Merge remote-tracking branch 'upstream/dev'

jfrog · Sep 12, 2023 · 3042a43 · 3042a43
2 parents bab627c + 07ca5e0
commit 3042a43
Show file tree

Hide file tree

Showing 11 changed files with 40 additions and 93 deletions.
diff --git a/artifactory/commands/golang/go.go b/artifactory/commands/golang/go.go
@@ -16,9 +16,7 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 	"github.com/jfrog/jfrog-client-go/utils/io/fileutils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
-	"io/fs"
 	"net/http"
-	"os"
 	"path"
 	"path/filepath"
 	"strings"
@@ -221,16 +219,7 @@ func copyGoPackageFiles(destPath, packageName, rtTargetRepo string, authArtDetai
 		return fmt.Errorf("couldn't find suitable package files: %s", packageFilesPath)
 	}
 	// Set permission recursively
-	return filepath.WalkDir(destPath, func(path string, info fs.DirEntry, err error) error {
-		if err != nil {
-			return err
-		}
-		err = os.Chmod(path, 0700)
-		if err != nil {
-			return err
-		}
-		return nil
-	})
+	return coreutils.SetPermissionsRecursively(destPath, 0700)
 }
 
 // getPackageFilePathFromArtifactory returns a string that represents the package files cache path.

diff --git a/artifactory/utils/dependenciesutils.go b/artifactory/utils/dependenciesutils.go
@@ -57,7 +57,7 @@ func DownloadAnalyzerManagerIfNeeded() error {
 	downloadUrl := artDetails.ArtifactoryUrl + remotePath
 	remoteFileDetails, _, err := client.GetRemoteFileDetails(downloadUrl, &httpClientDetails)
 	if err != nil {
-		return err
+		return errors.New("couldn't get remote file details for " + downloadUrl)
 	}
 	analyzerManagerDir, err := xrayutils.GetAnalyzerManagerDirAbsolutePath()
 	if err != nil {
@@ -70,7 +70,8 @@ func DownloadAnalyzerManagerIfNeeded() error {
 		return err
 	}
 	if exist {
-		sha2, err := fileutils.ReadFile(checksumFilePath)
+		var sha2 []byte
+		sha2, err = fileutils.ReadFile(checksumFilePath)
 		if err != nil {
 			return err
 		}
@@ -84,17 +85,6 @@ func DownloadAnalyzerManagerIfNeeded() error {
 	if err = DownloadDependency(artDetails, remotePath, filepath.Join(analyzerManagerDir, xrayutils.AnalyzerManagerZipName), true); err != nil {
 		return err
 	}
-	// Add permission for all unzipped files
-	filesList, err := fileutils.ListFilesRecursiveWalkIntoDirSymlink(analyzerManagerDir, false)
-	if err != nil {
-		return err
-	}
-	for _, file := range filesList {
-		if err = os.Chmod(file, 0777); err != nil {
-			return errorutils.CheckError(err)
-		}
-	}
-
 	return createChecksumFile(checksumFilePath, remoteFileDetails.Checksum.Sha256)
 }
 
@@ -219,9 +209,13 @@ func DownloadDependency(artDetails *config.ServerDetails, downloadPath, targetPa
 		return err
 	}
 	resp, err := client.DownloadFile(downloadFileDetails, "", &httpClientDetails, shouldExplode, false)
-	if err == nil && resp.StatusCode != http.StatusOK {
-		err = errorutils.CheckErrorf(resp.Status + " received when attempting to download " + downloadUrl)
+	if err != nil {
+		err = errorutils.CheckErrorf("received error while attempting to download '%s': %s"+downloadUrl, err.Error())
+	}
+	if err = errorutils.CheckResponseStatus(resp, http.StatusOK); err != nil {
+		return err
 	}
+	err = coreutils.SetPermissionsRecursively(tempDirPath, 0700)
 	if err != nil {
 		return err
 	}

diff --git a/utils/coreutils/techutils.go b/utils/coreutils/techutils.go
@@ -189,7 +189,7 @@ func DetectedTechnologiesList() (technologies []string) {
 		return
 	}
 	techStringsList := DetectedTechnologiesToSlice(detectedTechnologies)
-	log.Info(fmt.Sprintf("Detected: %s.", strings.Join(techStringsList, ",")))
+	log.Info(fmt.Sprintf("Detected: %s.", strings.Join(techStringsList, ", ")))
 	return techStringsList
 }
 

