From ad691bdd140d8f614b759285b7b7dba1497a1522 Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 7 Nov 2024 13:16:49 +0200 Subject: [PATCH 01/39] Add Git Repository Url as Xray Scan Graph param --- xray/services/scan.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 53fcb0644..dcb2e3d7c 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -82,7 +82,7 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { } } - if scanParams.XscVersion != "" { + if scanParams.XscVersion != "" && scanParams.MultiScanId != "" { params = append(params, multiScanIdParam+scanParams.MultiScanId) gitInfoContext := scanParams.XscGitInfoContext if gitInfoContext != nil { @@ -248,6 +248,7 @@ type XrayGraphScanParams struct { // This will provide a way to extract the watches that should be applied on this graph RepoPath string ProjectKey string + GitRepoUrl string Watches []string ScanType ScanType // Dependencies Tree From 2a9fae2f5a0ec5067378b77a442b1562700c0d7b Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 10 Nov 2024 13:57:23 +0200 Subject: [PATCH 02/39] add the new query param --- xray/services/scan.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xray/services/scan.go b/xray/services/scan.go index dcb2e3d7c..4ad68c93c 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -48,6 +48,8 @@ const ( scanTechQueryParam = "tech=" + gitRepoUrlQueryParam = "git_repo=" + XscVersionAPI = "api/v1/system/version" XraySuffix = "/xray/" @@ -97,6 +99,10 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } + if scanParams.GitRepoUrl != "" { + params = append(params, gitRepoUrlQueryParam+scanParams.GitRepoUrl) + } + if len(params) == 0 { return "" } From 56762799662f938c3645cc492b07b9811c9682fc Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 10 Nov 2024 14:00:09 +0200 Subject: [PATCH 03/39] add comment --- xray/services/scan.go | 1 + 1 file changed, 1 insertion(+) diff --git a/xray/services/scan.go b/xray/services/scan.go index 4ad68c93c..5572f1d2a 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -100,6 +100,7 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { } if scanParams.GitRepoUrl != "" { + // Only from Xray version: 3.106.2 params = append(params, gitRepoUrlQueryParam+scanParams.GitRepoUrl) } From 91b62c2cd4ba1c12507429cf6054c310f67b8ac9 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 10 Nov 2024 15:11:16 +0200 Subject: [PATCH 04/39] add tests --- xray/services/scan.go | 18 ++++++++++++++---- xray/services/scan_test.go | 25 ++++++++++++------------- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 5572f1d2a..088ade560 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -6,6 +6,7 @@ import ( "strings" "time" + clientUtils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" @@ -49,6 +50,7 @@ const ( scanTechQueryParam = "tech=" gitRepoUrlQueryParam = "git_repo=" + gitRepoUrlMinVersion = "3.106.2" XscVersionAPI = "api/v1/system/version" @@ -69,7 +71,7 @@ func NewScanService(client *jfroghttpclient.JfrogHttpClient) *ScanService { return &ScanService{client: client} } -func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { +func createScanGraphQueryParams(xrayVersion string, scanParams XrayGraphScanParams) string { var params []string switch { case scanParams.ProjectKey != "": @@ -99,9 +101,9 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if scanParams.GitRepoUrl != "" { + if isGitRepoUrlSupported(xrayVersion) && scanParams.GitRepoUrl != "" { // Only from Xray version: 3.106.2 - params = append(params, gitRepoUrlQueryParam+scanParams.GitRepoUrl) + params = append(params, gitRepoUrlQueryParam+scanParams.GitRepoUrl) } if len(params) == 0 { @@ -110,6 +112,10 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { return "?" + strings.Join(params, "&") } +func isGitRepoUrlSupported(xrayVersion string) bool { + return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, gitRepoUrlMinVersion) == nil +} + func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { httpClientsDetails := ss.XrayDetails.CreateHttpClientDetails() httpClientsDetails.SetContentTypeApplicationJson() @@ -129,7 +135,11 @@ func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) if scanParams.XscVersion != "" { url = ss.xrayToXscUrl() + XscGraphAPI } - url += createScanGraphQueryParams(scanParams) + xrayVersion, err := ss.XrayDetails.GetVersion() + if err != nil { + return "", err + } + url += createScanGraphQueryParams(xrayVersion, scanParams) resp, body, err := ss.client.SendPost(url, requestBody, &httpClientsDetails) if err != nil { return "", err diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 1eafe2a21..696b24922 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -10,27 +10,25 @@ func TestCreateScanGraphQueryParams(t *testing.T) { testName string projectKey string repoPath string + gitRepoUrl string watches []string scanType ScanType + xrayVersion string expectedQuery string }{ - {"with_project_key", "p1", "", nil, Binary, - fmt.Sprintf("?%s%s&%s%s", projectQueryParam, "p1", scanTypeQueryParam, Binary)}, + {"with_project_key", "p1", "", "", nil, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s", projectQueryParam, "p1", scanTypeQueryParam, Binary)}, - {"with_repo_path", "", "r1", nil, Binary, - fmt.Sprintf("?%s%s&%s%s", repoPathQueryParam, "r1", scanTypeQueryParam, Binary)}, + {"with_repo_path", "", "r1", "", nil, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s", repoPathQueryParam, "r1", scanTypeQueryParam, Binary)}, - {"with_watches", "", "", []string{"w1", "w2"}, Binary, - fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary)}, + {"with_watches", "", "", "", []string{"w1", "w2"}, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary)}, - {"with_empty_watch_string", "", "", []string{""}, "", - ""}, + {"with_empty_watch_string", "", "", "", []string{""}, "", gitRepoUrlMinVersion, ""}, - {"without_context", "", "", nil, Dependency, - fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, + {"without_context", "", "", "", nil, Dependency, gitRepoUrlMinVersion, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, - {"without_scan_type", "", "", []string{"w1", "w2"}, "", - fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, + {"without_scan_type", "", "", "", []string{"w1", "w2"}, "", "0.0.0", fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, + + {"with_git_repo_url", "", "", "some-url", nil, Dependency, gitRepoUrlMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoUrlQueryParam, "some-url")}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { @@ -39,8 +37,9 @@ func TestCreateScanGraphQueryParams(t *testing.T) { Watches: test.watches, ProjectKey: test.projectKey, ScanType: test.scanType, + GitRepoUrl: test.gitRepoUrl, } - actualQuery := createScanGraphQueryParams(params) + actualQuery := createScanGraphQueryParams(test.xrayVersion, params) if actualQuery != test.expectedQuery { t.Error(test.testName, "Expecting:", test.expectedQuery, "Got:", actualQuery) } From d77023533161437edddb41c01eb4efa90cfd942a Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 10 Nov 2024 15:29:32 +0200 Subject: [PATCH 05/39] update GitContextValues --- .../services/utils/tests/xray/consts.go | 6 +++--- .../services/utils/tests/xray/server.go | 2 +- xray/services/scan.go | 21 ++++++++++--------- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 4fb0c478e..d5cd0565a 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1436,9 +1436,9 @@ const XscGitInfoResponse = `{"multi_scan_id": "3472b4e2-bddc-11ee-a9c9-acde48001 const XscGitInfoBadResponse = `"failed create git info request: git_repo_url field must contain value"` var GitInfoContextWithMinimalRequiredFields = xrayServices.XscGitInfoContext{ - GitRepoUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", - BranchName: "feature/XRAY-123-cool-feature", - CommitHash: "acc5e24e69a-d3c1-4022-62eb-69e4a1e5", + GitRepoUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", + BranchName: "feature/XRAY-123-cool-feature", + LastCommitHash: "acc5e24e69a-d3c1-4022-62eb-69e4a1e5", } var GitInfoContextWithMissingFields = xrayServices.XscGitInfoContext{ diff --git a/artifactory/services/utils/tests/xray/server.go b/artifactory/services/utils/tests/xray/server.go index 34b476ae4..9af0eccc9 100644 --- a/artifactory/services/utils/tests/xray/server.go +++ b/artifactory/services/utils/tests/xray/server.go @@ -238,7 +238,7 @@ func xscGitInfoHandlerFunc(t *testing.T) func(w http.ResponseWriter, r *http.Req var reqBody services.XscGitInfoContext err = json.Unmarshal(req, &reqBody) assert.NoError(t, err) - if reqBody.GitRepoUrl == "" || reqBody.BranchName == "" || reqBody.CommitHash == "" { + if reqBody.GitRepoUrl == "" || reqBody.BranchName == "" || reqBody.LastCommitHash == "" { w.WriteHeader(http.StatusBadRequest) _, err := fmt.Fprint(w, XscGitInfoBadResponse) assert.NoError(t, err) diff --git a/xray/services/scan.go b/xray/services/scan.go index 088ade560..7183c8a35 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -397,16 +397,17 @@ type XscVersionResponse struct { } type XscGitInfoContext struct { - GitRepoUrl string `json:"git_repo_url"` - GitRepoName string `json:"git_repo_name,omitempty"` - GitProject string `json:"git_project,omitempty"` - GitProvider string `json:"git_provider,omitempty"` - Technologies []string `json:"technologies,omitempty"` - BranchName string `json:"branch_name"` - LastCommit string `json:"last_commit,omitempty"` - CommitHash string `json:"commit_hash"` - CommitMessage string `json:"commit_message,omitempty"` - CommitAuthor string `json:"commit_author,omitempty"` + GitRepoUrl string `json:"git_repo_url"` + GitRepoName string `json:"git_repo_name,omitempty"` + GitProject string `json:"git_project,omitempty"` + GitProvider string `json:"git_provider,omitempty"` + Technologies []string `json:"technologies,omitempty"` + BranchName string `json:"branch_name"` + LastCommitUrl string `json:"last_commit,omitempty"` + LastCommitHash string `json:"commit_hash"` + LastCommitMessage string `json:"commit_message,omitempty"` + LastCommitAuthor string `json:"commit_author,omitempty"` + IsClean bool `json:"is_clean,omitempty"` } func (gp *XrayGraphScanParams) GetProjectKey() string { From 49f91b6bab5e2f6bb40cec01e42830bff509884e Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 11 Nov 2024 11:38:42 +0200 Subject: [PATCH 06/39] change to IsDirty for backward compatibility --- xray/services/scan.