Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor commands output formats #96

Merged
merged 105 commits into from
Oct 13, 2024
Merged

Refactor commands output formats #96

Show file tree
Hide file tree
Changes from 66 commits
Commits
Show all changes
105 commits
Select commit Hold shift + click to select a range
a10204d
Refactor commands output formats
attiasas Jun 30, 2024
e1f0fbb
some fixes
attiasas Jun 30, 2024
b7718f6
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jun 30, 2024
03946e9
more refactor
attiasas Jun 30, 2024
fe6d86d
continue refactor
attiasas Jun 30, 2024
9f129e4
add parsers
attiasas Jun 30, 2024
fd8e025
continue implement
attiasas Jul 1, 2024
5fb51d9
some changes
attiasas Jul 2, 2024
adb3de1
continue implement
attiasas Jul 2, 2024
77b3ab2
finish comp errors
attiasas Jul 3, 2024
da0bfb9
format
attiasas Jul 3, 2024
c47d7fc
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 10, 2024
218797a
format
attiasas Jul 10, 2024
c9c2933
continue refactor for tests
attiasas Jul 14, 2024
1d9ff3e
format
attiasas Jul 14, 2024
382b1cf
some static fixes
attiasas Jul 14, 2024
0d46f4f
more static fix
attiasas Jul 15, 2024
47e7f5f
fix static
attiasas Jul 15, 2024
3c9c41d
fix static
attiasas Jul 15, 2024
2523009
fix race condition
attiasas Jul 15, 2024
b368f1c
start sarif
attiasas Jul 15, 2024
5f6fa7f
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 15, 2024
cb0ff02
fix parallel race
attiasas Jul 15, 2024
8736ca6
fix test data location
attiasas Jul 15, 2024
7eeb1e7
continue implement
attiasas Jul 15, 2024
941d60a
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 15, 2024
18015b6
fix tests
attiasas Jul 15, 2024
7241b86
fix tests
attiasas Jul 16, 2024
2f7f319
fix tests
attiasas Jul 16, 2024
a5c66f0
verify sarif
attiasas Jul 18, 2024
f182e22
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 18, 2024
20f24b4
fix merge
attiasas Jul 18, 2024
f93cfa0
continue validations
attiasas Jul 21, 2024
4be27f0
fix tests
attiasas Jul 21, 2024
2ac4d7b
continue fix tests
attiasas Jul 21, 2024
3a3e059
continue fix tests
attiasas Jul 22, 2024
3f8c1df
update test data
attiasas Jul 23, 2024
9c5eb17
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 23, 2024
bcdf8a0
format
attiasas Jul 23, 2024
19e1577
fix static and tests
attiasas Jul 23, 2024
7704abf
fix static
attiasas Jul 23, 2024
4f8a44e
fix tests and cleanup
attiasas Jul 23, 2024
f201811
fix win test and cleanup
attiasas Jul 23, 2024
c723726
fix tests
attiasas Jul 23, 2024
4ee4bc6
fix tests
attiasas Jul 23, 2024
88ae5e5
try fix win tests
attiasas Jul 23, 2024
e871dbe
try fix win tests
attiasas Jul 23, 2024
cd49770
fix win tests
attiasas Jul 23, 2024
735efb4
try fix tests
attiasas Jul 23, 2024
11da7ef
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 24, 2024
70b74c4
try fix tests
attiasas Jul 24, 2024
1f1235a
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 28, 2024
7a810c1
fix merge and a tech bug
attiasas Jul 28, 2024
8844dd6
try fix tests
attiasas Jul 29, 2024
0844c65
fix
attiasas Jul 29, 2024
ea50014
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Jul 29, 2024
ce719c9
fix static
attiasas Jul 29, 2024
99893f3
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Aug 7, 2024
08d101f
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 5, 2024
3ded757
merge dev
attiasas Sep 9, 2024
944d192
fix tests
attiasas Sep 9, 2024
9448af0
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 9, 2024
38671cc
fix merge
attiasas Sep 9, 2024
272591c
fix static tests
attiasas Sep 9, 2024
ae39323
CR changes
attiasas Sep 10, 2024
3c98706
start add docker tests
attiasas Sep 11, 2024
2840382
fixing bugs adding docker tests
attiasas Sep 15, 2024
00e13c4
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 15, 2024
6c3a32c
fix merge
attiasas Sep 15, 2024
6815d23
format
attiasas Sep 15, 2024
650547f
fix static
attiasas Sep 15, 2024
bc48efa
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 15, 2024
9e20652
merge
attiasas Sep 15, 2024
6d95290
fix conflict
attiasas Sep 15, 2024
a610cf5
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 23, 2024
7952aee
continue merge
attiasas Sep 23, 2024
a3372e1
done fix merge conflicts
attiasas Sep 24, 2024
5689bdb
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 24, 2024
16b9392
continue fix tests
attiasas Sep 24, 2024
7ac5949
continue
attiasas Sep 25, 2024
4c2df26
fix tests
attiasas Sep 26, 2024
ba468e5
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 26, 2024
99b964f
attrib rename
attiasas Sep 26, 2024
92c32fe
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 26, 2024
8358e8d
fix static
attiasas Sep 26, 2024
fc7def7
fix tests
attiasas Sep 26, 2024
3edfa27
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 26, 2024
50cbd47
push log
attiasas Sep 26, 2024
882ec7b
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Sep 29, 2024
b33b31f
cr review finish
attiasas Sep 30, 2024
8b3c1ab
fix tests
attiasas Sep 30, 2024
6c0b4b6
fix tests
attiasas Sep 30, 2024
a8ae841
try debug
attiasas Oct 1, 2024
7b0c1e2
fix texts + cr review
attiasas Oct 1, 2024
fd5a13b
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Oct 1, 2024
d240a31
fix merge
attiasas Oct 1, 2024
511a21d
try debug
attiasas Oct 1, 2024
b5e6931
fix tests
attiasas Oct 1, 2024
3c71a65
add sca run id to sarif result
attiasas Oct 7, 2024
d4dbf93
remove scan id
attiasas Oct 7, 2024
7ecb1be
update AM to 1.9.4
attiasas Oct 7, 2024
dfe804c
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Oct 13, 2024
2f324ee
fix conflicts
attiasas Oct 13, 2024
fa4d95e
Merge remote-tracking branch 'upstream/dev' into refactor_output
attiasas Oct 13, 2024
290a1fe
fix tests
attiasas Oct 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
174 changes: 136 additions & 38 deletions audit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@ import (

