Cr fixes

cli/docs/flags.go

@@ -2,7 +2,6 @@ package docs
 
 import (
 	"fmt"
-	"github.com/jfrog/jfrog-cli-security/commands"
 	"strings"
 
 	"github.com/jfrog/jfrog-cli-core/v2/common/cliutils"
@@ -105,8 +104,7 @@ const (
 	WorkingDirs                  = "working-dirs"
 
 	// Unique curation flags
-	CurationOutput  = "curation-format"
-	CurationThreads = "curation-threads"
+	CurationOutput = "curation-format"
 )
 
 // Mapping between security commands (key) and their flags (key).
@@ -129,7 +127,7 @@ var commandFlags = map[string][]string{
 		Pnpm, Yarn, Go, Nuget, Pip, Pipenv, Poetry, MinSeverity, FixableOnly, ThirdPartyContextualAnalysis, Threads,
 	},
 	CurationAudit: {
-		CurationOutput, WorkingDirs, CurationThreads, RequirementsFile,
+		CurationOutput, WorkingDirs, Threads, RequirementsFile,
 	},
 	// TODO: Deprecated commands (remove at next CLI major version)
 	AuditMvn: {
@@ -220,7 +218,6 @@ var flagsMap = map[string]components.Flag{
 		components.SetHiddenBoolFlag(),
 	),
 	RequirementsFile: components.NewStringFlag(RequirementsFile, "[Pip] Defines pip requirements file name. For example: 'requirements.txt'."),
-	CurationThreads:  components.NewStringFlag(Threads, "Number of working threads.", components.WithIntDefaultValue(commands.TotalConcurrentRequests)),
 	CurationOutput:   components.NewStringFlag(OutputFormat, "Defines the output format of the command. Acceptable values are: table, json.", components.WithStrDefaultValue("table")),
 }
 

cli/scancommands.go

@@ -3,7 +3,6 @@ package cli
 import (
 	"fmt"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/usage"
-	"github.com/jfrog/jfrog-cli-security/commands"
 	"os"
 	"strings"
 
@@ -331,15 +330,11 @@ func AuditCmd(c *components.Context) error {
 		}
 	}
 	auditCmd.SetTechnologies(technologies)
-	threadsFlag, err := c.GetIntFlagValue(flags.Threads)
-	if err != nil {
-		return err
-	}
-	threads, err := commands.DetectNumOfThreads(threadsFlag)
+	threads, err := pluginsCommon.GetThreadsCount(c)
 	if err != nil {
 		return err
 	}
-	auditCmd.SetParallelScans(threads)
+	auditCmd.SetThreads(threads)
 	err = progressbar.ExecWithProgress(auditCmd)
 	// Reporting error if Xsc service is enabled
 	reportErrorIfExists(err, auditCmd)
@@ -436,11 +431,7 @@ func AuditSpecificCmd(c *components.Context, technology coreutils.Technology) er
 }
 
 func CurationCmd(c *components.Context) error {
-	threadsFlag, err := c.GetIntFlagValue(flags.Threads)
-	if err != nil {
-		return err
-	}
-	threads, err := commands.DetectNumOfThreads(threadsFlag)
+	threads, err := pluginsCommon.GetThreadsCount(c)
 	if err != nil {
 		return err
 	}

commands/audit/audit.go

@@ -27,21 +27,10 @@ type AuditCommand struct {
 	Fail                    bool
 	PrintExtendedTable      bool
 	analyticsMetricsService *xrayutils.AnalyticsMetricsService
-	ParallelScans           int
+	Threads                 int
 	AuditParams
 }
 
-type CommonGraphScanParams struct {
-	repoPath               string
-	projectKey             string
-	watches                []string
-	scanType               services.ScanType
-	includeVulnerabilities bool
-	includeLicenses        bool
-	xscVersion             string
-	multiScanId            string
-}
-
 func NewGenericAuditCommand() *AuditCommand {
 	return &AuditCommand{AuditParams: *NewAuditParams()}
 }
@@ -86,33 +75,33 @@ func (auditCmd *AuditCommand) SetAnalyticsMetricsService(analyticsMetricsService
 	return auditCmd
 }
 
-func (auditCmd *AuditCommand) SetParallelScans(threads int) *AuditCommand {
-	auditCmd.ParallelScans = threads
+func (auditCmd *AuditCommand) SetThreads(threads int) *AuditCommand {
+	auditCmd.Threads = threads
 	return auditCmd
 }
 
