Merge branch 'dev'

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/gookit/color v1.5.3
-	github.com/jfrog/build-info-go v1.9.3
+	github.com/jfrog/build-info-go v1.9.4
 	github.com/jfrog/gofrog v1.3.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/stretchr/testify v1.8.2

go.sum

@@ -55,8 +55,8 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jfrog/build-info-go v1.9.3 h1:ZpVcNM4hH+r6dK0ERdSNaizuZALPgSdE29Da1Iki1fo=
-github.com/jfrog/build-info-go v1.9.3/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4=
+github.com/jfrog/build-info-go v1.9.4 h1:OovRqQziRkXzDUaJImbG/Wn2ra0+4JgRB8W/54FKsls=
+github.com/jfrog/build-info-go v1.9.4/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=

utils/utils.go

@@ -26,7 +26,7 @@ import (
 const (
 	Development = "development"
 	Agent       = "jfrog-client-go"
-	Version     = "1.28.3"
+	Version     = "1.28.4"
 )
 
 // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit.

xray/services/scan.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"golang.org/x/exp/maps"
 	"net/http"
 	"strings"
@@ -164,38 +165,14 @@ type XrayGraphScanParams struct {
 	ProjectKey             string
 	Watches                []string
 	ScanType               ScanType
-	Graph                  *GraphNode
+	Graph                  *xrayUtils.GraphNode
 	IncludeVulnerabilities bool
 	IncludeLicenses        bool
 }
 
-type GraphNode struct {
-	// Component Id in the JFrog standard.
-	// For instance, for maven: gav://<groupId>:<artifactId>:<version>
-	// For detailed format examples please see:
-	// https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ComponentIdentifiers
-	Id string `json:"component_id,omitempty"`
-	// Sha of the binary representing the component.
-	Sha256 string `json:"sha256,omitempty"`
-	Sha1   string `json:"sha1,omitempty"`
-	// For root file shall be the file name.
-	// For internal components shall be the internal path. (Relevant only for binary scan).
-	Path string `json:"path,omitempty"`
-	// List of license names
-	Licenses []string `json:"licenses,omitempty"`
-	// Component properties
-	Properties map[string]string `json:"properties,omitempty"`
-	// List of subcomponents.
-	Nodes []*GraphNode `json:"nodes,omitempty"`
-	// Other component IDs field is populated by the Xray indexer to get a better accuracy in '.deb' files.
-	OtherComponentIds []OtherComponentIds `json:"other_component_ids,omitempty"`
-	// Node parent (for internal use)
-	Parent *GraphNode `json:"-"`
-}
-
 // FlattenGraph creates a map of dependencies from the given graph, and returns a flat graph of dependencies with one level.
-func FlattenGraph(graph []*GraphNode) ([]*GraphNode, error) {
-	allDependencies := map[string]*GraphNode{}
+func FlattenGraph(graph []*xrayUtils.GraphNode) ([]*xrayUtils.GraphNode, error) {
+	allDependencies := map[string]*xrayUtils.GraphNode{}
 	for _, node := range graph {
 		populateUniqueDependencies(node, allDependencies)
 	}
@@ -207,14 +184,14 @@ func FlattenGraph(graph []*GraphNode) ([]*GraphNode, error) {
 		}
 		log.Debug("Flat dependencies list:\n" + clientutils.IndentJsonArray(jsonList))
 	}
-	return []*GraphNode{{Id: "root", Nodes: maps.Values(allDependencies)}}, nil
+	return []*xrayUtils.GraphNode{{Id: "root", Nodes: maps.Values(allDependencies)}}, nil
 }
 
-func populateUniqueDependencies(node *GraphNode, allDependencies map[string]*GraphNode) {
+func populateUniqueDependencies(node *xrayUtils.GraphNode, allDependencies map[string]*xrayUtils.GraphNode) {
 	if _, exist := allDependencies[node.Id]; exist {
 		return
 	}
-	allDependencies[node.Id] = &GraphNode{Id: node.Id}
+	allDependencies[node.Id] = &xrayUtils.GraphNode{Id: node.Id}
 	for _, dependency := range node.Nodes {
 		populateUniqueDependencies(dependency, allDependencies)
 	}
@@ -324,14 +301,3 @@ type JfrogResearchSeverityReason struct {
 func (gp *XrayGraphScanParams) GetProjectKey() string {
 	return gp.ProjectKey
 }
-
-func (currNode *GraphNode) NodeHasLoop() bool {
-	parent := currNode.Parent
-	for parent != nil {
-		if currNode.Id == parent.Id {
-			return true
-		}
-		parent = parent.Parent
-	}
-	return false
-}

