeded(*XrayUrl)) + xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) + xrayDetails.SetUrl(xrayUrl) + setupXsc(xrayDetails, xrayUrl) setAuthenticationDetail(xrayDetails) return xrayDetails } +func setupXsc(xrayDetails *xrayAuth.XrayDetails, xrayUrl string) { + if *TestXsc { + xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "xray", "xsc", 1)) + xrayDetails.SetXscVersion("0.0.0") + } +} + func GetPipelinesDetails() auth.ServiceDetails { pDetails := pipelinesAuth.NewPipelinesDetails() pDetails.SetUrl(clientutils.AddTrailingSlashIfNeeded(*PipelinesUrl)) @@ -1115,6 +1129,26 @@ func createAccessPingManager() { testsAccessPingService.ServiceDetails = accessDetails } +func createXscServiceManager() { + xrayDetails := xrayAuth.NewXrayDetails() + xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) + xrayDetails.SetUrl(xrayUrl) + xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "/xray/", "/xsc/", 1)) + xrayDetails.SetXscVersion("0.0.0") + setAuthenticationDetail(xrayDetails) + + xsc := auth.ServiceDetails(xrayDetails) + serviceConfig, err := config.NewConfigBuilder(). + SetServiceDetails(xsc). + SetCertificatesPath(xsc.GetClientCertPath()). + Build() + failOnHttpClientCreation(err) + xscServiceManager, err := manager.New(serviceConfig) + + failOnHttpClientCreation(err) + securityServiceManager = xscServiceManager +} + func getUniqueField(prefix string) string { return strings.Join([]string{prefix, strconv.FormatInt(time.Now().Unix(), 10), runtime.GOOS}, "-") } diff --git a/tests/xrayscan_test.go b/tests/xrayscan_test.go index a1c46d8ef..ffceb41e0 100644 --- a/tests/xrayscan_test.go +++ b/tests/xrayscan_test.go @@ -1,6 +1,11 @@ package tests import ( + "github.com/jfrog/jfrog-client-go/auth" + "github.com/jfrog/jfrog-client-go/config" + "github.com/jfrog/jfrog-client-go/xray/manager" + "github.com/jfrog/jfrog-client-go/xray/scan" + "github.com/stretchr/testify/assert" "strconv" "strings" "testing" @@ -46,6 +51,29 @@ func TestNewXrayScanService(t *testing.T) { } } +func TestXrayScanGraph(t *testing.T) { + initXrayTest(t) + mockScanId := "9c9dbd61-f544-4e33-4613-34727043d71f" + xrayServerPort := xray.StartXrayMockServer() + xrayDetails := newTestXrayDetails(GetXrayDetails()) + xrayDetails.SetUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xray/") + + cfp := auth.ServiceDetails(xrayDetails) + serviceConfig, err := config.NewConfigBuilder(). + SetServiceDetails(cfp). + Build() + assert.NoError(t, err) + securityServiceManager, err = manager.New(serviceConfig) + assert.NoError(t, err) + assertSecurityManagerType(t) + + scanId, err := securityServiceManager.ScanGraph(&scan.XrayGraphScanParams{}) + assert.NoError(t, err) + assert.Equal(t, mockScanId, scanId) + _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) + assert.NoError(t, err) +} + func scanBuild(t *testing.T, buildName, buildNumber, expected string) { params := services.NewXrayScanParams() params.BuildName = buildName diff --git a/tests/xsc_test.go b/tests/xsc_test.go new file mode 100644 index 000000000..8618868bf --- /dev/null +++ b/tests/xsc_test.go @@ -0,0 +1,65 @@ +package tests + +import ( + "github.com/jfrog/jfrog-client-go/auth" + "github.com/jfrog/jfrog-client-go/config" + "github.com/jfrog/jfrog-client-go/xray/manager" + "github.com/jfrog/jfrog-client-go/xray/scan" + "github.com/stretchr/testify/assert" + "strconv" + "testing" + + "github.com/jfrog/jfrog-client-go/artifactory/services/utils/tests/xray" +) + +func TestXscVersion(t *testing.T) { + initXscTest(t) + version := GetXrayDetails().GetXscVersion() + if version == "" { + t.Error("Expected a version, got empty string") + } +} + +func TestXscScanGraph(t *testing.T) { + initXscTest(t) + mockScanId := "9c9dbd61-f544-4e33-4613-34727043d71f" + mockMultiScanId := "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e" + xrayServerPort := xray.StartXrayMockServer() + xrayDetails := newTestXrayDetails(GetXrayDetails()) + xrayDetails.SetUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xray/") + xrayDetails.SetXscUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xsc/") + + cfp := auth.ServiceDetails(xrayDetails) + serviceConfig, err := config.NewConfigBuilder(). + SetServiceDetails(cfp). + Build() + assert.NoError(t, err) + securityServiceManager, err = manager.New(serviceConfig) + assert.NoError(t, err) + // Assert correct security manager + assertSecurityManagerType(t) + + graphParams := &scan.XrayGraphScanParams{} + graphParams.XscGitInfoContext = &scan.XscGitInfoContext{} + scanId, err := securityServiceManager.ScanGraph(graphParams) + assert.NoError(t, err) + assert.Equal(t, mockMultiScanId, graphParams.MultiScanId) + assert.Equal(t, mockScanId, scanId) + _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) + assert.NoError(t, err) +} + +func assertSecurityManagerType(t *testing.T) { + switch securityServiceManager.(type) { + case *manager.XscServicesManger: + assert.Equal(t, true, *TestXsc) + case *manager.XrayServicesManager: + assert.Equal(t, false, *TestXsc) + } +} + +func initXscTest(t *testing.T) { + if !*TestXsc { + t.Skip("Skipping xray test. To run xray test add the '-test.xsc=true' option.") + } +} diff --git a/xray/manager/manager.go b/xray/manager/manager.go index 5d31183b8..db7628298 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -27,7 +27,7 @@ type SecurityServiceManager interface { UpdatePolicy(params utils.PolicyParams) error DeletePolicy(policyName string) error // Scan - ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) + ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) // Report diff --git a/xray/manager/xray.go b/xray/manager/xray.go index 31f4d4a3b..641a92b0f 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -109,7 +109,7 @@ func (sm *XrayServicesManager) AddBuildsToIndexing(buildNames []string) error { // ScanGraph will send Xray the given graph for scan // Returns a string represents the scan ID. -func (sm *XrayServicesManager) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { +func (sm *XrayServicesManager) ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) { scanService := scan.NewScanService(sm.client) scanService.XrayDetails = sm.config.GetServiceDetails() return scanService.ScanGraph(params) diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 9641ceae8..00bd2dd42 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -22,7 +22,7 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) // XscGitInfoContext allows linking of scans and other data to the corresponding git repository. // By passing multi-scan-id in the api calls. // Returns a string represents the scan ID. -func (xsc *XscServicesManger) ScanGraph(params scan.XrayGraphScanParams) (scanId string, err error) { +func (xsc *XscServicesManger) ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) { log.Debug("Scanning graph using XSC service...") scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 83c34054a..1a8966807 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -43,7 +43,7 @@ const ( ) type ScanServiceInterface interface { - ScanGraph(scanParams XrayGraphScanParams) (string, error) + ScanGraph(scanParams *XrayGraphScanParams) (string, error) GetScanGraphResults(scanId string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) } @@ -58,7 +58,7 @@ type ScanService struct { func NewScanService(client *jfroghttpclient.JfrogHttpClient) *ScanService { return &ScanService{client: client} } -func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { +func (ss *ScanService) ScanGraph(scanParams *XrayGraphScanParams) (string, error) { httpClientsDetails := ss.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(scanParams.Graph) @@ -66,7 +66,7 @@ func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) return "", errorutils.CheckError(err) } url := ss.XrayDetails.GetUrl() + scanGraphAPI - url += createScanGraphQueryParams(scanParams) + url += createScanGraphQueryParams(*scanParams) resp, body, err := ss.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { return "", err diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index baaa6468f..47ae2f74d 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -27,10 +27,6 @@ type XscScanService struct { ScanService } -func (xsc *XscScanService) GetUrl() string { - return "" -} - func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.ServiceDetails) *XscScanService { return &XscScanService{ScanService{client: client, XrayDetails: details}} } @@ -65,7 +61,7 @@ func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (multiSca return scanResponse.MultiScanId, err } -func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { +func (xsc *XscScanService) ScanGraph(scanParams *XrayGraphScanParams) (string, error) { httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) requestBody, err := json.Marshal(scanParams.Graph) @@ -74,7 +70,7 @@ func (xsc *XscScanService) ScanGraph(scanParams XrayGraphScanParams) (string, er } url := xsc.XrayDetails.GetXscUrl() + XscGraphAPI - url += createScanGraphQueryParams(scanParams) + url += createScanGraphQueryParams(*scanParams) resp, body, err := xsc.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { From cd9b278064e84e6a97f089116e544d0e23b3ec36 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 15:33:39 +0300 Subject: [PATCH 26/54] trigger tests workflow From bb862afa0b721c77c6bd7dafb9ceff7a716b0c32 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 15:38:17 +0300 Subject: [PATCH 27/54] trigger tests workflow new secrets From e2a654eaac8dfe6bcf7eacf135ad66d6095e9062 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 16:30:36 +0300 Subject: [PATCH 28/54] refactor and add version test for xsc --- .../services/utils/tests/xray/consts.go | 6 ++ .../services/utils/tests/xray/server.go | 2 + tests/jfrogclient_test.go | 2 +- tests/utils_test.go | 22 +++++-- tests/xray_test.go | 1 + tests/xsc_test.go | 60 +++++++++++++------ 6 files changed, 67 insertions(+), 26 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 95cd8e934..c65cefe31 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1386,3 +1386,9 @@ const getScanResultsResponse = ` } ` + +const xscVersionResponse = ` +{ +"xsc_version": "0.0.0" +} +` diff --git a/artifactory/services/utils/tests/xray/server.go b/artifactory/services/utils/tests/xray/server.go index 84f801b92..e4fbdafe6 100644 --- a/artifactory/services/utils/tests/xray/server.go +++ b/artifactory/services/utils/tests/xray/server.go @@ -148,6 +148,8 @@ func securityHandler(w http.ResponseWriter, r *http.Request) { _, err = fmt.Fprint(w, scanGraphResponse) case "9c9dbd61-f544-4e33-4613-34727043d71f": _, err = fmt.Fprint(w, getScanResultsResponse) + case "version": + _, err = fmt.Fprint(w, xscVersionResponse) } if err != nil { log.Error(err) diff --git a/tests/jfrogclient_test.go b/tests/jfrogclient_test.go