diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 984c9be70..3b4ee0880 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -64,7 +64,7 @@ jobs: brew install Bearer/tap/gon - name: Setup Docker on macOS if: inputs.dev == false - uses: douglascamata/setup-docker-macos-action@0f8f0e9f1033ccfb6676fe219e91781393f8ed4b #v1-alpha + uses: douglascamata/setup-docker-macos-action@8d5fa43892aed7eee4effcdea113fd53e4d4bf83 #v1-alpha - name: Test docker if: inputs.dev == false run: | @@ -76,6 +76,16 @@ jobs: with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Install Cosign + run: | + brew install sigstore/tap/cosign + + - name: Add and Commit qemu.rb + if: inputs.dev == false + run: | + git add qemu.rb + git commit -m "Add qemu.rb" - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 #v2 with: diff --git a/go.mod b/go.mod index c005abf66..88425d5fb 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22.7 require ( github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 - github.com/CheckmarxDev/containers-resolver v1.0.10 + github.com/CheckmarxDev/containers-resolver v1.0.13 github.com/MakeNowJust/heredoc v1.0.0 github.com/checkmarxDev/gpt-wrapper v0.0.0-20230721160222-85da2fd1cc4c github.com/golang-jwt/jwt v3.2.2+incompatible @@ -22,8 +22,8 @@ require ( golang.org/x/crypto v0.26.0 golang.org/x/sync v0.8.0 golang.org/x/text v0.17.0 - google.golang.org/grpc v1.63.2 - google.golang.org/protobuf v1.33.0 + google.golang.org/grpc v1.65.0 + google.golang.org/protobuf v1.34.2 gotest.tools v2.2.0+incompatible ) @@ -41,7 +41,7 @@ require ( github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect - github.com/Microsoft/hcsshim v0.12.3 // indirect + github.com/Microsoft/hcsshim v0.12.6 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/acobaugh/osrelease v0.1.0 // indirect github.com/adrg/xdg v0.5.0 // indirect @@ -53,8 +53,8 @@ require ( github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect github.com/anchore/go-version v1.2.2-0.20200701162849-18adb9c92b9b // indirect github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f // indirect - github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f // indirect - github.com/anchore/syft v1.11.1 // indirect + github.com/anchore/stereoscope v0.0.3 // indirect + github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe // indirect github.com/andybalholm/brotli v1.1.0 // indirect github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect @@ -65,17 +65,19 @@ require ( github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/charmbracelet/lipgloss v0.12.1 // indirect + github.com/charmbracelet/lipgloss v0.13.0 // indirect github.com/charmbracelet/x/ansi v0.1.4 // indirect github.com/cloudflare/circl v1.3.8 // indirect - github.com/containerd/cgroups/v3 v3.0.2 // indirect - github.com/containerd/containerd v1.7.15 // indirect + github.com/containerd/cgroups/v3 v3.0.3 // indirect + github.com/containerd/containerd v1.7.21 // indirect + github.com/containerd/containerd/api v1.7.19 // indirect github.com/containerd/continuity v0.4.2 // indirect github.com/containerd/errdefs v0.1.0 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect + github.com/containerd/platforms v0.2.1 // indirect github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/ttrpc v1.2.3 // indirect + github.com/containerd/ttrpc v1.2.5 // indirect github.com/containerd/typeurl/v2 v2.1.1 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -109,7 +111,7 @@ require ( github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect @@ -157,7 +159,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect github.com/mholt/archiver/v3 v3.5.1 // indirect github.com/microsoft/go-rustaudit v0.0.0-20220730194248-4b17361d90a5 // indirect @@ -174,7 +176,8 @@ require ( github.com/moby/sys/mountinfo v0.7.2 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/sys/signal v0.7.0 // indirect - github.com/moby/sys/user v0.1.0 // indirect + github.com/moby/sys/user v0.3.0 // indirect + github.com/moby/sys/userns v0.1.0 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -186,7 +189,7 @@ require ( github.com/olekukonko/tablewriter v0.0.5 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect - github.com/opencontainers/runtime-spec v1.1.0 // indirect + github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opencontainers/selinux v1.11.0 // indirect github.com/pborman/indent v1.2.1 // indirect github.com/pelletier/go-toml v1.9.5 // indirect @@ -196,7 +199,7 @@ require ( github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/profile v1.7.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.53.0 // indirect github.com/prometheus/procfs v0.14.0 // indirect @@ -237,39 +240,39 @@ require ( github.com/xlab/treeprint v1.2.0 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 // indirect - go.opentelemetry.io/otel v1.25.0 // indirect - go.opentelemetry.io/otel/metric v1.25.0 // indirect - go.opentelemetry.io/otel/trace v1.25.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.28.0 // indirect - golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sys v0.24.0 // indirect golang.org/x/term v0.23.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - helm.sh/helm/v3 v3.15.3 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apimachinery v0.30.0 // indirect - k8s.io/apiserver v0.30.0 // indirect - k8s.io/cli-runtime v0.30.0 // indirect - k8s.io/client-go v0.30.0 // indirect - k8s.io/component-base v0.30.0 // indirect + helm.sh/helm/v3 v3.15.4 // indirect + k8s.io/api v0.30.3 // indirect + k8s.io/apiextensions-apiserver v0.30.3 // indirect + k8s.io/apimachinery v0.30.3 // indirect + k8s.io/apiserver v0.30.3 // indirect + k8s.io/cli-runtime v0.30.3 // indirect + k8s.io/client-go v0.30.3 // indirect + k8s.io/component-base v0.30.3 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.30.0 // indirect + k8s.io/kubectl v0.30.3 // indirect k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index 28d7cb403..21ae23f60 100644 --- a/go.sum +++ b/go.sum @@ -64,6 +64,8 @@ github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo= github.com/CheckmarxDev/containers-resolver v1.0.10 h1:Co9tKzvcQYtmAP/iendcBcUHIZRwiCEQhSXigTXQ4xM= github.com/CheckmarxDev/containers-resolver v1.0.10/go.mod h1:i9ZTKip7/EuzXxlW1FdGzAdWooAy0fwzkuwFBJnvcE4= +github.com/CheckmarxDev/containers-resolver v1.0.13 h1:lppKa2kD1NbXuiX+Mq+gkw61lYmQWA8fJQPbnXdIj3Y= +github.com/CheckmarxDev/containers-resolver v1.0.13/go.mod h1:y9gAEbaf0/MdHgABpX4ZCnEZ2Skh02LlNNjuGBjHuOo= github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8= github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= @@ -89,6 +91,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0= github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= +github.com/Microsoft/hcsshim v0.12.6 h1:qEnZjoHXv+4/s0LmKZWE0/AiZmMWEIkFfWBSf1a0wlU= +github.com/Microsoft/hcsshim v0.12.6/go.mod h1:ZABCLVcvLMjIkzr9rUGcQ1QA0p0P3Ps+d3N1g2DsFfk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= @@ -122,8 +126,12 @@ github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f h1:B/E9ixK github.com/anchore/packageurl-go v0.1.1-0.20240507183024-848e011fc24f/go.mod h1:Blo6OgJNiYF41ufcgHKkbCKF2MDOMlrqhXv/ij6ocR4= github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f h1:xuBvotcht1Ns8IdaC4UuYV1U8MFln9c5ELeo5bzDEO8= github.com/anchore/stereoscope v0.0.3-0.20240725180315-50ce3be7aa1f/go.mod h1:DcQdMes8SwpFli3rDH0v+Vd9qU9Jariq7JSHNJV5X/A= +github.com/anchore/stereoscope v0.0.3 h1:JRPHySy8S6P+Ff3IDiQ29ap1i8/laUQxDk9K1eFh/2U= +github.com/anchore/stereoscope v0.0.3/go.mod h1:5DJheGPjVRsSqegTB24Zi6SCHnYQnA519yeIG+RG+I4= github.com/anchore/syft v1.11.1 h1:uJVmZ1WuhMw2cutCsBj0aUgUZxaNlbBNimZEISFttWY= github.com/anchore/syft v1.11.1/go.mod h1:iwb+87tx6Fg2+1bzKEzgNcaBS6zjFSx59uraw24xtIY= +github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe h1:4/o5kM/zT0ERokHfe86XvqNWUXEsqKU3qQAwzC3WHlI= +github.com/anchore/syft v1.11.2-0.20240826140759-cf9bb13f2bfe/go.mod h1:Hk5BT8JX7SRvWuf/vWnDeK56GKojX+ngHxIUovRw3Xc= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.1/go.mod h1:loMXtMfwqflxFJPmdbJO0a3KNoPuLBgiu3qAvBg8x/Y= github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= @@ -185,6 +193,8 @@ github.com/charmbracelet/bubbletea v0.27.0 h1:Mznj+vvYuYagD9Pn2mY7fuelGvP0HAXtZY github.com/charmbracelet/bubbletea v0.27.0/go.mod h1:5MdP9XH6MbQkgGhnlxUqCNmBXf9I74KRQ8HIidRxV1Y= github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/NR7A0zQcs= github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8= +github.com/charmbracelet/lipgloss v0.13.0 h1:4X3PPeoWEDCMvzDvGmTajSyYPcZM4+y8sCA/SsA3cjw= +github.com/charmbracelet/lipgloss v0.13.0/go.mod h1:nw4zy0SBX/F/eAO1cWdcvy6qnkDUxr8Lw7dvFrAIbbY= github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM= github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= github.com/charmbracelet/x/input v0.1.0 h1:TEsGSfZYQyOtp+STIjyBq6tpRaorH0qpwZUj8DavAhQ= @@ -216,8 +226,14 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20211130200136-a8f946100490/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= +github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= +github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes= github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY= +github.com/containerd/containerd v1.7.21 h1:USGXRK1eOC/SX0L195YgxTHb0a00anxajOzgfN0qrCA= +github.com/containerd/containerd v1.7.21/go.mod h1:e3Jz1rYRUZ2Lt51YrH9Rz0zPyJBOlSvB3ghr2jbVD8g= +github.com/containerd/containerd/api v1.7.19 h1:VWbJL+8Ap4Ju2mx9c9qS1uFSB1OVYr5JJrW2yT5vFoA= +github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= @@ -226,10 +242,14 @@ github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A= +github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k= github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0= github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM= +github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU= +github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -356,6 +376,8 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= @@ -655,6 +677,8 @@ github.com/mattn/go-localereader v0.0.2-0.20220822084749-2491eb6c1c75/go.mod h1: github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= @@ -703,6 +727,10 @@ github.com/moby/sys/signal v0.7.0 h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/user v0.1.0 h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg= github.com/moby/sys/user v0.1.0/go.mod h1:fKJhFOnsCN6xZ5gSfbM6zaHGgDJMrqt9/reuj4T7MmU= +github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= +github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= +github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= +github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -748,6 +776,8 @@ github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQ github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -788,6 +818,8 @@ github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQ github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -970,18 +1002,26 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 h1:cEPbyTSEHlQR89XVlyo78gqluF8Y3oMeBkXGWzQsfXY= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0/go.mod h1:DKdbWcT4GH1D0Y3Sqt/PFXt2naRKDWtU+eE6oLdFNA8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k= go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0 h1:dT33yIHtmsqpixFsSQPwNeY5drM9wTcoL8h0FWF4oGM= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.25.0/go.mod h1:h95q0LBGh7hlAC08X2DhSeyIG02YQ0UyioTCVAqRPmc= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA= go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/sdk v1.25.0 h1:PDryEJPC8YJZQSyLY5eqLeafHtG+X7FWnf3aXMtxbqo= go.opentelemetry.io/otel/sdk v1.25.0/go.mod h1:oFgzCM2zdsxKzz6zwpTZYLLQsFwc+K0daArPdIhuxkw= go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM= go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= @@ -1120,6 +1160,8 @@ golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1417,6 +1459,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1: google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w= google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1446,6 +1490,8 @@ google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9K google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1462,6 +1508,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1495,6 +1543,8 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= +helm.sh/helm/v3 v3.15.4 h1:UFHd6oZ1IN3FsUZ7XNhOQDyQ2QYknBNWRHH57e9cbHY= +helm.sh/helm/v3 v3.15.4/go.mod h1:phOwlxqGSgppCY/ysWBNRhG3MtnpsttOzxaTK+Mt40E= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1504,24 +1554,40 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= +k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g= +k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= +k8s.io/cli-runtime v0.30.3 h1:aG69oRzJuP2Q4o8dm+f5WJIX4ZBEwrvdID0+MXyUY6k= +k8s.io/cli-runtime v0.30.3/go.mod h1:hwrrRdd9P84CXSKzhHxrOivAR9BRnkMt0OeP5mj7X30= k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/kubectl v0.30.3 h1:YIBBvMdTW0xcDpmrOBzcpUVsn+zOgjMYIu7kAq+yqiI= +k8s.io/kubectl v0.30.3/go.mod h1:IcR0I9RN2+zzTRUa1BzZCm4oM0NLOawE6RzlDvd1Fpo= k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= modernc.org/gc/v3 v3.0.0-20240107210532-573471604cb6 h1:5D53IMaUuA5InSeMu9eJtlQXS2NxAhyWQvkKEgXZhHI= diff --git a/internal/commands/vorpal/vorpal-engine.go b/internal/commands/asca/asca-engine.go similarity index 52% rename from internal/commands/vorpal/vorpal-engine.go rename to internal/commands/asca/asca-engine.go index 01f317658..fc851378c 100644 --- a/internal/commands/vorpal/vorpal-engine.go +++ b/internal/commands/asca/asca-engine.go @@ -1,4 +1,4 @@ -package vorpal +package asca import ( "github.com/checkmarx/ast-cli/internal/commands/util/printer" @@ -10,24 +10,24 @@ import ( "github.com/spf13/viper" ) -func RunScanVorpalCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error { +func RunScanASCACommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error { return func(cmd *cobra.Command, args []string) error { - vorpalLatestVersion, _ := cmd.Flags().GetBool(commonParams.VorpalLatestVersion) + ASCALatestVersion, _ := cmd.Flags().GetBool(commonParams.ASCALatestVersion) fileSourceFlag, _ := cmd.Flags().GetString(commonParams.SourcesFlag) agent, _ := cmd.Flags().GetString(commonParams.AgentFlag) - var port = viper.GetInt(commonParams.VorpalPortKey) - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(port) - vorpalParams := services.VorpalScanParams{ - FilePath: fileSourceFlag, - VorpalUpdateVersion: vorpalLatestVersion, - IsDefaultAgent: agent == commonParams.DefaultAgent, + var port = viper.GetInt(commonParams.ASCAPortKey) + ASCAWrapper := grpcs.NewASCAGrpcWrapper(port) + ASCAParams := services.AscaScanParams{ + FilePath: fileSourceFlag, + ASCAUpdateVersion: ASCALatestVersion, + IsDefaultAgent: agent == commonParams.DefaultAgent, } - wrapperParams := services.VorpalWrappersParam{ + wrapperParams := services.AscaWrappersParam{ JwtWrapper: jwtWrapper, FeatureFlagsWrapper: featureFlagsWrapper, - VorpalWrapper: vorpalWrapper, + ASCAWrapper: ASCAWrapper, } - scanResult, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams) + scanResult, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams) if err != nil { return err } diff --git a/internal/commands/vorpal/vorpal-engine_test.go b/internal/commands/asca/asca-engine_test.go similarity index 55% rename from internal/commands/vorpal/vorpal-engine_test.go rename to internal/commands/asca/asca-engine_test.go index 9349a9d8d..cbc09cf9e 100644 --- a/internal/commands/vorpal/vorpal-engine_test.go +++ b/internal/commands/asca/asca-engine_test.go @@ -1,4 +1,4 @@ -package vorpal +package asca import ( "reflect" @@ -12,10 +12,10 @@ import ( "github.com/spf13/cobra" ) -func Test_ExecuteVorpalScan(t *testing.T) { +func Test_ExecuteAscaScan(t *testing.T) { type args struct { - fileSourceFlag string - vorpalUpdateVersion bool + fileSourceFlag string + ASCAUpdateVersion bool } tests := []struct { name string @@ -27,8 +27,8 @@ func Test_ExecuteVorpalScan(t *testing.T) { { name: "Test with empty fileSource flag should not return error", args: args{ - fileSourceFlag: "", - vorpalUpdateVersion: true, + fileSourceFlag: "", + ASCAUpdateVersion: true, }, want: &grpcs.ScanResult{ Message: services.FilePathNotProvided, @@ -36,28 +36,28 @@ func Test_ExecuteVorpalScan(t *testing.T) { wantErr: false, }, { - name: "Test with valid flags. vorpalUpdateVersion set to true", + name: "Test with valid flags. ASCAUpdateVersion set to true", args: args{ - fileSourceFlag: "../data/python-vul-file.py", - vorpalUpdateVersion: true, + fileSourceFlag: "../data/python-vul-file.py", + ASCAUpdateVersion: true, }, want: mock.ReturnSuccessfulResponseMock(), wantErr: false, }, { - name: "Test with valid flags. vorpalUpdateVersion set to false", + name: "Test with valid flags. ASCAUpdateVersion set to false", args: args{ - fileSourceFlag: "../data/python-vul-file.py", - vorpalUpdateVersion: false, + fileSourceFlag: "../data/python-vul-file.py", + ASCAUpdateVersion: false, }, want: mock.ReturnSuccessfulResponseMock(), wantErr: false, }, { - name: "Test with valid flags. vorpal scan failed", + name: "Test with valid flags. asca scan failed", args: args{ - fileSourceFlag: "../data/csharp-no-vul.cs", - vorpalUpdateVersion: false, + fileSourceFlag: "../data/csharp-no-vul.cs", + ASCAUpdateVersion: false, }, want: mock.ReturnFailureResponseMock(), wantErr: false, @@ -66,32 +66,32 @@ func Test_ExecuteVorpalScan(t *testing.T) { for _, tt := range tests { ttt := tt t.Run(ttt.name, func(t *testing.T) { - vorpalParams := services.VorpalScanParams{ - FilePath: ttt.args.fileSourceFlag, - VorpalUpdateVersion: ttt.args.vorpalUpdateVersion, - IsDefaultAgent: true, + ASCAParams := services.AscaScanParams{ + FilePath: ttt.args.fileSourceFlag, + ASCAUpdateVersion: ttt.args.ASCAUpdateVersion, + IsDefaultAgent: true, } - wrapperParams := services.VorpalWrappersParam{ + wrapperParams := services.AscaWrappersParam{ JwtWrapper: &mock.JWTMockWrapper{}, FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: &mock.VorpalMockWrapper{}, + ASCAWrapper: &mock.ASCAMockWrapper{}, } - got, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams) + got, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams) if (err != nil) != ttt.wantErr { - t.Errorf("executeVorpalScan() error = %v, wantErr %v", err, ttt.wantErr) + t.Errorf("executeASCAScan() error = %v, wantErr %v", err, ttt.wantErr) return } if ttt.wantErr && err.Error() != ttt.wantErrMsg { - t.Errorf("executeVorpalScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg) + t.Errorf("executeASCAScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg) } if !reflect.DeepEqual(got, ttt.want) { - t.Errorf("executeVorpalScan() got = %v, want %v", got, ttt.want) + t.Errorf("executeASCAScan() got = %v, want %v", got, ttt.want) } }) } } -func Test_runScanVorpalCommand(t *testing.T) { +func Test_runScanASCACommand(t *testing.T) { tests := []struct { name string sourceFlag string @@ -108,14 +108,14 @@ func Test_runScanVorpalCommand(t *testing.T) { want: nil, }, { - name: "Test with valid fileSource Flag and vorpalUpdateVersion flag set false ", + name: "Test with valid fileSource Flag and ASCAUpdateVersion flag set false ", sourceFlag: "data/python-vul-file.py", engineFlag: false, want: nil, wantErr: false, }, { - name: "Test with valid fileSource Flag and vorpalUpdateVersion flag set true ", + name: "Test with valid fileSource Flag and ASCAUpdateVersion flag set true ", sourceFlag: "data/python-vul-file.py", engineFlag: true, want: nil, @@ -127,16 +127,16 @@ func Test_runScanVorpalCommand(t *testing.T) { t.Run(ttt.name, func(t *testing.T) { cmd := &cobra.Command{} cmd.Flags().String(commonParams.SourcesFlag, ttt.sourceFlag, "") - cmd.Flags().Bool(commonParams.VorpalLatestVersion, ttt.engineFlag, "") + cmd.Flags().Bool(commonParams.ASCALatestVersion, ttt.engineFlag, "") cmd.Flags().String(commonParams.FormatFlag, printer.FormatJSON, "") - runFunc := RunScanVorpalCommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{}) + runFunc := RunScanASCACommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{}) err := runFunc(cmd, []string{}) if (err != nil) != ttt.wantErr { - t.Errorf("RunScanVorpalCommand() error = %v, wantErr %v", err, ttt.wantErr) + t.Errorf("RunScanASCACommand() error = %v, wantErr %v", err, ttt.wantErr) return } if ttt.wantErr && err.Error() != ttt.wantErrMsg { - t.Errorf("RunScanVorpalCommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg) + t.Errorf("RunScanASCACommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg) } }) } diff --git a/internal/commands/asca/asca_test.go b/internal/commands/asca/asca_test.go new file mode 100644 index 000000000..9fc1b2d24 --- /dev/null +++ b/internal/commands/asca/asca_test.go @@ -0,0 +1,51 @@ +package asca + +import ( + "os" + "testing" + + "gotest.tools/assert" + + ascaconfig "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig" + "github.com/checkmarx/ast-cli/internal/services/osinstaller" +) + +func TestInstallOrUpgrade_firstInstallation_Success(t *testing.T) { + err := firstInstallation() + assert.NilError(t, err, "Error on first installation of asca") + fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath()) + assert.Assert(t, fileExists, "Executable file not found") + fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath()) + assert.Assert(t, fileExists, "Hash file not found") +} + +func firstInstallation() error { + os.RemoveAll(ascaconfig.Params.WorkingDir()) + _, err := osinstaller.InstallOrUpgrade(&ascaconfig.Params) + return