diff --git a/utils/coreutils/utils.go b/utils/coreutils/utils.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
+	"io/fs"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -599,3 +600,20 @@ func GetMaskedCommandString(cmd *exec.Cmd) string {
 	}
 	return cmdString
 }
+
+func SetPermissionsRecursively(dirPath string, mode os.FileMode) error {
+	err := filepath.WalkDir(dirPath, func(path string, info fs.DirEntry, e error) error {
+		if e != nil {
+			return e
+		}
+		e = os.Chmod(path, mode)
+		if e != nil {
+			return e
+		}
+		return nil
+	})
+	if err != nil {
+		return errorutils.CheckErrorf("failed while setting permission to '%s' files: %s", dirPath, err.Error())
+	}
+	return nil
+}
diff --git a/xray/commands/audit/audit.go b/xray/commands/audit/audit.go
@@ -181,7 +181,7 @@ func RunAudit(auditParams *AuditParams) (results *Results, err error) {
 
 	// Wait for the Download of the AnalyzerManager to complete.
 	if err = errGroup.Wait(); err != nil {
-		return
+		err = errors.New("failed while trying to get Analyzer Manager: " + err.Error())
 	}
 
 	// Run scanners only if the user is entitled for Advanced Security

diff --git a/xray/commands/audit/sca/go/golang.go b/xray/commands/audit/sca/go/golang.go
@@ -29,7 +29,7 @@ func BuildDependencyTree(server *config.ServerDetails, remoteGoRepo string) (dep
 	}
 	// Calculate go dependencies graph
 	dependenciesGraph, err := goutils.GetDependenciesGraph(currentDir)
-	if err != nil {
+	if err != nil || len(dependenciesGraph) == 0 {
 		return
 	}
 	// Calculate go dependencies list

diff --git a/xray/commands/audit/sca/python/python.go b/xray/commands/audit/sca/python/python.go
@@ -170,7 +170,6 @@ func installPipDeps(auditPython *AuditPython) (restoreEnv func() error, err erro
 	pipInstallArgs := getPipInstallArgs(auditPython.PipRequirementsFile, remoteUrl)
 	err = executeCommand("python", pipInstallArgs...)
 	if err != nil && auditPython.PipRequirementsFile == "" {
-		log.Debug(err.Error() + "\nTrying to install using a requirements file...")
 		pipInstallArgs = getPipInstallArgs("requirements.txt", remoteUrl)
 		reqErr := executeCommand("python", pipInstallArgs...)
 		if reqErr != nil {

diff --git a/xray/commands/audit/scarunner.go b/xray/commands/audit/scarunner.go
@@ -79,7 +79,7 @@ func runScaScanOnWorkingDir(params *AuditParams, results *Results, workingDir, r
 			err = errors.Join(err, fmt.Errorf("failed while building '%s' dependency tree:\n%s\n", tech, techErr.Error()))
 			continue
 		}
-		if len(flattenTree.Nodes) == 0 {
+		if flattenTree == nil || len(flattenTree.Nodes) == 0 {
 			err = errors.Join(err, errors.New("no dependencies were found. Please try to build your project and re-run the audit command"))
 			continue
 		}
@@ -158,7 +158,7 @@ func GetTechDependencyTree(params *xrayutils.AuditBasicParams, tech coreutils.Te
 	default:
 		err = errorutils.CheckErrorf("%s is currently not supported", string(tech))
 	}
-	if err != nil {
+	if err != nil || len(uniqueDeps) == 0 {
 		return
 	}
 	log.Debug(fmt.Sprintf("Created '%s' dependency tree with %d nodes. Elapsed time: %.1f seconds.", tech.ToFormal(), len(uniqueDeps), time.Since(startTime).Seconds()))

diff --git a/xray/utils/analyzermanager.go b/xray/utils/analyzermanager.go
@@ -122,7 +122,7 @@ func GetAnalyzerManagerDownloadPath() (string, error) {
 }
 
 func GetAnalyzerManagerVersion() string {
-	if analyzerManagerVersion, exists := os.LookupEnv(jfrogCliAnalyzerManagerVersionEnvVariable); exists {
+	if analyzerManagerVersion := os.Getenv(jfrogCliAnalyzerManagerVersionEnvVariable); analyzerManagerVersion != "" {
 		return analyzerManagerVersion
 	}
 	return defaultAnalyzerManagerVersion