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 7183c8a35..0c7f811b1 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -407,7 +407,7 @@ type XscGitInfoContext struct { LastCommitHash string `json:"commit_hash"` LastCommitMessage string `json:"commit_message,omitempty"` LastCommitAuthor string `json:"commit_author,omitempty"` - IsClean bool `json:"is_clean,omitempty"` + IsDirty bool `json:"is_dirty,omitempty"` } func (gp *XrayGraphScanParams) GetProjectKey() string { From d8a3c65e8c9f3f478e9f516130e0b95b01d8eaea Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 15:53:19 +0200 Subject: [PATCH 07/39] Use XscGitInfoContext.GitRepoUrl instead of new field --- xray/services/scan.go | 8 ++++---- xray/services/scan_test.go | 4 +++- xsc/services/utils/utils.go | 19 +++++++++++++++++++ xsc/services/utils/utils_test.go | 3 +++ 4 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 xsc/services/utils/utils.go create mode 100644 xsc/services/utils/utils_test.go diff --git a/xray/services/scan.go b/xray/services/scan.go index 0c7f811b1..9a7c352f6 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -9,6 +9,7 @@ import ( clientUtils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" + xscUtils "github.com/jfrog/jfrog-client-go/xsc/services/utils" "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" @@ -101,9 +102,9 @@ func createScanGraphQueryParams(xrayVersion string, scanParams XrayGraphScanPara params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if isGitRepoUrlSupported(xrayVersion) && scanParams.GitRepoUrl != "" { - // Only from Xray version: 3.106.2 - params = append(params, gitRepoUrlQueryParam+scanParams.GitRepoUrl) + if isGitRepoUrlSupported(xrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoUrl != "" { + // Add git context to the scan + params = append(params, gitRepoUrlQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoUrl)) } if len(params) == 0 { @@ -265,7 +266,6 @@ type XrayGraphScanParams struct { // This will provide a way to extract the watches that should be applied on this graph RepoPath string ProjectKey string - GitRepoUrl string Watches []string ScanType ScanType // Dependencies Tree diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 696b24922..7856571c4 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -37,7 +37,9 @@ func TestCreateScanGraphQueryParams(t *testing.T) { Watches: test.watches, ProjectKey: test.projectKey, ScanType: test.scanType, - GitRepoUrl: test.gitRepoUrl, + XscGitInfoContext: &XscGitInfoContext{ + GitRepoUrl: test.gitRepoUrl, + }, } actualQuery := createScanGraphQueryParams(test.xrayVersion, params) if actualQuery != test.expectedQuery { diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go new file mode 100644 index 000000000..1157ca0cb --- /dev/null +++ b/xsc/services/utils/utils.go @@ -0,0 +1,19 @@ +package utils + +import "strings" + +func GetGitRepoUrlKey(gitRepoUrl string) string { + if len(gitRepoUrl) == 0 { + // No git context was provided + return "" + } + // Remove the Http/s protocol from the URL + if strings.HasPrefix(gitRepoUrl, "http") { + return strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "https://"), "http://") + } + // Remove the SSH protocol from the URL + if strings.Contains(gitRepoUrl, "git@") { + return strings.Replace(strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "ssh://"), "git@"), ":", "/", 1) + } + return gitRepoUrl +} diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go new file mode 100644 index 000000000..e2bdc0ee8 --- /dev/null +++ b/xsc/services/utils/utils_test.go @@ -0,0 +1,3 @@ +package utils + +import () From ee866b4a15d6c6bbad4c99dfb8bbff448fe5695a Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 16:14:17 +0200 Subject: [PATCH 08/39] Use new attribute --- xray/services/scan.go | 14 +++++++------- xray/services/scan_test.go | 6 +++--- xsc/services/utils/utils.go | 19 ------------------- xsc/services/utils/utils_test.go | 3 --- 4 files changed, 10 insertions(+), 32 deletions(-) delete mode 100644 xsc/services/utils/utils.go delete mode 100644 xsc/services/utils/utils_test.go diff --git a/xray/services/scan.go b/xray/services/scan.go index 9a7c352f6..a63f71ca0 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -9,7 +9,6 @@ import ( clientUtils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" - xscUtils "github.com/jfrog/jfrog-client-go/xsc/services/utils" "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" @@ -50,8 +49,8 @@ const ( scanTechQueryParam = "tech=" - gitRepoUrlQueryParam = "git_repo=" - gitRepoUrlMinVersion = "3.106.2" + gitRepoKeyQueryParam = "git_repo=" + gitRepoKeyMinVersion = "3.106.2" XscVersionAPI = "api/v1/system/version" @@ -102,9 +101,9 @@ func createScanGraphQueryParams(xrayVersion string, scanParams XrayGraphScanPara params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if isGitRepoUrlSupported(xrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoUrl != "" { - // Add git context to the scan - params = append(params, gitRepoUrlQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoUrl)) + if isGitRepoUrlSupported(xrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoKey != "" { + // Add git repo key to the query params to produce violations defined in the git repo policy + params = append(params, gitRepoKeyQueryParam+scanParams.XscGitInfoContext.GitRepoKey) } if len(params) == 0 { @@ -114,7 +113,7 @@ func createScanGraphQueryParams(xrayVersion string, scanParams XrayGraphScanPara } func isGitRepoUrlSupported(xrayVersion string) bool { - return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, gitRepoUrlMinVersion) == nil + return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, gitRepoKeyMinVersion) == nil } func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { @@ -397,6 +396,7 @@ type XscVersionResponse struct { } type XscGitInfoContext struct { + GitRepoKey string `json:"-"` GitRepoUrl string `json:"git_repo_url"` GitRepoName string `json:"git_repo_name,omitempty"` GitProject string `json:"git_project,omitempty"` diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 7856571c4..84196e54d 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -22,13 +22,13 @@ func TestCreateScanGraphQueryParams(t *testing.T) { {"with_watches", "", "", "", []string{"w1", "w2"}, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary)}, - {"with_empty_watch_string", "", "", "", []string{""}, "", gitRepoUrlMinVersion, ""}, + {"with_empty_watch_string", "", "", "", []string{""}, "", gitRepoKeyMinVersion, ""}, - {"without_context", "", "", "", nil, Dependency, gitRepoUrlMinVersion, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, + {"without_context", "", "", "", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, {"without_scan_type", "", "", "", []string{"w1", "w2"}, "", "0.0.0", fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, - {"with_git_repo_url", "", "", "some-url", nil, Dependency, gitRepoUrlMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoUrlQueryParam, "some-url")}, + {"with_git_repo_url", "", "", "some-url", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url")}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go deleted file mode 100644 index 1157ca0cb..000000000 --- a/xsc/services/utils/utils.go +++ /dev/null @@ -1,19 +0,0 @@ -package utils - -import "strings" - -func GetGitRepoUrlKey(gitRepoUrl string) string { - if len(gitRepoUrl) == 0 { - // No git context was provided - return "" - } - // Remove the Http/s protocol from the URL - if strings.HasPrefix(gitRepoUrl, "http") { - return strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "https://"), "http://") - } - // Remove the SSH protocol from the URL - if strings.Contains(gitRepoUrl, "git@") { - return strings.Replace(strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "ssh://"), "git@"), ":", "/", 1) - } - return gitRepoUrl -} diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go deleted file mode 100644 index e2bdc0ee8..000000000 --- a/xsc/services/utils/utils_test.go +++ /dev/null @@ -1,3 +0,0 @@ -package utils - -import () From 3e824cec6ea2d55c877e1404d13c0691634e1038 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 16:27:15 +0200 Subject: [PATCH 09/39] with tests, remove redundent --- xray/services/scan.go | 6 +++--- xsc/services/utils/utils.go | 23 +++++++++++++++++++++++ xsc/services/utils/utils_test.go | 25 +++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 xsc/services/utils/utils.go create mode 100644 xsc/services/utils/utils_test.go diff --git a/xray/services/scan.go b/xray/services/scan.go index a63f71ca0..31b977da5 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -9,6 +9,7 @@ import ( clientUtils "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/log" xrayUtils "github.com/jfrog/jfrog-client-go/xray/services/utils" + xscUtils "github.com/jfrog/jfrog-client-go/xsc/services/utils" "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" @@ -101,9 +102,9 @@ func createScanGraphQueryParams(xrayVersion string, scanParams XrayGraphScanPara params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if isGitRepoUrlSupported(xrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoKey != "" { + if isGitRepoUrlSupported(xrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoUrl != "" { // Add git repo key to the query params to produce violations defined in the git repo policy - params = append(params, gitRepoKeyQueryParam+scanParams.XscGitInfoContext.GitRepoKey) + params = append(params, gitRepoKeyQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoUrl)) } if len(params) == 0 { @@ -396,7 +397,6 @@ type XscVersionResponse struct { } type XscGitInfoContext struct { - GitRepoKey string `json:"-"` GitRepoUrl string `json:"git_repo_url"` GitRepoName string `json:"git_repo_name,omitempty"` GitProject string `json:"git_project,omitempty"` diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go new file mode 100644 index 000000000..d48b572d1 --- /dev/null +++ b/xsc/services/utils/utils.go @@ -0,0 +1,23 @@ +package utils + +import "strings" + +func GetGitRepoUrlKey(gitRepoUrl string) string { + if len(gitRepoUrl) == 0 { + // No git context was provided + return "" + } + if !strings.HasSuffix(gitRepoUrl, ".git") { + // Append .git to the URL if not included + gitRepoUrl += ".git" + } + // Remove the Http/s protocol from the URL + if strings.HasPrefix(gitRepoUrl, "http") { + return strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "https://"), "http://") + } + // Remove the SSH protocol from the URL + if strings.Contains(gitRepoUrl, "git@") { + return strings.Replace(strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "ssh://"), "git@"), ":", "/", 1) + } + return gitRepoUrl +} diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go new file mode 100644 index 000000000..e6722ac93 --- /dev/null +++ b/xsc/services/utils/utils_test.go @@ -0,0 +1,25 @@ +package utils + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestGetGitRepoUrlKey(t *testing.T) { + expected := "github.com/jfrog/jfrog-client-go.git" + tests := []struct { + testName string + gitRepoUrl string + }{ + {"with_http", "http://github.com/jfrog/jfrog-client-go.git"}, + {"with_https", "https://github.com/jfrog/jfrog-client-go.git"}, + {"with_ssh", "git@github.com:jfrog/jfrog-client-go.git"}, + {"with_ssh_bb", "ssh://git@git.com/jfrog/jfrog-client-go.git"}, + } + for _, test := range tests { + t.Run(test.testName, func(t *testing.T) { + assert.Equal(t, expected, GetGitRepoUrlKey(test.gitRepoUrl)) + }) + } +} From 8c591382bdc95215d6cc1f6ba20e31b64173c125 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 16:53:01 +0200 Subject: [PATCH 10/39] fix tests --- xsc/services/utils/utils_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go index e6722ac93..8852fa8da 100644 --- a/xsc/services/utils/utils_test.go +++ b/xsc/services/utils/utils_test.go @@ -7,15 +7,16 @@ import ( ) func TestGetGitRepoUrlKey(t *testing.T) { - expected := "github.com/jfrog/jfrog-client-go.git" + expected := "git.com/jfrog/jfrog-client-go.git" tests := []struct { testName string gitRepoUrl string }{ - {"with_http", "http://github.com/jfrog/jfrog-client-go.git"}, - {"with_https", "https://github.com/jfrog/jfrog-client-go.git"}, - {"with_ssh", "git@github.com:jfrog/jfrog-client-go.git"}, + {"with_http", "http://git.com/jfrog/jfrog-client-go.git"}, + {"with_https", "https://git.com/jfrog/jfrog-client-go.git"}, + {"with_ssh", "git@git.com:jfrog/jfrog-client-go.git"}, {"with_ssh_bb", "ssh://git@git.com/jfrog/jfrog-client-go.git"}, + {"without_protocol", "git.com/jfrog/jfrog-client-go"}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { From 7a1efc4dc46d7d79b534613588468aab0895b355 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 16:56:45 +0200 Subject: [PATCH 11/39] remove is dirty --- xray/services/scan.go | 1 - 1 file changed, 1 deletion(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 31b977da5..96df5b329 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -407,7 +407,6 @@ type XscGitInfoContext struct { LastCommitHash string `json:"commit_hash"` LastCommitMessage string `json:"commit_message,omitempty"` LastCommitAuthor string `json:"commit_author,omitempty"` - IsDirty bool `json:"is_dirty,omitempty"` } func (gp *XrayGraphScanParams) GetProjectKey() string { From ce7936c72bc9a738851df6d4c37522eb3eb11535 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 20:35:58 +0200 Subject: [PATCH 12/39] merge fix --- xray/services/scan.go | 2 +- xray/services/scan_test.go | 11 ++++++----- xsc/services/utils/utils_test.go | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 930065595..c69f27558 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -157,7 +157,7 @@ func (ss *ScanService) GetScanGraphResults(scanId, xrayVersion string, includeVu endPoint := ss.XrayDetails.GetUrl() + scanGraphAPI // Modify endpoint if XSC is enabled if xscEnabled { - endPoint = utils.XrayUrlToXscUrl(ss.XrayDetails.GetUrl(), xrayVersion) + XscGraphAPI + endPoint = xscUtils.XrayUrlToXscUrl(ss.XrayDetails.GetUrl(), xrayVersion) + XscGraphAPI } endPoint += "/" + scanId diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 84196e54d..0e2ac4aed 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -33,15 +33,16 @@ func TestCreateScanGraphQueryParams(t *testing.T) { for _, test := range tests { t.Run(test.testName, func(t *testing.T) { params := XrayGraphScanParams{ - RepoPath: test.repoPath, - Watches: test.watches, - ProjectKey: test.projectKey, - ScanType: test.scanType, + RepoPath: test.repoPath, + Watches: test.watches, + ProjectKey: test.projectKey, + ScanType: test.scanType, + XrayVersion: test.xrayVersion, XscGitInfoContext: &XscGitInfoContext{ GitRepoUrl: test.gitRepoUrl, }, } - actualQuery := createScanGraphQueryParams(test.xrayVersion, params) + actualQuery := createScanGraphQueryParams(params) if actualQuery != test.expectedQuery { t.Error(test.testName, "Expecting:", test.expectedQuery, "Got:", actualQuery) } diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go index de394b2fe..5be74f9bb 100644 --- a/xsc/services/utils/utils_test.go +++ b/xsc/services/utils/utils_test.go @@ -1,8 +1,8 @@ package utils import ( - "testing" "github.com/stretchr/testify/assert" + "testing" ) func TestXrayUrlToXscUrl(t *testing.T) { From a8b7f3de793854e00b51a84f5290a5af8d0d465b Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 24 Nov 2024 20:47:55 +0200 Subject: [PATCH 13/39] fix tests --- xray/services/scan_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 0e2ac4aed..591c6436d 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -28,7 +28,7 @@ func TestCreateScanGraphQueryParams(t *testing.T) { {"without_scan_type", "", "", "", []string{"w1", "w2"}, "", "0.0.0", fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, - {"with_git_repo_url", "", "", "some-url", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url")}, + {"with_git_repo_url", "", "", "http://some-url", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url.git")}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { From d384d38979238d48c9d4e4e9eb47fc1b0ed05c7c Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 25 Nov 2024 09:34:54 +0200 Subject: [PATCH 14/39] CR changes --- xray/services/scan.go | 3 +-- xray/services/scan_test.go | 8 +++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index c69f27558..d44b1d8cf 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -48,7 +48,6 @@ const ( scanTechQueryParam = "tech=" gitRepoKeyQueryParam = "git_repo=" - gitRepoKeyMinVersion = "3.106.2" XscVersionAPI = "system/version" ) @@ -107,7 +106,7 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { } func isGitRepoUrlSupported(xrayVersion string) bool { - return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, gitRepoKeyMinVersion) == nil + return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, xscUtils.MinXrayVersionXscTransitionToXray) == nil } func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 591c6436d..c6d5bc9c6 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -3,6 +3,8 @@ package services import ( "fmt" "testing" + + xscUtils "github.com/jfrog/jfrog-client-go/xsc/services/utils" ) func TestCreateScanGraphQueryParams(t *testing.T) { @@ -22,13 +24,13 @@ func TestCreateScanGraphQueryParams(t *testing.T) { {"with_watches", "", "", "", []string{"w1", "w2"}, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary)}, - {"with_empty_watch_string", "", "", "", []string{""}, "", gitRepoKeyMinVersion, ""}, + {"with_empty_watch_string", "", "", "", []string{""}, "", xscUtils.MinXrayVersionXscTransitionToXray, ""}, - {"without_context", "", "", "", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, + {"without_context", "", "", "", nil, Dependency, xscUtils.MinXrayVersionXscTransitionToXray, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, {"without_scan_type", "", "", "", []string{"w1", "w2"}, "", "0.0.0", fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, - {"with_git_repo_url", "", "", "http://some-url", nil, Dependency, gitRepoKeyMinVersion, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url.git")}, + {"with_git_repo_url", "", "", "http://some-url", nil, Dependency, xscUtils.MinXrayVersionXscTransitionToXray, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url.git")}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { From a7f46540780f923cc04cdee5c358a641d4af67a0 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 25 Nov 2024 10:35:57 +0200 Subject: [PATCH 15/39] CR changes --- .../services/utils/tests/xray/consts.go | 10 ++++---- xray/services/scan.go | 24 +++++++++---------- xray/services/scan_test.go | 2 +- xsc/services/utils/utils.go | 18 ++++++-------- 4 files changed, 25 insertions(+), 29 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 86051680b..56ec4d227 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1438,14 +1438,14 @@ const XscGitInfoResponse = `{"multi_scan_id": "3472b4e2-bddc-11ee-a9c9-acde48001 const XscGitInfoBadResponse = `"failed create git info request: git_repo_url field must contain value"` var GitInfoContextWithMinimalRequiredFields = xrayServices.XscGitInfoContext{ - GitRepoUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", - BranchName: "feature/XRAY-123-cool-feature", - LastCommitHash: "acc5e24e69a-d3c1-4022-62eb-69e4a1e5", + GitRepoHttpsCloneUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", + BranchName: "feature/XRAY-123-cool-feature", + LastCommitHash: "acc5e24e69a-d3c1-4022-62eb-69e4a1e5", } var GitInfoContextWithMissingFields = xrayServices.XscGitInfoContext{ - GitRepoUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", - BranchName: "feature/XRAY-123-cool-feature", + GitRepoHttpsCloneUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", + BranchName: "feature/XRAY-123-cool-feature", } const TestMultiScanId = "3472b4e2-bddc-11ee-a9c9-acde48001122" diff --git a/xray/services/scan.go b/xray/services/scan.go index d44b1d8cf..0bca66fad 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -94,9 +94,9 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if isGitRepoUrlSupported(scanParams.XrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoUrl != "" { + if