err +} + +func TestInstallOrUpgrade_installationIsUpToDate_Success(t *testing.T) { + err := firstInstallation() + assert.NilError(t, err, "Error on first installation of asca") + _, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params) + assert.NilError(t, err, "Error when not need to upgrade") +} + +func TestInstallOrUpgrade_installationIsNotUpToDate_Success(t *testing.T) { + err := firstInstallation() + assert.NilError(t, err, "Error on first installation of asca") + changeHashFile() + _, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params) + assert.NilError(t, err, "Error when need to upgrade") + fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath()) + assert.Assert(t, fileExists, "Executable file not found") + fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath()) + assert.Assert(t, fileExists, "Hash file not found") +} + +func changeHashFile() { + content, _ := os.ReadFile(ascaconfig.Params.HashFilePath()) + content[0]++ + _ = os.WriteFile(ascaconfig.Params.HashFilePath(), content, os.ModePerm) +} diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go b/internal/commands/asca/ascaconfig/asca-linux-amd.go similarity index 95% rename from internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go rename to internal/commands/asca/ascaconfig/asca-linux-amd.go index 7aec2cbc6..babfe4881 100644 --- a/internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go +++ b/internal/commands/asca/ascaconfig/asca-linux-amd.go @@ -1,6 +1,6 @@ //go:build linux && amd64 -package vorpalconfig +package ascaconfig import ( "github.com/checkmarx/ast-cli/internal/services/osinstaller" diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go b/internal/commands/asca/ascaconfig/asca-linux-arm.go similarity index 95% rename from internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go rename to internal/commands/asca/ascaconfig/asca-linux-arm.go index 8d95c3f2a..5763acb15 100644 --- a/internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go +++ b/internal/commands/asca/ascaconfig/asca-linux-arm.go @@ -1,6 +1,6 @@ //go:build linux && (arm64 || arm) -package vorpalconfig +package ascaconfig import ( "github.com/checkmarx/ast-cli/internal/services/osinstaller" diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go b/internal/commands/asca/ascaconfig/asca-mac-amd.go similarity index 95% rename from internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go rename to internal/commands/asca/ascaconfig/asca-mac-amd.go index 5bdfd885c..5a05c2100 100644 --- a/internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go +++ b/internal/commands/asca/ascaconfig/asca-mac-amd.go @@ -1,6 +1,6 @@ //go:build darwin && amd64 -package vorpalconfig +package ascaconfig import ( "github.com/checkmarx/ast-cli/internal/services/osinstaller" diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go b/internal/commands/asca/ascaconfig/asca-mac-arm.go similarity index 95% rename from internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go rename to internal/commands/asca/ascaconfig/asca-mac-arm.go index d6557f142..49bfa7625 100644 --- a/internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go +++ b/internal/commands/asca/ascaconfig/asca-mac-arm.go @@ -1,6 +1,6 @@ //go:build darwin && arm64 -package vorpalconfig +package ascaconfig import ( "github.com/checkmarx/ast-cli/internal/services/osinstaller" diff --git a/internal/commands/vorpal/vorpalconfig/vorpal-windows.go b/internal/commands/asca/ascaconfig/asca-windows.go similarity index 95% rename from internal/commands/vorpal/vorpalconfig/vorpal-windows.go rename to internal/commands/asca/ascaconfig/asca-windows.go index 1f8138afb..43893e60e 100644 --- a/internal/commands/vorpal/vorpalconfig/vorpal-windows.go +++ b/internal/commands/asca/ascaconfig/asca-windows.go @@ -1,6 +1,6 @@ //go:build windows -package vorpalconfig +package ascaconfig import ( "github.com/checkmarx/ast-cli/internal/services/osinstaller" diff --git a/internal/commands/result.go b/internal/commands/result.go index 03f86d0f1..4f293d876 100644 --- a/internal/commands/result.go +++ b/internal/commands/result.go @@ -791,13 +791,20 @@ func writeConsoleSummary(summary *wrappers.ResultSummary, featureFlagsWrapper wr } func printPoliciesSummary(summary *wrappers.ResultSummary) { - fmt.Printf(tableLine + "\n") - if summary.Policies.BreakBuild { - fmt.Printf(" Policy Management Violation - Break Build Enabled: \n") - } else { - fmt.Printf(" Policy Management Violation: \n") + hasViolations := false + for _, policy := range summary.Policies.Policies { + if len(policy.RulesViolated) > 0 { + hasViolations = true + break + } } - if len(summary.Policies.Policies) > 0 { + if hasViolations { + fmt.Printf(tableLine + "\n") + if summary.Policies.BreakBuild { + fmt.Printf(" Policy Management Violation - Break Build Enabled: \n") + } else { + fmt.Printf(" Policy Management Violation: \n") + } for _, police := range summary.Policies.Policies { if len(police.RulesViolated) > 0 { fmt.Printf(" Policy: %s | Break Build: %t | Violated Rules: ", police.Name, police.BreakBuild) @@ -807,8 +814,8 @@ func printPoliciesSummary(summary *wrappers.ResultSummary) { } fmt.Printf("\n") } + fmt.Printf("\n") } - fmt.Printf("\n") } func printAPIsSecuritySummary(summary *wrappers.ResultSummary) { diff --git a/internal/commands/result_test.go b/internal/commands/result_test.go index 488e834fd..c0f7d3cda 100644 --- a/internal/commands/result_test.go +++ b/internal/commands/result_test.go @@ -3,6 +3,7 @@ package commands import ( + "bytes" "encoding/json" "fmt" "io" @@ -1138,3 +1139,31 @@ func createEmptyResultSummary() *wrappers.ResultSummary { }, } } +func TestPrintPoliciesSummary_WhenNoRolViolated_ShouldNotContainPolicyViolation(t *testing.T) { + summary := &wrappers.ResultSummary{ + Policies: &wrappers.PolicyResponseModel{ + Status: "Success", + Policies: []wrappers.Policy{ + { + RulesViolated: []string{}, + }, + }, + BreakBuild: false, + }, + } + r, w, _ := os.Pipe() + old := os.Stdout + os.Stdout = w + + printPoliciesSummary(summary) + + w.Close() + os.Stdout = old + + var buf bytes.Buffer + if _, err := io.Copy(&buf, r); err != nil { + t.Fatalf("failed to copy output: %v", err) // Handle the error if io.Copy fails + } + output := buf.String() + assert.Assert(t, !strings.Contains(output, "Policy Management Violation "), "Output should not contain 'Policy Management Violation'") +} diff --git a/internal/commands/scan.go b/internal/commands/scan.go index 0b1367fcd..77611317f 100644 --- a/internal/commands/scan.go +++ b/internal/commands/scan.go @@ -19,10 +19,10 @@ import ( "strings" "time" + "github.com/checkmarx/ast-cli/internal/commands/asca" "github.com/checkmarx/ast-cli/internal/commands/scarealtime" "github.com/checkmarx/ast-cli/internal/commands/util" "github.com/checkmarx/ast-cli/internal/commands/util/printer" - "github.com/checkmarx/ast-cli/internal/commands/vorpal" "github.com/checkmarx/ast-cli/internal/constants" errorConstants "github.com/checkmarx/ast-cli/internal/constants/errors" exitCodes "github.com/checkmarx/ast-cli/internal/constants/exit-codes" @@ -187,7 +187,7 @@ func NewScanCommand( showScanCmd := scanShowSubCommand(scansWrapper) - scanVorpalCmd := scanVorpalSubCommand(jwtWrapper, featureFlagsWrapper) + scanASCACmd := scanASCASubCommand(jwtWrapper, featureFlagsWrapper) workflowScanCmd := scanWorkflowSubCommand(scansWrapper) @@ -212,7 +212,7 @@ func NewScanCommand( ) scanCmd.AddCommand( createScanCmd, - scanVorpalCmd, + scanASCACmd, showScanCmd, workflowScanCmd, listScansCmd, @@ -400,15 +400,15 @@ func scanShowSubCommand(scansWrapper wrappers.ScansWrapper) *cobra.Command { return showScanCmd } -func scanVorpalSubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command { - scanVorpalCmd := &cobra.Command{ +func scanASCASubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command { + scanASCACmd := &cobra.Command{ Hidden: true, - Use: "vorpal", - Short: "Run a Vorpal scan", - Long: "Running a Vorpal scan is a fast and efficient way to identify vulnerabilities in a specific file.", + Use: "asca", + Short: "Run a ASCA scan", + Long: "Running a ASCA scan is a fast and efficient way to identify vulnerabilities in a specific file.", Example: heredoc.Doc( ` - $ cx scan vorpal --file-source --vorpal-latest-version + $ cx scan asca --file-source --asca-latest-version `, ), Annotations: map[string]string{ @@ -418,19 +418,19 @@ func scanVorpalSubCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wr `, ), }, - RunE: vorpal.RunScanVorpalCommand(jwtWrapper, featureFlagsWrapper), + RunE: asca.RunScanASCACommand(jwtWrapper, featureFlagsWrapper), } - scanVorpalCmd.PersistentFlags().Bool(commonParams.VorpalLatestVersion, false, - "Use this flag to update to the latest version of the Vorpal scanner."+ + scanASCACmd.PersistentFlags().Bool(commonParams.ASCALatestVersion, false, + "Use this flag to update to the latest version of the ASCA scanner."+ "Otherwise, we will check if there is an existing installation that can be used.") - scanVorpalCmd.PersistentFlags().StringP( + scanASCACmd.PersistentFlags().StringP( commonParams.SourcesFlag, commonParams.SourcesFlagSh, "", "The file source should be the path to a single file", ) - return scanVorpalCmd + return scanASCACmd } func scanListSubCommand(scansWrapper wrappers.ScansWrapper, sastMetadataWrapper wrappers.SastMetadataWrapper) *cobra.Command { @@ -780,7 +780,7 @@ func setupScanTypeProjectAndConfig( configArr = append(configArr, containersConfig) } - var SCSConfig, scsErr = addSCSScan(cmd, resubmitConfig) + var SCSConfig, scsErr = addSCSScan(cmd, resubmitConfig, userAllowedEngines[commonParams.EnterpriseSecretsType]) if scsErr != nil { return scsErr } else if SCSConfig != nil { @@ -974,11 +974,11 @@ func addAPISecScan(cmd *cobra.Command) map[string]interface{} { } return nil } -func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRepoURL string) wrappers.SCSConfig { +func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRepoURL string, hasEnterpriseSecretsLicense bool) wrappers.SCSConfig { scsConfig := wrappers.SCSConfig{} for _, config := range resubmitConfig { resubmitTwoms := config.Value[configTwoms] - if resubmitTwoms != nil { + if resubmitTwoms != nil && hasEnterpriseSecretsLicense { scsConfig.Twoms = resubmitTwoms.