"github.com/jfrog/jfrog-cli-security/cli"
"github.com/jfrog/jfrog-cli-security/cli/docs"
"github.com/jfrog/jfrog-cli-security/formats"
"github.com/jfrog/jfrog-cli-security/utils/formats"
"github.com/jfrog/jfrog-cli-security/utils/validations"

xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils"

Expand All @@ -34,12 +35,19 @@ import (

func TestXrayAuditNpmJson(t *testing.T) {
output := testAuditNpm(t, string(format.Json), false)
securityTestUtils.VerifyJsonScanResults(t, output, 1, 0, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
SecurityViolations: 1,
Licenses: 1,
})
}

func TestXrayAuditNpmSimpleJson(t *testing.T) {
output := testAuditNpm(t, string(format.SimpleJson), true)
securityTestUtils.VerifySimpleJsonScanResults(t, output, 1, 0, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
SecurityViolations: 1,
Vulnerabilities: 1,
Licenses: 1,
})
}

func testAuditNpm(t *testing.T, format string, withVuln bool) string {
Expand All @@ -66,12 +74,18 @@ func testAuditNpm(t *testing.T, format string, withVuln bool) string {

func TestXrayAuditPnpmJson(t *testing.T) {
output := testXrayAuditPnpm(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
}

func TestXrayAuditPnpmSimpleJson(t *testing.T) {
output := testXrayAuditPnpm(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 1, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
}

func testXrayAuditPnpm(t *testing.T, format string) string {
Expand All @@ -93,21 +107,30 @@ func testXrayAuditPnpm(t *testing.T, format string) string {
func TestXrayAuditYarnV2Json(t *testing.T) {
testXrayAuditYarn(t, "yarn-v2", func() {
output := runXrayAuditYarnWithOutput(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
})
}

func TestXrayAuditYarnV2SimpleJson(t *testing.T) {
testXrayAuditYarn(t, "yarn-v3", func() {
output := runXrayAuditYarnWithOutput(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 1, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
})
}

func TestXrayAuditYarnV1Json(t *testing.T) {
testXrayAuditYarn(t, "yarn-v1", func() {
output := runXrayAuditYarnWithOutput(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
})
}