isGitRepoUrlSupported(scanParams.XrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoHttpsCloneUrl != "" { // Add git repo key to the query params to produce violations defined in the git repo policy - params = append(params, gitRepoKeyQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoUrl)) + params = append(params, gitRepoKeyQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoHttpsCloneUrl)) } if len(params) == 0 { @@ -329,16 +329,16 @@ type XscVersionResponse struct { } type XscGitInfoContext struct { - GitRepoUrl string `json:"git_repo_url"` - GitRepoName string `json:"git_repo_name,omitempty"` - GitProject string `json:"git_project,omitempty"` - GitProvider string `json:"git_provider,omitempty"` - Technologies []string `json:"technologies,omitempty"` - BranchName string `json:"branch_name"` - LastCommitUrl string `json:"last_commit,omitempty"` - LastCommitHash string `json:"commit_hash"` - LastCommitMessage string `json:"commit_message,omitempty"` - LastCommitAuthor string `json:"commit_author,omitempty"` + GitRepoHttpsCloneUrl string `json:"git_repo_url"` + GitRepoName string `json:"git_repo_name,omitempty"` + GitProject string `json:"git_project,omitempty"` + GitProvider string `json:"git_provider,omitempty"` + Technologies []string `json:"technologies,omitempty"` + BranchName string `json:"branch_name"` + LastCommitUrl string `json:"last_commit,omitempty"` + LastCommitHash string `json:"commit_hash"` + LastCommitMessage string `json:"commit_message,omitempty"` + LastCommitAuthor string `json:"commit_author,omitempty"` } func (gp *XrayGraphScanParams) GetProjectKey() string { diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index c6d5bc9c6..2366448bc 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -41,7 +41,7 @@ func TestCreateScanGraphQueryParams(t *testing.T) { ScanType: test.scanType, XrayVersion: test.xrayVersion, XscGitInfoContext: &XscGitInfoContext{ - GitRepoUrl: test.gitRepoUrl, + GitRepoHttpsCloneUrl: test.gitRepoUrl, }, } actualQuery := createScanGraphQueryParams(params) diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go index 4e98ca000..f62011e09 100644 --- a/xsc/services/utils/utils.go +++ b/xsc/services/utils/utils.go @@ -33,22 +33,18 @@ func IsXscXrayInnerService(xrayVersion string) bool { return true } -func GetGitRepoUrlKey(gitRepoUrl string) string { - if len(gitRepoUrl) == 0 { +func GetGitRepoUrlKey(gitRepoHttpUrl string) string { + if len(gitRepoHttpUrl) == 0 { // No git context was provided return "" } - if !strings.HasSuffix(gitRepoUrl, ".git") { + if !strings.HasSuffix(gitRepoHttpUrl, ".git") { // Append .git to the URL if not included - gitRepoUrl += ".git" + gitRepoHttpUrl += ".git" } // Remove the Http/s protocol from the URL - if strings.HasPrefix(gitRepoUrl, "http") { - return strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "https://"), "http://") + if strings.HasPrefix(gitRepoHttpUrl, "http") { + return strings.TrimPrefix(strings.TrimPrefix(gitRepoHttpUrl, "https://"), "http://") } - // Remove the SSH protocol from the URL - if strings.Contains(gitRepoUrl, "git@") { - return strings.Replace(strings.TrimPrefix(strings.TrimPrefix(gitRepoUrl, "ssh://"), "git@"), ":", "/", 1) - } - return gitRepoUrl + return gitRepoHttpUrl } From c243bb1fe7095bf0871ef44194ea85602218c61c Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 25 Nov 2024 14:11:51 +0200 Subject: [PATCH 16/39] change version --- xsc/services/utils/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go index f62011e09..0ec660501 100644 --- a/xsc/services/utils/utils.go +++ b/xsc/services/utils/utils.go @@ -13,7 +13,7 @@ const ( xscSuffix = "/xsc/" apiV1Suffix = "api/v1" XscInXraySuffix = apiV1Suffix + xscSuffix - MinXrayVersionXscTransitionToXray = "3.108.0" + MinXrayVersionXscTransitionToXray = "3.107.13" ) // From Xray version 3.108.0, XSC is transitioning to Xray as inner service. This function will return compatible URL. From 4f2b45e03790534488025cf5f55cc5c0d4895abb Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 1 Dec 2024 09:27:40 +0200 Subject: [PATCH 17/39] remove ssh test cases --- xsc/services/utils/utils_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/xsc/services/utils/utils_test.go b/xsc/services/utils/utils_test.go index d1a0fdd7e..a5d1db0af 100644 --- a/xsc/services/utils/utils_test.go +++ b/xsc/services/utils/utils_test.go @@ -33,8 +33,6 @@ func TestGetGitRepoUrlKey(t *testing.T) { }{ {"with_http", "http://git.com/jfrog/jfrog-client-go.git"}, {"with_https", "https://git.com/jfrog/jfrog-client-go.git"}, - {"with_ssh", "git@git.com:jfrog/jfrog-client-go.git"}, - {"with_ssh_bb", "ssh://git@git.com/jfrog/jfrog-client-go.git"}, {"without_protocol", "git.com/jfrog/jfrog-client-go"}, } for _, test := range tests { From ef7074514b20a0f7f8dc1ae4d6e4c476b7bd98f6 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 2 Dec 2024 10:02:11 +0200 Subject: [PATCH 18/39] Add Ignore rule git attribute, fix categories --- xray/services/ignorerule.go | 2 +- xray/services/utils/ignorerulebody.go | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/xray/services/ignorerule.go b/xray/services/ignorerule.go index 952332555..e860a586a 100644 --- a/xray/services/ignorerule.go +++ b/xray/services/ignorerule.go @@ -64,7 +64,7 @@ func (xirs *IgnoreRuleService) Delete(ignoreRuleId string) error { } // Create will create a new Xray ignore rule -// The function creates the ignore rule and returns its id which is recieved after post +// The function creates the ignore rule and returns its id which is received after post func (xirs *IgnoreRuleService) Create(params utils.IgnoreRuleParams) (ignoreRuleId string, err error) { ignoreRuleBody := utils.CreateIgnoreRuleBody(params) content, err := json.Marshal(ignoreRuleBody) diff --git a/xray/services/utils/ignorerulebody.go b/xray/services/utils/ignorerulebody.go index 4b465a162..8102f9e9d 100644 --- a/xray/services/utils/ignorerulebody.go +++ b/xray/services/utils/ignorerulebody.go @@ -20,6 +20,7 @@ type IgnoreFilters struct { Vulnerabilities []string `json:"vulnerabilities,omitempty"` Licenses []string `json:"licenses,omitempty"` CVEs []string `json:"cves,omitempty"` + GitRepositories []string `json:"git_repositories,omitempty"` Policies []string `json:"policies,omitempty"` Watches []string `json:"watches,omitempty"` DockerLayers []string `json:"docker-layers,omitempty"` @@ -42,12 +43,12 @@ type IgnoreFilterNameVersionPath struct { } type ExposuresFilterName struct { - Catagories []ExposuresCatagories `json:"catagories,omitempty"` + Categories []ExposuresCategories `json:"categories,omitempty"` Scanners []string `json:"scanners,omitempty"` FilePath []string `json:"file_path,omitempty"` } -type ExposuresCatagories struct { +type ExposuresCategories struct { Secrets bool `json:"secrets,omitempty"` Services bool `json:"services,omitempty"` Applications bool `json:"applications,omitempty"` From ba0c6c74db7ad350d833bb1591c2cf9ce199a6b7 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 2 Dec 2024 14:10:42 +0200 Subject: [PATCH 19/39] Parse policy Field from scan response --- xray/services/scan.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xray/services/scan.go b/xray/services/scan.go index 3895c752e..2ebfcfade 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -243,6 +243,7 @@ type Violation struct { LicenseKey string `json:"license_key,omitempty"` LicenseName string `json:"license_name,omitempty"` IgnoreUrl string `json:"ignore_url,omitempty"` + Policies []Policy `json:"policies,omitempty"` RiskReason string `json:"risk_reason,omitempty"` IsEol *bool `json:"is_eol,omitempty"` EolMessage string `json:"eol_message,omitempty"` @@ -320,6 +321,11 @@ type JfrogResearchSeverityReason struct { IsPositive bool `json:"is_positive,omitempty"` } +type Policy struct { + Policy string `json:"policy,omitempty"` + Rule string `json:"rule,omitempty"` +} + type XscPostContextResponse struct { MultiScanId string `json:"multi_scan_id,omitempty"` } From 2a7081eeed8392aa6107bf4db618dc8807b44a42 Mon Sep 17 00:00:00 2001 From: attiasas Date: Fri, 13 Dec 2024 10:31:48 +0200 Subject: [PATCH 20/39] remove old input to the right place, simplify git url input --- .../services/utils/tests/xray/consts.go | 8 ++-- xray/services/enrich.go | 7 ++-- xray/services/scan.go | 42 +++++-------------- xray/services/scan_test.go | 14 +++---- xsc/services/analytics.go | 18 ++++++-- 5 files changed, 39 insertions(+), 50 deletions(-) diff --git a/artifactory/services/utils/tests/xray/consts.go b/artifactory/services/utils/tests/xray/consts.go index 56ec4d227..2d8319278 100644 --- a/artifactory/services/utils/tests/xray/consts.go +++ b/artifactory/services/utils/tests/xray/consts.go @@ -1,6 +1,8 @@ package xray -import xrayServices "github.com/jfrog/jfrog-client-go/xray/services" +import ( + xscServices "github.com/jfrog/jfrog-client-go/xsc/services" +) const ScanResponse = ` { @@ -1437,13 +1439,13 @@ const XscGitInfoResponse = `{"multi_scan_id": "3472b4e2-bddc-11ee-a9c9-acde48001 const XscGitInfoBadResponse = `"failed create git info request: git_repo_url field must contain value"` -var GitInfoContextWithMinimalRequiredFields = xrayServices.XscGitInfoContext{ +var GitInfoContextWithMinimalRequiredFields = xscServices.XscGitInfoContext{ GitRepoHttpsCloneUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", BranchName: "feature/XRAY-123-cool-feature", LastCommitHash: "acc5e24e69a-d3c1-4022-62eb-69e4a1e5", } -var GitInfoContextWithMissingFields = xrayServices.XscGitInfoContext{ +var GitInfoContextWithMissingFields = xscServices.XscGitInfoContext{ GitRepoHttpsCloneUrl: "https://git.jfrog.info/projects/XSC/repos/xsc-service", BranchName: "feature/XRAY-123-cool-feature", } diff --git a/xray/services/enrich.go b/xray/services/enrich.go index 7c0924c84..346bb7cd4 100644 --- a/xray/services/enrich.go +++ b/xray/services/enrich.go @@ -91,8 +91,7 @@ func (es *EnrichService) GetImportGraphResults(scanId string) (*ScanResponse, er type XrayGraphImportParams struct { // A path in Artifactory that this Artifact is intended to be deployed to. // This will provide a way to extract the watches that should be applied on this graph - ScanType