diff --git a/xray/utils/analyzermanager_test.go b/xray/utils/analyzermanager_test.go
@@ -79,13 +79,15 @@ func TestExtractRelativePath(t *testing.T) {
 		expectedResult string
 	}{
 		{secretPath: "file:///Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
-			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "/tests/req.nodejs/file.js"},
+			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "tests/req.nodejs/file.js"},
 		{secretPath: "invalidSecretPath",
 			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: "invalidSecretPath"},
 		{secretPath: "",
 			projectPath: "Users/user/Desktop/secrets_scanner/", expectedResult: ""},
 		{secretPath: "file:///Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
-			projectPath: "invalidProjectPath", expectedResult: "/Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
+			projectPath: "invalidProjectPath", expectedResult: "Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
+		{secretPath: "file:///private/Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js",
+			projectPath: "invalidProjectPath", expectedResult: "Users/user/Desktop/secrets_scanner/tests/req.nodejs/file.js"},
 	}
 
 	for _, test := range tests {

diff --git a/xray/utils/sarifutils.go b/xray/utils/sarifutils.go
@@ -81,62 +81,6 @@ func AggregateMultipleRunsIntoSingle(runs []*sarif.Run, destination *sarif.Run)
 	}
 }
 
-func getRunInformationUri(run *sarif.Run) string {
-	if run != nil && run.Tool.Driver != nil && run.Tool.Driver.InformationURI != nil {
-		return *run.Tool.Driver.InformationURI
-	}
-	return ""
-}
-
-// Calculate new information that exists at the run and not at the source
-func GetDiffFromRun(sources []*sarif.Run, targets []*sarif.Run) (runWithNewOnly *sarif.Run) {
-	// Combine
-	combinedSource := sarif.NewRunWithInformationURI(sources[0].Tool.Driver.Name, getRunInformationUri(sources[0])).WithInvocations([]*sarif.Invocation{})
-	AggregateMultipleRunsIntoSingle(sources, combinedSource)
-	if combinedSource == nil {
-		return
-	}
-	if len(targets) == 0 {
-		return combinedSource
-	}
-	combinedTarget := sarif.NewRunWithInformationURI(targets[0].Tool.Driver.Name, getRunInformationUri(targets[0])).WithInvocations([]*sarif.Invocation{})
-	AggregateMultipleRunsIntoSingle(targets, combinedTarget)
-	if combinedTarget == nil {
-		return combinedSource
-	}
-	// Get diff
-	runWithNewOnly = sarif.NewRun(combinedSource.Tool).WithInvocations(combinedSource.Invocations)
-	for _, sourceResult := range combinedSource.Results {
-		targetMatchingResults := GetResultsByRuleId(combinedTarget, *sourceResult.RuleID)
-		if len(targetMatchingResults) == 0 {
-			runWithNewOnly.AddResult(sourceResult)
-			if rule, _ := combinedSource.GetRuleById(*sourceResult.RuleID); rule != nil {
-				runWithNewOnly.Tool.Driver.AddRule(rule)
-			}
-			continue
-		}
-		for _, targetMatchingResult := range targetMatchingResults {
-			if len(sourceResult.Locations) > len(targetMatchingResult.Locations) ||
-				len(sourceResult.CodeFlows) > len(targetMatchingResult.CodeFlows) {
-				runWithNewOnly.AddResult(sourceResult)
-				if rule, _ := combinedSource.GetRuleById(*sourceResult.RuleID); rule != nil {
-					runWithNewOnly.Tool.Driver.AddRule(rule)
-				}
-			}
-		}
-	}
-	return
-}
-
-func FilterResultsByRuleIdAndMsgText(source []*sarif.Result, ruleId, msgText string) (results []*sarif.Result) {
-	for _, result := range source {
-		if ruleId == *result.RuleID && msgText == GetResultMsgText(result) {
-			results = append(results, result)
-		}
-	}
-	return
-}
-
 func GetLocationRelatedCodeFlowsFromResult(location *sarif.Location, result *sarif.Result) (codeFlows []*sarif.CodeFlow) {
 	for _, codeFlow := range result.CodeFlows {
 		for _, stackTrace := range codeFlow.ThreadFlows {
@@ -300,7 +244,8 @@ func ExtractRelativePath(resultPath string, projectRoot string) string {
 
 	// Get relative path
 	relativePath := strings.ReplaceAll(resultPath, projectRoot, "")
-	return strings.TrimPrefix(relativePath, string(filepath.Separator))
+	trimSlash := strings.TrimPrefix(relativePath, string(filepath.Separator))
+	return strings.TrimPrefix(trimSlash, "/")
 }
 
 func GetResultSeverity(result *sarif.Result) string {