index 802fd3943..a153aa6fb 100644 --- a/tests/jfrogclient_test.go +++ b/tests/jfrogclient_test.go @@ -66,7 +66,7 @@ func setupIntegrationTests() { createXrayBinMgrManager() } if *TestXsc { - createXscServiceManager() + createSecurityServiceManager() } if *TestPipelines { createPipelinesIntegrationsManager() diff --git a/tests/utils_test.go b/tests/utils_test.go index 75e48e204..3ba07af81 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -1129,24 +1129,34 @@ func createAccessPingManager() { testsAccessPingService.ServiceDetails = accessDetails } -func createXscServiceManager() { +func createSecurityServiceManager() { xrayDetails := xrayAuth.NewXrayDetails() xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) xrayDetails.SetUrl(xrayUrl) xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "/xray/", "/xsc/", 1)) - xrayDetails.SetXscVersion("0.0.0") + // Xsv version is used to determine if XSC in enabled or not, in the case we want to + // test XSC, set the version. + if *TestXsc { + xrayDetails.SetXscVersion("0.0.0") + } setAuthenticationDetail(xrayDetails) + initSecurityManagerByServerDetails(xrayDetails) +} +// Init securityServiceManager to be XSC or Xray depends on the server details. +func initSecurityManagerByServerDetails(xrayDetails *xrayAuth.XrayDetails) { xsc := auth.ServiceDetails(xrayDetails) serviceConfig, err := config.NewConfigBuilder(). SetServiceDetails(xsc). SetCertificatesPath(xsc.GetClientCertPath()). Build() failOnHttpClientCreation(err) - xscServiceManager, err := manager.New(serviceConfig) - - failOnHttpClientCreation(err) - securityServiceManager = xscServiceManager + securityService, err := manager.New(serviceConfig) + if err != nil { + log.Error("failed to initialize securityServiceManager") + os.Exit(1) + } + securityServiceManager = securityService } func getUniqueField(prefix string) string { diff --git a/tests/xray_test.go b/tests/xray_test.go index 3005664c9..ed05f0401 100644 --- a/tests/xray_test.go +++ b/tests/xray_test.go @@ -105,6 +105,7 @@ func initXrayTest(t *testing.T) { if !*TestXray { t.Skip("Skipping xray test. To run xray test add the '-test.xray=true' option.") } + createSecurityServiceManager() } type testXrayDetails struct { diff --git a/tests/xsc_test.go b/tests/xsc_test.go index 8618868bf..99753f89b 100644 --- a/tests/xsc_test.go +++ b/tests/xsc_test.go @@ -24,12 +24,34 @@ func TestXscScanGraph(t *testing.T) { initXscTest(t) mockScanId := "9c9dbd61-f544-4e33-4613-34727043d71f" mockMultiScanId := "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e" - xrayServerPort := xray.StartXrayMockServer() - xrayDetails := newTestXrayDetails(GetXrayDetails()) - xrayDetails.SetUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xray/") - xrayDetails.SetXscUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xsc/") - cfp := auth.ServiceDetails(xrayDetails) + graphParams := &scan.XrayGraphScanParams{XscGitInfoContext: &scan.XscGitInfoContext{}} + scanId, err := securityServiceManager.ScanGraph(graphParams) + assert.NoError(t, err) + assert.Equal(t, mockMultiScanId, graphParams.MultiScanId) + assert.Equal(t, mockScanId, scanId) + + _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) + assert.NoError(t, err) +} + +func prepareXscTest(t *testing.T) { + xscDetails := mockXscServer() + // initialize securityServiceManager which can be accessed in the tests. + createSecurityManager(t, xscDetails) +} + +func TestXscEnabled(t *testing.T) { + initXscTest(t) + + enabled, version, err := securityServiceManager.IsXscEnabled() + assert.NoError(t, err) + assert.Equal(t, true, enabled) + assert.Equal(t, "0.0.0", version) +} + +func createSecurityManager(t *testing.T, xscDetails testXrayDetails) { + cfp := auth.ServiceDetails(xscDetails) serviceConfig, err := config.NewConfigBuilder(). SetServiceDetails(cfp). Build() @@ -38,15 +60,21 @@ func TestXscScanGraph(t *testing.T) { assert.NoError(t, err) // Assert correct security manager assertSecurityManagerType(t) +} - graphParams := &scan.XrayGraphScanParams{} - graphParams.XscGitInfoContext = &scan.XscGitInfoContext{} - scanId, err := securityServiceManager.ScanGraph(graphParams) - assert.NoError(t, err) - assert.Equal(t, mockMultiScanId, graphParams.MultiScanId) - assert.Equal(t, mockScanId, scanId) - _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) - assert.NoError(t, err) +func initXscTest(t *testing.T) { + if !*TestXsc { + t.Skip("Skipping xray test. To run xray test add the '-test.xsc=true' option.") + } + prepareXscTest(t) +} + +func mockXscServer() testXrayDetails { + xrayServerPort := xray.StartXrayMockServer() + xrayDetails := newTestXrayDetails(GetXrayDetails()) + xrayDetails.SetUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xray/") + xrayDetails.SetXscUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xsc/") + return xrayDetails } func assertSecurityManagerType(t *testing.T) { @@ -57,9 +85,3 @@ func assertSecurityManagerType(t *testing.T) { assert.Equal(t, false, *TestXsc) } } - -func initXscTest(t *testing.T) { - if !*TestXsc { - t.Skip("Skipping xray test. To run xray test add the '-test.xsc=true' option.") - } -} From e47d7f8447e46b981674cf71ccb8408cade50fd4 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 16:46:34 +0300 Subject: [PATCH 29/54] test xsc without context --- tests/xsc_test.go | 80 ++++++++++++++++++++++++++--------------------- 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/tests/xsc_test.go b/tests/xsc_test.go index 99753f89b..74c76a68e 100644 --- a/tests/xsc_test.go +++ b/tests/xsc_test.go @@ -12,56 +12,47 @@ import ( "github.com/jfrog/jfrog-client-go/artifactory/services/utils/tests/xray" ) -func TestXscVersion(t *testing.T) { - initXscTest(t) - version := GetXrayDetails().GetXscVersion() - if version == "" { - t.Error("Expected a version, got empty string") - } -} - func TestXscScanGraph(t *testing.T) { initXscTest(t) - mockScanId := "9c9dbd61-f544-4e33-4613-34727043d71f" + expectedScanId := "9c9dbd61-f544-4e33-4613-34727043d71f" mockMultiScanId := "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e" - graphParams := &scan.XrayGraphScanParams{XscGitInfoContext: &scan.XscGitInfoContext{}} - scanId, err := securityServiceManager.ScanGraph(graphParams) - assert.NoError(t, err) - assert.Equal(t, mockMultiScanId, graphParams.MultiScanId) - assert.Equal(t, mockScanId, scanId) - - _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) - assert.NoError(t, err) -} + tests := []struct { + name string + xrayGraphParams *scan.XrayGraphScanParams + expectedMultiScanId string + }{ + { + name: "XscScanWithContext", + xrayGraphParams: &scan.XrayGraphScanParams{XscGitInfoContext: &scan.XscGitInfoContext{}}, + expectedMultiScanId: mockMultiScanId, + }, { + name: "XscScanNoContext", + xrayGraphParams: &scan.XrayGraphScanParams{}, + expectedMultiScanId: "", + }, + } + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + scanId, err := securityServiceManager.ScanGraph(test.xrayGraphParams) + assert.NoError(t, err) + assert.Equal(t, test.expectedMultiScanId, test.xrayGraphParams.MultiScanId) + assert.Equal(t, expectedScanId, scanId) -func prepareXscTest(t *testing.T) { - xscDetails := mockXscServer() - // initialize securityServiceManager which can be accessed in the tests. - createSecurityManager(t, xscDetails) + _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) + assert.NoError(t, err) + }) + } } func TestXscEnabled(t *testing.T) { initXscTest(t) - enabled, version, err := securityServiceManager.IsXscEnabled() assert.NoError(t, err) assert.Equal(t, true, enabled) assert.Equal(t, "0.0.0", version) } -func createSecurityManager(t *testing.T, xscDetails testXrayDetails) { - cfp := auth.ServiceDetails(xscDetails) - serviceConfig, err := config.NewConfigBuilder(). - SetServiceDetails(cfp). - Build() - assert.NoError(t, err) - securityServiceManager, err = manager.New(serviceConfig) - assert.NoError(t, err) - // Assert correct security manager - assertSecurityManagerType(t) -} - func initXscTest(t *testing.T) { if !*TestXsc { t.Skip("Skipping xray test. To run xray test add the '-test.xsc=true' option.") @@ -69,14 +60,31 @@ func initXscTest(t *testing.T) { prepareXscTest(t) } -func mockXscServer() testXrayDetails { +func prepareXscTest(t *testing.T) { + initializeTestSecurityManager(t, initMockXscServer()) +} + +func initMockXscServer() testXrayDetails { xrayServerPort := xray.StartXrayMockServer() xrayDetails := newTestXrayDetails(GetXrayDetails()) + // Reroutes URLs to mock server xrayDetails.SetUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xray/") xrayDetails.SetXscUrl("http://localhost:" + strconv.Itoa(xrayServerPort) + "/xsc/") return xrayDetails } +func initializeTestSecurityManager(t *testing.T, xscDetails testXrayDetails) { + cfp := auth.ServiceDetails(xscDetails) + serviceConfig, err := config.NewConfigBuilder(). + SetServiceDetails(cfp). + Build() + assert.NoError(t, err) + securityServiceManager, err = manager.New(serviceConfig) + assert.NoError(t, err) + // Assert correct security manager Xsc/Xray + assertSecurityManagerType(t) +} + func assertSecurityManagerType(t *testing.T) { switch securityServiceManager.(type) { case *manager.XscServicesManger: From 3647f3b59af1efd34db7a9a497c5e8833bfd8554 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 23 Aug 2023 16:54:20 +0300 Subject: [PATCH 30/54] Update README new test flag --- README.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index fb41807d2..0a3408378 100644 --- a/README.md +++ b/README.md @@ -238,14 +238,15 @@ content of this repository is deleted. #### Test Types -| Type | Description | Prerequisites | -|----------------------|--------------------|-------------------------------| -| `-test.artifactory` | Artifactory tests | Artifactory Pro | -| `-test.distribution` | Distribution tests | Artifactory with Distribution | -| `-test.xray` | Xray tests | Artifactory with Xray | -| `-test.pipelines` | Pipelines tests | JFrog Pipelines | -| `-test.access` | Access tests | Artifactory Pro | -| `-test.repositories` | Access tests | Artifactory Pro | +| Type | Description | Prerequisites | +|----------------------|--------------------|---------------------------------| +| `-test.artifactory` | Artifactory tests | Artifactory Pro | +| `-test.distribution` | Distribution tests | Artifactory with Distribution | +| `-test.xray` | Xray tests | Artifactory with Xray | +| `-test.xsc` | Xsc tests | Artifactory with Xray using Xsc | +| `-test.pipelines` | Pipelines tests | JFrog Pipelines | +| `-test.access` | Access tests | Artifactory Pro | +| `-test.repositories` | Access tests | Artifactory Pro | #### Connection Details From fd2543ad454e43656293c0e6b0c467c749e1af8b Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 24 Aug 2023 09:49:48 +0300 Subject: [PATCH 31/54] Add default to mock server --- artifactory/services/utils/tests/xray/server.