From c47cdcaec296a38a29062b363dae46346ad8b986 Mon Sep 17 00:00:00 2001
From: Asaf Ambar <asafambar@gmail.com>
Date: Wed, 3 May 2023 15:24:12 +0300
Subject: [PATCH 1/2] move graph struct for reuse. (#748)

---
 xray/services/scan.go        | 48 ++++++------------------------------
 xray/services/scan_test.go   | 25 ++++++++++---------
 xray/services/utils/graph.go | 43 ++++++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+), 53 deletions(-)
 create mode 100644 xray/services/utils/graph.go

diff --git a/xray/services/scan.go b/xray/services/scan.go
index 1469de5e3..88633e00b 100644
--- a/xray/services/scan.go
+++ b/xray/services/scan.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"golang.org/x/exp/maps"
 	"net/http"
 	"strings"
@@ -164,38 +165,14 @@ type XrayGraphScanParams struct {
 	ProjectKey             string
 	Watches                []string
 	ScanType               ScanType
-	Graph                  *GraphNode
+	Graph                  *xrayUtils.GraphNode
 	IncludeVulnerabilities bool
 	IncludeLicenses        bool
 }
 
-type GraphNode struct {
-	// Component Id in the JFrog standard.
-	// For instance, for maven: gav://<groupId>:<artifactId>:<version>
-	// For detailed format examples please see:
-	// https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ComponentIdentifiers
-	Id string `json:"component_id,omitempty"`
-	// Sha of the binary representing the component.
-	Sha256 string `json:"sha256,omitempty"`
-	Sha1   string `json:"sha1,omitempty"`
-	// For root file shall be the file name.
-	// For internal components shall be the internal path. (Relevant only for binary scan).
-	Path string `json:"path,omitempty"`
-	// List of license names
-	Licenses []string `json:"licenses,omitempty"`
-	// Component properties
-	Properties map[string]string `json:"properties,omitempty"`
-	// List of subcomponents.
-	Nodes []*GraphNode `json:"nodes,omitempty"`
-	// Other component IDs field is populated by the Xray indexer to get a better accuracy in '.deb' files.
-	OtherComponentIds []OtherComponentIds `json:"other_component_ids,omitempty"`
-	// Node parent (for internal use)
-	Parent *GraphNode `json:"-"`
-}
-
 // FlattenGraph creates a map of dependencies from the given graph, and returns a flat graph of dependencies with one level.
-func FlattenGraph(graph []*GraphNode) ([]*GraphNode, error) {
-	allDependencies := map[string]*GraphNode{}
+func FlattenGraph(graph []*xrayUtils.GraphNode) ([]*xrayUtils.GraphNode, error) {
+	allDependencies := map[string]*xrayUtils.GraphNode{}
 	for _, node := range graph {
 		populateUniqueDependencies(node, allDependencies)
 	}
@@ -207,14 +184,14 @@ func FlattenGraph(graph []*GraphNode) ([]*GraphNode, error) {
 		}
 		log.Debug("Flat dependencies list:\n" + clientutils.IndentJsonArray(jsonList))
 	}
-	return []*GraphNode{{Id: "root", Nodes: maps.Values(allDependencies)}}, nil
+	return []*xrayUtils.GraphNode{{Id: "root", Nodes: maps.Values(allDependencies)}}, nil
 }
 
-func populateUniqueDependencies(node *GraphNode, allDependencies map[string]*GraphNode) {
+func populateUniqueDependencies(node *xrayUtils.GraphNode, allDependencies map[string]*xrayUtils.GraphNode) {
 	if _, exist := allDependencies[node.Id]; exist {
 		return
 	}
-	allDependencies[node.Id] = &GraphNode{Id: node.Id}
+	allDependencies[node.Id] = &xrayUtils.GraphNode{Id: node.Id}
 	for _, dependency := range node.Nodes {
 		populateUniqueDependencies(dependency, allDependencies)
 	}
@@ -324,14 +301,3 @@ type JfrogResearchSeverityReason struct {
 func (gp *XrayGraphScanParams) GetProjectKey() string {
 	return gp.ProjectKey
 }
-
-func (currNode *GraphNode) NodeHasLoop() bool {
-	parent := currNode.Parent
-	for parent != nil {
-		if currNode.Id == parent.Id {
-			return true
-		}
-		parent = parent.Parent
-	}
-	return false
-}
diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go
index af95b4425..7ba0d72c5 100644
--- a/xray/services/scan_test.go
+++ b/xray/services/scan_test.go
@@ -3,6 +3,7 @@ package services
 import (
 	"fmt"
 	"github.com/jfrog/gofrog/datastructures"
+	xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
@@ -51,22 +52,22 @@ func TestCreateScanGraphQueryParams(t *testing.T) {
 }
 
 func TestFlattenGraph(t *testing.T) {
-	nodeA := &GraphNode{Id: "A"}
-	nodeB := &GraphNode{Id: "B"}
-	nodeC := &GraphNode{Id: "C"}
-	nodeD := &GraphNode{Id: "D"}
-	nodeE := &GraphNode{Id: "E"}
-	nodeF := &GraphNode{Id: "F"}
+	nodeA := &xrayUtils.GraphNode{Id: "A"}
+	nodeB := &xrayUtils.GraphNode{Id: "B"}
+	nodeC := &xrayUtils.GraphNode{Id: "C"}
+	nodeD := &xrayUtils.GraphNode{Id: "D"}
+	nodeE := &xrayUtils.GraphNode{Id: "E"}
+	nodeF := &xrayUtils.GraphNode{Id: "F"}
 