ScanType - SBOMInput []byte - XscGitInfoContext *XscGitInfoContext - XscVersion string + ScanType ScanType + SBOMInput []byte + XscVersion string } diff --git a/xray/services/scan.go b/xray/services/scan.go index 2ebfcfade..e2be0601e 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -78,15 +78,11 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { } } } - + // Xsc params are used only when XSC is enabled and MultiScanId is provided if scanParams.XscVersion != "" && scanParams.MultiScanId != "" { params = append(params, multiScanIdParam+scanParams.MultiScanId) - gitInfoContext := scanParams.XscGitInfoContext - if gitInfoContext != nil { - if len(gitInfoContext.Technologies) > 0 { - // Append the tech type, each graph can contain only one tech type - params = append(params, scanTechQueryParam+gitInfoContext.Technologies[0]) - } + if scanParams.Technology != "" { + params = append(params, scanTechQueryParam+scanParams.Technology) } } @@ -94,9 +90,9 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { params = append(params, scanTypeQueryParam+string(scanParams.ScanType)) } - if isGitRepoUrlSupported(scanParams.XrayVersion) && scanParams.XscGitInfoContext != nil && scanParams.XscGitInfoContext.GitRepoHttpsCloneUrl != "" { + if isGitRepoUrlSupported(scanParams.XrayVersion) && scanParams.GitRepoHttpsCloneUrl != "" { // Add git repo key to the query params to produce violations defined in the git repo policy - params = append(params, gitRepoKeyQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.XscGitInfoContext.GitRepoHttpsCloneUrl)) + params = append(params, gitRepoKeyQueryParam+xscUtils.GetGitRepoUrlKey(scanParams.GitRepoHttpsCloneUrl)) } if len(params) == 0 { @@ -195,7 +191,10 @@ func (ss *ScanService) GetScanGraphResults(scanId, xrayVersion string, includeVu type XrayGraphScanParams struct { // A path in Artifactory that this Artifact is intended to be deployed to. // This will provide a way to extract the watches that should be applied on this graph - RepoPath string + RepoPath string + // This will provide a way to extract the watches that should be applied on this graph + GitRepoHttpsCloneUrl string + // This will provide a way to extract the watches that should be applied on this graph ProjectKey string Watches []string ScanType ScanType @@ -205,9 +204,9 @@ type XrayGraphScanParams struct { BinaryGraph *xrayUtils.BinaryGraphNode IncludeVulnerabilities bool IncludeLicenses bool - XscGitInfoContext *XscGitInfoContext XscVersion string XrayVersion string + Technology string MultiScanId string } @@ -326,27 +325,6 @@ type Policy struct { Rule string `json:"rule,omitempty"` } -type XscPostContextResponse struct { - MultiScanId string `json:"multi_scan_id,omitempty"` -} - -type XscVersionResponse struct { - Version string `json:"xsc_version"` -} - -type XscGitInfoContext struct { - GitRepoHttpsCloneUrl string `json:"git_repo_url"` - GitRepoName string `json:"git_repo_name,omitempty"` - GitProject string `json:"git_project,omitempty"` - GitProvider string `json:"git_provider,omitempty"` - Technologies []string `json:"technologies,omitempty"` - BranchName string `json:"branch_name"` - LastCommitUrl string `json:"last_commit,omitempty"` - LastCommitHash string `json:"commit_hash"` - LastCommitMessage string `json:"commit_message,omitempty"` - LastCommitAuthor string `json:"commit_author,omitempty"` -} - func (gp *XrayGraphScanParams) GetProjectKey() string { return gp.ProjectKey } diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 2366448bc..472bea801 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -35,14 +35,12 @@ func TestCreateScanGraphQueryParams(t *testing.T) { for _, test := range tests { t.Run(test.testName, func(t *testing.T) { params := XrayGraphScanParams{ - RepoPath: test.repoPath, - Watches: test.watches, - ProjectKey: test.projectKey, - ScanType: test.scanType, - XrayVersion: test.xrayVersion, - XscGitInfoContext: &XscGitInfoContext{ - GitRepoHttpsCloneUrl: test.gitRepoUrl, - }, + RepoPath: test.repoPath, + Watches: test.watches, + ProjectKey: test.projectKey, + ScanType: test.scanType, + XrayVersion: test.xrayVersion, + GitRepoHttpsCloneUrl: test.gitRepoUrl, } actualQuery := createScanGraphQueryParams(params) if actualQuery != test.expectedQuery { diff --git a/xsc/services/analytics.go b/xsc/services/analytics.go index 8603f7e9f..36ea510ca 100644 --- a/xsc/services/analytics.go +++ b/xsc/services/analytics.go @@ -9,7 +9,6 @@ import ( "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" "github.com/jfrog/jfrog-client-go/utils" "github.com/jfrog/jfrog-client-go/utils/errorutils" - "github.com/jfrog/jfrog-client-go/xray/services" xscutils "github.com/jfrog/jfrog-client-go/xsc/services/utils" ) @@ -117,8 +116,21 @@ func (vs *AnalyticsEventService) GetGeneralEvent(msi string) (*XscAnalyticsGener // XscAnalyticsGeneralEvent extend the basic struct with Frogbot related info. type XscAnalyticsGeneralEvent struct { XscAnalyticsBasicGeneralEvent - GitInfo *services.XscGitInfoContext `json:"gitinfo,omitempty"` - IsGitInfoFlow bool `json:"is_gitinfo_flow,omitempty"` + GitInfo *XscGitInfoContext `json:"gitinfo,omitempty"` + IsGitInfoFlow bool `json:"is_gitinfo_flow,omitempty"` +} + +type XscGitInfoContext struct { + GitRepoHttpsCloneUrl string `json:"git_repo_url"` + GitRepoName string `json:"git_repo_name,omitempty"` + GitProject string `json:"git_project,omitempty"` + GitProvider string `json:"git_provider,omitempty"` + Technologies []string `json:"technologies,omitempty"` + BranchName string `json:"branch_name"` + LastCommitUrl string `json:"last_commit,omitempty"` + LastCommitHash string `json:"commit_hash"` + LastCommitMessage string `json:"commit_message,omitempty"` + LastCommitAuthor string `json:"commit_author,omitempty"` } type XscAnalyticsGeneralEventFinalize struct { From a1c11b2d7b25fb357e37e749b9c433144b897129 Mon Sep 17 00:00:00 2001 From: attiasas Date: Fri, 13 Dec 2024 14:52:38 +0200 Subject: [PATCH 21/39] use diff min version for git repo url --- xray/services/scan.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index e2be0601e..275544228 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -47,7 +47,8 @@ const ( scanTechQueryParam = "tech=" - gitRepoKeyQueryParam = "git_repo=" + gitRepoKeyQueryParam = "git_repo=" + MinXrayVersionGitRepoKey = "3.108.0" XscVersionAPI = "system/version" ) @@ -102,7 +103,7 @@ func createScanGraphQueryParams(scanParams XrayGraphScanParams) string { } func isGitRepoUrlSupported(xrayVersion string) bool { - return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, xscUtils.MinXrayVersionXscTransitionToXray) == nil + return clientUtils.ValidateMinimumVersion(clientUtils.Xray, xrayVersion, MinXrayVersionGitRepoKey) == nil } func (ss *ScanService) ScanGraph(scanParams XrayGraphScanParams) (string, error) { From c2d37b1ce236af0a03074199abde4b90874f3f9b Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 09:41:00 +0200 Subject: [PATCH 22/39] fix tests --- xray/services/scan_test.go | 67 +++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 30 deletions(-) diff --git a/xray/services/scan_test.go b/xray/services/scan_test.go index 472bea801..a7bdac2d1 100644 --- a/xray/services/scan_test.go +++ b/xray/services/scan_test.go @@ -3,46 +3,53 @@ package services import ( "fmt" "testing" - - xscUtils "github.com/jfrog/jfrog-client-go/xsc/services/utils" ) func TestCreateScanGraphQueryParams(t *testing.T) { tests := []struct { testName string - projectKey string - repoPath string - gitRepoUrl string - watches []string - scanType ScanType - xrayVersion string + params XrayGraphScanParams expectedQuery string }{ - {"with_project_key", "p1", "", "", nil, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s", projectQueryParam, "p1", scanTypeQueryParam, Binary)}, - - {"with_repo_path", "", "r1", "", nil, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s", repoPathQueryParam, "r1", scanTypeQueryParam, Binary)}, - - {"with_watches", "", "", "", []string{"w1", "w2"}, Binary, "0.0.0", fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary)}, - - {"with_empty_watch_string", "", "", "", []string{""}, "", xscUtils.MinXrayVersionXscTransitionToXray, ""}, - - {"without_context", "", "", "", nil, Dependency, xscUtils.MinXrayVersionXscTransitionToXray, fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency)}, - - {"without_scan_type", "", "", "", []string{"w1", "w2"}, "", "0.0.0", fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2")}, - - {"with_git_repo_url", "", "", "http://some-url", nil, Dependency, xscUtils.MinXrayVersionXscTransitionToXray, fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url.git")}, + { + testName: "with_project_key", + params: XrayGraphScanParams{ProjectKey: "p1", ScanType: Binary}, + expectedQuery: fmt.Sprintf("?%s%s&%s%s", projectQueryParam, "p1", scanTypeQueryParam, Binary), + }, + { + testName: "with_repo_path", + params: XrayGraphScanParams{RepoPath: "r1", ScanType: Binary}, + expectedQuery: fmt.Sprintf("?%s%s&%s%s", repoPathQueryParam, "r1", scanTypeQueryParam, Binary), + }, + { + testName: "with_watches", + params: XrayGraphScanParams{Watches: []string{"w1", "w2"}, ScanType: Binary}, + expectedQuery: fmt.Sprintf("?%s%s&%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2", scanTypeQueryParam, Binary), + }, + { + testName: "with_empty_watch_string", + params: XrayGraphScanParams{Watches: []string{""}}, + expectedQuery: "", + }, + { + testName: "without_context", + params: XrayGraphScanParams{ScanType: Dependency, XrayVersion: MinXrayVersionGitRepoKey}, + expectedQuery: fmt.Sprintf("?%s%s", scanTypeQueryParam, Dependency), + }, + { + testName: "without_scan_type", + params: XrayGraphScanParams{Watches: []string{"w1", "w2"}}, + expectedQuery: fmt.Sprintf("?%s%s&%s%s", watchesQueryParam, "w1", watchesQueryParam, "w2"), + }, + { + testName: "with_git_repo_url", + params: XrayGraphScanParams{GitRepoHttpsCloneUrl: "http://some-url", ScanType: Dependency, XrayVersion: MinXrayVersionGitRepoKey}, + expectedQuery: fmt.Sprintf("?