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/artifactory/services/utils/tests/xray/server.go b/artifactory/services/utils/tests/xray/server.go index e4fbdafe6..459adc238 100644 --- a/artifactory/services/utils/tests/xray/server.go +++ b/artifactory/services/utils/tests/xray/server.go @@ -150,6 +150,8 @@ func securityHandler(w http.ResponseWriter, r *http.Request) { _, err = fmt.Fprint(w, getScanResultsResponse) case "version": _, err = fmt.Fprint(w, xscVersionResponse) + default: + panic("Unexpected request URI:" + r.RequestURI) } if err != nil { log.Error(err) From 56c6cacd5eb4dacb3f78d0320ed80505f3157d23 Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 28 Aug 2023 17:13:03 +0300 Subject: [PATCH 32/54] fix import --- xray/usage/reportusage.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/xray/usage/reportusage.go b/xray/usage/reportusage.go index 365486c91..4102373cb 100644 --- a/xray/usage/reportusage.go +++ b/xray/usage/reportusage.go @@ -3,13 +3,12 @@ package usage import ( "encoding/json" "errors" - "net/http" - "github.com/jfrog/jfrog-client-go/artifactory/services/utils" clientutils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray" + "github.com/jfrog/jfrog-client-go/xray/manager" + "net/http" ) const ( @@ -33,7 +32,7 @@ type ReportXrayEventData struct { Origin string `json:"origin,omitempty"` } -func SendXrayUsageEvents(serviceManager xray.XrayServicesManager, events ...ReportXrayEventData) error { +func SendXrayUsageEvents(serviceManager manager.SecurityServiceManager, events ...ReportXrayEventData) error { if len(events) == 0 { return errorutils.CheckErrorf("Nothing to send.") } From 97b4701be69dae2b4ada79c2b79d50e67cea7c5b Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 29 Aug 2023 09:40:18 +0300 Subject: [PATCH 33/54] Update test and README.md --- .github/workflows/tests.yml | 34 ++++++++++++++++++++++++++++++++-- README.md | 18 +++++++++--------- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 084afaaea..744d5e6d7 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -83,13 +83,13 @@ jobs: - name: artifactory tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} - JFrog-Client-Go-Ds-Xr-Xsc-Tests: + JFrog-Client-Go-Ds-Xr-Tests: needs: Pretest name: ${{ matrix.suite }} ${{ matrix.os }} strategy: fail-fast: false matrix: - suite: [ distribution, xray , xsc ] + suite: [ distribution, xray ] os: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: @@ -113,6 +113,36 @@ jobs: - name: ${{ matrix.suite }} tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --rt.url=${{ secrets.PLATFORM_URL }}/artifactory --ds.url=${{ secrets.PLATFORM_URL }}/distribution --xr.url=${{ secrets.PLATFORM_URL }}/xray --access.url=${{ secrets.PLATFORM_URL }}/access --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} + JFrog-Client-Go-Xsc-Tests: + needs: Pretest + name: ${{ matrix.suite }} ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + suite: [ xsc ] + os: [ ubuntu-latest, macos-latest, windows-latest ] + runs-on: ${{ matrix.os }} + steps: + - name: Checkout code + uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.20.x + + - name: Go Cache + uses: actions/cache@v3 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: ${{ runner.os }}-go- + + - name: ${{ matrix.suite }} tests + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --xr.url=${{ secrets.PLATFORM_URL }}/xray --access.url=${{ secrets.PLATFORM_URL }}/access --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} + JFrog-Client-Go-Pipelines-Tests: needs: Pretest name: pipelines ubuntu-latest diff --git a/README.md b/README.md index 0a3408378..145bbdfa8 100644 --- a/README.md +++ b/README.md @@ -238,15 +238,15 @@ content of this repository is deleted. #### Test Types -| Type | Description | Prerequisites | -|----------------------|--------------------|---------------------------------| -| `-test.artifactory` | Artifactory tests | Artifactory Pro | -| `-test.distribution` | Distribution tests | Artifactory with Distribution | -| `-test.xray` | Xray tests | Artifactory with Xray | -| `-test.xsc` | Xsc tests | Artifactory with Xray using Xsc | -| `-test.pipelines` | Pipelines tests | JFrog Pipelines | -| `-test.access` | Access tests | Artifactory Pro | -| `-test.repositories` | Access tests | Artifactory Pro | +| Type | Description | Prerequisites | +|----------------------|--------------------|-------------------------------| +| `-test.artifactory` | Artifactory tests | Artifactory Pro | +| `-test.distribution` | Distribution tests | Artifactory with Distribution | +| `-test.xray` | Xray tests | Artifactory with Xray | +| `-test.xsc` | Xsc tests | Xray with XSC enabled | +| `-test.pipelines` | Pipelines tests | JFrog Pipelines | +| `-test.access` | Access tests | Artifactory Pro | +| `-test.repositories` | Access tests | Artifactory Pro | #### Connection Details From a43644e64b0a605a64d6c5892ba8ee36996cc7eb Mon Sep 17 00:00:00 2001 From: delarea Date: Tue, 29 Aug 2023 14:50:49 +0300 Subject: [PATCH 34/54] Add XSC const --- utils/utils.go | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/utils.go b/utils/utils.go index 8678290f9..03ca8cc53 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -35,6 +35,7 @@ type MinVersionProduct string const ( Artifactory MinVersionProduct = "JFrog Artifactory" Xray MinVersionProduct = "JFrog Xray" + Xsc MinVersionProduct = "JFrog Xsc" DataTransfer MinVersionProduct = "Data Transfer" DockerApi MinVersionProduct = "Docker API" Projects MinVersionProduct = "JFrog Projects" From d99342c64d47c82f9599183759cf62e686e2cc79 Mon Sep 17 00:00:00 2001 From: delarea Date: Wed, 30 Aug 2023 11:50:15 +0300 Subject: [PATCH 35/54] fix endpoint --- xray/scan/xscScan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index 47ae2f74d..ff4024771 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -20,7 +20,7 @@ const ( scanTechQueryParam = "tech=" - XscVersionAPI = "/api/v1/system/version" + XscVersionAPI = "api/v1/system/version" ) type XscScanService struct { From 682265886689f00a91565e9d340be1afc9eac404 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 31 Aug 2023 17:27:11 +0300 Subject: [PATCH 36/54] dont overwrite msi for testings purposes --- xray/manager/xsc.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/xray/manager/xsc.go b/xray/manager/xsc.go index 00bd2dd42..c2c18fc23 100644 --- a/xray/manager/xsc.go +++ b/xray/manager/xsc.go @@ -25,10 +25,14 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) func (xsc *XscServicesManger) ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) { log.Debug("Scanning graph using XSC service...") scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) - if params.MultiScanId, err = scanService.SendScanContext(params.XscGitInfoContext); err != nil { + multiScanId, err := scanService.SendScanContext(params.XscGitInfoContext) + if err != nil { // Don't fail the entire scan when failed to send XscGitInfoContext log.Warn("failed to send xsc git info context with the following error: ", err.Error()) } + if multiScanId != "" { + params.MultiScanId = multiScanId + } return scanService.ScanGraph(params) } From 59e8b9e250bb1652c656c9c94b9d3ae72ae66204 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 31 Aug 2023 18:22:36 +0300 Subject: [PATCH 37/54] Allow pass msi as env --- xray/scan/scan.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/xray/scan/scan.go b/xray/scan/scan.go index 1a8966807..4a41a1741 100644 --- a/xray/scan/scan.go +++ b/xray/scan/scan.go @@ -168,10 +168,9 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, watchesQueryParam+watch) } } + case scanParams.MultiScanId != "": + params = append(params, multiScanIdParam+scanParams.MultiScanId) case scanParams.XscGitInfoContext != nil: - if scanParams.MultiScanId != "" { - params = append(params, multiScanIdParam+scanParams.MultiScanId) - } if len(scanParams.XscGitInfoContext.Technologies) > 0 { params = append(params, scanTechQueryParam+scanParams.XscGitInfoContext.Technologies[0]) } From 5e95ddc4e0e13cafe8a458d1b421b609c6398c57 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 3 Sep 2023 10:06:57 +0300 Subject: [PATCH 38/54] fix pull dev --- xray/scan/xscScan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/scan/xscScan.go b/xray/scan/xscScan.go index ff4024771..f50bd55a4 100644 --- a/xray/scan/xscScan.go +++ b/xray/scan/xscScan.go @@ -64,7 +64,7 @@ func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (multiSca func (xsc *XscScanService) ScanGraph(scanParams *XrayGraphScanParams) (string, error) { httpClientsDetails := xsc.XrayDetails.CreateHttpClientDetails() utils.SetContentType("application/json", &httpClientsDetails.Headers) - requestBody, err := json.Marshal(scanParams.Graph) + requestBody, err := json.Marshal(scanParams.DependenciesGraph) if err != nil { return "", errorutils.CheckError(err) } From 1e6715ddfa463485917ce5a62faf1a951a0c8cfa Mon Sep 17 00:00:00 2001 From: delarea Date: Mon, 4 Sep 2023 10:22:39 +0300 Subject: [PATCH 39/54] fix merge --- xray/manager/manager.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xray/manager/manager.go b/xray/manager/manager.go index db7628298..e4f1493a2 100644 --- a/xray/manager/manager.go +++ b/xray/manager/manager.go @@ -31,7 +31,9 @@ type SecurityServiceManager interface { GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) // Report - GenerateVulnerabilitiesReport(params services.ReportRequestParams) (resp *services.ReportResponse, err error) + GenerateVulnerabilitiesReport(params services.VulnerabilitiesReportRequestParams) (resp *services.ReportResponse, err error) + GenerateLicensesReport(params services.LicensesReportRequestParams) (resp *services.ReportResponse, err error) + GenerateViolationsReport(params services.ViolationsReportRequestParams) (resp *services.ReportResponse, err error) ReportDetails(reportId string) (details *services.ReportDetails, err error) ReportContent(params services.ReportContentRequestParams) (content *services.ReportContent, err error) DeleteReport(reportId string) error From 16e49175c49f8c36e0f49557fefc1a938dfa9484 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 7 Sep 2023 09:48:04 +0300 Subject: [PATCH 40/54] Small refactor --- .../services/utils/tests/xray/consts.go | 25 ++++--------------- tests/utils_test.go | 5 ++-- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 2750e8b1f..1ff99b82e 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1433,26 +1433,11 @@ var MapResponse = map[string]map[string]string{ }, } -const gitInfoSentResponse = ` -{ - "multi_scan_id": "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e" -} -` +const gitInfoSentResponse = `{"multi_scan_id": "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e"}` -const