xray/services/scan_test.go

@@ -3,6 +3,7 @@ package services
 import (
 	"fmt"
 	"github.com/jfrog/gofrog/datastructures"
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -51,22 +52,22 @@ func TestCreateScanGraphQueryParams(t *testing.T) {
 }
 
 func TestFlattenGraph(t *testing.T) {
-	nodeA := &GraphNode{Id: "A"}
-	nodeB := &GraphNode{Id: "B"}
-	nodeC := &GraphNode{Id: "C"}
-	nodeD := &GraphNode{Id: "D"}
-	nodeE := &GraphNode{Id: "E"}
-	nodeF := &GraphNode{Id: "F"}
+	nodeA := &xrayUtils.GraphNode{Id: "A"}
+	nodeB := &xrayUtils.GraphNode{Id: "B"}
+	nodeC := &xrayUtils.GraphNode{Id: "C"}
+	nodeD := &xrayUtils.GraphNode{Id: "D"}
+	nodeE := &xrayUtils.GraphNode{Id: "E"}
+	nodeF := &xrayUtils.GraphNode{Id: "F"}
 
 	// Set dependencies
-	nodeA.Nodes = []*GraphNode{nodeB, nodeC}
-	nodeB.Nodes = []*GraphNode{nodeC, nodeD}
-	nodeC.Nodes = []*GraphNode{nodeD}
-	nodeD.Nodes = []*GraphNode{nodeE, nodeF}
-	nodeF.Nodes = []*GraphNode{nodeA, nodeB, nodeC}
+	nodeA.Nodes = []*xrayUtils.GraphNode{nodeB, nodeC}
+	nodeB.Nodes = []*xrayUtils.GraphNode{nodeC, nodeD}
+	nodeC.Nodes = []*xrayUtils.GraphNode{nodeD}
+	nodeD.Nodes = []*xrayUtils.GraphNode{nodeE, nodeF}
+	nodeF.Nodes = []*xrayUtils.GraphNode{nodeA, nodeB, nodeC}
 
 	// Create graph
-	graph := []*GraphNode{nodeA, nodeB, nodeC}
+	graph := []*xrayUtils.GraphNode{nodeA, nodeB, nodeC}
 	flatGraph, err := FlattenGraph(graph)
 	assert.NoError(t, err)
 

xray/services/utils/graph.go

@@ -0,0 +1,43 @@
+package utils
+
+type GraphNode struct {
+	// Component Id in the JFrog standard.
+	// For instance, for maven: gav://<groupId>:<artifactId>:<version>
+	// For detailed format examples please see:
+	// https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ComponentIdentifiers
+	Id string `json:"component_id,omitempty"`
+	// Sha of the binary representing the component.
+	Sha256 string `json:"sha256,omitempty"`
+	Sha1   string `json:"sha1,omitempty"`
+	// For root file shall be the file name.
+	// For internal components shall be the internal path. (Relevant only for binary scan).
+	Path string `json:"path,omitempty"`
+	// Download url
+	DownloadUrl string `json:"-"`
+	// List of license names
+	Licenses []string `json:"licenses,omitempty"`
+	// Component properties
+	Properties map[string]string `json:"properties,omitempty"`
+	// List of subcomponents.
+	Nodes []*GraphNode `json:"nodes,omitempty"`
+	// Other component IDs field is populated by the Xray indexer to get a better accuracy in '.deb' files.
+	OtherComponentIds []OtherComponentIds `json:"other_component_ids,omitempty"`
+	// Node parent (for internal use)
+	Parent *GraphNode `json:"-"`
+}
+
+type OtherComponentIds struct {
+	Id     string `json:"component_id,omitempty"`
+	Origin int    `json:"origin,omitempty"`
+}
+
+func (currNode *GraphNode) NodeHasLoop() bool {
+	parent := currNode.Parent
+	for parent != nil {
+		if currNode.Id == parent.Id {
+			return true
+		}
+		parent = parent.Parent
+	}
+	return false
+}