Expand All @@ -126,7 +149,10 @@ func TestXrayAuditYarnV1JsonWithoutDevDependencies(t *testing.T) {
func TestXrayAuditYarnV1SimpleJson(t *testing.T) {
testXrayAuditYarn(t, "yarn-v1", func() {
output := runXrayAuditYarnWithOutput(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 1, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
})
}

Expand Down Expand Up @@ -200,7 +226,10 @@ func TestXrayAuditNugetJson(t *testing.T) {
t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
func(t *testing.T) {
output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
securityTestUtils.VerifyJsonScanResults(t, output, 0, test.minVulnerabilities, test.minLicences)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: test.minVulnerabilities,
Licenses: test.minLicences,
})
})
}
}
Expand Down Expand Up @@ -240,7 +269,10 @@ func TestXrayAuditNugetSimpleJson(t *testing.T) {
t.Run(fmt.Sprintf("projectName:%s,runInstallCommand:%t", test.projectName, runInstallCommand),
func(t *testing.T) {
output := testXrayAuditNuget(t, test.projectName, test.format, test.restoreTech)
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, test.minVulnerabilities, test.minLicences)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: test.minVulnerabilities,
Licenses: test.minLicences,
})
})
}
}
Expand All @@ -266,12 +298,18 @@ func testXrayAuditNuget(t *testing.T, projectName, format string, restoreTech st

func TestXrayAuditGradleJson(t *testing.T) {
output := testXrayAuditGradle(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 3, 3)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 3,
})
}

func TestXrayAuditGradleSimpleJson(t *testing.T) {
output := testXrayAuditGradle(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 3, 3)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 3,
})
}

func testXrayAuditGradle(t *testing.T, format string) string {
Expand All @@ -290,12 +328,18 @@ func testXrayAuditGradle(t *testing.T, format string) string {

func TestXrayAuditMavenJson(t *testing.T) {
output := testXscAuditMaven(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 1, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
}

func TestXrayAuditMavenSimpleJson(t *testing.T) {
output := testXscAuditMaven(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 1, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
Licenses: 1,
})
}

func testXscAuditMaven(t *testing.T, format string) string {
Expand Down Expand Up @@ -339,28 +383,44 @@ func TestXrayAuditMultiProjects(t *testing.T) {
securityTestUtils.CreateJfrogHomeConfig(t, true)
defer securityTestUtils.CleanTestsHomeEnv()
output := securityTests.PlatformCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(format.SimpleJson), workingDirsFlag)
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 35, 0)
securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 0, 25, 2)

validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Sast: 1,
Iac: 9,
Secrets: 6,

Vulnerabilities: 35,
Applicable: 3,
Undetermined: 0,
NotCovered: 25,
NotApplicable: 2,
})
}

func TestXrayAuditPipJson(t *testing.T) {
output := testXrayAuditPip(t, string(format.Json), "")
securityTestUtils.VerifyJsonScanResults(t, output, 0, 3, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func TestXrayAuditPipSimpleJson(t *testing.T) {
output := testXrayAuditPip(t, string(format.SimpleJson), "")
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 3, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func TestXrayAuditPipJsonWithRequirementsFile(t *testing.T) {
output := testXrayAuditPip(t, string(format.Json), "requirements.txt")
securityTestUtils.VerifyJsonScanResults(t, output, 0, 2, 0)
validations.VerifyJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 2})
}

func TestXrayAuditPipSimpleJsonWithRequirementsFile(t *testing.T) {
output := testXrayAuditPip(t, string(format.SimpleJson), "requirements.txt")
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 2, 0)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 2})
}

func testXrayAuditPip(t *testing.T, format, requirementsFile string) string {
Expand All @@ -384,12 +444,18 @@ func testXrayAuditPip(t *testing.T, format, requirementsFile string) string {