 	// Set dependencies
-	nodeA.Nodes = []*GraphNode{nodeB, nodeC}
-	nodeB.Nodes = []*GraphNode{nodeC, nodeD}
-	nodeC.Nodes = []*GraphNode{nodeD}
-	nodeD.Nodes = []*GraphNode{nodeE, nodeF}
-	nodeF.Nodes = []*GraphNode{nodeA, nodeB, nodeC}
+	nodeA.Nodes = []*xrayUtils.GraphNode{nodeB, nodeC}
+	nodeB.Nodes = []*xrayUtils.GraphNode{nodeC, nodeD}
+	nodeC.Nodes = []*xrayUtils.GraphNode{nodeD}
+	nodeD.Nodes = []*xrayUtils.GraphNode{nodeE, nodeF}
+	nodeF.Nodes = []*xrayUtils.GraphNode{nodeA, nodeB, nodeC}
 
 	// Create graph
-	graph := []*GraphNode{nodeA, nodeB, nodeC}
+	graph := []*xrayUtils.GraphNode{nodeA, nodeB, nodeC}
 	flatGraph, err := FlattenGraph(graph)
 	assert.NoError(t, err)
 
diff --git a/xray/services/utils/graph.go b/xray/services/utils/graph.go
new file mode 100644
index 000000000..5d8a2627c
--- /dev/null
+++ b/xray/services/utils/graph.go
@@ -0,0 +1,43 @@
+package utils
+
+type GraphNode struct {
+	// Component Id in the JFrog standard.
+	// For instance, for maven: gav://<groupId>:<artifactId>:<version>
+	// For detailed format examples please see:
+	// https://www.jfrog.com/confluence/display/JFROG/Xray+REST+API#XrayRESTAPI-ComponentIdentifiers
+	Id string `json:"component_id,omitempty"`
+	// Sha of the binary representing the component.
+	Sha256 string `json:"sha256,omitempty"`
+	Sha1   string `json:"sha1,omitempty"`
+	// For root file shall be the file name.
+	// For internal components shall be the internal path. (Relevant only for binary scan).
+	Path string `json:"path,omitempty"`
+	// Download url
+	DownloadUrl string `json:"-"`
+	// List of license names
+	Licenses []string `json:"licenses,omitempty"`
+	// Component properties
+	Properties map[string]string `json:"properties,omitempty"`
+	// List of subcomponents.
+	Nodes []*GraphNode `json:"nodes,omitempty"`
+	// Other component IDs field is populated by the Xray indexer to get a better accuracy in '.deb' files.
+	OtherComponentIds []OtherComponentIds `json:"other_component_ids,omitempty"`
+	// Node parent (for internal use)
+	Parent *GraphNode `json:"-"`
+}
+
+type OtherComponentIds struct {
+	Id     string `json:"component_id,omitempty"`
+	Origin int    `json:"origin,omitempty"`
+}
+
+func (currNode *GraphNode) NodeHasLoop() bool {
+	parent := currNode.Parent
+	for parent != nil {
+		if currNode.Id == parent.Id {
+			return true
+		}
+		parent = parent.Parent
+	}
+	return false
+}

From ae402c15487669c0a3775dba7431fa5ad1624943 Mon Sep 17 00:00:00 2001
From: Eyal Ben Moshe <eyalbenmoshe@jfrog.com>
Date: Wed, 17 May 2023 02:24:42 +0300
Subject: [PATCH 2/2] Promote to v1.28.4 (#762)

---
 go.mod         | 2 +-
 go.sum         | 4 ++--
 utils/utils.go | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 92dd09c78..b32bc6dbe 100644
--- a/go.mod
+++ b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/go-git/go-git/v5 v5.6.1
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/gookit/color v1.5.3
-	github.com/jfrog/build-info-go v1.9.3
+	github.com/jfrog/build-info-go v1.9.4
 	github.com/jfrog/gofrog v1.3.0
 	github.com/mholt/archiver/v3 v3.5.1
 	github.com/stretchr/testify v1.8.2
diff --git a/go.sum b/go.sum
index 058d7b788..46d46a07e 100644
--- a/go.sum
+++ b/go.sum
@@ -55,8 +55,8 @@ github.com/imdario/mergo v0.3.13/go.mod h1:4lJ1jqUDcsbIECGy0RUJAXNIhg+6ocWgb1ALK
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jfrog/build-info-go v1.9.3 h1:ZpVcNM4hH+r6dK0ERdSNaizuZALPgSdE29Da1Iki1fo=
-github.com/jfrog/build-info-go v1.9.3/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4=
+github.com/jfrog/build-info-go v1.9.4 h1:OovRqQziRkXzDUaJImbG/Wn2ra0+4JgRB8W/54FKsls=
+github.com/jfrog/build-info-go v1.9.4/go.mod h1:GbuFS+viHCKZYx9nWHYu7ab1DgQkFdtVN3BJPUNb2D4=
 github.com/jfrog/gofrog v1.3.0 h1:o4zgsBZE4QyDbz2M7D4K6fXPTBJht+8lE87mS9bw7Gk=
 github.com/jfrog/gofrog v1.3.0/go.mod h1:IFMc+V/yf7rA5WZ74CSbXe+Lgf0iApEQLxRZVzKRUR0=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
diff --git a/utils/utils.go b/utils/utils.go
index 9519946fe..878da64b0 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -26,7 +26,7 @@ import (
 const (
 	Development = "development"
 	Agent       = "jfrog-client-go"
-	Version     = "1.28.3"
+	Version     = "1.28.4"
 )
 
 // In order to limit the number of items loaded from a reader into the memory, we use a buffers with this size limit.