-func (auditCmd *AuditCommand) CreateCommonGraphScanParams() *CommonGraphScanParams {
-	commonParams := &CommonGraphScanParams{
-		repoPath: auditCmd.targetRepoPath,
-		watches:  auditCmd.watches,
-		scanType: services.Dependency,
+func (auditCmd *AuditCommand) CreateCommonGraphScanParams() *scangraph.CommonGraphScanParams {
+	commonParams := &scangraph.CommonGraphScanParams{
+		RepoPath: auditCmd.targetRepoPath,
+		Watches:  auditCmd.watches,
+		ScanType: services.Dependency,
 	}
 	if auditCmd.projectKey == "" {
-		commonParams.projectKey = os.Getenv(coreutils.Project)
+		commonParams.ProjectKey = os.Getenv(coreutils.Project)
 	} else {
-		commonParams.projectKey = auditCmd.projectKey
+		commonParams.ProjectKey = auditCmd.projectKey
 	}
-	commonParams.includeVulnerabilities = auditCmd.IncludeVulnerabilities
-	commonParams.includeLicenses = auditCmd.IncludeLicenses
-	commonParams.multiScanId = auditCmd.analyticsMetricsService.GetMsi()
-	if commonParams.multiScanId != "" {
+	commonParams.IncludeVulnerabilities = auditCmd.IncludeVulnerabilities
+	commonParams.IncludeLicenses = auditCmd.IncludeLicenses
+	commonParams.MultiScanId = auditCmd.analyticsMetricsService.GetMsi()
+	if commonParams.MultiScanId != "" {
 		xscManager := auditCmd.analyticsMetricsService.XscManager()
 		if xscManager != nil {
 			version, err := xscManager.GetVersion()
 			if err != nil {
 				log.Debug(fmt.Sprintf("Can't get XSC version for xray graph scan params. Cause: %s", err.Error()))
 			}
-			commonParams.xscVersion = version
+			commonParams.XscVersion = version
 		}
 	}
 	return commonParams
@@ -135,7 +124,7 @@ func (auditCmd *AuditCommand) Run() (err error) {
 		SetGraphBasicParams(auditCmd.AuditBasicParams).
 		SetCommonGraphScanParams(auditCmd.CreateCommonGraphScanParams()).
 		SetThirdPartyApplicabilityScan(auditCmd.thirdPartyApplicabilityScan).
-		SetParallelScans(auditCmd.ParallelScans)
+		SetThreads(auditCmd.Threads)
 	auditParams.SetIsRecursiveScan(isRecursiveScan).SetExclusions(auditCmd.Exclusions())
 
 	auditResults, err := RunAudit(auditParams)
@@ -202,9 +191,9 @@ func RunAudit(auditParams *AuditParams) (results *xrayutils.Results, err error)
 		return
 	}
 
-	results.MultiScanId = auditParams.commonGraphScanParams.multiScanId
+	results.MultiScanId = auditParams.commonGraphScanParams.MultiScanId
 
-	auditParallelRunner := utils.CreateAuditParallelRunner(auditParams.numOfParallelScans)
+	auditParallelRunner := utils.CreateAuditParallelRunner(auditParams.threads)
 	JFrogAppsConfig, err := jas.CreateJFrogAppsConfig(auditParams.workingDirs)
 	if err != nil {
 		return results, fmt.Errorf("failed to create JFrogAppsConfig: %s", err.Error())
@@ -216,13 +205,12 @@ func RunAudit(auditParams *AuditParams) (results *xrayutils.Results, err error)
 			return downloadAnalyzerManagerAndRunScanners(auditParallelRunner, results, serverDetails, auditParams, JFrogAppsConfig, threadId)
 		}, auditParallelRunner.AddErrorToChan)
 		if jasErr != nil {
-			auditParallelRunner.AddErrorToChan(fmt.Errorf("failed to creat AM and jas scanners task: %s", jasErr.Error()))
+			auditParallelRunner.AddErrorToChan(fmt.Errorf("failed to create AM downloading task, skipping JAS scans...: %s", jasErr.Error()))
 		}
 	}
 
