Skip to content

Commit

Permalink
CR
Browse files Browse the repository at this point in the history
  • Loading branch information
@EyalDelarea
EyalDelarea committed Sep 27, 2023
1 parent 7f915aa commit 408f5f2
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 23 deletions.
23 changes: 12 additions & 11 deletions xray/commands/audit/jas/applicability/applicabilitymanager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,12 +45,17 @@ type ApplicabilityScanManager struct {
// error: An error object (if any).
func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencies []string,
scannedTechnologies []coreutils.Technology, scanner *jas.JasScanner, thirdPartyContextualAnalysis bool) (results []*sarif.Run, err error) {
applicabilityScanManager := newApplicabilityScanManager(xrayResults, directDependencies, scanner, scannedTechnologies, thirdPartyContextualAnalysis)
applicabilityScanManager := newApplicabilityScanManager(xrayResults, directDependencies, scanner, thirdPartyContextualAnalysis)
if !applicabilityScanManager.shouldRunApplicabilityScan(scannedTechnologies) {
log.Debug("The technologies that have been scanned are currently not supported for contextual analysis scanning, or we couldn't find any vulnerable direct dependencies. Skipping....")
return
}

// Add python modules folders if needed
if thirdPartyContextualAnalysis && slices.Contains(scannedTechnologies, coreutils.Pip) {
appendPipModulesToScanWorkingDir(applicabilityScanManager)
}

if err = applicabilityScanManager.scanner.Run(applicabilityScanManager); err != nil {
err = utils.ParseAnalyzerManagerError(utils.Applicability, err)
return
Expand All @@ -59,18 +64,14 @@ func RunApplicabilityScan(xrayResults []services.ScanResponse, directDependencie
return
}

func newApplicabilityScanManager(xrayScanResults []services.ScanResponse, directDependencies []string, scanner *jas.JasScanner, technologies []coreutils.Technology, thirdPartyScan bool) (manager *ApplicabilityScanManager) {
func newApplicabilityScanManager(xrayScanResults []services.ScanResponse, directDependencies []string, scanner *jas.JasScanner, thirdPartyScan bool) (manager *ApplicabilityScanManager) {
directDependenciesCves := extractDirectDependenciesCvesFromScan(xrayScanResults, directDependencies)
applicabilityManager := &ApplicabilityScanManager{
applicabilityScanResults: []*sarif.Run{},
directDependenciesCves: directDependenciesCves,
xrayResults: xrayScanResults,
scanner: scanner,
thirdPartyScan: thirdPartyScan,
techs: technologies,
}
if thirdPartyScan && slices.Contains(technologies, coreutils.Pip) {
appendPipEnvToScanWorkingDir(applicabilityManager)
}
return applicabilityManager
}
Expand Down Expand Up @@ -200,13 +201,13 @@ func removeElementFromSlice(skipDirs []string, element string) []string {
return slices.Delete(skipDirs, deleteIndex, deleteIndex+1)
}

func appendPipEnvToScanWorkingDir(applicabilityManager *ApplicabilityScanManager) {
extraPythonRoot, pythonErr := getPipRoot()
if pythonErr != nil {
log.Warn(fmt.Sprintf("failed trying to get pip env folder path, error:%s ", pythonErr.Error()))
func appendPipModulesToScanWorkingDir(applicabilityManager *ApplicabilityScanManager) {
pythonModulesPath, err := getPipRoot()
if err != nil {
log.Warn(fmt.Sprintf("failed trying to get pip env folder path, error:%s ", err.Error()))
return
}
applicabilityManager.scanner.WorkingDirs = append(applicabilityManager.scanner.WorkingDirs, extraPythonRoot)
applicabilityManager.scanner.WorkingDirs = append(applicabilityManager.scanner.WorkingDirs, pythonModulesPath)
}

func getPipRoot() (path string, err error) {
Expand Down
24 changes: 12 additions & 12 deletions xray/commands/audit/jas/applicability/applicabilitymanager_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ func TestNewApplicabilityScanManager_InputIsValid(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
// Act
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, false)