%s%s&%s%s", scanTypeQueryParam, Dependency, gitRepoKeyQueryParam, "some-url.git"), + }, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { - params := XrayGraphScanParams{ - RepoPath: test.repoPath, - Watches: test.watches, - ProjectKey: test.projectKey, - ScanType: test.scanType, - XrayVersion: test.xrayVersion, - GitRepoHttpsCloneUrl: test.gitRepoUrl, - } - actualQuery := createScanGraphQueryParams(params) + actualQuery := createScanGraphQueryParams(test.params) if actualQuery != test.expectedQuery { t.Error(test.testName, "Expecting:", test.expectedQuery, "Got:", actualQuery) } From 26f6d53ad581725609233ed6a4b60d9c4c3120da Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 09:49:41 +0200 Subject: [PATCH 23/39] add sast ignore params --- xray/services/utils/ignorerulebody.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/xray/services/utils/ignorerulebody.go b/xray/services/utils/ignorerulebody.go index 8102f9e9d..1ac2f5e23 100644 --- a/xray/services/utils/ignorerulebody.go +++ b/xray/services/utils/ignorerulebody.go @@ -26,12 +26,19 @@ type IgnoreFilters struct { DockerLayers []string `json:"docker-layers,omitempty"` OperationalRisks []string `json:"operational_risk,omitempty"` Exposures []ExposuresFilterName `json:"exposures,omitempty"` + Sast []SastFilterName `json:"sast,omitempty"` ReleaseBundles []IgnoreFilterNameVersion `json:"release-bundles,omitempty"` Builds []IgnoreFilterNameVersion `json:"builds,omitempty"` Components []IgnoreFilterNameVersion `json:"components,omitempty"` Artifacts []IgnoreFilterNameVersionPath `json:"artifacts,omitempty"` } +type SastFilterName struct { + Fingerprint []string `json:"fingerprint,omitempty"` + Rule []string `json:"rule,omitempty"` + FilePath []string `json:"file_path,omitempty"` +} + type IgnoreFilterNameVersion struct { Name string `json:"name"` Version string `json:"version,omitempty"` From 3a7eca30101e419afbcf30f7d8f0862ff35c4ed6 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 10:11:15 +0200 Subject: [PATCH 24/39] add policy criteria for expo and sast --- xray/services/utils/policybody.go | 36 +++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go index b1b33eec1..2cef537df 100644 --- a/xray/services/utils/policybody.go +++ b/xray/services/utils/policybody.go @@ -56,8 +56,10 @@ type PolicyRule struct { type PolicyCriteria struct { // Security - MinSeverity Severity `json:"min_severity,omitempty"` - CvssRange *PolicyCvssRange `json:"cvss_range,omitempty"` + MinSeverity Severity `json:"min_severity,omitempty"` + CvssRange *PolicyCvssRange `json:"cvss_range,omitempty"` + Exposures *PolicyExposureCriteria `json:"exposures,omitempty"` + Sast *PolicySastCriteria `json:"sast,omitempty"` // License AllowedLicenses []string `json:"allowed_licenses,omitempty"` @@ -66,6 +68,19 @@ type PolicyCriteria struct { MultiLicensePermissive *bool `json:"multi_license_permissive,omitempty"` } +type PolicyExposureCriteria struct { + MinSeverity Severity `json:"min_severity,omitempty"` + Secrets *bool `json:"secrets,omitempty"` + Applications *bool `json:"applications,omitempty"` + Services *bool `json:"services,omitempty"` + IaC *bool `json:"iac,omitempty"` + MaliciousCode *bool `json:"malicious_code,omitempty"` +} + +type PolicySastCriteria struct { + MinSeverity Severity `json:"min_severity,omitempty"` +} + type PolicyCvssRange struct { From float64 `json:"from,omitempty"` To float64 `json:"to,omitempty"` @@ -93,6 +108,23 @@ func CreateSeverityPolicyCriteria(minSeverity Severity) *PolicyCriteria { } } +func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, services, iac, maliciousCode bool) *PolicyExposureCriteria { + criteria := &PolicyExposureCriteria{MinSeverity: minSeverity} + if secrets { + criteria.Secrets = &secrets + } + if applications { + criteria.Applications = &applications + } + if services { + criteria.Services = &services + } + if iac { + criteria.IaC = &iac + } + return criteria +} + // Create security policy criteria with range. // from - CVSS range from 0.0 to 10.0 // to - CVSS range from 0.0 to 10.0 From efd7feb7362366aa21f8d84d58fee66bbeddd051 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 10:48:19 +0200 Subject: [PATCH 25/39] tidy --- go.sum | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/go.sum b/go.sum index 87554483e..5999aec94 100644 --- a/go.sum +++ b/go.sum @@ -124,8 +124,6 @@ github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMx github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8= github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= @@ -144,19 +142,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= From e1f513bd7f068e4c285fb6fa91f0ecbc7f756c6f Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 10:50:50 +0200 Subject: [PATCH 26/39] improve xcreate policy rule --- xray/services/utils/policybody.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go index 2cef537df..303935b1b 100644 --- a/xray/services/utils/policybody.go +++ b/xray/services/utils/policybody.go @@ -108,19 +108,19 @@ func CreateSeverityPolicyCriteria(minSeverity Severity) *PolicyCriteria { } } -func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, services, iac, maliciousCode bool) *PolicyExposureCriteria { - criteria := &PolicyExposureCriteria{MinSeverity: minSeverity} +func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, services, iac, maliciousCode bool) *PolicyCriteria { + criteria := &PolicyCriteria{Exposures: &PolicyExposureCriteria{MinSeverity: minSeverity}} if secrets { - criteria.Secrets = &secrets + criteria.Exposures.Secrets = &secrets } if applications { - criteria.Applications = &applications + criteria.Exposures.Applications = &applications } if services { - criteria.Services = &services + criteria.Exposures.Services = &services } if iac { - criteria.IaC = &iac + criteria.Exposures.IaC = &iac } return criteria } From 1cce31921430e923746bfd4a0bec582f2ece35c6 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 15 Dec 2024 10:53:45 +0200 Subject: [PATCH 27/39] create sast criteria --- xray/services/utils/policybody.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go index 303935b1b..072ecec8c 100644 --- a/xray/services/utils/policybody.go +++ b/xray/services/utils/policybody.go @@ -125,6 +125,14 @@ func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, return criteria } +func CreateSastPolicyCriteria(minSeverity Severity) *PolicyCriteria { + return &PolicyCriteria{ + Sast: &PolicySastCriteria{ + MinSeverity: minSeverity, + }, + } +} + // Create security policy criteria with range. // from - CVSS range from 0.0 to 10.0 // to - CVSS range from 0.0 to 10.0 From edc3f6f0453ddfc3520c5e8b91b6db149f57da21 Mon Sep 17 00:00:00 2001 From: attiasas Date: Mon, 16 Dec 2024 16:42:08 +0200 Subject: [PATCH 28/39] fix ignore rule api --- xray/services/utils/ignorerulebody.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/xray/services/utils/ignorerulebody.go b/xray/services/utils/ignorerulebody.go index 1ac2f5e23..42e8aa996 100644 --- a/xray/services/utils/ignorerulebody.go +++ b/xray/services/utils/ignorerulebody.go @@ -2,6 +2,13 @@ package utils import "time" +const ( + SecretExposureType ExposureType = "secret" + IacExposureType ExposureType = "iac" +) + +type ExposureType string + type IgnoreRuleParams struct { Notes string `json:"notes"` ExpiresAt time.Time `json:"expires_at,omitempty"` @@ -50,9 +57,9 @@ type IgnoreFilterNameVersionPath struct { } type ExposuresFilterName struct { - Categories []ExposuresCategories `json:"categories,omitempty"` - Scanners []string `json:"scanners,omitempty"` - FilePath []string `json:"file_path,omitempty"` + Categories []ExposureType `json:"categories,omitempty"` + Scanners []string `json:"scanners,omitempty"` + FilePath []string `json:"file_path,omitempty"` } type ExposuresCategories struct { From 40e1ca405a86f70c6c62bd80426030e6b9b2f9ad Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 17 Dec 2024 09:34:27 +0200 Subject: [PATCH 29/39] add validations on ignore filters, fix secrets type --- xray/services/ignorerule.go | 21 +++++++++++++++++ xray/services/utils/ignorerulebody.go | 2 +- xray/services/watch.go | 33 +++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 1 deletion(-) diff --git a/xray/services/ignorerule.go b/xray/services/ignorerule.go index e860a586a..b0b24ced1 100644 --- a/xray/services/ignorerule.go +++ b/xray/services/ignorerule.go @@ -67,6 +67,9 @@ func (xirs *IgnoreRuleService) Delete(ignoreRuleId string) error { // The function creates the ignore rule and returns its id which is received after post func (xirs *IgnoreRuleService) Create(params utils.IgnoreRuleParams) (ignoreRuleId string, err error) { ignoreRuleBody := utils.CreateIgnoreRuleBody(params) + if err = validateIgnoreFilters(ignoreRuleBody.IgnoreFilters); err != nil { + return "", err + } content, err := json.Marshal(ignoreRuleBody) if err != nil { return "", errorutils.CheckError(err) @@ -98,6 +101,24 @@ func (xirs *IgnoreRuleService) Create(params utils.IgnoreRuleParams) (ignoreRule return ignoreRuleId, nil } +func validateIgnoreFilters(ignoreFilters utils.IgnoreFilters) error { + filters := 0 + if len(ignoreFilters.CVEs) > 0 { + filters++ + } + if len(ignoreFilters.Vulnerabilities) > 0 { + filters++ + } + if len(ignoreFilters.Licenses) > 0 { + filters++ + } + // if more than one filter is set, notify the user + if filters > 1 { + return errorutils.CheckErrorf("only one filter can be set at a time, found %d filters", filters) + } + return nil +} + func getIgnoreRuleIdFromBody(body []byte) (string, error) { str := string(body) diff --git a/xray/services/utils/ignorerulebody.go b/xray/services/utils/ignorerulebody.go index 42e8aa996..5f80dde27 100644 --- a/xray/services/utils/ignorerulebody.go +++ b/xray/services/utils/ignorerulebody.go @@ -3,7 +3,7 @@ package utils import "time" const ( - SecretExposureType ExposureType = "secret" + SecretExposureType ExposureType = "secrets" IacExposureType ExposureType = "iac" ) diff --git a/xray/services/watch.go b/xray/services/watch.go index ac71623ea..4aab81ce8 100644 --- a/xray/services/watch.go +++ b/xray/services/watch.go @@ -144,6 +144,39 @@ func (xws *WatchService) Update(params utils.WatchParams) error { return nil } +// type ResourcesWatches struct { +// GitRepositoryWatches []string `json:"git_repository_watches,omitempty"` +// ProjectWatches []string `json:"project_watches,omitempty"` +// } + +// func (xws *WatchService) GetResourceWatches(gitRepo, project string) (watches *ResourcesWatches, err error) { +// httpClientsDetails := xws.XrayDetails.CreateHttpClientDetails() +// log.Info("Getting resource watches...") +// resp, body, _, err := xws.client.SendGet(xws.getWatchURL(), true, &httpClientsDetails) +// if err != nil { +// return nil, err +// } +// if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { +// return nil, err +// } + +// watches := []utils.WatchBody{} +// err = json.Unmarshal(body, &watches) +// if err != nil { +// return nil, errors.New("failed unmarshalling watches") +// } + +// for _, watch := range watches { +// if watch.GeneralData.Name == gitRepo+"-"+project { +// watchNames = append(watchNames, watch.GeneralData.Name) +// } +// } + +// log.Debug("Xray response:", resp.Status) +// log.Info("Done getting resource watches.") +// return watchNames, nil +// } + // Get retrieves the details about an Xray watch by its name // It will error if no watch can be found by that name. func (xws *WatchService) Get(watchName string) (watchResp *utils.WatchParams, err error) { From 89b3de43900703d4dafdfc514ca4d405d98dbd27 Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 17 Dec 2024 09:37:46 +0200 Subject: [PATCH 30/39] fix ignore validation --- xray/services/ignorerule.