scanGraphResponse = ` -{ - "scan_id": "9c9dbd61-f544-4e33-4613-34727043d71f" -} -` +const scanGraphResponse = `{"scan_id": "9c9dbd61-f544-4e33-4613-34727043d71f"}` -const getScanResultsResponse = ` -{ - -} -` +// Empty body as tests currently do not check response body. +const getScanResultsResponse = `{}` -const xscVersionResponse = ` -{ -"xsc_version": "0.0.0" -} -` +const xscVersionResponse = `{"xsc_version": "0.0.0"}` diff --git a/tests/utils_test.go b/tests/utils_test.go index 056c8235e..f3dbd5d40 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -1134,8 +1134,7 @@ func createSecurityServiceManager() { xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) xrayDetails.SetUrl(xrayUrl) xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "/xray/", "/xsc/", 1)) - // Xsv version is used to determine if XSC in enabled or not, in the case we want to - // test XSC, set the version. + // XSC version is used to determine if XSC in enabled or not. if *TestXsc { xrayDetails.SetXscVersion("0.0.0") } @@ -1143,7 +1142,7 @@ func createSecurityServiceManager() { initSecurityManagerByServerDetails(xrayDetails) } -// Init securityServiceManager to be XSC or Xray depends on the server details. +// Init securityServiceManager as XSC or Xray manager depends on the server details. func initSecurityManagerByServerDetails(xrayDetails *xrayAuth.XrayDetails) { xsc := auth.ServiceDetails(xrayDetails) serviceConfig, err := config.NewConfigBuilder(). From 35ab59b3cf71f059d0e0527aaf0260a781531a54 Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 7 Sep 2023 11:52:17 +0300 Subject: [PATCH 41/54] refactor --- xray/manager/xray.go | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/xray/manager/xray.go b/xray/manager/xray.go index b9eb097a1..54ac26f40 100644 --- a/xray/manager/xray.go +++ b/xray/manager/xray.go @@ -197,19 +197,18 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri if err != nil { return } - if resp.StatusCode != http.StatusOK { - log.Debug("XSC service is not enabled for this server") - return false, "", nil + log.Debug("XSC response:", resp.Status) + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusNotFound); err != nil { + return } - versionResponse := scan.XscVersionResponse{} - if err = json.Unmarshal(body, &versionResponse); err != nil { - err = errorutils.CheckErrorf("couldn't parse Xray server response: " + err.Error()) + // When XSC is disabled,404 is expected. Don't return error as this is optional. + if resp.StatusCode == http.StatusNotFound { return } - if versionResponse.Version != "" { - xscEntitled = true - xsxVersion = versionResponse.Version + versionResponse := scan.XscVersionResponse{} + if err = json.Unmarshal(body, &versionResponse); err != nil { + err = errorutils.CheckErrorf("failed to unmarshal XSC server response: " + err.Error()) return } - return + return true, versionResponse.Version, nil } From 09e885b098610d705cf2bdeb271e00824da696dd Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 7 Sep 2023 12:01:49 +0300 Subject: [PATCH 42/54] edit xsc test --- .github/workflows/tests.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 03ce79024..a8264b79b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -119,7 +119,6 @@ jobs: strategy: fail-fast: false matrix: - suite: [ xsc ] os: [ ubuntu-latest, macos-latest, windows-latest ] runs-on: ${{ matrix.os }} steps: @@ -141,7 +140,7 @@ jobs: restore-keys: ${{ runner.os }}-go- - name: ${{ matrix.suite }} tests - run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --xr.url=${{ secrets.PLATFORM_URL }}/xray --access.url=${{ secrets.PLATFORM_URL }}/access --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} + run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.xsc --xr.url=${{ secrets.PLATFORM_URL }}/xray --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}_xsc JFrog-Client-Go-Pipelines-Tests: needs: Pretest From fe5814b3c5669a66e317317fc2764503712167df Mon Sep 17 00:00:00 2001 From: delarea Date: Thu, 7 Sep 2023 17:07:22 +0300 Subject: [PATCH 43/54] fix format --- .../services/utils/tests/xray/consts.go | 29 ++++----- tests/xrayreport_test.go | 60 +++++++++---------- xray/services/buildscan.go | 8 +-- xray/services/report.go | 39 ++++++------ 4 files changed, 69 insertions(+), 67 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 1ff99b82e..f3f434fc8 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1415,22 +1415,23 @@ const BuildScanResultsResponse = ` } ` -var MapReportIdEndpoint = map[int]string{ - 777: VulnerabilitiesEndpoint, - 888: LicensesEndpoint, + +var MapReportIdEndpoint = map[int]string { + 777: VulnerabilitiesEndpoint, + 888: LicensesEndpoint, } -var MapResponse = map[string]map[string]string{ - VulnerabilitiesEndpoint: { - "XrayReportRequest": VulnerabilityXrayReportRequestResponse, - "ReportStatus": VulnerabilityReportStatusResponse, - "ReportDetails": VulnerabilityReportDetailsResponse, - }, - LicensesEndpoint: { - "XrayReportRequest": LicensesXrayReportRequestResponse, - "ReportStatus": LicensesReportStatusResponse, - "ReportDetails": LicensesReportDetailsResponse, - }, +var MapResponse = map[string]map[string]string { + VulnerabilitiesEndpoint: { + "XrayReportRequest": VulnerabilityXrayReportRequestResponse, + "ReportStatus": VulnerabilityReportStatusResponse, + "ReportDetails": VulnerabilityReportDetailsResponse, + }, + LicensesEndpoint: { + "XrayReportRequest": LicensesXrayReportRequestResponse, + "ReportStatus": LicensesReportStatusResponse, + "ReportDetails": LicensesReportDetailsResponse, + }, } const gitInfoSentResponse = `{"multi_scan_id": "f2a8d4fe-40e6-11ee-84e4-02ee10c7f40e"}` diff --git a/tests/xrayreport_test.go b/tests/xrayreport_test.go index 287bbd89f..81c767b00 100644 --- a/tests/xrayreport_test.go +++ b/tests/xrayreport_test.go @@ -32,34 +32,34 @@ func TestXrayReport(t *testing.T) { t.Run("reportAll", reportAll) } -var vulnerabilitiesReportRequestParams = services.VulnerabilitiesReportRequestParams{ - Name: "test-report", - Filters: services.VulnerabilitiesFilter{ - HasRemediation: &trueValue, - Severity: []string{"high"}, - }, - Resources: services.Resource{ - Repositories: []services.Repository{ - { - Name: "dummy-repo", +var vulnerabilitiesReportRequestParams = services.VulnerabilitiesReportRequestParams { + Name: "test-report", + Filters: services.VulnerabilitiesFilter{ + HasRemediation: &trueValue, + Severity: []string{"high"}, + }, + Resources: services.Resource{ + Repositories: []services.Repository{ + { + Name: "dummy-repo", + }, }, }, - }, -} -var licensesReportRequestParams = services.LicensesReportRequestParams{ - Name: "test-report", - Filters: services.LicensesFilter{ - LicensePatterns: []string{"*"}, - }, - Resources: services.Resource{ - Repositories: []services.Repository{ - { - Name: "dummy-repo", + } +var licensesReportRequestParams = services.LicensesReportRequestParams { + Name: "test-report", + Filters: services.LicensesFilter{ + LicensePatterns: []string{"*"}, + }, + Resources: services.Resource{ + Repositories: []services.Repository{ + { + Name: "dummy-repo", + }, }, }, - }, -} -var reportTypes = []string{ + } +var reportTypes = []string { xray.VulnerabilitiesEndpoint, xray.LicensesEndpoint, } @@ -83,15 +83,15 @@ func reportAll(t *testing.T) { reportReqCont := services.ReportContentRequestParams{ ReportType: ep, - ReportId: reportId, - Direction: "asc", - PageNum: 0, - NumRows: 7, + ReportId: reportId, + Direction: "asc", + PageNum: 0, + NumRows: 7, } if ep == xray.VulnerabilitiesEndpoint { - reportReqCont.OrderBy = "severity" + reportReqCont.OrderBy = "severity" } else if ep == xray.LicensesEndpoint { - reportReqCont.OrderBy = "license" + reportReqCont.OrderBy = "license" } content, err := testXrayReportService.Content(reportReqCont) assert.NoError(t, err) diff --git a/xray/services/buildscan.go b/xray/services/buildscan.go index d850d2da5..06f19a9cb 100644 --- a/xray/services/buildscan.go +++ b/xray/services/buildscan.go @@ -179,10 +179,10 @@ type RequestBuildScanResponse struct { } type BuildScanResponse struct { - Status string `json:"status,omitempty"` - MoreDetailsUrl string `json:"more_details_url,omitempty"` - FailBuild bool `json:"fail_build,omitempty"` + Status string `json:"status,omitempty"` + MoreDetailsUrl string `json:"more_details_url,omitempty"` + FailBuild bool `json:"fail_build,omitempty"` Violations []scan.Violation `json:"violations,omitempty"` Vulnerabilities []scan.Vulnerability `json:"vulnerabilities,omitempty"` - Info string `json:"info,omitempty"` + Info string `json:"info,omitempty"` } diff --git a/xray/services/report.go b/xray/services/report.go index 194b9ecdf..d159c9c0d 100644 --- a/xray/services/report.go +++ b/xray/services/report.go @@ -12,10 +12,11 @@ import ( const ( // ReportsAPI refer to: https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-REPORTS - ReportsAPI = "api/v1/reports" - Vulnerabilities = "vulnerabilities" - Licenses = "licenses" - Violations = "violations" + ReportsAPI = "api/v1/reports" + Vulnerabilities = "vulnerabilities" + Licenses = "licenses" + Violations = "violations" + ) // ReportService defines the Http client and Xray details @@ -42,11 +43,11 @@ type ReportDetails struct { // ReportContentRequestParams defines a report content request type ReportContentRequestParams struct { ReportType string - ReportId string - Direction string - PageNum int - NumRows int - OrderBy string + ReportId string + Direction string + PageNum int + NumRows int + OrderBy string } // ReportContent defines a report content response @@ -76,17 +77,17 @@ type Row struct { ExternalAdvisorySource string `json:"external_advisory_source,omitempty"` ExternalAdvisorySeverity string `json:"external_advisory_severity,omitempty"` // Licenses Report field - License string `json:"license,omitempty"` - LicenseName string `json:"license_name,omitempty"` - Component string `json:"component,omitempty"` - Artifact string `json:"artifact,omitempty"` - ArtifactScanTime string `json:"artifact_scan_time,omitempty"` - Unknown *bool `json:"unknown,omitempty"` - Unrecognized *bool `json:"unrecognized,omitempty"` - Custom *bool `json:"custom,omitempty"` + License string `json:"license,omitempty"` + LicenseName string `json:"license_name,omitempty"` + Component string `json:"component,omitempty"` + Artifact string `json:"artifact,omitempty"` + ArtifactScanTime string `json:"artifact_scan_time,omitempty"` + Unknown *bool `json:"unknown,omitempty"` + Unrecognized *bool `json:"unrecognized,omitempty"` + Custom *bool `json:"custom,omitempty"` // Common field - Path string `json:"path,omitempty"` - References []string `json:"references,omitempty"` + Path string `json:"path,omitempty"` + References []string `json:"references,omitempty"` } // For backwork compatibility keeping old struct name From