(string) } scsConfig.RepoURL = scsRepoURL @@ -992,7 +992,7 @@ func createResubmitConfig(resubmitConfig []wrappers.Config, scsRepoToken, scsRep } return scsConfig } -func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[string]interface{}, error) { +func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, hasEnterpriseSecretsLicense bool) (map[string]interface{}, error) { if scanTypeEnabled(commonParams.ScsType) || scanTypeEnabled(commonParams.MicroEnginesType) { scsConfig := wrappers.SCSConfig{} SCSMapConfig := make(map[string]interface{}) @@ -1002,7 +1002,7 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[strin scsRepoURL, _ := cmd.Flags().GetString(commonParams.SCSRepoURLFlag) SCSEngines, _ := cmd.Flags().GetString(commonParams.SCSEnginesFlag) if resubmitConfig != nil { - scsConfig = createResubmitConfig(resubmitConfig, scsRepoToken, scsRepoURL) + scsConfig = createResubmitConfig(resubmitConfig, scsRepoToken, scsRepoURL, hasEnterpriseSecretsLicense) SCSMapConfig[resultsMapValue] = &scsConfig return SCSMapConfig, nil } @@ -1012,14 +1012,18 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[strin engineType = strings.TrimSpace(engineType) switch engineType { case ScsSecretDetectionType: - scsConfig.Twoms = trueString + if hasEnterpriseSecretsLicense { + scsConfig.Twoms = trueString + } case ScsScoreCardType: scsConfig.Scorecard = trueString } } } else { scsConfig.Scorecard = trueString - scsConfig.Twoms = trueString + if hasEnterpriseSecretsLicense { + scsConfig.Twoms = trueString + } } if scsConfig.Scorecard == trueString { if scsRepoToken != "" && scsRepoURL != "" { @@ -1041,6 +1045,8 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (map[strin func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) error { var scanTypes []string + var SCSScanTypes []string + containerEngineCLIEnabled, _ := featureFlagsWrapper.GetSpecificFlag(wrappers.ContainerEngineCLIEnabled) allowedEngines, err := jwtWrapper.GetAllowedEngines(featureFlagsWrapper) if err != nil { @@ -1049,10 +1055,20 @@ func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featu } userScanTypes, _ := cmd.Flags().GetString(commonParams.ScanTypes) + userSCSScanTypes, _ := cmd.Flags().GetString(commonParams.SCSEnginesFlag) if len(userScanTypes) > 0 { userScanTypes = strings.ReplaceAll(strings.ToLower(userScanTypes), " ", "") userScanTypes = strings.Replace(strings.ToLower(userScanTypes), commonParams.KicsType, commonParams.IacType, 1) userScanTypes = strings.Replace(strings.ToLower(userScanTypes), commonParams.ContainersTypeFlag, commonParams.ContainersType, 1) + userSCSScanTypes = strings.Replace(strings.ToLower(userSCSScanTypes), commonParams.SCSEnginesFlag, commonParams.ScsType, 1) + + SCSScanTypes = strings.Split(userSCSScanTypes, ",") + if slices.Contains(SCSScanTypes, ScsSecretDetectionType) && !allowedEngines[commonParams.EnterpriseSecretsType] { + keys := reflect.ValueOf(allowedEngines).MapKeys() + err = errors.Errorf(engineNotAllowed, ScsSecretDetectionType, ScsSecretDetectionType, keys) + return err + } + scanTypes = strings.Split(userScanTypes, ",") for _, scanType := range scanTypes { if !allowedEngines[scanType] || (scanType == commonParams.ContainersType && !(containerEngineCLIEnabled.Status)) { @@ -2488,7 +2504,7 @@ func createKicsScanEnv(cmd *cobra.Command) (volumeMap, kicsDir string, err error func contains(s []string, str string) bool { for _, v := range s { - if strings.Contains(str, v) { + if v != "" && strings.Contains(str, v) { return true } } diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go index 2f9ae39d4..0a56790c0 100644 --- a/internal/commands/scan_test.go +++ b/internal/commands/scan_test.go @@ -689,7 +689,7 @@ func TestAddSCSScan_ResubmitWithOutScorecardFlags_ShouldPass(t *testing.T) { }, } - result, _ := addSCSScan(cmdCommand, resubmitConfig) + result, _ := addSCSScan(cmdCommand, resubmitConfig, true) expectedConfig := wrappers.SCSConfig{ Twoms: trueString, @@ -730,7 +730,7 @@ func TestAddSCSScan_ResubmitWithScorecardFlags_ShouldPass(t *testing.T) { }, } - result, _ := addSCSScan(cmdCommand, resubmitConfig) + result, _ := addSCSScan(cmdCommand, resubmitConfig, true) expectedConfig := wrappers.SCSConfig{ Twoms: "true", @@ -906,7 +906,7 @@ func TestCreateScan_WithSCSSecretDetectionAndScorecard_scsMapHasBoth(t *testing. _ = cmdCommand.Flags().Set(commonParams.SCSRepoTokenFlag, dummyToken) _ = cmdCommand.Flags().Set(commonParams.SCSRepoURLFlag, dummyRepo) - result, _ := addSCSScan(cmdCommand, resubmitConfig) + result, _ := addSCSScan(cmdCommand, resubmitConfig, true) scsConfig := wrappers.SCSConfig{ Twoms: "true", @@ -923,6 +923,31 @@ func TestCreateScan_WithSCSSecretDetectionAndScorecard_scsMapHasBoth(t *testing. } } +func TestCreateScan_WithoutSCSSecretDetection_scsMapNoSecretDetection(t *testing.T) { + var resubmitConfig []wrappers.Config + cmdCommand := &cobra.Command{ + Use: "scan", + Short: "Scan a project", + Long: `Scan a project`, + } + cmdCommand.PersistentFlags().String(commonParams.SCSEnginesFlag, "", "SCS Engine flag") + _ = cmdCommand.Execute() + _ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection") + + result, _ := addSCSScan(cmdCommand, resubmitConfig, false) + + scsConfig := wrappers.SCSConfig{ + Twoms: "", + } + scsMapConfig := make(map[string]interface{}) + scsMapConfig[resultsMapType] = commonParams.MicroEnginesType + scsMapConfig[resultsMapValue] = &scsConfig + + if !reflect.DeepEqual(result, scsMapConfig) { + t.Errorf("Expected %+v, but got %+v", scsMapConfig, result) + } +} + func TestCreateScan_WithSCSSecretDetection_scsMapHasSecretDetection(t *testing.T) { var resubmitConfig []wrappers.Config cmdCommand := &cobra.Command{ @@ -934,7 +959,7 @@ func TestCreateScan_WithSCSSecretDetection_scsMapHasSecretDetection(t *testing.T _ = cmdCommand.Execute() _ = cmdCommand.Flags().Set(commonParams.SCSEnginesFlag, "secret-detection") - result, _ := addSCSScan(cmdCommand, resubmitConfig) + result, _ := addSCSScan(cmdCommand, resubmitConfig, true) scsConfig := wrappers.SCSConfig{ Twoms: "true", diff --git a/internal/commands/util/pr.go b/internal/commands/util/pr.go index 859ece365..6c243e0d1 100644 --- a/internal/commands/util/pr.go +++ b/internal/commands/util/pr.go @@ -283,6 +283,9 @@ func policiesToPrPolicies(policy *wrappers.PolicyResponseModel) []wrappers.PrPol var prPolicies []wrappers.PrPolicy if policy != nil { for _, policy := range policy.Policies { + if len(policy.RulesViolated) == 0 { + continue + } prPolicy := wrappers.PrPolicy{} prPolicy.Name = policy.Name prPolicy.BreakBuild = policy.BreakBuild diff --git a/internal/commands/util/pr_test.go b/internal/commands/util/pr_test.go index 84ed0ec46..f2a86ae29 100644 --- a/internal/commands/util/pr_test.go +++ b/internal/commands/util/pr_test.go @@ -37,3 +37,10 @@ func TestIfScanRunning_WhenScanDone_ShouldReturnFalse(t *testing.T) { scanRunning, _ := isScanRunningOrQueued(scansMockWrapper, "ScanNotRunning") asserts.False(t, scanRunning) } + +func TestPRDecorationGithub_WhenNoViolatedPolicies_ShouldNotReturnPolicy(t *testing.T) { + prMockWrapper := &mock.PolicyMockWrapper{} + policyResponse, _, _ := prMockWrapper.EvaluatePolicy(nil) + prPolicy := policiesToPrPolicies(policyResponse) + asserts.True(t, len(prPolicy) == 0) +} diff --git a/internal/commands/vorpal/vorpal_test.go b/internal/commands/vorpal/vorpal_test.go deleted file mode 100644 index dde020015..000000000 --- a/internal/commands/vorpal/vorpal_test.go +++ /dev/null @@ -1,50 +0,0 @@ -package vorpal - -import ( - "os" - "testing" - - "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig" - "github.com/checkmarx/ast-cli/internal/services/osinstaller" - "gotest.tools/assert" -) - -func TestInstallOrUpgrade_firstInstallation_Success(t *testing.T) { - err := firstInstallation() - assert.NilError(t, err, "Error on first installation of vorpal") - fileExists, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath()) - assert.Assert(t, fileExists, "Executable file not found") - fileExists, _ = osinstaller.FileExists(vorpalconfig.Params.HashFilePath()) - assert.Assert(t, fileExists, "Hash file not found") -} - -func firstInstallation() error { - os.RemoveAll(vorpalconfig.Params.WorkingDir()) - _, err := osinstaller.InstallOrUpgrade(&vorpalconfig.Params) - return err -} - -func TestInstallOrUpgrade_installationIsUpToDate_Success(t *testing.T) { - err := firstInstallation() - assert.NilError(t, err, "Error on first installation of vorpal") - _, err = osinstaller.InstallOrUpgrade(&vorpalconfig.Params) - assert.NilError(t, err, "Error when not need to upgrade") -} - -func TestInstallOrUpgrade_installationIsNotUpToDate_Success(t *testing.T) { - err := firstInstallation() - assert.NilError(t, err, "Error on first installation of vorpal") - changeHashFile() - _, err = osinstaller.InstallOrUpgrade(&vorpalconfig.Params) - assert.NilError(t, err, "Error when need to upgrade") - fileExists, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath()) - assert.Assert(t, fileExists, "Executable file not found") - fileExists, _ = osinstaller.FileExists(vorpalconfig.Params.HashFilePath()) - assert.Assert(t, fileExists, "Hash file not found") -} - -func changeHashFile() { - content, _ := os.ReadFile(vorpalconfig.Params.HashFilePath()) - content[0]++ - _ = os.WriteFile(vorpalconfig.Params.HashFilePath(), content, os.ModePerm) -} diff --git a/internal/constants/errors/errors.go b/internal/constants/errors/errors.go index 33155c958..55c255d53 100644 --- a/internal/constants/errors/errors.go +++ b/internal/constants/errors/errors.go @@ -19,10 +19,10 @@ const ( SarifInvalidFileExtension = "Invalid file extension. Supported extensions are .sarif and .zip containing sarif files." ImportSarifFileError = "There was a problem importing the SARIF file. Please contact support for further details." ImportSarifFileErrorMessageWithMessage = "There was a problem importing the SARIF file. Please contact support for further details with the following error code: %d %s" - NoVorpalLicense = "User doesn't have \"AI Protection\" license" + NoASCALicense = "User doesn't have \"AI Protection\" license" FailedUploadFileMsgWithDomain = "Unable to upload the file to the pre-signed URL. Try adding the domain: %s to your allow list." FailedUploadFileMsgWithURL = "Unable to upload the file to the pre-signed URL. Try adding the URL: %s to your allow list." - // Vorpal Engine + // asca Engine FileExtensionIsRequired = "file must have an extension" ) diff --git a/internal/params/binds.go b/internal/params/binds.go index 5f4b3131b..4a5b10e0b 100644 --- a/internal/params/binds.go +++ b/internal/params/binds.go @@ -62,5 +62,5 @@ var EnvVarsBinds = []struct { {PolicyEvaluationPathKey, PolicyEvaluationPathEnv, "api/policy_management_service_uri/evaluation"}, {AccessManagementPathKey, AccessManagementPathEnv, "api/access-management"}, {ByorPathKey, ByorPathEnv, "api/byor"}, - {VorpalPortKey, VorpalPortEnv, ""}, + {ASCAPortKey, ASCAPortEnv, ""}, } diff --git a/internal/params/envs.go b/internal/params/envs.go index a776100f2..9ea114d98 100644 --- a/internal/params/envs.go +++ b/internal/params/envs.go @@ -61,5 +61,5 @@ const ( AccessManagementPathEnv = "CX_ACCESS_MANAGEMENT_PATH" ByorPathEnv = "CX_BYOR_PATH" IgnoreProxyEnv = "CX_IGNORE_PROXY" - VorpalPortEnv = "CX_VORPAL_PORT" + ASCAPortEnv = "CX_ASCA_PORT" ) diff --git a/internal/params/flags.go b/internal/params/flags.go index 510d48c11..3770183ee 100644 --- a/internal/params/flags.go +++ b/internal/params/flags.go @@ -47,7 +47,7 @@ const ( FormatFlag = "format" FormatFlagUsageFormat = "Format for the output. One of %s" FilterFlag = "filter" - VorpalLatestVersion = "vorpal-latest-version" + ASCALatestVersion = "asca-latest-version" BaseURIFlag = "base-uri" ProxyFlag = "proxy" ProxyFlagUsage = "Proxy server to send communication through" @@ -106,45 +106,46 @@ const ( Threshold = "threshold" ThresholdFlagUsage = "Local build threshold. Format -=. " + "Example: scan --threshold \"sast-high=10;sca-high=5;iac-security-low=10\"" - KeyValuePairSize = 2 - WaitDelayDefault = 5 - SimilarityIDFlag = "similarity-id" - SeverityFlag = "severity" - StateFlag = "state" - CommentFlag = "comment" - LanguageFlag = "language" - VulnerabilityTypeFlag = "vulnerability-type" - CweIDFlag = "cwe-id" - SCMTokenFlag = "token" - AzureTokenUsage = "Azure DevOps personal access token. Requires “Connected server” and “Code“ scope." - GithubTokenUsage = "GitHub OAuth token. Requires “Repo” scope and organization SSO authorization, if enforced by the organization" - GitLabTokenUsage = "GitLab OAuth token" - BotCount = "Note: dependabot is not counted but other bots might be considered as contributors." - DisabledReposCount = "Note: Disabled repositories are not counted." - URLFlag = "url" - GitLabURLFlag = "url-gitlab" - URLFlagUsage = "API base URL" - QueryIDFlag = "query-id" - SSHKeyFlag = "ssh-key" - RepoURLFlag = "repo-url" - AstToken = "ast-token" - SSHValue = "ssh-value" - KicsContainerNameKey = "kics-container-name" - KicsPlatformsFlag = "kics-platforms" - KicsPlatformsFlagUsage = "KICS Platform Flag. Use ',' as the delimiter for arrays." - IacsPlatformsFlag = "iac-security-platforms" - IacsPlatformsFlagUsage = "IaC Security Platform Flag" - ApikeyOverrideFlag = "apikey-override" - ExploitablePathFlag = "sca-exploitable-path" - LastSastScanTime = "sca-last-sast-scan-time" - ProjecPrivatePackageFlag = "project-private-package" - SastRedundancyFlag = "sast-redundancy" - ContainerImagesFlag = "container-images" - ContainersTypeFlag = "container-security" - VSCodeAgent = "VS Code" - EclipseAgent = "Eclipse" - VisualStudioAgent = "Visual Studio" - JetbrainsAgent = "Jetbrains" + KeyValuePairSize = 2 + WaitDelayDefault = 5 + SimilarityIDFlag = "similarity-id" + SeverityFlag = "severity" + StateFlag = "state" + CommentFlag = "comment" + LanguageFlag = "language" + VulnerabilityTypeFlag = "vulnerability-type" + CweIDFlag = "cwe-id" + SCMTokenFlag = "token" + AzureTokenUsage = "Azure DevOps personal access token. Requires “Connected server” and “Code“ scope." + GithubTokenUsage = "GitHub OAuth token. Requires “Repo” scope and organization SSO authorization, if enforced by the organization" + GitLabTokenUsage = "GitLab OAuth token" + BotCount = "Note: dependabot is not counted but other bots might be considered as contributors." + DisabledReposCount = "Note: Disabled repositories are not counted." + URLFlag = "url" + GitLabURLFlag = "url-gitlab" + URLFlagUsage = "API base URL" + QueryIDFlag = "query-id" + SSHKeyFlag = "ssh-key" + RepoURLFlag = "repo-url" + AstToken = "ast-token" + SSHValue = "ssh-value" + KicsContainerNameKey = "kics-container-name" + KicsPlatformsFlag = "kics-platforms" + KicsPlatformsFlagUsage = "KICS Platform Flag. Use ',' as the delimiter for arrays." + IacsPlatformsFlag = "iac-security-platforms" + IacsPlatformsFlagUsage = "IaC Security Platform Flag" + ApikeyOverrideFlag = "apikey-override" + ExploitablePathFlag = "sca-exploitable-path" + LastSastScanTime = "sca-last-sast-scan-time" + ProjecPrivatePackageFlag = "project-private-package" + SastRedundancyFlag = "sast-redundancy" + ContainerImagesFlag = "container-images" + ContainersTypeFlag = "container-security" + VSCodeAgent = "VS Code" + EclipseAgent = "Eclipse" + VisualStudioAgent = "Visual Studio" + JetbrainsAgent = "Jetbrains" + ScaPrivatePackageVersionFlag = "sca-private-package-version" // INDIVIDUAL FILTER FLAGS @@ -249,6 +250,8 @@ const ( Success = "success" SCSScorecardType = "sscs-scorecard" SCSSecretDetectionType = "sscs-secret-detection" + EnterpriseSecretsLabel = "Enterprise Secrets" + EnterpriseSecretsType = "enterprise-secrets" ) // ScaAgent AST Role diff --git a/internal/params/keys.go b/internal/params/keys.go index 8dcb84e95..1da512e43 100644 --- a/internal/params/keys.go +++ b/internal/params/keys.go @@ -61,5 +61,5 @@ var ( PolicyEvaluationPathKey = strings.ToLower(PolicyEvaluationPathEnv) AccessManagementPathKey = strings.ToLower(AccessManagementPathEnv) ByorPathKey = strings.ToLower(ByorPathEnv) - VorpalPortKey = strings.ToLower(VorpalPortEnv) + ASCAPortKey = strings.ToLower(ASCAPortEnv) ) diff --git a/internal/services/vorpal.go b/internal/services/asca.go similarity index 54% rename from internal/services/vorpal.go rename to internal/services/asca.go index cc84e9b65..6752d35e5 100644 --- a/internal/services/vorpal.go +++ b/internal/services/asca.go @@ -8,7 +8,7 @@ import ( "path/filepath" "time" - "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig" + "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig" errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" "github.com/checkmarx/ast-cli/internal/logger" "github.com/checkmarx/ast-cli/internal/params" @@ -20,39 +20,39 @@ import ( ) const ( - FilePathNotProvided = "File path not provided, Vorpal engine is running successfully." + FilePathNotProvided = "File path not provided, asca engine is running successfully." FileNotFound = "File %s not found" ) -type VorpalScanParams struct { - FilePath string - VorpalUpdateVersion bool - IsDefaultAgent bool +type AscaScanParams struct { + FilePath string + ASCAUpdateVersion bool + IsDefaultAgent bool } -type VorpalWrappersParam struct { +type AscaWrappersParam struct { JwtWrapper wrappers.JWTWrapper FeatureFlagsWrapper wrappers.FeatureFlagsWrapper - VorpalWrapper grpcs.VorpalWrapper + ASCAWrapper grpcs.AscaWrapper } -func CreateVorpalScanRequest(vorpalParams VorpalScanParams, wrapperParams VorpalWrappersParam) (*grpcs.ScanResult, error) { - err := manageVorpalInstallation(vorpalParams, wrapperParams) +func CreateASCAScanRequest(ascaParams AscaScanParams, wrapperParams AscaWrappersParam) (*grpcs.ScanResult, error) { + err := manageASCAInstallation(ascaParams, wrapperParams) if err != nil { return nil, err } - err = ensureVorpalServiceRunning(wrapperParams, vorpalParams) + err = ensureASCAServiceRunning(wrapperParams, ascaParams) if err != nil { return nil, err } - emptyResults := validateFilePath(vorpalParams.FilePath) + emptyResults := validateFilePath(ascaParams.FilePath) if emptyResults != nil { return emptyResults, nil } - return executeScan(wrapperParams.VorpalWrapper, vorpalParams.FilePath) + return executeScan(wrapperParams.ASCAWrapper, ascaParams.FilePath) } func validateFilePath(filePath string) *grpcs.ScanResult { @@ -76,41 +76,41 @@ func validateFilePath(filePath string) *grpcs.ScanResult { return nil } -func executeScan(vorpalWrapper grpcs.VorpalWrapper, filePath string) (*grpcs.ScanResult, error) { +func executeScan(ascaWrapper grpcs.AscaWrapper, filePath string) (*grpcs.ScanResult, error) { sourceCode, err := readSourceCode(filePath) if err != nil { return nil, err } _, fileName := filepath.Split(filePath) - return vorpalWrapper.Scan(fileName, sourceCode) + return ascaWrapper.Scan(fileName, sourceCode) } -func manageVorpalInstallation(vorpalParams VorpalScanParams, vorpalWrappers VorpalWrappersParam) error { - vorpalInstalled, _ := osinstaller.FileExists(vorpalconfig.Params.ExecutableFilePath()) +func manageASCAInstallation(ascaParams AscaScanParams, ascaWrappers AscaWrappersParam) error { + ASCAInstalled, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath()) - if !vorpalInstalled || vorpalParams.VorpalUpdateVersion { - if err := checkLicense(vorpalParams.IsDefaultAgent, vorpalWrappers); err != nil { - _ = vorpalWrappers.VorpalWrapper.ShutDown() + if !ASCAInstalled || ascaParams.ASCAUpdateVersion { + if err := checkLicense(ascaParams.IsDefaultAgent, ascaWrappers); err != nil { + _ = ascaWrappers.ASCAWrapper.ShutDown() return err } - newInstallation, err := osinstaller.InstallOrUpgrade(&vorpalconfig.Params) + newInstallation, err := osinstaller.InstallOrUpgrade(&ascaconfig.Params) if err != nil { return err } if newInstallation { - _ = vorpalWrappers.VorpalWrapper.ShutDown() + _ = ascaWrappers.ASCAWrapper.ShutDown() } } return nil } -func findVorpalPort() (int, error) { +func findASCAPort() (int, error) { port, err := getAvailablePort() if err != nil { return 0, err } - setConfigPropertyQuiet(params.VorpalPortKey, port) + setConfigPropertyQuiet(params.ASCAPortKey, port) return port, nil } @@ -122,15 +122,15 @@ func getAvailablePort() (int, error) { return port.Port, nil } -func configureVorpalWrapper(existingVorpalWrapper grpcs.VorpalWrapper) (grpcs.VorpalWrapper, error) { - if err := existingVorpalWrapper.HealthCheck(); err != nil { - port, portErr := findVorpalPort() +func configureASCAWrapper(existingASCAWrapper grpcs.AscaWrapper) (grpcs.AscaWrapper, error) { + if err := existingASCAWrapper.HealthCheck(); err != nil { + port, portErr := findASCAPort() if portErr != nil { return nil, portErr } - existingVorpalWrapper.ConfigurePort(port) + existingASCAWrapper.ConfigurePort(port) } - return existingVorpalWrapper, nil + return existingASCAWrapper, nil } func setConfigPropertyQuiet(propName string, propValue int) { @@ -140,35 +140,35 @@ func setConfigPropertyQuiet(propName string, propValue int) { } } -func ensureVorpalServiceRunning(wrappersParam VorpalWrappersParam, vorpalParams VorpalScanParams) error { - if err := wrappersParam.VorpalWrapper.HealthCheck(); err != nil { - err = checkLicense(vorpalParams.IsDefaultAgent, wrappersParam) +func ensureASCAServiceRunning(wrappersParam AscaWrappersParam, ascaParams AscaScanParams) error { + if err := wrappersParam.ASCAWrapper.HealthCheck(); err != nil { + err = checkLicense(ascaParams.IsDefaultAgent, wrappersParam) if err != nil { return err } - wrappersParam.VorpalWrapper, err = configureVorpalWrapper(wrappersParam.VorpalWrapper) + wrappersParam.ASCAWrapper, err = configureASCAWrapper(wrappersParam.ASCAWrapper) if err != nil { return err } - if err := RunVorpalEngine(wrappersParam.VorpalWrapper.GetPort()); err != nil { + if err := RunASCAEngine(wrappersParam.ASCAWrapper.GetPort()); err != nil { return err } - if err := wrappersParam.VorpalWrapper.HealthCheck(); err != nil { + if err := wrappersParam.ASCAWrapper.HealthCheck(); err != nil { return err } } return nil } -func checkLicense(isDefaultAgent bool, wrapperParams VorpalWrappersParam) error { +func checkLicense(isDefaultAgent bool, wrapperParams