 	// The sca scan doesn't require the analyzer manager, so it can run separately from the analyzer manager download routine.
-	scaScanErr := runScaScan(auditParallelRunner, auditParams, results)
-	if scaScanErr != nil {
+	if scaScanErr := runScaScan(auditParallelRunner, auditParams, results); scaScanErr != nil {
 		auditParallelRunner.AddErrorToChan(scaScanErr)
 	}
 	go func() {
@@ -256,10 +244,8 @@ func downloadAnalyzerManagerAndRunScanners(auditParallelRunner *utils.AuditParal
 	defer func() {
 		auditParallelRunner.JasWg.Done()
 	}()
-	err = utils.DownloadAnalyzerManagerIfNeeded(threadId)
-	if err != nil {
+	if err = utils.DownloadAnalyzerManagerIfNeeded(threadId); err != nil {
 		return
 	}
-	err = RunJasScannersAndSetResults(auditParallelRunner, scanResults, serverDetails, auditParams, jfrogAppsConfig, scanResults.MultiScanId)
-	return
+	return RunJasScannersAndSetResults(auditParallelRunner, scanResults, serverDetails, auditParams, jfrogAppsConfig, scanResults.MultiScanId)
 }

commands/audit/auditparams.go

@@ -1,14 +1,14 @@
 package audit
 
 import (
+	"github.com/jfrog/jfrog-cli-security/scangraph"
 	xrayutils "github.com/jfrog/jfrog-cli-security/utils"
 	"github.com/jfrog/jfrog-client-go/xray/services"
 )
 
 type AuditParams struct {
-	xrayGraphScanParams *services.XrayGraphScanParams
-	// common params to all scan routines
-	commonGraphScanParams *CommonGraphScanParams
+	// Common params to all scan routines
+	commonGraphScanParams *scangraph.CommonGraphScanParams
 	workingDirs           []string
 	installFunc           func(tech string) error
 	fixableOnly           bool
@@ -17,24 +17,19 @@ type AuditParams struct {
 	xrayVersion string
 	// Include third party dependencies source code in the applicability scan.
 	thirdPartyApplicabilityScan bool
-	numOfParallelScans          int
+	threads                     int
 }
 
 func NewAuditParams() *AuditParams {
 	return &AuditParams{
-		xrayGraphScanParams: &services.XrayGraphScanParams{},
-		AuditBasicParams:    &xrayutils.AuditBasicParams{},
+		AuditBasicParams: &xrayutils.AuditBasicParams{},
 	}
 }
 
 func (params *AuditParams) InstallFunc() func(tech string) error {
 	return params.installFunc
 }
 
-func (params *AuditParams) XrayGraphScanParams() *services.XrayGraphScanParams {
-	return params.xrayGraphScanParams
-}
-
 func (params *AuditParams) WorkingDirs() []string {
 	return params.workingDirs
 }
@@ -86,12 +81,25 @@ func (params *AuditParams) SetDepsRepo(depsRepo string) *AuditParams {
 	return params
 }
 
-func (params *AuditParams) SetParallelScans(numOfParallelScans int) *AuditParams {
-	params.numOfParallelScans = numOfParallelScans
+func (params *AuditParams) SetThreads(threads int) *AuditParams {
+	params.threads = threads
 	return params
 }
 
-func (params *AuditParams) SetCommonGraphScanParams(commonParams *CommonGraphScanParams) *AuditParams {
+func (params *AuditParams) SetCommonGraphScanParams(commonParams *scangraph.CommonGraphScanParams) *AuditParams {
 	params.commonGraphScanParams = commonParams
 	return params
 }
+
+func (params *AuditParams) createXrayGraphScanParams() *services.XrayGraphScanParams {
+	return &services.XrayGraphScanParams{
+		RepoPath:               params.commonGraphScanParams.RepoPath,
+		Watches:                params.commonGraphScanParams.Watches,
+		ScanType:               params.commonGraphScanParams.ScanType,
+		ProjectKey:             params.commonGraphScanParams.ProjectKey,
+		IncludeVulnerabilities: params.commonGraphScanParams.IncludeVulnerabilities,
+		IncludeLicenses:        params.commonGraphScanParams.IncludeLicenses,
+		XscVersion:             params.commonGraphScanParams.XscVersion,
+		MultiScanId:            params.commonGraphScanParams.MultiScanId,
+	}
+}

commands/audit/jas/applicability/applicabilitymanager.go

@@ -1,18 +1,17 @@
 package applicability
 
 import (
+	"github.com/jfrog/gofrog/datastructures"
 	jfrogappsconfig "github.com/jfrog/jfrog-apps-config/go"
 	"github.com/jfrog/jfrog-cli-security/commands/audit/jas"
-	"path/filepath"
-	"strconv"
-
-	"github.com/jfrog/gofrog/datastructures"
 	"github.com/jfrog/jfrog-cli-security/utils"
+	clientutils "github.com/jfrog/jfrog-client-go/utils"
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/xray/services"
 	"github.com/owenrumney/go-sarif/v2/sarif"
 	"golang.org/x/exp/maps"
 	"golang.org/x/exp/slices"
+	"path/filepath"
 )
 