db77870d988924e82522770f2ddff34e91f16856 Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 14:46:48 +0300 Subject: [PATCH 44/54] break import cycles --- tests/utils_test.go | 5 +- tests/xrayscan_test.go | 7 ++- tests/xsc_test.go | 15 +++--- xray/auth/xraydetails.go | 4 +- xray/services/buildscan.go | 11 ++--- xray/{manager => services}/manager.go | 22 ++++----- xray/{scan => services}/scan.go | 2 +- xray/{scan => services}/scan_test.go | 2 +- xray/{manager => services}/xray.go | 68 +++++++++++++-------------- xray/{manager => services}/xsc.go | 11 ++--- xray/{scan => services}/xscScan.go | 2 +- xray/usage/reportusage.go | 4 +- 12 files changed, 72 insertions(+), 81 deletions(-) rename xray/{manager => services}/manager.go (67%) rename xray/{scan => services}/scan.go (99%) rename xray/{scan => services}/scan_test.go (98%) rename xray/{manager => services}/xray.go (74%) rename xray/{manager => services}/xsc.go (77%) rename xray/{scan => services}/xscScan.go (99%) diff --git a/tests/utils_test.go b/tests/utils_test.go index f3dbd5d40..6815236f1 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -6,7 +6,6 @@ import ( "flag" "fmt" "github.com/jfrog/jfrog-client-go/config" - "github.com/jfrog/jfrog-client-go/xray/manager" "net/http" "os" "path/filepath" @@ -113,7 +112,7 @@ var ( testsXrayWatchService *xrayServices.WatchService testsXrayPolicyService *xrayServices.PolicyService testXrayBinMgrService *xrayServices.BinMgrService - securityServiceManager manager.SecurityServiceManager + securityServiceManager xrayServices.SecurityServiceManager // Pipelines Services testsPipelinesIntegrationsService *pipelinesServices.IntegrationsService @@ -1150,7 +1149,7 @@ func initSecurityManagerByServerDetails(xrayDetails *xrayAuth.XrayDetails) { SetCertificatesPath(xsc.GetClientCertPath()). Build() failOnHttpClientCreation(err) - securityService, err := manager.New(serviceConfig) + securityService, err := xrayServices.New(serviceConfig) if err != nil { log.Error("failed to initialize securityServiceManager") os.Exit(1) diff --git a/tests/xrayscan_test.go b/tests/xrayscan_test.go index ffceb41e0..97270e0c1 100644 --- a/tests/xrayscan_test.go +++ b/tests/xrayscan_test.go @@ -3,8 +3,7 @@ package tests import ( "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/config" - "github.com/jfrog/jfrog-client-go/xray/manager" - "github.com/jfrog/jfrog-client-go/xray/scan" + services2 "github.com/jfrog/jfrog-client-go/xray/services" "github.com/stretchr/testify/assert" "strconv" "strings" @@ -63,11 +62,11 @@ func TestXrayScanGraph(t *testing.T) { SetServiceDetails(cfp). Build() assert.NoError(t, err) - securityServiceManager, err = manager.New(serviceConfig) + securityServiceManager, err = services2.New(serviceConfig) assert.NoError(t, err) assertSecurityManagerType(t) - scanId, err := securityServiceManager.ScanGraph(&scan.XrayGraphScanParams{}) + scanId, err := securityServiceManager.ScanGraph(&services2.XrayGraphScanParams{}) assert.NoError(t, err) assert.Equal(t, mockScanId, scanId) _, err = securityServiceManager.GetScanGraphResults(scanId, false, false) diff --git a/tests/xsc_test.go b/tests/xsc_test.go index 74c76a68e..2ac70137d 100644 --- a/tests/xsc_test.go +++ b/tests/xsc_test.go @@ -3,8 +3,7 @@ package tests import ( "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/config" - "github.com/jfrog/jfrog-client-go/xray/manager" - "github.com/jfrog/jfrog-client-go/xray/scan" + "github.com/jfrog/jfrog-client-go/xray/services" "github.com/stretchr/testify/assert" "strconv" "testing" @@ -19,16 +18,16 @@ func TestXscScanGraph(t *testing.T) { tests := []struct { name string - xrayGraphParams *scan.XrayGraphScanParams + xrayGraphParams *services.XrayGraphScanParams expectedMultiScanId string }{ { name: "XscScanWithContext", - xrayGraphParams: &scan.XrayGraphScanParams{XscGitInfoContext: &scan.XscGitInfoContext{}}, + xrayGraphParams: &services.XrayGraphScanParams{XscGitInfoContext: &services.XscGitInfoContext{}}, expectedMultiScanId: mockMultiScanId, }, { name: "XscScanNoContext", - xrayGraphParams: &scan.XrayGraphScanParams{}, + xrayGraphParams: &services.XrayGraphScanParams{}, expectedMultiScanId: "", }, } @@ -79,7 +78,7 @@ func initializeTestSecurityManager(t *testing.T, xscDetails testXrayDetails) { SetServiceDetails(cfp). Build() assert.NoError(t, err) - securityServiceManager, err = manager.New(serviceConfig) + securityServiceManager, err = services.New(serviceConfig) assert.NoError(t, err) // Assert correct security manager Xsc/Xray assertSecurityManagerType(t) @@ -87,9 +86,9 @@ func initializeTestSecurityManager(t *testing.T, xscDetails testXrayDetails) { func assertSecurityManagerType(t *testing.T) { switch securityServiceManager.(type) { - case *manager.XscServicesManger: + case *services.XscServicesManger: assert.Equal(t, true, *TestXsc) - case *manager.XrayServicesManager: + case *services.XrayServicesManager: assert.Equal(t, false, *TestXsc) } } diff --git a/xray/auth/xraydetails.go b/xray/auth/xraydetails.go index 0d3286573..fce94a300 100644 --- a/xray/auth/xraydetails.go +++ b/xray/auth/xraydetails.go @@ -4,7 +4,7 @@ import ( "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/manager" + "github.com/jfrog/jfrog-client-go/xray/services" ) // NewXrayDetails creates a struct of the Xray details @@ -38,7 +38,7 @@ func (ds *XrayDetails) getXrayVersion() (string, error) { if err != nil { return "", err } - sm, err := manager.New(serviceConfig) + sm, err := services.New(serviceConfig) if err != nil { return "", err } diff --git a/xray/services/buildscan.go b/xray/services/buildscan.go index 06f19a9cb..aff2b1206 100644 --- a/xray/services/buildscan.go +++ b/xray/services/buildscan.go @@ -11,7 +11,6 @@ import ( "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/io/httputils" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/scan" "net/http" "strings" ) @@ -122,8 +121,8 @@ func (bs *BuildScanService) getBuildScanResults(reqFunc func() (*http.Response, return false, nil, nil } pollingExecutor := &httputils.PollingExecutor{ - Timeout: scan.DefaultMaxWaitMinutes, - PollingInterval: scan.DefaultSyncSleepInterval, + Timeout: DefaultMaxWaitMinutes, + PollingInterval: DefaultSyncSleepInterval, PollingAction: pollingAction, MsgPrefix: fmt.Sprintf("Get Build Scan results for Build: %s/%s...", params.BuildName, params.BuildNumber), } @@ -136,7 +135,7 @@ func (bs *BuildScanService) getBuildScanResults(reqFunc func() (*http.Response, if err = json.Unmarshal(body, &buildScanResponse); err != nil { return nil, errorutils.CheckError(err) } - if buildScanResponse.Status == scan.XrayScanStatusFailed { + if buildScanResponse.Status == XrayScanStatusFailed { return nil, errorutils.CheckErrorf("Xray build scan failed") } return &buildScanResponse, err @@ -182,7 +181,7 @@ type BuildScanResponse struct { Status string `json:"status,omitempty"` MoreDetailsUrl string `json:"more_details_url,omitempty"` FailBuild bool `json:"fail_build,omitempty"` - Violations []scan.Violation `json:"violations,omitempty"` - Vulnerabilities []scan.Vulnerability `json:"vulnerabilities,omitempty"` + Violations []Violation `json:"violations,omitempty"` + Vulnerabilities []Vulnerability `json:"vulnerabilities,omitempty"` Info string `json:"info,omitempty"` } diff --git a/xray/manager/manager.go b/xray/services/manager.go similarity index 67% rename from xray/manager/manager.go rename to xray/services/manager.go index e4f1493a2..64253a86f 100644 --- a/xray/manager/manager.go +++ b/xray/services/manager.go @@ -1,10 +1,8 @@ -package manager +package services import ( "github.com/jfrog/jfrog-client-go/config" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" - "github.com/jfrog/jfrog-client-go/xray/scan" - "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" ) @@ -27,19 +25,19 @@ type SecurityServiceManager interface { UpdatePolicy(params utils.PolicyParams) error DeletePolicy(policyName string) error // Scan - ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) - GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) - BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) + ScanGraph(params *XrayGraphScanParams) (scanId string, err error) + GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) + BuildScan(params XrayBuildParams, includeVulnerabilities bool) (scanResponse *BuildScanResponse, noFailBuildPolicy bool, err error) // Report - GenerateVulnerabilitiesReport(params services.VulnerabilitiesReportRequestParams) (resp *services.ReportResponse, err error) - GenerateLicensesReport(params services.LicensesReportRequestParams) (resp *services.ReportResponse, err error) - GenerateViolationsReport(params services.ViolationsReportRequestParams) (resp *services.ReportResponse, err error) - ReportDetails(reportId string) (details *services.ReportDetails, err error) - ReportContent(params services.ReportContentRequestParams) (content *services.ReportContent, err error) + GenerateVulnerabilitiesReport(params VulnerabilitiesReportRequestParams) (resp *ReportResponse, err error) + GenerateLicensesReport(params LicensesReportRequestParams) (resp *ReportResponse, err error) + GenerateViolationsReport(params ViolationsReportRequestParams) (resp *ReportResponse, err error) + ReportDetails(reportId string) (details *ReportDetails, err error) + ReportContent(params ReportContentRequestParams) (content *ReportContent, err error) DeleteReport(reportId string) error // Utilities AddBuildsToIndexing(buildNames []string) error - ArtifactSummary(params services.ArtifactSummaryParams) (*services.ArtifactSummaryResponse, error) + ArtifactSummary(params ArtifactSummaryParams) (*ArtifactSummaryResponse, error) IsEntitled(featureId string) (bool, error) IsXscEnabled() (bool, string, error) } diff --git a/xray/scan/scan.go b/xray/services/scan.go similarity index 99% rename from xray/scan/scan.go rename to xray/services/scan.go index cade04b58..23a685c6b 100644 --- a/xray/scan/scan.go +++ b/xray/services/scan.go @@ -1,4 +1,4 @@ -package scan +package services import ( "encoding/json" diff --git a/xray/scan/scan_test.go b/xray/services/scan_test.go similarity index 98% rename from xray/scan/scan_test.go rename to xray/services/scan_test.go index bc71f281c..1eafe2a21 100644 --- a/xray/scan/scan_test.go +++ b/xray/services/scan_test.go @@ -1,4 +1,4 @@ -package scan +package services import ( "fmt" diff --git a/xray/manager/xray.go b/xray/services/xray.go similarity index 74% rename from xray/manager/xray.go rename to xray/services/xray.go index 54ac26f40..1a5c829cb 100644 --- a/xray/manager/xray.go +++ b/xray/services/xray.go @@ -1,4 +1,4 @@ -package manager +package services import ( "encoding/json" @@ -6,8 +6,6 @@ import ( "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/scan" - "github.com/jfrog/jfrog-client-go/xray/services" "github.com/jfrog/jfrog-client-go/xray/services/utils" "net/http" ) @@ -33,14 +31,14 @@ func (sm *XrayServicesManager) Config() config.Config { // GetVersion will return the Xray version func (sm *XrayServicesManager) GetVersion() (string, error) { - versionService := services.NewVersionService(sm.client) + versionService := NewVersionService(sm.client) versionService.XrayDetails = sm.config.GetServiceDetails() return versionService.GetVersion() } // CreateWatch will create a new Xray watch func (sm *XrayServicesManager) CreateWatch(params utils.WatchParams) error { - watchService := services.NewWatchService(sm.client) + watchService := NewWatchService(sm.client) watchService.XrayDetails = sm.config.GetServiceDetails() return watchService.Create(params) } @@ -48,7 +46,7 @@ func (sm *XrayServicesManager) CreateWatch(params utils.WatchParams) error { // GetWatch retrieves the details about an Xray watch by name // It will error if no watch can be found by that name. func (sm *XrayServicesManager) GetWatch(watchName string) (*utils.WatchParams, error) { - watchService := services.NewWatchService(sm.client) + watchService := NewWatchService(sm.client) watchService.XrayDetails = sm.config.GetServiceDetails() return watchService.Get(watchName) } @@ -56,7 +54,7 @@ func (sm *XrayServicesManager) GetWatch(watchName string) (*utils.WatchParams, e // UpdateWatch will update an existing Xray watch by name // It will error if no watch can be found by that name. func (sm *XrayServicesManager) UpdateWatch(params utils.WatchParams) error { - watchService := services.NewWatchService(sm.client) + watchService := NewWatchService(sm.client) watchService.XrayDetails = sm.config.GetServiceDetails() return watchService.Update(params) } @@ -64,14 +62,14 @@ func (sm *XrayServicesManager) UpdateWatch(params utils.WatchParams) error { // DeleteWatch will delete an existing watch by name // It will error if no watch can be found by that name. func (sm *XrayServicesManager) DeleteWatch(watchName string) error { - watchService := services.NewWatchService(sm.client) + watchService := NewWatchService(sm.client) watchService.XrayDetails = sm.config.GetServiceDetails() return watchService.Delete(watchName) } // CreatePolicy will create a new Xray policy func (sm *XrayServicesManager) CreatePolicy(params utils.PolicyParams) error { - policyService := services.NewPolicyService(sm.client) + policyService := NewPolicyService(sm.client) policyService.XrayDetails = sm.config.GetServiceDetails() return policyService.Create(params) } @@ -79,7 +77,7 @@ func (sm *XrayServicesManager) CreatePolicy(params utils.PolicyParams) error { // GetPolicy retrieves the details about an Xray policy by name // It will error if no policy can be found by that name. func (sm *XrayServicesManager) GetPolicy(policyName string) (*utils.PolicyParams, error) { - policyService := services.NewPolicyService(sm.client) + policyService := NewPolicyService(sm.client) policyService.XrayDetails = sm.config.GetServiceDetails() return policyService.Get(policyName) } @@ -87,7 +85,7 @@ func (sm *XrayServicesManager) GetPolicy(policyName string) (*utils.PolicyParams // UpdatePolicy will update an existing Xray policy by name // It will error if no policy can be found by that name. func (sm *XrayServicesManager) UpdatePolicy(params utils.PolicyParams) error { - policyService := services.NewPolicyService(sm.client) + policyService := NewPolicyService(sm.client) policyService.XrayDetails = sm.config.GetServiceDetails() return policyService.Update(params) } @@ -95,30 +93,30 @@ func (sm *XrayServicesManager) UpdatePolicy(params utils.PolicyParams) error { // DeletePolicy will delete an existing policy by name // It will error if no policy can be found by that name. func (sm *XrayServicesManager) DeletePolicy(policyName string) error { - policyService := services.NewPolicyService(sm.client) + policyService := NewPolicyService(sm.client) policyService.XrayDetails = sm.config.GetServiceDetails() return policyService.Delete(policyName) } // AddBuildsToIndexing will add builds to Xray indexing configuration func (sm *XrayServicesManager) AddBuildsToIndexing(buildNames []string) error { - binMgrService := services.NewBinMgrService(sm.client) + binMgrService := NewBinMgrService(sm.client) binMgrService.XrayDetails = sm.config.GetServiceDetails() return binMgrService.AddBuildsToIndexing(buildNames) } // ScanGraph will send Xray the given graph for scan // Returns a string represents the scan ID. -func (sm *XrayServicesManager) ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) { - scanService := scan.NewScanService(sm.client) +func (sm *XrayServicesManager) ScanGraph(params *XrayGraphScanParams) (scanId string, err error) { + scanService := NewScanService(sm.client) scanService.XrayDetails = sm.config.GetServiceDetails() return scanService.ScanGraph(params) } // GetScanGraphResults returns an Xray scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. -func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { - scanService := scan.NewScanService(sm.client) +func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { + scanService := NewScanService(sm.client) scanService.XrayDetails = sm.config.GetServiceDetails() return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } @@ -126,64 +124,64 @@ func (sm *XrayServicesManager) GetScanGraphResults(scanID string, includeVulnera // BuildScan scans a published build-info with Xray. // 'scanResponse' - Xray scan output of the requested build scan. // 'noFailBuildPolicy' - Indicates that the Xray API returned a "No Xray Fail build...." error -func (sm *XrayServicesManager) BuildScan(params services.XrayBuildParams, includeVulnerabilities bool) (scanResponse *services.BuildScanResponse, noFailBuildPolicy bool, err error) { - buildScanService := services.NewBuildScanService(sm.client) +func (sm *XrayServicesManager) BuildScan(params XrayBuildParams, includeVulnerabilities bool) (scanResponse *BuildScanResponse, noFailBuildPolicy bool, err error) { + buildScanService := NewBuildScanService(sm.client) buildScanService.XrayDetails = sm.config.GetServiceDetails() return buildScanService.ScanBuild(params, includeVulnerabilities) } // GenerateVulnerabilitiesReport returns a Xray report response of the requested report -func (sm *XrayServicesManager) GenerateVulnerabilitiesReport(params services.VulnerabilitiesReportRequestParams) (resp *services.ReportResponse, err error) { - reportService := services.NewReportService(sm.client) +func (sm *XrayServicesManager) GenerateVulnerabilitiesReport(params VulnerabilitiesReportRequestParams) (resp *ReportResponse, err error) { + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Vulnerabilities(params) } // GenerateLicensesReport returns a Xray report response of the requested report -func (sm *XrayServicesManager) GenerateLicensesReport(params services.LicensesReportRequestParams) (resp *services.ReportResponse, err error) { - reportService := services.NewReportService(sm.client) +func (sm *XrayServicesManager) GenerateLicensesReport(params LicensesReportRequestParams) (resp *ReportResponse, err error) { + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Licenses(params) } // GenerateVoilationsReport returns a Xray report response of the requested report -func (sm *XrayServicesManager) GenerateViolationsReport(params services.ViolationsReportRequestParams) (resp *services.ReportResponse, err error) { - reportService := services.NewReportService(sm.client) +func (sm *XrayServicesManager) GenerateViolationsReport(params ViolationsReportRequestParams) (resp *ReportResponse, err error) { + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Violations(params) } // ReportDetails returns a Xray details response for the requested report -func (sm *XrayServicesManager) ReportDetails(reportId string) (details *services.ReportDetails, err error) { - reportService := services.NewReportService(sm.client) +func (sm *XrayServicesManager) ReportDetails(reportId string) (details *ReportDetails, err error) { + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Details(reportId) } // ReportContent returns a Xray report content response for the requested report -func (sm *XrayServicesManager) ReportContent(params services.ReportContentRequestParams) (content *services.ReportContent, err error) { - reportService := services.NewReportService(sm.client) +func (sm *XrayServicesManager) ReportContent(params ReportContentRequestParams) (content *ReportContent, err error) { + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Content(params) } // DeleteReport deletes a Xray report func (sm *XrayServicesManager) DeleteReport(reportId string) error { - reportService := services.NewReportService(sm.client) + reportService := NewReportService(sm.client) reportService.XrayDetails = sm.config.GetServiceDetails() return reportService.Delete(reportId) } // ArtifactSummary returns Xray artifact summaries for the requested checksums and/or paths -func (sm *XrayServicesManager) ArtifactSummary(params services.ArtifactSummaryParams) (*services.ArtifactSummaryResponse, error) { - summaryService := services.NewSummaryService(sm.client) +func (sm *XrayServicesManager) ArtifactSummary(params ArtifactSummaryParams) (*ArtifactSummaryResponse, error) { + summaryService := NewSummaryService(sm.client) summaryService.XrayDetails = sm.config.GetServiceDetails() return summaryService.GetArtifactSummary(params) } // IsEntitled returns true if the user is entitled for the requested feature ID func (sm *XrayServicesManager) IsEntitled(featureId string) (bool, error) { - entitlementsService := services.NewEntitlementsService(sm.client) + entitlementsService := NewEntitlementsService(sm.client) entitlementsService.XrayDetails = sm.config.GetServiceDetails() return entitlementsService.IsEntitled(featureId) } @@ -193,7 +191,7 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri httpDetails := sm.config.GetServiceDetails().CreateHttpClientDetails() serverDetails := sm.config.GetServiceDetails() - resp, body, _, err := sm.client.SendGet(serverDetails.GetXscUrl()+scan.XscVersionAPI, true, &httpDetails) + resp, body, _, err := sm.client.SendGet(serverDetails.GetXscUrl()+XscVersionAPI, true, &httpDetails) if err != nil { return } @@ -205,7 +203,7 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri if resp.StatusCode == http.StatusNotFound { return } - versionResponse := scan.XscVersionResponse{} + versionResponse := XscVersionResponse{} if err = json.Unmarshal(body, &versionResponse); err != nil { err = errorutils.CheckErrorf("failed to unmarshal XSC server response: " + err.Error()) return diff --git a/xray/manager/xsc.go b/xray/services/xsc.go similarity index 77% rename from xray/manager/xsc.go rename to xray/services/xsc.go index