func TestXrayAuditPipenvJson(t *testing.T) {
output := testXrayAuditPipenv(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 3, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func TestXrayAuditPipenvSimpleJson(t *testing.T) {
output := testXrayAuditPipenv(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 3, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func testXrayAuditPipenv(t *testing.T, format string) string {
Expand All @@ -408,12 +474,18 @@ func testXrayAuditPipenv(t *testing.T, format string) string {

func TestXrayAuditPoetryJson(t *testing.T) {
output := testXrayAuditPoetry(t, string(format.Json))
securityTestUtils.VerifyJsonScanResults(t, output, 0, 3, 1)
validations.VerifyJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func TestXrayAuditPoetrySimpleJson(t *testing.T) {
output := testXrayAuditPoetry(t, string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 3, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 3,
Licenses: 1,
})
}

func testXrayAuditPoetry(t *testing.T, format string) string {
Expand Down Expand Up @@ -446,10 +518,7 @@ func TestXrayAuditNotEntitledForJas(t *testing.T) {
cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand)
defer cleanUp()
output := testXrayAuditJas(t, cliToRun, filepath.Join("jas", "jas"), "3")
// Verify that scan results are printed
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0)
// Verify that JAS results are not printed
securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 8})
}

func getNoJasAuditMockCommand() components.Command {
Expand All @@ -470,25 +539,53 @@ func getNoJasAuditMockCommand() components.Command {

func TestXrayAuditJasSimpleJson(t *testing.T) {
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "3")
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0)
securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Sast: 1,
Iac: 9,
Secrets: 6,

Vulnerabilities: 8,
Applicable: 3,
Undetermined: 1,
NotCovered: 1,
NotApplicable: 2,
})
}

func TestXrayAuditJasSimpleJsonWithOneThread(t *testing.T) {
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas"), "1")
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 8, 0)
securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 9, 6, 3, 1, 1, 2)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Sast: 1,
Iac: 9,
Secrets: 6,

Vulnerabilities: 8,
Applicable: 3,
Undetermined: 1,
NotCovered: 1,
NotApplicable: 2,
})
}

func TestXrayAuditJasSimpleJsonWithConfig(t *testing.T) {
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("jas", "jas-config"), "3")
securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 1, 3, 1, 1, 2)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Secrets: 1,

Vulnerabilities: 8,
Applicable: 3,
Undetermined: 1,
NotCovered: 1,
NotApplicable: 2,
})
}

func TestXrayAuditJasNoViolationsSimpleJson(t *testing.T) {
output := testXrayAuditJas(t, securityTests.PlatformCli, filepath.Join("package-managers", "npm", "npm"), "3")
securityTestUtils.VerifySimpleJsonScanResults(t, output, 0, 1, 0)
securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 1)
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{
Vulnerabilities: 1,
NotApplicable: 1,
})
}

func testXrayAuditJas(t *testing.T, testCli *coreTests.JfrogCli, project string, threads string) string {
Expand Down Expand Up @@ -553,7 +650,7 @@ func TestXrayRecursiveScan(t *testing.T) {
output := securityTests.PlatformCli.RunCliCmdWithOutput(t, "audit", "--format=json")

// We anticipate the identification of five vulnerabilities: four originating from the .NET project and one from the NPM project.
securityTestUtils.VerifyJsonScanResults(t, output, 0, 4, 0)
validations.VerifyJsonResults(t, output, validations.ValidationParams{Vulnerabilities: 4})

var results []services.ScanResponse
err = json.Unmarshal([]byte(output), &results)
Expand All @@ -577,5 +674,6 @@ func TestAuditOnEmptyProject(t *testing.T) {
chdirCallback := clientTests.ChangeDirWithCallback(t, baseWd, tempDirPath)
defer chdirCallback()
output := securityTests.PlatformCli.WithoutCredentials().RunCliCmdWithOutput(t, "audit", "--format="+string(format.SimpleJson))
securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0)
// No issues should be found in an empty project
validations.VerifySimpleJsonResults(t, output, validations.ValidationParams{})
}
Loading
Loading