 const (
@@ -49,17 +48,17 @@ func RunApplicabilityScan(auditParallelRunner *utils.AuditParallelRunner, xrayRe
 	}
 	applicabilityScanManager := newApplicabilityScanManager(xrayResults, directDependencies, scanner, thirdPartyContextualAnalysis, scannerTempDir)
 	if !applicabilityScanManager.cvesExists() {
-		log.Debug("[thread_id: " + strconv.Itoa(threadId) + "] We couldn't find any vulnerable dependencies. Skipping....")
+		log.Debug(clientutils.GetLogMsgPrefix(threadId, false), "We couldn't find any vulnerable dependencies. Skipping....")
 		return
 	}
-	log.Info("[thread_id: " + strconv.Itoa(threadId) + "] Running applicability scanning...")
+	log.Info(clientutils.GetLogMsgPrefix(threadId, false), "Running applicability scanning...")
 	if err = applicabilityScanManager.scanner.Run(applicabilityScanManager, module); err != nil {
 		err = utils.ParseAnalyzerManagerError(utils.Applicability, err)
 		return
 	}
-	auditParallelRunner.Mu.Lock()
+	auditParallelRunner.ResultsMu.Lock()
 	extendedScanResults.ApplicabilityScanResults = applicabilityScanManager.applicabilityScanResults
-	auditParallelRunner.Mu.Unlock()
+	auditParallelRunner.ResultsMu.Unlock()
 	return
 }
 

commands/audit/jas/common.go

@@ -4,9 +4,9 @@ import (
 	"errors"
 	"fmt"
 	clientutils "github.com/jfrog/jfrog-client-go/utils"
-	"golang.org/x/exp/rand"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -211,7 +211,8 @@ var FakeBasicXrayResults = []services.ScanResponse{
 
 func InitJasTest(t *testing.T, workingDirs ...string) (*JasScanner, func()) {
 	assert.NoError(t, utils.DownloadAnalyzerManagerIfNeeded(0))
-	jfrogAppsConfigForTest, _ := CreateJFrogAppsConfig(workingDirs)
+	jfrogAppsConfigForTest, err := CreateJFrogAppsConfig(workingDirs)
+	assert.NoError(t, err)
 	scanner, err := NewJasScanner(&FakeServerDetails, jfrogAppsConfigForTest)
 	assert.NoError(t, err)
 	return scanner, func() {
@@ -302,13 +303,7 @@ func CreateScannerTempDirectory(scanner *JasScanner, scanType string) (string, e
 	if scanner.TempDir == "" {
 		return "", errors.New("scanner temp dir cannot be created in an empty base dir")
 	}
-	rand.Seed(uint64(time.Now().UnixNano()))
-	randomString := ""
-	for i := 0; i < 4; i++ {
-		randomDigit := rand.Intn(10)
-		randomString += fmt.Sprintf("%d", randomDigit)
-	}
-	scannerTempDir := scanner.TempDir + "/" + scanType + "_" + randomString
+	scannerTempDir := scanner.TempDir + "/" + scanType + "_" + strconv.FormatInt(time.Now().Unix(), 10)
 	err := os.MkdirAll(scannerTempDir, 0777)
 	if err != nil {
 		return "", err

commands/audit/jas/common_test.go

@@ -131,8 +131,7 @@ func TestSetAnalyticsMetricsDataForAnalyzerManager(t *testing.T) {
 }
 
 func TestCreateScannerTempDirectory(t *testing.T) {
-	scanner, cleanUp := InitJasTest(t)
-	defer cleanUp()
+	scanner := &JasScanner{TempDir: "path"}
 	tempDir, err := CreateScannerTempDirectory(scanner, string(utils.Applicability))
 	assert.NoError(t, err)
 	assert.NotEmpty(t, tempDir)
@@ -143,10 +142,7 @@ func TestCreateScannerTempDirectory(t *testing.T) {
 }
 
 func TestCreateScannerTempDirectory_baseDirIsEmpty(t *testing.T) {
-	scanner, cleanUp := InitJasTest(t)
-	defer cleanUp()
-
-	scanner.TempDir = ""
+	scanner := &JasScanner{TempDir: ""}
 	_, err := CreateScannerTempDirectory(scanner, string(utils.Applicability))
 	assert.Error(t, err)
 }