// Assert
if assert.NotNil(t, applicabilityManager) {
Expand All @@ -31,7 +31,7 @@ func TestNewApplicabilityScanManager_DependencyTreeDoesntExist(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
// Act
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, nil, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, nil, scanner, false)

// Assert
if assert.NotNil(t, applicabilityManager) {
Expand Down Expand Up @@ -68,10 +68,10 @@ func TestNewApplicabilityScanManager_NoDirectDependenciesInScan(t *testing.T) {
// Act
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
applicabilityManager := newApplicabilityScanManager(noDirectDependenciesResults, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(noDirectDependenciesResults, mockDirectDependencies, scanner, false)
assertApplicabilityScanner(t, applicabilityManager)
// ThirdPartyContextual shouldn't change anything here as this is not npm.
applicabilityManager = newApplicabilityScanManager(noDirectDependenciesResults, mockDirectDependencies, scanner, nil, true)
applicabilityManager = newApplicabilityScanManager(noDirectDependenciesResults, mockDirectDependencies, scanner, true)
assertApplicabilityScanner(t, applicabilityManager)
}

Expand All @@ -89,7 +89,7 @@ func TestNewApplicabilityScanManager_MultipleDependencyTrees(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
// Act
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockMultiRootDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockMultiRootDirectDependencies, scanner, false)

// Assert
if assert.NotNil(t, applicabilityManager) {
Expand All @@ -115,7 +115,7 @@ func TestNewApplicabilityScanManager_ViolationsDontExistInResults(t *testing.T)
defer cleanUp()

// Act
applicabilityManager := newApplicabilityScanManager(noViolationScanResponse, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(noViolationScanResponse, mockDirectDependencies, scanner, false)

// Assert
if assert.NotNil(t, applicabilityManager) {
Expand All @@ -141,7 +141,7 @@ func TestNewApplicabilityScanManager_VulnerabilitiesDontExist(t *testing.T) {
defer cleanUp()

// Act
applicabilityManager := newApplicabilityScanManager(noVulnerabilitiesScanResponse, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(noVulnerabilitiesScanResponse, mockDirectDependencies, scanner, false)

// Assert
if assert.NotNil(t, applicabilityManager) {
Expand All @@ -167,7 +167,7 @@ func TestApplicabilityScanManager_ShouldRun_ScanResultsAreEmpty(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()

applicabilityManager := newApplicabilityScanManager(nil, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(nil, mockDirectDependencies, scanner, false)

// Assert
eligible := applicabilityManager.shouldRunApplicabilityScan([]coreutils.Technology{coreutils.Npm})
Expand Down Expand Up @@ -251,7 +251,7 @@ func TestCreateConfigFile_VerifyFileWasCreated(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()

applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, []string{"issueId_1_direct_dependency", "issueId_2_direct_dependency"}, scanner, false)

currWd, err := coreutils.GetWorkingDirectory()
assert.NoError(t, err)
Expand All @@ -275,7 +275,7 @@ func TestParseResults_EmptyResults_AllCvesShouldGetUnknown(t *testing.T) {
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()

applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, false)
applicabilityManager.scanner.ResultsFileName = filepath.Join(jas.GetTestDataPath(), "applicability-scan", "empty-results.sarif")

// Act
Expand All @@ -292,7 +292,7 @@ func TestParseResults_ApplicableCveExist(t *testing.T) {
// Arrange
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, false)
applicabilityManager.scanner.ResultsFileName = filepath.Join(jas.GetTestDataPath(), "applicability-scan", "applicable-cve-results.sarif")

// Act
Expand All @@ -309,7 +309,7 @@ func TestParseResults_AllCvesNotApplicable(t *testing.T) {
// Arrange
scanner, cleanUp := jas.InitJasTest(t)
defer cleanUp()
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, nil, false)
applicabilityManager := newApplicabilityScanManager(jas.FakeBasicXrayResults, mockDirectDependencies, scanner, false)
applicabilityManager.scanner.ResultsFileName = filepath.Join(jas.GetTestDataPath(), "applicability-scan", "no-applicable-cves-results.sarif")

// Act
Expand Down

0 comments on commit 408f5f2

Please sign in to comment.