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xray/services/ignorerule.go b/xray/services/ignorerule.go index b0b24ced1..446601503 100644 --- a/xray/services/ignorerule.go +++ b/xray/services/ignorerule.go @@ -102,19 +102,19 @@ func (xirs *IgnoreRuleService) Create(params utils.IgnoreRuleParams) (ignoreRule } func validateIgnoreFilters(ignoreFilters utils.IgnoreFilters) error { - filters := 0 + filters := []string{} if len(ignoreFilters.CVEs) > 0 { - filters++ + filters = append(filters, "CVEs") } - if len(ignoreFilters.Vulnerabilities) > 0 { - filters++ + if len(ignoreFilters.Exposures) > 0 { + filters = append(filters, "Exposures") } - if len(ignoreFilters.Licenses) > 0 { - filters++ + if len(ignoreFilters.Sast) > 0 { + filters = append(filters, "Sast") } // if more than one filter is set, notify the user - if filters > 1 { - return errorutils.CheckErrorf("only one filter can be set at a time, found %d filters", filters) + if len(filters) > 1 { + return errorutils.CheckErrorf("more than one ignore filter is set, split them to multiple ignore rules: %v", filters) } return nil } From 4bd37001edf4c7e79aafe47ff3dc67bc481a3126 Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 17 Dec 2024 10:06:51 +0200 Subject: [PATCH 31/39] fix ignore rule attribs --- xray/services/ignorerule.go | 4 ++-- xray/services/utils/ignorerulebody.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/xray/services/ignorerule.go b/xray/services/ignorerule.go index 446601503..30ba30f15 100644 --- a/xray/services/ignorerule.go +++ b/xray/services/ignorerule.go @@ -106,10 +106,10 @@ func validateIgnoreFilters(ignoreFilters utils.IgnoreFilters) error { if len(ignoreFilters.CVEs) > 0 { filters = append(filters, "CVEs") } - if len(ignoreFilters.Exposures) > 0 { + if ignoreFilters.Exposures != nil { filters = append(filters, "Exposures") } - if len(ignoreFilters.Sast) > 0 { + if ignoreFilters.Sast != nil { filters = append(filters, "Sast") } // if more than one filter is set, notify the user diff --git a/xray/services/utils/ignorerulebody.go b/xray/services/utils/ignorerulebody.go index 5f80dde27..37e2d206b 100644 --- a/xray/services/utils/ignorerulebody.go +++ b/xray/services/utils/ignorerulebody.go @@ -32,8 +32,8 @@ type IgnoreFilters struct { Watches []string `json:"watches,omitempty"` DockerLayers []string `json:"docker-layers,omitempty"` OperationalRisks []string `json:"operational_risk,omitempty"` - Exposures []ExposuresFilterName `json:"exposures,omitempty"` - Sast []SastFilterName `json:"sast,omitempty"` + Exposures *ExposuresFilterName `json:"exposures,omitempty"` + Sast *SastFilterName `json:"sast,omitempty"` ReleaseBundles []IgnoreFilterNameVersion `json:"release-bundles,omitempty"` Builds []IgnoreFilterNameVersion `json:"builds,omitempty"` Components []IgnoreFilterNameVersion `json:"components,omitempty"` From 0277f139ec85af8b444c6d2b7c03eccb2af1a855 Mon Sep 17 00:00:00 2001 From: attiasas Date: Tue, 17 Dec 2024 18:23:41 +0200 Subject: [PATCH 32/39] add GetResourceWatches API --- xray/services/utils/watchbody.go | 5 ++ xray/services/watch.go | 33 ------------- xray/services/xsc/xsc.go | 7 +++ xsc/services/watch.go | 82 ++++++++++++++++++++++++++++++++ 4 files changed, 94 insertions(+), 33 deletions(-) create mode 100644 xsc/services/watch.go diff --git a/xray/services/utils/watchbody.go b/xray/services/utils/watchbody.go index aee708ff3..8fbffcb47 100644 --- a/xray/services/utils/watchbody.go +++ b/xray/services/utils/watchbody.go @@ -161,6 +161,11 @@ type watchFilterPropertyValue struct { Value string `json:"value"` } +type ResourcesWatchesBody struct { + GitRepositoryWatches []string `json:"git_repository_watches,omitempty"` + ProjectWatches []string `json:"project_watches,omitempty"` +} + // CreateBody creates a payload to configure a Watch in Xray // This can configure repositories and builds // However, bundles are not supported. diff --git a/xray/services/watch.go b/xray/services/watch.go index 4aab81ce8..ac71623ea 100644 --- a/xray/services/watch.go +++ b/xray/services/watch.go @@ -144,39 +144,6 @@ func (xws *WatchService) Update(params utils.WatchParams) error { return nil } -// type ResourcesWatches struct { -// GitRepositoryWatches []string `json:"git_repository_watches,omitempty"` -// ProjectWatches []string `json:"project_watches,omitempty"` -// } - -// func (xws *WatchService) GetResourceWatches(gitRepo, project string) (watches *ResourcesWatches, err error) { -// httpClientsDetails := xws.XrayDetails.CreateHttpClientDetails() -// log.Info("Getting resource watches...") -// resp, body, _, err := xws.client.SendGet(xws.getWatchURL(), true, &httpClientsDetails) -// if err != nil { -// return nil, err -// } -// if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { -// return nil, err -// } - -// watches := []utils.WatchBody{} -// err = json.Unmarshal(body, &watches) -// if err != nil { -// return nil, errors.New("failed unmarshalling watches") -// } - -// for _, watch := range watches { -// if watch.GeneralData.Name == gitRepo+"-"+project { -// watchNames = append(watchNames, watch.GeneralData.Name) -// } -// } - -// log.Debug("Xray response:", resp.Status) -// log.Info("Done getting resource watches.") -// return watchNames, nil -// } - // Get retrieves the details about an Xray watch by its name // It will error if no watch can be found by that name. func (xws *WatchService) Get(watchName string) (watchResp *utils.WatchParams, err error) { diff --git a/xray/services/xsc/xsc.go b/xray/services/xsc/xsc.go index cc5119a99..8f20569a1 100644 --- a/xray/services/xsc/xsc.go +++ b/xray/services/xsc/xsc.go @@ -3,6 +3,7 @@ package xsc import ( "github.com/jfrog/jfrog-client-go/auth" "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/xray/services/utils" "github.com/jfrog/jfrog-client-go/xsc/services" ) @@ -52,3 +53,9 @@ func (xs *XscInnerService) GetConfigProfile(profileName string) (*services.Confi configProfileService.XrayDetails = xs.XrayDetails return configProfileService.GetConfigurationProfile(profileName) } + +func (xs *XscInnerService) GetResourceWatches(gitRepo, project string) (watches *utils.ResourcesWatchesBody, err error) { + watchService := services.NewWatchService(xs.client) + watchService.XrayDetails = xs.XrayDetails + return watchService.GetResourceWatches(gitRepo, project) +} diff --git a/xsc/services/watch.go b/xsc/services/watch.go new file mode 100644 index 000000000..e8ee02dc6 --- /dev/null +++ b/xsc/services/watch.go @@ -0,0 +1,82 @@ +package services + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + "strings" + + "github.com/jfrog/jfrog-client-go/auth" + "github.com/jfrog/jfrog-client-go/http/jfroghttpclient" + "github.com/jfrog/jfrog-client-go/utils" + "github.com/jfrog/jfrog-client-go/utils/errorutils" + "github.com/jfrog/jfrog-client-go/utils/log" + + api "github.com/jfrog/jfrog-client-go/xray/services/utils" + xscutils "github.com/jfrog/jfrog-client-go/xsc/services/utils" +) + +const ( + watchAPIUrl = "watches" + gitRepoResourceUrlKey = "git_repository" + projectResourceUrlKey = "project" +) + +// WatchService defines the http client and Xray details +type WatchService struct { + client *jfroghttpclient.JfrogHttpClient + XrayDetails auth.ServiceDetails +} + +// NewWatchService creates a new Xray Watch Service +func NewWatchService(client *jfroghttpclient.JfrogHttpClient) *WatchService { + return &WatchService{client: client} +} + +// GetResourceWatches retrieves the active watches that are associated with a specific git repository and project +func (xws *WatchService) GetResourceWatches(gitRepo, project string) (watches *api.ResourcesWatchesBody, err error) { + if gitRepo == "" && project == "" { + return nil, errors.New("no resources provided") + } + httpClientsDetails := xws.XrayDetails.CreateHttpClientDetails() + log.Info(fmt.Sprintf("Getting resources (%s) active watches...", getResourcesString(gitRepo, project))) + resp, body, _, err := xws.client.SendGet(xws.getWatchURL(gitRepo, project), true, &httpClientsDetails) + if err != nil { + return + } + if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil { + return + } + log.Debug(fmt.Sprintf("Xray response (status %s): %s", resp.Status, body)) + watches = &api.ResourcesWatchesBody{} + err = json.Unmarshal(body, &watches) + if err != nil { + return nil, errors.New("failed un-marshalling resources watches body") + } + log.Info(fmt.Sprintf("Found %d active watches", len(watches.GitRepositoryWatches)+len(watches.ProjectWatches))) + return +} + +func getResourcesString(gitRepo, project string) string { + providedResources := []string{} + if gitRepo != "" { + providedResources = append(providedResources, fmt.Sprintf("git repository: %s", gitRepo)) + } + if project != "" { + providedResources = append(providedResources, fmt.Sprintf("project: %s", project)) + } + return strings.Join(providedResources, ", ") +} + +func (xws *WatchService) getWatchURL(gitRepo, project string) string { + url := utils.AddTrailingSlashIfNeeded(xws.XrayDetails.GetUrl()) + xscutils.XscInXraySuffix + watchAPIUrl + params := []string{} + if gitRepo != "" { + params = append(params, fmt.Sprintf("%s=%s", gitRepoResourceUrlKey, gitRepo)) + } + if project != "" { + params = append(params, fmt.Sprintf("%s=%s", projectResourceUrlKey, project)) + } + return url + "?" + strings.Join(params, "&") +} From 829496437b3b9148b650358fcdba9e0d5f228d6c Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 18 Dec 2024 12:24:42 +0300 Subject: [PATCH 33/39] fux url --- xsc/services/watch.