AscaWrappersParam) error { if !isDefaultAgent { allowed, err := wrapperParams.JwtWrapper.IsAllowedEngine(params.AIProtectionType, wrapperParams.FeatureFlagsWrapper) if err != nil { return err } if !allowed { - return fmt.Errorf("%v", errorconstants.NoVorpalLicense) + return fmt.Errorf("%v", errorconstants.NoASCALicense) } } return nil @@ -183,16 +183,16 @@ func readSourceCode(filePath string) (string, error) { return string(data), nil } -func RunVorpalEngine(port int) error { +func RunASCAEngine(port int) error { dialTimeout := 5 * time.Second args := []string{ "-listen", fmt.Sprintf("%d", port), } - logger.PrintIfVerbose(fmt.Sprintf("Running vorpal engine with args: %v \n", args)) + logger.PrintIfVerbose(fmt.Sprintf("Running ASCA engine with args: %v \n", args)) - cmd := exec.Command(vorpalconfig.Params.ExecutableFilePath(), args...) + cmd := exec.Command(ascaconfig.Params.ExecutableFilePath(), args...) osinstaller.ConfigureIndependentProcess(cmd) @@ -206,7 +206,7 @@ func RunVorpalEngine(port int) error { return fmt.Errorf("server did not become ready in time") } - logger.PrintIfVerbose("Vorpal engine started successfully!") + logger.PrintIfVerbose("ASCA engine started successfully!") return nil } diff --git a/internal/services/asca_test.go b/internal/services/asca_test.go new file mode 100644 index 000000000..8ef5d6bf5 --- /dev/null +++ b/internal/services/asca_test.go @@ -0,0 +1,132 @@ +package services + +import ( + "fmt" + "testing" + + errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" + "github.com/checkmarx/ast-cli/internal/wrappers/grpcs" + "github.com/checkmarx/ast-cli/internal/wrappers/mock" + "github.com/stretchr/testify/assert" +) + +func TestCreateASCAScanRequest_DefaultAgent_Success(t *testing.T) { + ASCAParams := AscaScanParams{ + FilePath: "data/python-vul-file.py", + ASCAUpdateVersion: false, + IsDefaultAgent: true, + } + wrapperParams := AscaWrappersParam{ + JwtWrapper: &mock.JWTMockWrapper{}, + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: mock.NewASCAMockWrapper(1234), + } + sr, err := CreateASCAScanRequest(ASCAParams, wrapperParams) + if err != nil { + t.Fatalf("Failed to create asca scan request: %v", err) + } + if sr == nil { + t.Fatalf("Failed to create asca scan request: %v", err) + } + fmt.Println(sr) +} + +func TestCreateASCAScanRequest_DefaultAgentAndLatestVersionFlag_Success(t *testing.T) { + ASCAParams := AscaScanParams{ + FilePath: "data/python-vul-file.py", + ASCAUpdateVersion: true, + IsDefaultAgent: true, + } + wrapperParams := AscaWrappersParam{ + JwtWrapper: &mock.JWTMockWrapper{}, + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: mock.NewASCAMockWrapper(1234), + } + sr, err := CreateASCAScanRequest(ASCAParams, wrapperParams) + if err != nil { + t.Fatalf("Failed to create asca scan request: %v", err) + } + if sr == nil { + t.Fatalf("Failed to create asca scan request: %v", err) + } + fmt.Println(sr) +} + +func TestCreateASCAScanRequest_SpecialAgentAndNoLicense_Fail(t *testing.T) { + specialErrorPort := 1 + ASCAParams := AscaScanParams{ + FilePath: "data/python-vul-file.py", + ASCAUpdateVersion: true, + IsDefaultAgent: false, + } + wrapperParams := AscaWrappersParam{ + JwtWrapper: &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}, + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: &mock.ASCAMockWrapper{Port: specialErrorPort}, + } + _, err := CreateASCAScanRequest(ASCAParams, wrapperParams) + assert.ErrorContains(t, err, errorconstants.NoASCALicense) +} + +func TestCreateASCAScanRequest_EngineRunningAndSpecialAgentAndNoLicense_Fail(t *testing.T) { + port, err := getAvailablePort() + if err != nil { + t.Fatalf("Failed to get available port: %v", err) + } + + ASCAParams := AscaScanParams{ + FilePath: "data/python-vul-file.py", + ASCAUpdateVersion: true, + IsDefaultAgent: false, + } + + wrapperParams := AscaWrappersParam{ + JwtWrapper: &mock.JWTMockWrapper{}, + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: grpcs.NewASCAGrpcWrapper(port), + } + err = manageASCAInstallation(ASCAParams, wrapperParams) + assert.Nil(t, err) + + err = ensureASCAServiceRunning(wrapperParams, ASCAParams) + assert.Nil(t, err) + assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck()) + + wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled} + + err = manageASCAInstallation(ASCAParams, wrapperParams) + assert.ErrorContains(t, err, errorconstants.NoASCALicense) + assert.NotNil(t, wrapperParams.ASCAWrapper.HealthCheck()) +} + +func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success(t *testing.T) { + port, err := getAvailablePort() + if err != nil { + t.Fatalf("Failed to get available port: %v", err) + } + + ASCAParams := AscaScanParams{ + FilePath: "data/python-vul-file.py", + ASCAUpdateVersion: true, + IsDefaultAgent: true, + } + + wrapperParams := AscaWrappersParam{ + JwtWrapper: &mock.JWTMockWrapper{}, + FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, + ASCAWrapper: grpcs.NewASCAGrpcWrapper(port), + } + err = manageASCAInstallation(ASCAParams, wrapperParams) + assert.Nil(t, err) + + wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled} + + err = ensureASCAServiceRunning(wrapperParams, ASCAParams) + assert.Nil(t, err) + assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck()) + + err = manageASCAInstallation(ASCAParams, wrapperParams) + assert.Nil(t, err) + assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck()) + _ = wrapperParams.ASCAWrapper.ShutDown() +} diff --git a/internal/services/vorpal_test.go b/internal/services/vorpal_test.go deleted file mode 100644 index 63360f278..000000000 --- a/internal/services/vorpal_test.go +++ /dev/null @@ -1,132 +0,0 @@ -package services - -import ( - "fmt" - "testing" - - errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors" - "github.com/checkmarx/ast-cli/internal/wrappers/grpcs" - "github.com/checkmarx/ast-cli/internal/wrappers/mock" - "github.com/stretchr/testify/assert" -) - -func TestCreateVorpalScanRequest_DefaultAgent_Success(t *testing.T) { - vorpalParams := VorpalScanParams{ - FilePath: "data/python-vul-file.py", - VorpalUpdateVersion: false, - IsDefaultAgent: true, - } - wrapperParams := VorpalWrappersParam{ - JwtWrapper: &mock.JWTMockWrapper{}, - FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: mock.NewVorpalMockWrapper(1234), - } - sr, err := CreateVorpalScanRequest(vorpalParams, wrapperParams) - if err != nil { - t.Fatalf("Failed to create vorpal scan request: %v", err) - } - if sr == nil { - t.Fatalf("Failed to create vorpal scan request: %v", err) - } - fmt.Println(sr) -} - -func TestCreateVorpalScanRequest_DefaultAgentAndLatestVersionFlag_Success(t *testing.T) { - vorpalParams := VorpalScanParams{ - FilePath: "data/python-vul-file.py", - VorpalUpdateVersion: true, - IsDefaultAgent: true, - } - wrapperParams := VorpalWrappersParam{ - JwtWrapper: &mock.JWTMockWrapper{}, - FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: mock.NewVorpalMockWrapper(1234), - } - sr, err := CreateVorpalScanRequest(vorpalParams, wrapperParams) - if err != nil { - t.Fatalf("Failed to create vorpal scan request: %v", err) - } - if sr == nil { - t.Fatalf("Failed to create vorpal scan request: %v", err) - } - fmt.Println(sr) -} - -func TestCreateVorpalScanRequest_SpecialAgentAndNoLicense_Fail(t *testing.T) { - specialErrorPort := 1 - vorpalParams := VorpalScanParams{ - FilePath: "data/python-vul-file.py", - VorpalUpdateVersion: true, - IsDefaultAgent: false, - } - wrapperParams := VorpalWrappersParam{ - JwtWrapper: &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled}, - FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: &mock.VorpalMockWrapper{Port: specialErrorPort}, - } - _, err := CreateVorpalScanRequest(vorpalParams, wrapperParams) - assert.ErrorContains(t, err, errorconstants.NoVorpalLicense) -} - -func TestCreateVorpalScanRequest_EngineRunningAndSpecialAgentAndNoLicense_Fail(t *testing.T) { - port, err := getAvailablePort() - if err != nil { - t.Fatalf("Failed to get available port: %v", err) - } - - vorpalParams := VorpalScanParams{ - FilePath: "data/python-vul-file.py", - VorpalUpdateVersion: true, - IsDefaultAgent: false, - } - - wrapperParams := VorpalWrappersParam{ - JwtWrapper: &mock.JWTMockWrapper{}, - FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: grpcs.NewVorpalGrpcWrapper(port), - } - err = manageVorpalInstallation(vorpalParams, wrapperParams) - assert.Nil(t, err) - - err = ensureVorpalServiceRunning(wrapperParams, vorpalParams) - assert.Nil(t, err) - assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck()) - - wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled} - - err = manageVorpalInstallation(vorpalParams, wrapperParams) - assert.ErrorContains(t, err, errorconstants.NoVorpalLicense) - assert.NotNil(t, wrapperParams.VorpalWrapper.HealthCheck()) -} - -func TestCreateVorpalScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success(t *testing.T) { - port, err := getAvailablePort() - if err != nil { - t.Fatalf("Failed to get available port: %v", err) - } - - vorpalParams := VorpalScanParams{ - FilePath: "data/python-vul-file.py", - VorpalUpdateVersion: true, - IsDefaultAgent: true, - } - - wrapperParams := VorpalWrappersParam{ - JwtWrapper: &mock.JWTMockWrapper{}, - FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{}, - VorpalWrapper: grpcs.NewVorpalGrpcWrapper(port), - } - err = manageVorpalInstallation(vorpalParams, wrapperParams) - assert.Nil(t, err) - - wrapperParams.JwtWrapper = &mock.JWTMockWrapper{AIEnabled: mock.AIProtectionDisabled} - - err = ensureVorpalServiceRunning(wrapperParams, vorpalParams) - assert.Nil(t, err) - assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck()) - - err = manageVorpalInstallation(vorpalParams, wrapperParams) - assert.Nil(t, err) - assert.Nil(t, wrapperParams.VorpalWrapper.HealthCheck()) - _ = wrapperParams.VorpalWrapper.ShutDown() -} diff --git a/internal/wrappers/grpcs/vorpal-grpc.go b/internal/wrappers/grpcs/asca-grpc.go similarity index 68% rename from internal/wrappers/grpcs/vorpal-grpc.go rename to internal/wrappers/grpcs/asca-grpc.go index 46251b83a..e6cf75917 100644 --- a/internal/wrappers/grpcs/vorpal-grpc.go +++ b/internal/wrappers/grpcs/asca-grpc.go @@ -5,14 +5,14 @@ import ( "time" "github.com/checkmarx/ast-cli/internal/logger" - vorpalManagement "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/vorpal/managements" - vorpalScan "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/vorpal/scans" + ASCAManagement "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/asca/managements" + ASCAScan "github.com/checkmarx/ast-cli/internal/wrappers/grpcs/protos/asca/scans" "github.com/google/uuid" "github.com/pkg/errors" "google.golang.org/grpc" ) -type VorpalGrpcWrapper struct { +type ASCAGrpcWrapper struct { grpcClient *ClientWithTimeout hostAddress string port int @@ -20,21 +20,21 @@ type VorpalGrpcWrapper struct { } const ( - vorpalScanErrMsg = "Vorpal scan failed for file %s. ScanId: %s" + ASCAScanErrMsg = "asca scan failed for file %s. ScanId: %s" localHostAddress = "127.0.0.1:%d" - serviceName = "VorpalEngine" + ASCAServiceName = "VorpalEngine" ) -func NewVorpalGrpcWrapper(port int) VorpalWrapper { +func NewASCAGrpcWrapper(port int) AscaWrapper { serverHostAddress := fmt.Sprintf(localHostAddress, port) - return &VorpalGrpcWrapper{ + return &ASCAGrpcWrapper{ grpcClient: NewGRPCClientWithTimeout(serverHostAddress, 1*time.Second).