c2c18fc23..a6da7046a 100644 --- a/xray/manager/xsc.go +++ b/xray/services/xsc.go @@ -1,9 +1,8 @@ -package manager +package services import ( "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/scan" ) type XscServicesManger struct { @@ -22,9 +21,9 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) // XscGitInfoContext allows linking of scans and other data to the corresponding git repository. // By passing multi-scan-id in the api calls. // Returns a string represents the scan ID. -func (xsc *XscServicesManger) ScanGraph(params *scan.XrayGraphScanParams) (scanId string, err error) { +func (xsc *XscServicesManger) ScanGraph(params *XrayGraphScanParams) (scanId string, err error) { log.Debug("Scanning graph using XSC service...") - scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) + scanService := NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) multiScanId, err := scanService.SendScanContext(params.XscGitInfoContext) if err != nil { // Don't fail the entire scan when failed to send XscGitInfoContext @@ -38,7 +37,7 @@ func (xsc *XscServicesManger) ScanGraph(params *scan.XrayGraphScanParams) (scanI // GetScanGraphResults returns an XSC scan output of the requested graph scan. // The scanId input should be received from ScanGraph request. -func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*scan.ScanResponse, error) { - scanService := scan.NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) +func (xsc *XscServicesManger) GetScanGraphResults(scanID string, includeVulnerabilities, includeLicenses bool) (*ScanResponse, error) { + scanService := NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) return scanService.GetScanGraphResults(scanID, includeVulnerabilities, includeLicenses) } diff --git a/xray/scan/xscScan.go b/xray/services/xscScan.go similarity index 99% rename from xray/scan/xscScan.go rename to xray/services/xscScan.go index f50bd55a4..733d5dc94 100644 --- a/xray/scan/xscScan.go +++ b/xray/services/xscScan.go @@ -1,4 +1,4 @@ -package scan +package services import ( "encoding/json" diff --git a/xray/usage/reportusage.go b/xray/usage/reportusage.go index 4102373cb..7dc9f6612 100644 --- a/xray/usage/reportusage.go +++ b/xray/usage/reportusage.go @@ -7,7 +7,7 @@ import ( clientutils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/errorutils" "github.com/jfrog/jfrog-client-go/utils/log" - "github.com/jfrog/jfrog-client-go/xray/manager" + "github.com/jfrog/jfrog-client-go/xray/services" "net/http" ) @@ -32,7 +32,7 @@ type ReportXrayEventData struct { Origin string `json:"origin,omitempty"` } -func SendXrayUsageEvents(serviceManager manager.SecurityServiceManager, events ...ReportXrayEventData) error { +func SendXrayUsageEvents(serviceManager services.SecurityServiceManager, events ...ReportXrayEventData) error { if len(events) == 0 { return errorutils.CheckErrorf("Nothing to send.") } From d79c6685581dd5f1ba7642d8fc0d45b74b213fcf Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 14:52:56 +0300 Subject: [PATCH 45/54] cr --- .github/workflows/tests.yml | 33 ++------------------------------- tests/utils_test.go | 18 +++++++----------- 2 files changed, 9 insertions(+), 42 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a8264b79b..c8d465359 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -83,13 +83,13 @@ jobs: - name: artifactory tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} - JFrog-Client-Go-Ds-Xr-Tests: + JFrog-Client-Go-Ds-Xr-Xsc-Tests: needs: Pretest name: ${{ matrix.suite }} ${{ matrix.os }} strategy: fail-fast: false matrix: - suite: [ distribution, xray ] + suite: [ distribution, xray, xsc ] os: [ ubuntu, windows, macos ] runs-on: ${{ matrix.os }}-latest steps: @@ -113,35 +113,6 @@ jobs: - name: ${{ matrix.suite }} tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --rt.url=${{ secrets.PLATFORM_URL }}/artifactory --ds.url=${{ secrets.PLATFORM_URL }}/distribution --xr.url=${{ secrets.PLATFORM_URL }}/xray --access.url=${{ secrets.PLATFORM_URL }}/access --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} - JFrog-Client-Go-Xsc-Tests: - needs: Pretest - name: ${{ matrix.suite }} ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: [ ubuntu-latest, macos-latest, windows-latest ] - runs-on: ${{ matrix.os }} - steps: - - name: Checkout code - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: 1.20.x - - - name: Go Cache - uses: actions/cache@v3 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: ${{ runner.os }}-go- - - - name: ${{ matrix.suite }} tests - run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.xsc --xr.url=${{ secrets.PLATFORM_URL }}/xray --rt.user=${{ secrets.PLATFORM_USER }} --rt.password=${{ secrets.PLATFORM_PASSWORD }} --access.token=${{ secrets.PLATFORM_ADMIN_TOKEN }} --ci.runId=${{ runner.os }}_xsc - JFrog-Client-Go-Pipelines-Tests: needs: Pretest name: pipelines ubuntu-latest diff --git a/tests/utils_test.go b/tests/utils_test.go index 6815236f1..ab12b23ab 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -143,11 +143,11 @@ const ( func init() { ciRunId = flag.String("ci.runId", "", "A unique identifier used as a suffix to create repositories in the tests") TestArtifactory = flag.Bool("test.artifactory", false, "Test Artifactory") - TestDistribution = flag.Bool("test.distribution", false, "Test distribution") - TestXray = flag.Bool("test.xray", false, "Test xray") - TestXsc = flag.Bool("test.xsc", false, "Test xsc") - TestPipelines = flag.Bool("test.pipelines", false, "Test pipelines") - TestAccess = flag.Bool("test.access", false, "Test access") + TestDistribution = flag.Bool("test.distribution", false, "Test Distribution") + TestXray = flag.Bool("test.xray", false, "Test Xray") + TestXsc = flag.Bool("test.xsc", false, "Test Xsc") + TestPipelines = flag.Bool("test.pipelines", false, "Test Pipelines") + TestAccess = flag.Bool("test.access", false, "Test Access") TestRepositories = flag.Bool("test.repositories", false, "Test repositories in Artifactory") RtUrl = flag.String("rt.url", "http://localhost:8081/artifactory", "Artifactory url") DistUrl = flag.String("ds.url", "", "Distribution url") @@ -548,16 +548,12 @@ func GetXrayDetails() auth.ServiceDetails { xrayDetails := xrayAuth.NewXrayDetails() xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) xrayDetails.SetUrl(xrayUrl) - setupXsc(xrayDetails, xrayUrl) - setAuthenticationDetail(xrayDetails) - return xrayDetails -} - -func setupXsc(xrayDetails *xrayAuth.XrayDetails, xrayUrl string) { if *TestXsc { xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "xray", "xsc", 1)) xrayDetails.SetXscVersion("0.0.0") } + setAuthenticationDetail(xrayDetails) + return xrayDetails } func GetPipelinesDetails() auth.ServiceDetails { From 5119d4255d78f90cd0cc69ff31bccf994ea36da7 Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 15:43:58 +0300 Subject: [PATCH 46/54] return only version and not bool --- xray/services/manager.go | 2 +- xray/services/xray.go | 5 +++-- xray/services/xsc.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/xray/services/manager.go b/xray/services/manager.go index 64253a86f..a6170157c 100644 --- a/xray/services/manager.go +++ b/xray/services/manager.go @@ -39,7 +39,7 @@ type SecurityServiceManager interface { AddBuildsToIndexing(buildNames []string) error ArtifactSummary(params ArtifactSummaryParams) (*ArtifactSummaryResponse, error) IsEntitled(featureId string) (bool, error) - IsXscEnabled() (bool, string, error) + IsXscEnabled() (string, error) } // New creates a service manager to interact with Xray diff --git a/xray/services/xray.go b/xray/services/xray.go index 1a5c829cb..aba88e882 100644 --- a/xray/services/xray.go +++ b/xray/services/xray.go @@ -187,12 +187,13 @@ func (sm *XrayServicesManager) IsEntitled(featureId string) (bool, error) { } // IsXscEnabled will try to get XSC version. If route is not available, user is not entitled for XSC. -func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion string, err error) { +func (sm *XrayServicesManager) IsXscEnabled() (xsxVersion string, err error) { httpDetails := sm.config.GetServiceDetails().CreateHttpClientDetails() serverDetails := sm.config.GetServiceDetails() resp, body, _, err := sm.client.SendGet(serverDetails.GetXscUrl()+XscVersionAPI, true, &httpDetails) if err != nil { + err = errorutils.CheckErrorf("failed to get XSC version, response: " + err.Error()) return } log.Debug("XSC response:", resp.Status) @@ -208,5 +209,5 @@ func (sm *XrayServicesManager) IsXscEnabled() (xscEntitled bool, xsxVersion stri err = errorutils.CheckErrorf("failed to unmarshal XSC server response: " + err.Error()) return } - return true, versionResponse.Version, nil + return versionResponse.Version, err } diff --git a/xray/services/xsc.go b/xray/services/xsc.go index a6da7046a..43948eea4 100644 --- a/xray/services/xsc.go +++ b/xray/services/xsc.go @@ -9,7 +9,7 @@ type XscServicesManger struct { XrayServicesManager } -func (xsc *XscServicesManger) IsXscEnabled() (bool, string, error) { +func (xsc *XscServicesManger) IsXscEnabled() (string, error) { return xsc.XrayServicesManager.IsXscEnabled() } From 1f8eabc568b4a2d44f34cc03e116b49ee3c9962b Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 15:48:28 +0300 Subject: [PATCH 47/54] Add XSC version log --- xray/services/xray.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xray/services/xray.go b/xray/services/xray.go index aba88e882..be18e3526 100644 --- a/xray/services/xray.go +++ b/xray/services/xray.go @@ -196,7 +196,6 @@ func (sm *XrayServicesManager) IsXscEnabled() (xsxVersion string, err error) { err = errorutils.CheckErrorf("failed to get XSC version, response: " + err.Error()) return } - log.Debug("XSC response:", resp.Status) if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK, http.StatusNotFound); err != nil { return } @@ -209,5 +208,7 @@ func (sm *XrayServicesManager) IsXscEnabled() (xsxVersion string, err error) { err = errorutils.CheckErrorf("failed to unmarshal XSC server response: " + err.Error()) return } - return versionResponse.Version, err + xsxVersion = versionResponse.Version + log.Debug("XSC version:", xsxVersion) + return } From d74eec0e77cfb2c201f83a563207df81a2216e73 Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 15:50:28 +0300 Subject: [PATCH 48/54] fix test --- tests/xsc_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/xsc_test.go b/tests/xsc_test.go index 2ac70137d..7b25c6b14 100644 --- a/tests/xsc_test.go +++ b/tests/xsc_test.go @@ -46,9 +46,8 @@ func TestXscScanGraph(t *testing.T) { func TestXscEnabled(t *testing.T) { initXscTest(t) - enabled, version, err := securityServiceManager.IsXscEnabled() + version, err := securityServiceManager.IsXscEnabled() assert.NoError(t, err) - assert.Equal(t, true, enabled) assert.Equal(t, "0.0.0", version) } From ba49d30fa9487112bc3ddb6c34ac6d4f1d3869ae Mon Sep 17 00:00:00 2001 From: delarea Date: Fri, 8 Sep 2023 16:18:43 +0300 Subject: [PATCH 49/54] CR --- xray/services/manager.go | 2 +- xray/services/xsc.go | 2 +- xray/services/xscScan.