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xsc/services/watch.go b/xsc/services/watch.go index e8ee02dc6..d187f3ca6 100644 --- a/xsc/services/watch.go +++ b/xsc/services/watch.go @@ -18,7 +18,7 @@ import ( ) const ( - watchAPIUrl = "watches" + watchResourceAPIUrl = "watches/resource" gitRepoResourceUrlKey = "git_repository" projectResourceUrlKey = "project" ) @@ -70,7 +70,7 @@ func getResourcesString(gitRepo, project string) string { } func (xws *WatchService) getWatchURL(gitRepo, project string) string { - url := utils.AddTrailingSlashIfNeeded(xws.XrayDetails.GetUrl()) + xscutils.XscInXraySuffix + watchAPIUrl + url := utils.AddTrailingSlashIfNeeded(xws.XrayDetails.GetUrl()) + xscutils.XscInXraySuffix + watchResourceAPIUrl params := []string{} if gitRepo != "" { params = append(params, fmt.Sprintf("%s=%s", gitRepoResourceUrlKey, gitRepo)) From f65888aed13c4eca55c209653e2c6ad12f8c2ca7 Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 18 Dec 2024 13:07:58 +0300 Subject: [PATCH 34/39] replace git repo key in query params --- xray/services/scan.go | 2 +- xsc/services/watch.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 275544228..79dba9d8a 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -48,7 +48,7 @@ const ( scanTechQueryParam = "tech=" gitRepoKeyQueryParam = "git_repo=" - MinXrayVersionGitRepoKey = "3.108.0" + MinXrayVersionGitRepoKey = "3.108.0" // Actual: "3.111.0" XscVersionAPI = "system/version" ) diff --git a/xsc/services/watch.go b/xsc/services/watch.go index d187f3ca6..efb446e3b 100644 --- a/xsc/services/watch.go +++ b/xsc/services/watch.go @@ -19,7 +19,7 @@ import ( const ( watchResourceAPIUrl = "watches/resource" - gitRepoResourceUrlKey = "git_repository" + gitRepoResourceUrlKey = "git_repo" projectResourceUrlKey = "project" ) From 5099e8caa5d4992f2d5f4cbb21550a4056f125bd Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 18 Dec 2024 13:28:25 +0300 Subject: [PATCH 35/39] revert change to param --- xsc/services/watch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xsc/services/watch.go b/xsc/services/watch.go index efb446e3b..d187f3ca6 100644 --- a/xsc/services/watch.go +++ b/xsc/services/watch.go @@ -19,7 +19,7 @@ import ( const ( watchResourceAPIUrl = "watches/resource" - gitRepoResourceUrlKey = "git_repo" + gitRepoResourceUrlKey = "git_repository" projectResourceUrlKey = "project" ) From 6f3682eda849fd902e2bbef07be8e3c15170ec6d Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 18 Dec 2024 15:22:39 +0300 Subject: [PATCH 36/39] add git repo to watches creating --- xray/services/utils/watchbody.go | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/xray/services/utils/watchbody.go b/xray/services/utils/watchbody.go index 8fbffcb47..b82d207c4 100644 --- a/xray/services/utils/watchbody.go +++ b/xray/services/utils/watchbody.go @@ -22,6 +22,8 @@ const ( WatchRepositoriesAll WatchRepositoriesType = "all" // WatchRepositoriesByName is the option where repositories are selected by name to be watched WatchRepositoriesByName WatchRepositoriesType = "byname" + + WatchGitRepository = "gitRepository" ) // WatchBuildType defines the type of filter for a builds on a watch @@ -57,9 +59,10 @@ type WatchParams struct { Description string Active bool - Repositories WatchRepositoriesParams + Repositories WatchRepositoriesParams + GitRepositories WatchGitRepositoryParams + Builds WatchBuildsParams - Builds WatchBuildsParams Policies []AssignedPolicy } @@ -76,6 +79,10 @@ type WatchRepositoryAll struct { Filters watchFilters } +type WatchGitRepositoryParams struct { + Resources []string +} + // WatchRepository is used to define a specific repository in a watch type WatchRepository struct { Name string @@ -192,9 +199,26 @@ func CreateBody(params WatchParams) (*WatchBody, error) { return nil, err } + err = configureGitRepositories(&payloadBody, params) + if err != nil { + return nil, err + } + return &payloadBody, nil } +func configureGitRepositories(payloadBody *WatchBody, params WatchParams) error { + for _, gitRepoResource := range params.GitRepositories.Resources { + gitRepo := watchProjectResourcesElement{ + Type: WatchGitRepository, + BinMgrID: "default", + Name: gitRepoResource, + } + payloadBody.ProjectResources.Resources = append(payloadBody.ProjectResources.Resources, gitRepo) + } + return nil +} + func configureRepositories(payloadBody *WatchBody, params WatchParams) error { // Filters needs to be an empty array for Xray to accept the payload. From 30b76102de633e3d5e7e26fc6cee5ca110c1978c Mon Sep 17 00:00:00 2001 From: attiasas Date: Wed, 18 Dec 2024 15:46:52 +0300 Subject: [PATCH 37/39] clean up --- xray/services/utils/watchbody.go | 8 ++------ xsc/services/utils/utils.go | 1 + 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/xray/services/utils/watchbody.go b/xray/services/utils/watchbody.go index b82d207c4..714851590 100644 --- a/xray/services/utils/watchbody.go +++ b/xray/services/utils/watchbody.go @@ -199,15 +199,12 @@ func CreateBody(params WatchParams) (*WatchBody, error) { return nil, err } - err = configureGitRepositories(&payloadBody, params) - if err != nil { - return nil, err - } + configureGitRepositories(&payloadBody, params) return &payloadBody, nil } -func configureGitRepositories(payloadBody *WatchBody, params WatchParams) error { +func configureGitRepositories(payloadBody *WatchBody, params WatchParams) { for _, gitRepoResource := range params.GitRepositories.Resources { gitRepo := watchProjectResourcesElement{ Type: WatchGitRepository, @@ -216,7 +213,6 @@ func configureGitRepositories(payloadBody *WatchBody, params WatchParams) error } payloadBody.ProjectResources.Resources = append(payloadBody.ProjectResources.Resources, gitRepo) } - return nil } func configureRepositories(payloadBody *WatchBody, params WatchParams) error { diff --git a/xsc/services/utils/utils.go b/xsc/services/utils/utils.go index c0c20a34c..539a18379 100644 --- a/xsc/services/utils/utils.go +++ b/xsc/services/utils/utils.go @@ -33,6 +33,7 @@ func IsXscXrayInnerService(xrayVersion string) bool { return true } +// The platform expects the git repo key to be in the format of the https/http clone Git URL without the protocol. func GetGitRepoUrlKey(gitRepoHttpUrl string) string { if len(gitRepoHttpUrl) == 0 { // No git context was provided From 42986f8718f31c9bfaca292c679ffa0ebc1d8969 Mon Sep 17 00:00:00 2001 From: attiasas Date: Sun, 22 Dec 2024 12:31:52 +0300 Subject: [PATCH 38/39] Add option to create watch on project --- xray/services/utils/watchbody.go | 2 ++ xray/services/watch.go | 10 +++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/xray/services/utils/watchbody.go b/xray/services/utils/watchbody.go index 714851590..fbee34400 100644 --- a/xray/services/utils/watchbody.go +++ b/xray/services/utils/watchbody.go @@ -64,6 +64,8 @@ type WatchParams struct { Builds WatchBuildsParams Policies []AssignedPolicy + + ProjectKey string } // WatchRepositoriesParams is a struct that stores the repository configuration for watch diff --git a/xray/services/watch.go b/xray/services/watch.go index ac71623ea..433885049 100644 --- a/xray/services/watch.go +++ b/xray/services/watch.go @@ -54,6 +54,14 @@ func (xws *WatchService) getWatchURL() string { return clientutils.AddTrailingSlashIfNeeded(xws.XrayDetails.GetUrl()) + watchAPIURL } +func (xws *WatchService) getWatchUrlWithProjectKey(projectKey string) string { + baseUrl := xws.getWatchURL() + if projectKey == "" { + return baseUrl + } + return baseUrl + "?projectKey=" + projectKey +} + // Delete will delete an existing watch by name // It will error if no watch can be found by that name. func (xws *WatchService) Delete(watchName string) error { @@ -86,7 +94,7 @@ func (xws *WatchService) Create(params utils.WatchParams) error { httpClientsDetails := xws.XrayDetails.CreateHttpClientDetails() httpClientsDetails.SetContentTypeApplicationJson() - var url = xws.getWatchURL() + var url = xws.getWatchUrlWithProjectKey(params.ProjectKey) log.Info(fmt.Sprintf("Creating a new Watch named %s on JFrog Xray....", params.Name)) resp, body, err := xws.client.SendPost(url, content, &httpClientsDetails) From bd3dd5618905ea68d64e5dd993bb1a615c99fc5b Mon Sep 17 00:00:00 2001 From: attiasas Date: Thu, 26 Dec 2024 19:46:36 +0300 Subject: [PATCH 39/39] CR changes --- xray/services/scan.go | 4 +--- xray/services/utils/policybody.go | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/xray/services/scan.go b/xray/services/scan.go index 79dba9d8a..08d5bfe76 100644 --- a/xray/services/scan.go +++ b/xray/services/scan.go @@ -48,9 +48,7 @@ const ( scanTechQueryParam = "tech=" gitRepoKeyQueryParam = "git_repo=" - MinXrayVersionGitRepoKey = "3.108.0" // Actual: "3.111.0" - - XscVersionAPI = "system/version" + MinXrayVersionGitRepoKey = "3.111.0" ) type ScanType string diff --git a/xray/services/utils/policybody.go b/xray/services/utils/policybody.go index 072ecec8c..cdb034d27 100644 --- a/xray/services/utils/policybody.go +++ b/xray/services/utils/policybody.go @@ -108,7 +108,7 @@ func CreateSeverityPolicyCriteria(minSeverity Severity) *PolicyCriteria { } } -func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, services, iac, maliciousCode bool) *PolicyCriteria { +func CreateExposuresPolicyCriteria(minSeverity Severity, secrets, applications, services, iac bool) *PolicyCriteria { criteria := &PolicyCriteria{Exposures: &PolicyExposureCriteria{MinSeverity: minSeverity}} if secrets { criteria.Exposures.Secrets = &secrets