-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor commands output formats #96
base: dev
Are you sure you want to change the base?
Conversation
@@ -125,27 +297,15 @@ func TestAuditWithConfigProfile(t *testing.T) { | |||
chdirCallback := clientTests.ChangeDirWithCallback(t, baseWd, tempDirPath) | |||
defer chdirCallback() | |||
|
|||
auditParams.SetWorkingDirs([]string{tempDirPath}).SetIsRecursiveScan(true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why is it necessary here? wouldn't it detect it alone without setting the working dirs?
Also, defining working dirs and recursive scan is different from what our flow does
@@ -187,11 +199,17 @@ func RecordSarifOutput(cmdResults *Results) (err error) { | |||
log.Info("Results can be uploaded to Github security tab automatically by upgrading your JFrog subscription.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know it is not a change of yours but this condition doesn't seems right, as it is always evaluated to false:
!extended && !commandsummary.StaticMarkdownConfig.IsExtendedSummary()
(extended is set to 'true' just before checking the condition)
Runner *utils.SecurityParallelRunner | ||
ServerDetails *config.ServerDetails | ||
Scanner *jas.JasScanner | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove all new lines from the struct
if len(scansToPreform) > 0 && !slices.Contains(scansToPreform, utils.ContextualAnalysisScan) { | ||
log.Debug("Skipping contextual analysis scan as requested by input...") | ||
return err | ||
func addJasScanTaskForModuleIfNeeded(params JasRunnerParams, subScan utils.SubScanType, task parallel.TaskFunc) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I love how you re-wrote it, but we said this is the prioritization:
- flags
- config profile
- jfrog apps config
it seems like we ignore the flags here that we can get from audit. Lets discuss it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this file is empty. can we delete?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this file is empty. can we delete?
@@ -65,6 +65,51 @@ func ReadScanRunsFromFile(fileName string) (sarifRuns []*sarif.Run, err error) { | |||
return | |||
} | |||
|
|||
func CopyResult(result *sarif.Result) *sarif.Result { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this functions doesn't seems to be used
return nil | ||
} | ||
|
||
func GetRuleFullDescription(rule *sarif.ReportingDescriptor) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
duplicated
see GetRuleFullDescriptionText
return "" | ||
} | ||
|
||
func GetRuleShortDescription(rule *sarif.ReportingDescriptor) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
duplicate
see GetRuleShortDescriptionText
location.PhysicalLocation = sarifutils.NewPhysicalLocation(patchedLocation) | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a return statement is missing in this funciton
} | ||
|
||
func isPotentialSimilarResults(expected, actual *sarif.Result) bool { | ||
return sarifutils.GetResultRuleId(actual) == sarifutils.GetResultRuleId(expected) && sarifutils.GetResultMsgText(actual) == sarifutils.GetResultMsgText(expected) && sarifutils.GetResultProperty(sarifparser.WatchSarifPropertyKey, actual) == sarifutils.GetResultProperty(sarifparser.WatchSarifPropertyKey, expected) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we compare by message? A text message is more likely to change in compare to ID or a property that we obtain
if you think it is not likely to break often we can leave it like that (or if it is absolutely necessary)
dev
branch.go vet ./...
.go fmt ./...
.Move all
Results
and outputs to their inner package, organize currently available code and renames to fit better.Before:
After:
Move detection out of SCA to run first thing in audit
jfrog-apps-config
.Change
Results
object toScanCommandResults
Separate converting
ScanCommandResults
to different output formats and printing the output.output
package - Write the results in a specific format as an output string.conversion
package - Parse theScanCommandResults
object to convert it to different formats that we are supporting.Make implementing a new output format (by introducing an interface) easier, and maintain the currently supported.
General validation improvments for results structs