(*ClientWithTimeout), hostAddress: serverHostAddress, port: port, } } -func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, error) { +func (v *ASCAGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, error) { conn, connErr := v.grpcClient.CreateClientConn() if connErr != nil { logger.Printf(ConnErrMsg, v.hostAddress, connErr) @@ -45,11 +45,11 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro _ = conn.Close() }(conn) - scanClient := vorpalScan.NewScanServiceClient(conn) + scanClient := ASCAScan.NewScanServiceClient(conn) scanID := uuid.New().String() - request := &vorpalScan.SingleScanRequest{ - ScanRequest: &vorpalScan.ScanRequest{ + request := &ASCAScan.SingleScanRequest{ + ScanRequest: &ASCAScan.ScanRequest{ Id: scanID, FileName: fileName, SourceCode: sourceCode, @@ -58,7 +58,7 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro resp, err := scanClient.Scan(v.grpcClient.ctx, request) if err != nil { - return nil, errors.Wrapf(err, vorpalScanErrMsg, fileName, scanID) + return nil, errors.Wrapf(err, ASCAScanErrMsg, fileName, scanID) } var scanError *Error @@ -77,7 +77,7 @@ func (v *VorpalGrpcWrapper) Scan(fileName, sourceCode string) (*ScanResult, erro }, nil } -func convertScanDetails(details []*vorpalScan.ScanResult_ScanDetail) []ScanDetail { +func convertScanDetails(details []*ASCAScan.ScanResult_ScanDetail) []ScanDetail { var scanDetails []ScanDetail for _, detail := range details { scanDetails = append(scanDetails, ScanDetail{ @@ -96,9 +96,9 @@ func convertScanDetails(details []*vorpalScan.ScanResult_ScanDetail) []ScanDetai return scanDetails } -func (v *VorpalGrpcWrapper) HealthCheck() error { +func (v *ASCAGrpcWrapper) HealthCheck() error { if !v.serving { - err := v.grpcClient.HealthCheck(v.grpcClient, serviceName) + err := v.grpcClient.HealthCheck(v.grpcClient, ASCAServiceName) if err != nil { return err } @@ -108,7 +108,7 @@ func (v *VorpalGrpcWrapper) HealthCheck() error { return nil } -func (v *VorpalGrpcWrapper) ShutDown() error { +func (v *ASCAGrpcWrapper) ShutDown() error { conn, connErr := v.grpcClient.CreateClientConn() if connErr != nil { logger.Printf(ConnErrMsg, v.hostAddress, connErr) @@ -118,21 +118,21 @@ func (v *VorpalGrpcWrapper) ShutDown() error { _ = conn.Close() }(conn) - managementClient := vorpalManagement.NewManagementServiceClient(conn) - _, shutdownErr := managementClient.Shutdown(v.grpcClient.ctx, &vorpalManagement.ShutdownRequest{}) + managementClient := ASCAManagement.NewManagementServiceClient(conn) + _, shutdownErr := managementClient.Shutdown(v.grpcClient.ctx, &ASCAManagement.ShutdownRequest{}) if shutdownErr != nil { return errors.Wrap(shutdownErr, "failed to shutdown") } - logger.PrintfIfVerbose("Vorpal service is shutting down") + logger.PrintfIfVerbose("asca service is shutting down") v.serving = false return nil } -func (v *VorpalGrpcWrapper) GetPort() int { +func (v *ASCAGrpcWrapper) GetPort() int { return v.port } -func (v *VorpalGrpcWrapper) ConfigurePort(port int) { +func (v *ASCAGrpcWrapper) ConfigurePort(port int) { v.port = port v.hostAddress = fmt.Sprintf(localHostAddress, port) v.grpcClient = NewGRPCClientWithTimeout(v.hostAddress, 1*time.Second).(*ClientWithTimeout) diff --git a/internal/wrappers/grpcs/vorpal.go b/internal/wrappers/grpcs/asca.go similarity index 97% rename from internal/wrappers/grpcs/vorpal.go rename to internal/wrappers/grpcs/asca.go index 478f4802b..a66dbbd4d 100644 --- a/internal/wrappers/grpcs/vorpal.go +++ b/internal/wrappers/grpcs/asca.go @@ -1,6 +1,6 @@ package grpcs -type VorpalWrapper interface { +type AscaWrapper interface { Scan(fileName, sourceCode string) (*ScanResult, error) HealthCheck() error ShutDown() error diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go b/internal/wrappers/grpcs/protos/asca/managements/management.pb.go similarity index 99% rename from internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go rename to internal/wrappers/grpcs/protos/asca/managements/management.pb.go index 3e95feb01..7d845bfac 100644 --- a/internal/wrappers/grpcs/protos/vorpal/managements/management.pb.go +++ b/internal/wrappers/grpcs/protos/asca/managements/management.pb.go @@ -2,7 +2,7 @@ // versions: // protoc-gen-go v1.34.1 // protoc v4.25.3 -// source: managements/management.vorpal +// source: managements/management.asca package managements diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management.proto b/internal/wrappers/grpcs/protos/asca/managements/management.proto similarity index 83% rename from internal/wrappers/grpcs/protos/vorpal/managements/management.proto rename to internal/wrappers/grpcs/protos/asca/managements/management.proto index e72dda38d..bfe28bc47 100644 --- a/internal/wrappers/grpcs/protos/vorpal/managements/management.proto +++ b/internal/wrappers/grpcs/protos/asca/managements/management.proto @@ -2,7 +2,7 @@ syntax = "proto3"; package cx.microsast.service.v1.managements; -option go_package = "github.com/checkmarxdev/cxcodeprobe/vorpal/golang/managements"; +option go_package = "github.com/checkmarxdev/cxcodeprobe/asca/golang/managements"; // Represents a request to perform a shutdown. message ShutdownRequest { diff --git a/internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go b/internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go similarity index 99% rename from internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go rename to internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go index 0bd6cd5b5..117a9b870 100644 --- a/internal/wrappers/grpcs/protos/vorpal/managements/management_grpc.pb.go +++ b/internal/wrappers/grpcs/protos/asca/managements/management_grpc.pb.go @@ -2,7 +2,7 @@ // versions: // - protoc-gen-go-grpcs v1.3.0 // - protoc v4.25.3 -// source: managements/management.vorpal +// source: managements/management.asca package managements diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go b/internal/wrappers/grpcs/protos/asca/scans/scan.pb.go similarity index 99% rename from internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go rename to internal/wrappers/grpcs/protos/asca/scans/scan.pb.go index 91e956bb3..65a5fe85f 100644 --- a/internal/wrappers/grpcs/protos/vorpal/scans/scan.pb.go +++ b/internal/wrappers/grpcs/protos/asca/scans/scan.pb.go @@ -2,7 +2,7 @@ // versions: // protoc-gen-go v1.34.1 // protoc v4.25.3 -// source: scans/scan.vorpal +// source: scans/scan.asca package scans diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan.proto b/internal/wrappers/grpcs/protos/asca/scans/scan.proto similarity index 100% rename from internal/wrappers/grpcs/protos/vorpal/scans/scan.proto rename to internal/wrappers/grpcs/protos/asca/scans/scan.proto diff --git a/internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go b/internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go similarity index 99% rename from internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go rename to internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go index 2bda5d05e..09143331c 100644 --- a/internal/wrappers/grpcs/protos/vorpal/scans/scan_grpc.pb.go +++ b/internal/wrappers/grpcs/protos/asca/scans/scan_grpc.pb.go @@ -2,7 +2,7 @@ // versions: // - protoc-gen-go-grpcs v1.3.0 // - protoc v4.25.3 -// source: scans/scan.vorpal +// source: scans/scan.asca package scans diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go index 64b7f9e79..a18c3ea70 100644 --- a/internal/wrappers/jwt-helper.go +++ b/internal/wrappers/jwt-helper.go @@ -20,7 +20,7 @@ type JWTStruct struct { jwt.Claims } -var enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers"} +var enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers", "enterprise-secrets"} var defaultEngines = map[string]bool{ "sast": true, @@ -86,6 +86,7 @@ func prepareEngines(engines []string) map[string]bool { m := make(map[string]bool) for _, value := range engines { engine := strings.Replace(strings.ToLower(value), strings.ToLower(commonParams.APISecurityLabel), commonParams.APISecurityType, 1) + engine = strings.Replace(strings.ToLower(engine), strings.ToLower(commonParams.EnterpriseSecretsLabel), commonParams.EnterpriseSecretsType, 1) engine = strings.Replace(strings.ToLower(engine), commonParams.KicsType, commonParams.IacType, 1) // Current limitation, CxOne is including non-engines in the JWT diff --git a/internal/wrappers/mock/vorpal-mock.go b/internal/wrappers/mock/asca-mock.go similarity index 85% rename from internal/wrappers/mock/vorpal-mock.go rename to internal/wrappers/mock/asca-mock.go index b0ba8c539..71e59b651 100644 --- a/internal/wrappers/mock/vorpal-mock.go +++ b/internal/wrappers/mock/asca-mock.go @@ -10,33 +10,33 @@ var ( specialErrorPortNumber = 1 ) -type VorpalMockWrapper struct { +type ASCAMockWrapper struct { Port int } -func NewVorpalMockWrapper(port int) *VorpalMockWrapper { - return &VorpalMockWrapper{Port: port} +func NewASCAMockWrapper(port int) *ASCAMockWrapper { + return &ASCAMockWrapper{Port: port} } -func (v *VorpalMockWrapper) Scan(fileName, sourceCode string) (*grpcs.ScanResult, error) { +func (v *ASCAMockWrapper) Scan(fileName, sourceCode string) (*grpcs.ScanResult, error) { if fileName == "csharp-no-vul.cs" { return ReturnFailureResponseMock(), nil } return ReturnSuccessfulResponseMock(), nil } -func (v *VorpalMockWrapper) HealthCheck() error { +func (v *ASCAMockWrapper) HealthCheck() error { if v.Port == specialErrorPortNumber { return fmt.Errorf("error %d", InternalError) } return nil } -func (v *VorpalMockWrapper) ShutDown() error { +func (v *ASCAMockWrapper) ShutDown() error { return nil } -func (v *VorpalMockWrapper) GetPort() int { +func (v *ASCAMockWrapper) GetPort() int { return v.Port } @@ -81,7 +81,7 @@ func ReturnFailureResponseMock() *grpcs.ScanResult { } } -func (v *VorpalMockWrapper) ConfigurePort(port int) { +func (v *ASCAMockWrapper) ConfigurePort(port int) { } diff --git a/test/integration/vorpal-engine_test.go b/test/integration/asca-engine_test.go similarity index 73% rename from test/integration/vorpal-engine_test.go rename to test/integration/asca-engine_test.go index c0e348af5..43a8948ff 100644 --- a/test/integration/vorpal-engine_test.go +++ b/test/integration/asca-engine_test.go @@ -8,7 +8,7 @@ import ( "os" "testing" - "github.com/checkmarx/ast-cli/internal/commands/vorpal/vorpalconfig" + "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig" commonParams "github.com/checkmarx/ast-cli/internal/params" "github.com/checkmarx/ast-cli/internal/services" "github.com/checkmarx/ast-cli/internal/wrappers/configuration" @@ -18,12 +18,12 @@ import ( "gotest.tools/assert" ) -func TestScanVorpal_NoFileSourceSent_ReturnSuccess(t *testing.T) { +func TestScanASCA_NoFileSourceSent_ReturnSuccess(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "", - flag(commonParams.VorpalLatestVersion), + flag(commonParams.ASCALatestVersion), } err, bytes := executeCommand(t, args...) @@ -34,12 +34,12 @@ func TestScanVorpal_NoFileSourceSent_ReturnSuccess(t *testing.T) { assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided) } -func TestExecuteVorpalScan_VorpalLatestVersionSetTrue_Success(t *testing.T) { +func TestExecuteASCAScan_ASCALatestVersionSetTrue_Success(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "", - flag(commonParams.VorpalLatestVersion), + flag(commonParams.ASCALatestVersion), flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -51,13 +51,13 @@ func TestExecuteVorpalScan_VorpalLatestVersionSetTrue_Success(t *testing.T) { assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided) } -func TestExecuteVorpalScan_NoSourceAndVorpalLatestVersionSetFalse_Success(t *testing.T) { +func TestExecuteASCAScan_NoSourceAndASCALatestVersionSetFalse_Success(t *testing.T) { configuration.LoadConfiguration() - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - _ = vorpalWrapper.ShutDown() - _ = os.RemoveAll(vorpalconfig.Params.WorkingDir()) + ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + _ = ASCAWrapper.ShutDown() + _ = os.RemoveAll(ascaconfig.Params.WorkingDir()) args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -70,10 +70,10 @@ func TestExecuteVorpalScan_NoSourceAndVorpalLatestVersionSetFalse_Success(t *tes assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided) } -func TestExecuteVorpalScan_NotExistingFile_Success(t *testing.T) { +func TestExecuteASCAScan_NotExistingFile_Success(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "not-existing-file.py", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -86,10 +86,10 @@ func TestExecuteVorpalScan_NotExistingFile_Success(t *testing.T) { assert.Assert(t, scanResults.Error.Description == fmt.Sprintf(services.FileNotFound, "not-existing-file.py"), "should return error: ", services.FileNotFound) } -func TestExecuteVorpalScan_VorpalLatestVersionSetFalse_Success(t *testing.T) { +func TestExecuteASCAScan_ASCALatestVersionSetFalse_Success(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "data/python-vul-file.py", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -104,15 +104,15 @@ func TestExecuteVorpalScan_VorpalLatestVersionSetFalse_Success(t *testing.T) { asserts.NotNil(t, scanResult.ScanDetails) } -func TestExecuteVorpalScan_NoEngineInstalledAndVorpalLatestVersionSetFalse_Success(t *testing.T) { +func TestExecuteASCAScan_NoEngineInstalledAndASCALatestVersionSetFalse_Success(t *testing.T) { configuration.LoadConfiguration() - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - _ = vorpalWrapper.ShutDown() - _ = os.RemoveAll(vorpalconfig.Params.WorkingDir()) + ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + _ = ASCAWrapper.ShutDown() + _ = os.RemoveAll(ascaconfig.Params.WorkingDir()) args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "data/python-vul-file.py", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -127,10 +127,10 @@ func TestExecuteVorpalScan_NoEngineInstalledAndVorpalLatestVersionSetFalse_Succe asserts.NotNil(t, scanResult.ScanDetails) } -func TestExecuteVorpalScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testing.T) { +func TestExecuteASCAScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "data/python-vul-file.py", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -145,10 +145,10 @@ func TestExecuteVorpalScan_CorrectFlagsSent_SuccessfullyReturnMockData(t *testin asserts.NotNil(t, scanResult.ScanDetails) } -func TestExecuteVorpalScan_UnsupportedLanguage_Fail(t *testing.T) { +func TestExecuteASCAScan_UnsupportedLanguage_Fail(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "data/positive1.tf", flag(commonParams.AgentFlag), commonParams.DefaultAgent, } @@ -161,18 +161,18 @@ func TestExecuteVorpalScan_UnsupportedLanguage_Fail(t *testing.T) { asserts.NotNil(t, scanResult.Error) } -func TestExecuteVorpalScan_InitializeAndRunUpdateVersion_Success(t *testing.T) { +func TestExecuteASCAScan_InitializeAndRunUpdateVersion_Success(t *testing.T) { configuration.LoadConfiguration() - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - _ = vorpalWrapper.ShutDown() + ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + _ = ASCAWrapper.ShutDown() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "", - flag(commonParams.VorpalLatestVersion), + flag(commonParams.ASCALatestVersion), flag(commonParams.AgentFlag), commonParams.DefaultAgent, } - vorpalWrapper = grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - healthCheckErr := vorpalWrapper.HealthCheck() + ASCAWrapper = grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + healthCheckErr := ASCAWrapper.HealthCheck() asserts.NotNil(t, healthCheckErr) err, bytes := executeCommand(t, args...) assert.NilError(t, err, "Sending empty source file should not fail") @@ -182,10 +182,10 @@ func TestExecuteVorpalScan_InitializeAndRunUpdateVersion_Success(t *testing.T) { assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided) } -func TestExecuteVorpalScan_InitializeAndShutdown_Success(t *testing.T) { +func TestExecuteASCAScan_InitializeAndShutdown_Success(t *testing.T) { configuration.LoadConfiguration() args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "", flag(commonParams.AgentFlag), commonParams.DefaultAgent, flag(commonParams.DebugFlag), @@ -197,24 +197,24 @@ func TestExecuteVorpalScan_InitializeAndShutdown_Success(t *testing.T) { assert.NilError(t, err, "Failed to unmarshal scan result") assert.Assert(t, scanResults.Message == services.FilePathNotProvided, "should return message: ", services.FilePathNotProvided) - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - if healthCheckErr := vorpalWrapper.HealthCheck(); healthCheckErr != nil { + ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + if healthCheckErr := ASCAWrapper.HealthCheck(); healthCheckErr != nil { assert.Assert(t, healthCheckErr == nil, "Health check failed with error: ", healthCheckErr) } - if shutdownErr := vorpalWrapper.ShutDown(); shutdownErr != nil { + if shutdownErr := ASCAWrapper.ShutDown(); shutdownErr != nil { assert.Assert(t, shutdownErr == nil, "Shutdown failed with error: ", shutdownErr) } - err = vorpalWrapper.HealthCheck() + err = ASCAWrapper.HealthCheck() asserts.NotNil(t, err) } -func TestExecuteVorpalScan_EngineNotRunningWithLicense_Success(t *testing.T) { +func TestExecuteASCAScan_EngineNotRunningWithLicense_Success(t *testing.T) { configuration.LoadConfiguration() - vorpalWrapper := grpcs.NewVorpalGrpcWrapper(viper.GetInt(commonParams.VorpalPortKey)) - _ = vorpalWrapper.ShutDown() - _ = os.RemoveAll(vorpalconfig.Params.WorkingDir()) + ASCAWrapper := grpcs.NewASCAGrpcWrapper(viper.GetInt(commonParams.ASCAPortKey)) + _ = ASCAWrapper.ShutDown() + _ = os.RemoveAll(ascaconfig.Params.WorkingDir()) args := []string{ - "scan", "vorpal", + "scan", "asca", flag(commonParams.SourcesFlag), "data/python-vul-file.py", flag(commonParams.DebugFlag), flag(commonParams.AgentFlag), "JetBrains", diff --git a/test/integration/data/DevAndTestsVulnerabilitiesProject.zip b/test/integration/data/DevAndTestsVulnerabilitiesProject.zip new file mode 100644 index 000000000..9720b5a90 Binary files /dev/null and b/test/integration/data/DevAndTestsVulnerabilitiesProject.zip differ diff --git a/test/integration/result_test.go b/test/integration/result_test.go index d9d2ff340..e85c94653 100644 --- a/test/integration/result_test.go +++ b/test/integration/result_test.go @@ -542,3 +542,49 @@ func TestResultsGeneratingReportWithExcludeNotExploitableStateAndSeverityAndStat assert.NilError(t, err, "Report file should exist: "+fileName+printer.FormatJSON) assert.Assert(t, outputBuffer != nil, "Scan must complete successfully") } + +func TestResultsShow_ScanIDWithSnoozedAndMutedAllVulnerabilities_NoVulnerabilitiesInScan(t *testing.T) { + //---------------------------------------------------------------------------------------------------------------------- + // This scanID is associated with the CXOne project: ASTCLI/HideDevAndTestsVulnerabilities/Test (DEU, Galactica tenant). + // All vulnerable packages in this project have been snoozed or muted, so no vulnerabilities should appear in this scan. + // If the test fails, verify the scan exists in this project. If it doesn't, create a new scan for the project using + // DevAndTestsVulnerabilitiesProject.zip, mute and snooze all packages, and update the scanID accordingly. + scanID := "28d29a61-bc5e-4f5a-9fdd-e18c5a10c05b" + //---------------------------------------------------------------------------------------------------------------------- + reportFilePath := fmt.Sprintf("%s%s.%s", resultsDirectory, fileName, printer.FormatJSON) + + _ = executeCmdNilAssertion( + t, "Results show generating JSON report with options should pass", + "results", "show", + flag(params.ScanIDFlag), scanID, + flag(params.TargetFormatFlag), printer.FormatJSON, + flag(params.TargetPathFlag), resultsDirectory, + flag(params.TargetFlag), fileName, + ) + + defer func() { + _ = os.RemoveAll(resultsDirectory) + }() + + assertFileExists(t, reportFilePath) + + var result wrappers.ScanResultsCollection + readAndUnmarshalFile(t, reportFilePath, &result) + + for _, res := range result.Results { + assert.Equal(t, "NOT_EXPLOITABLE", res.State, "Should be marked as not exploitable") + } +} + +func assertFileExists(t *testing.T, path string) { + _, err := os.Stat(path) + assert.NilError(t, err, "Report file should exist at path "+path) +} + +func readAndUnmarshalFile(t *testing.T, path string, v interface{}) { + file, err := os.ReadFile(path) + assert.NilError(t, err, "Error reading file at path "+path) + + err = json.Unmarshal(file, v) + assert.NilError(t, err, "Error unmarshalling JSON data") +} diff --git a/test/integration/scan_test.go b/test/integration/scan_test.go index ed1d3d9cd..fcd20f9df 100644 --- a/test/integration/scan_test.go +++ b/test/integration/scan_test.go @@ -938,6 +938,7 @@ func getCreateArgsWithNameAndGroups(source string, tags map[string]string, group flag(params.TagList), formatTags(tags), flag(params.BranchFlag), SlowRepoBranch, flag(params.ProjectGroupList), formatGroups(groups), + flag(params.DebugFlag), } if strings.Contains(scanTypes, "scs") {