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/xray/services/manager.go b/xray/services/manager.go index a6170157c..2ea523743 100644 --- a/xray/services/manager.go +++ b/xray/services/manager.go @@ -6,7 +6,7 @@ import ( "github.com/jfrog/jfrog-client-go/xray/services/utils" ) -// SecurityServiceManager manages JFrog Xray service operations (Xray backend or XSC). +// SecurityServiceManager manages JFrog Xray service operations (Xray or XSC). type SecurityServiceManager interface { // Attributes Client() *jfroghttpclient.JfrogHttpClient diff --git a/xray/services/xsc.go b/xray/services/xsc.go index 43948eea4..8168cb8de 100644 --- a/xray/services/xsc.go +++ b/xray/services/xsc.go @@ -24,7 +24,7 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) func (xsc *XscServicesManger) ScanGraph(params *XrayGraphScanParams) (scanId string, err error) { log.Debug("Scanning graph using XSC service...") scanService := NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) - multiScanId, err := scanService.SendScanContext(params.XscGitInfoContext) + multiScanId, err := scanService.SendScanGitInfoContext(params.XscGitInfoContext) if err != nil { // Don't fail the entire scan when failed to send XscGitInfoContext log.Warn("failed to send xsc git info context with the following error: ", err.Error()) diff --git a/xray/services/xscScan.go b/xray/services/xscScan.go index 733d5dc94..701eb49bf 100644 --- a/xray/services/xscScan.go +++ b/xray/services/xscScan.go @@ -31,7 +31,7 @@ func NewXscScanService(client *jfroghttpclient.JfrogHttpClient, details auth.Ser return &XscScanService{ScanService{client: client, XrayDetails: details}} } -func (xsc *XscScanService) SendScanContext(details *XscGitInfoContext) (multiScanId string, err error) { +func (xsc *XscScanService) SendScanGitInfoContext(details *XscGitInfoContext) (multiScanId string, err error) { // XscGitInfoContext is optional if details == nil { return From cd281a38a388d29d00bc7ac665c09865b89e6ae4 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 09:53:44 +0300 Subject: [PATCH 50/54] CR --- xray/services/xsc.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/xray/services/xsc.go b/xray/services/xsc.go index 8168cb8de..c19c80ad2 100644 --- a/xray/services/xsc.go +++ b/xray/services/xsc.go @@ -24,14 +24,11 @@ func (xsc *XscServicesManger) SetClient(client *jfroghttpclient.JfrogHttpClient) func (xsc *XscServicesManger) ScanGraph(params *XrayGraphScanParams) (scanId string, err error) { log.Debug("Scanning graph using XSC service...") scanService := NewXscScanService(xsc.client, xsc.config.GetServiceDetails()) - multiScanId, err := scanService.SendScanGitInfoContext(params.XscGitInfoContext) + params.MultiScanId, err = scanService.SendScanGitInfoContext(params.XscGitInfoContext) if err != nil { // Don't fail the entire scan when failed to send XscGitInfoContext log.Warn("failed to send xsc git info context with the following error: ", err.Error()) } - if multiScanId != "" { - params.MultiScanId = multiScanId - } return scanService.ScanGraph(params) } From 412c1e6de3cc925687ff76f4d330dde62ea52e6a Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 10:25:39 +0300 Subject: [PATCH 51/54] Move XSC tests to unit tests and remove from suits --- .github/workflows/tests.yml | 4 ++-- tests/utils_test.go | 12 +++++------- tests/xray_test.go | 3 ++- tests/xrayscan_test.go | 1 - tests/xsc_test.go | 21 +++------------------ 5 files changed, 12 insertions(+), 29 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c8d465359..e5afb1a4f 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -83,13 +83,13 @@ jobs: - name: artifactory tests run: go test -v github.com/jfrog/jfrog-client-go/tests --timeout 0 --test.${{ matrix.suite }} --ci.runId=${{ runner.os }}-${{ matrix.suite }} - JFrog-Client-Go-Ds-Xr-Xsc-Tests: + JFrog-Client-Go-Ds-Xr-Tests: needs: Pretest name: ${{ matrix.suite }} ${{ matrix.os }} strategy: fail-fast: false matrix: - suite: [ distribution, xray, xsc ] + suite: [ distribution, xray ] os: [ ubuntu, windows, macos ] runs-on: ${{ matrix.os }}-latest steps: diff --git a/tests/utils_test.go b/tests/utils_test.go index ab12b23ab..33cadb04e 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -548,10 +548,9 @@ func GetXrayDetails() auth.ServiceDetails { xrayDetails := xrayAuth.NewXrayDetails() xrayUrl := clientutils.AddTrailingSlashIfNeeded(*XrayUrl) xrayDetails.SetUrl(xrayUrl) - if *TestXsc { - xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "xray", "xsc", 1)) - xrayDetails.SetXscVersion("0.0.0") - } + xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "xray", "xsc", 1)) + xrayDetails.SetXscVersion("0.0.0") + setAuthenticationDetail(xrayDetails) return xrayDetails } @@ -1130,9 +1129,8 @@ func createSecurityServiceManager() { xrayDetails.SetUrl(xrayUrl) xrayDetails.SetXscUrl(strings.Replace(xrayUrl, "/xray/", "/xsc/", 1)) // XSC version is used to determine if XSC in enabled or not. - if *TestXsc { - xrayDetails.SetXscVersion("0.0.0") - } + xrayDetails.SetXscVersion("0.0.0") + setAuthenticationDetail(xrayDetails) initSecurityManagerByServerDetails(xrayDetails) } diff --git a/tests/xray_test.go b/tests/xray_test.go index ed05f0401..20f964433 100644 --- a/tests/xray_test.go +++ b/tests/xray_test.go @@ -110,7 +110,8 @@ func initXrayTest(t *testing.T) { type testXrayDetails struct { auth.ServiceDetails - version string + version string + xscVersion string } func newTestXrayDetails(serviceDetails auth.ServiceDetails) testXrayDetails { diff --git a/tests/xrayscan_test.go b/tests/xrayscan_test.go index 97270e0c1..8d85b8989 100644 --- a/tests/xrayscan_test.go +++ b/tests/xrayscan_test.go @@ -64,7 +64,6 @@ func TestXrayScanGraph(t *testing.T) { assert.NoError(t, err) securityServiceManager, err = services2.New(serviceConfig) assert.NoError(t, err) - assertSecurityManagerType(t) scanId, err := securityServiceManager.ScanGraph(&services2.XrayGraphScanParams{}) assert.NoError(t, err) diff --git a/tests/xsc_test.go b/tests/xsc_test.go index 7b25c6b14..b907d3605 100644 --- a/tests/xsc_test.go +++ b/tests/xsc_test.go @@ -33,6 +33,7 @@ func TestXscScanGraph(t *testing.T) { } for _, test := range tests { t.Run(test.name, func(t *testing.T) { + scanId, err := securityServiceManager.ScanGraph(test.xrayGraphParams) assert.NoError(t, err) assert.Equal(t, test.expectedMultiScanId, test.xrayGraphParams.MultiScanId) @@ -52,13 +53,6 @@ func TestXscEnabled(t *testing.T) { } func initXscTest(t *testing.T) { - if !*TestXsc { - t.Skip("Skipping xray test. To run xray test add the '-test.xsc=true' option.") - } - prepareXscTest(t) -} - -func prepareXscTest(t *testing.T) { initializeTestSecurityManager(t, initMockXscServer()) } @@ -80,14 +74,5 @@ func initializeTestSecurityManager(t *testing.T, xscDetails testXrayDetails) { securityServiceManager, err = services.New(serviceConfig) assert.NoError(t, err) // Assert correct security manager Xsc/Xray - assertSecurityManagerType(t) -} - -func assertSecurityManagerType(t *testing.T) { - switch securityServiceManager.(type) { - case *services.XscServicesManger: - assert.Equal(t, true, *TestXsc) - case *services.XrayServicesManager: - assert.Equal(t, false, *TestXsc) - } -} + assert.IsType(t, securityServiceManager,&services.XscServicesManger{}) +} \ No newline at end of file From da2082c2c58922a607ef70d9b8ad32bfed9bd8fe Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 10:28:58 +0300 Subject: [PATCH 52/54] remove unused fields --- README.md | 1 - tests/jfrogclient_test.go | 2 -- tests/utils_test.go | 2 -- 3 files changed, 5 deletions(-) diff --git a/README.md b/README.md index 94d86bd48..ef0c690df 100644 --- a/README.md +++ b/README.md @@ -251,7 +251,6 @@ content of this repository is deleted. | `-test.artifactory` | Artifactory tests | Artifactory Pro | | `-test.distribution` | Distribution tests | Artifactory with Distribution | | `-test.xray` | Xray tests | Artifactory with Xray | -| `-test.xsc` | Xsc tests | Xray with XSC enabled | | `-test.pipelines` | Pipelines tests | JFrog Pipelines | | `-test.access` | Access tests | Artifactory Pro | | `-test.repositories` | Access tests | Artifactory Pro | diff --git a/tests/jfrogclient_test.go b/tests/jfrogclient_test.go index a153aa6fb..4948c1d00 100644 --- a/tests/jfrogclient_test.go +++ b/tests/jfrogclient_test.go @@ -64,8 +64,6 @@ func setupIntegrationTests() { createXrayWatchManager() createXrayPolicyManager() createXrayBinMgrManager() - } - if *TestXsc { createSecurityServiceManager() } if *TestPipelines { diff --git a/tests/utils_test.go b/tests/utils_test.go index 33cadb04e..749986ce1 100644 --- a/tests/utils_test.go +++ b/tests/utils_test.go @@ -49,7 +49,6 @@ var ( TestArtifactory *bool TestDistribution *bool TestXray *bool - TestXsc *bool TestPipelines *bool TestAccess *bool TestRepositories *bool @@ -145,7 +144,6 @@ func init() { TestArtifactory = flag.Bool("test.artifactory", false, "Test Artifactory") TestDistribution = flag.Bool("test.distribution", false, "Test Distribution") TestXray = flag.Bool("test.xray", false, "Test Xray") - TestXsc = flag.Bool("test.xsc", false, "Test Xsc") TestPipelines = flag.Bool("test.pipelines", false, "Test Pipelines") TestAccess = flag.Bool("test.access", false, "Test Access") TestRepositories = flag.Bool("test.repositories", false, "Test repositories in Artifactory") From 584f26453ae873996a11853fdf41d11cd64dd9b3 Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 10:31:31 +0300 Subject: [PATCH 53/54] fix static check --- tests/xray_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/xray_test.go b/tests/xray_test.go index 20f964433..f1f21dda3 100644 --- a/tests/xray_test.go +++ b/tests/xray_test.go @@ -111,7 +111,6 @@ func initXrayTest(t *testing.T) { type testXrayDetails struct { auth.ServiceDetails version string - xscVersion string } func newTestXrayDetails(serviceDetails auth.ServiceDetails) testXrayDetails { From 7bf2c8ad004c53f7f3b9e8a84b112043913e392f Mon Sep 17 00:00:00 2001 From: delarea Date: Sun, 10 Sep 2023 10:48:19 +0300 Subject: [PATCH 54/54] remove format diffs --- artifactory/services/utils/tests/xray/server.go | 1 - 1 file changed, 1 deletion(-) diff --git a/artifactory/services/utils/tests/xray/server.go b/artifactory/services/utils/tests/xray/server.go index 59f90479d..a37cb0506 100644 --- a/artifactory/services/utils/tests/xray/server.go +++ b/artifactory/services/utils/tests/xray/server.go @@ -84,7 +84,6 @@ func reportHandler(w http.ResponseWriter, r *http.Request) { log.Error(err) http.Error(w, err.Error(), http.StatusInternalServerError) } - return } case http.MethodPost: