Merge branch 'main' into benalvo/add-muted-and-snoozed-package-test

.github/workflows/ci.yml

@@ -18,11 +18,11 @@ jobs:
         run: |
           sudo chmod +x ./internal/commands/.scripts/up.sh
           ./internal/commands/.scripts/up.sh
-      - name: Check if total coverage is greater then 80
+      - name: Check if total coverage is greater then 79.9
         shell: bash
         run: |
           CODE_COV=$(go tool cover -func cover.out | grep total | awk '{print substr($3, 1, length($3)-1)}')
-          EXPECTED_CODE_COV=80
+          EXPECTED_CODE_COV=79.9
           var=$(awk 'BEGIN{ print "'$CODE_COV'"<"'$EXPECTED_CODE_COV'" }')
           if [ "$var" -eq 1 ];then
             echo "Your code coverage is too low. Coverage precentage is: $CODE_COV"

.github/workflows/release.yml

@@ -64,7 +64,7 @@ jobs:
           brew install Bearer/tap/gon
       - name: Setup Docker on macOS
         if: inputs.dev == false
-        uses: douglascamata/setup-docker-macos-action@0f8f0e9f1033ccfb6676fe219e91781393f8ed4b  #v1-alpha
+        uses: douglascamata/setup-docker-macos-action@8d5fa43892aed7eee4effcdea113fd53e4d4bf83  #v1-alpha
       - name: Test docker
         if: inputs.dev == false
         run: |
@@ -114,6 +114,17 @@ jobs:
           SIGNING_REMOTE_SSH_HOST: ${{ secrets.SIGNING_REMOTE_SSH_HOST }}
           SIGNING_REMOTE_SSH_PRIVATE_KEY: ${{ secrets.SIGNING_REMOTE_SSH_PRIVATE_KEY }}
           SIGNING_HSM_CREDS: ${{ secrets.SIGNING_HSM_CREDS }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} # Secret for Cosign private key
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}       # Secret for Cosign password
+          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}   # Secret for Cosign public key
+
+      - name: Verify Docker image signature
+        if: inputs.dev == false
+        run: |
+          echo "${{ secrets.COSIGN_PUBLIC_KEY }}" > cosign.pub
+          cosign verify --key cosign.pub checkmarx/ast-cli:${{ inputs.tag }}
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
 
   notify:
     runs-on: ubuntu-latest

.goreleaser.yml

@@ -57,6 +57,22 @@ builds:
       - -w
       - -X github.com/checkmarx/ast-cli/internal/params.Version={{.Version}}
 
+docker_signs:
+  - id: ast-cli-signing
+    cmd: cosign
+    args:
+      - "sign"
+      - "--key-env=COSIGN_PRIVATE_KEY"   # Private key from environment variable
+      - "${artifact}"                    # The artifact (image or manifest) to be signed
+      - "--yes"                          # Required for Cosign 2.0.0+
+    artifacts: images                     # Sign Docker images
+    stdin: "{{ .Env.COSIGN_PASSWORD }}"   # Password from environment variable
+    env:
+      - COSIGN_PRIVATE_KEY={{ .Env.COSIGN_PRIVATE_KEY }}  # Private key from GitHub Secrets
+      - COSIGN_PASSWORD={{ .Env.COSIGN_PASSWORD }}        # Password from GitHub Secrets
+      - COSIGN_PUBLIC_KEY={{ .Env.COSIGN_PUBLIC_KEY }}    # Public key from GitHub Secrets
+    output: true
+
 dockers:
   - use: docker
     dockerfile: Dockerfile

internal/commands/vorpal/vorpal-engine.go → internal/commands/asca/asca-engine.go

@@ -1,4 +1,4 @@
-package vorpal
+package asca
 
 import (
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
@@ -10,24 +10,24 @@ import (
 	"github.com/spf13/viper"
 )
 
-func RunScanVorpalCommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
+func RunScanASCACommand(jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
-		vorpalLatestVersion, _ := cmd.Flags().GetBool(commonParams.VorpalLatestVersion)
+		ASCALatestVersion, _ := cmd.Flags().GetBool(commonParams.ASCALatestVersion)
 		fileSourceFlag, _ := cmd.Flags().GetString(commonParams.SourcesFlag)
 		agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
-		var port = viper.GetInt(commonParams.VorpalPortKey)
-		vorpalWrapper := grpcs.NewVorpalGrpcWrapper(port)
-		vorpalParams := services.VorpalScanParams{
-			FilePath:            fileSourceFlag,
-			VorpalUpdateVersion: vorpalLatestVersion,
-			IsDefaultAgent:      agent == commonParams.DefaultAgent,
+		var port = viper.GetInt(commonParams.ASCAPortKey)
+		ASCAWrapper := grpcs.NewASCAGrpcWrapper(port)
+		ASCAParams := services.AscaScanParams{
+			FilePath:          fileSourceFlag,
+			ASCAUpdateVersion: ASCALatestVersion,
+			IsDefaultAgent:    agent == commonParams.DefaultAgent,
 		}
-		wrapperParams := services.VorpalWrappersParam{
+		wrapperParams := services.AscaWrappersParam{
 			JwtWrapper:          jwtWrapper,
 			FeatureFlagsWrapper: featureFlagsWrapper,
-			VorpalWrapper:       vorpalWrapper,
+			ASCAWrapper:         ASCAWrapper,
 		}
-		scanResult, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams)
+		scanResult, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams)
 		if err != nil {
 			return err
 		}

internal/commands/vorpal/vorpal-engine_test.go → internal/commands/asca/asca-engine_test.go

@@ -1,4 +1,4 @@
-package vorpal
+package asca
 
 import (
 	"reflect"
@@ -12,10 +12,10 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func Test_ExecuteVorpalScan(t *testing.T) {
+func Test_ExecuteAscaScan(t *testing.T) {
 	type args struct {
-		fileSourceFlag      string
-		vorpalUpdateVersion bool
+		fileSourceFlag    string
+		ASCAUpdateVersion bool
 	}
 	tests := []struct {
 		name       string
@@ -27,37 +27,37 @@ func Test_ExecuteVorpalScan(t *testing.T) {
 		{
 			name: "Test with empty fileSource flag should not return error",
 			args: args{
-				fileSourceFlag:      "",
-				vorpalUpdateVersion: true,
+				fileSourceFlag:    "",
+				ASCAUpdateVersion: true,
 			},
 			want: &grpcs.ScanResult{
 				Message: services.FilePathNotProvided,
 			},
 			wantErr: false,
 		},
 		{
-			name: "Test with valid flags. vorpalUpdateVersion set to true",
+			name: "Test with valid flags. ASCAUpdateVersion set to true",
 			args: args{
-				fileSourceFlag:      "../data/python-vul-file.py",
-				vorpalUpdateVersion: true,
+				fileSourceFlag:    "../data/python-vul-file.py",
+				ASCAUpdateVersion: true,
 			},
 			want:    mock.ReturnSuccessfulResponseMock(),
 			wantErr: false,
 		},
 		{
-			name: "Test with valid flags. vorpalUpdateVersion set to false",
+			name: "Test with valid flags. ASCAUpdateVersion set to false",
 			args: args{
-				fileSourceFlag:      "../data/python-vul-file.py",
-				vorpalUpdateVersion: false,
+				fileSourceFlag:    "../data/python-vul-file.py",
+				ASCAUpdateVersion: false,
 			},
 			want:    mock.ReturnSuccessfulResponseMock(),
 			wantErr: false,
 		},
 		{
-			name: "Test with valid flags. vorpal scan failed",
+			name: "Test with valid flags. asca scan failed",
 			args: args{
-				fileSourceFlag:      "../data/csharp-no-vul.cs",
-				vorpalUpdateVersion: false,
+				fileSourceFlag:    "../data/csharp-no-vul.cs",
+				ASCAUpdateVersion: false,
 			},
 			want:    mock.ReturnFailureResponseMock(),
 			wantErr: false,
@@ -66,32 +66,32 @@ func Test_ExecuteVorpalScan(t *testing.T) {
 	for _, tt := range tests {
 		ttt := tt
 		t.Run(ttt.name, func(t *testing.T) {
-			vorpalParams := services.VorpalScanParams{
-				FilePath:            ttt.args.fileSourceFlag,
-				VorpalUpdateVersion: ttt.args.vorpalUpdateVersion,
-				IsDefaultAgent:      true,
+			ASCAParams := services.AscaScanParams{
+				FilePath:          ttt.args.fileSourceFlag,
+				ASCAUpdateVersion: ttt.args.ASCAUpdateVersion,
+				IsDefaultAgent:    true,
 			}
-			wrapperParams := services.VorpalWrappersParam{
+			wrapperParams := services.AscaWrappersParam{
 				JwtWrapper:          &mock.JWTMockWrapper{},
 				FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
-				VorpalWrapper:       &mock.VorpalMockWrapper{},
+				ASCAWrapper:         &mock.ASCAMockWrapper{},
 			}
-			got, err := services.CreateVorpalScanRequest(vorpalParams, wrapperParams)
+			got, err := services.CreateASCAScanRequest(ASCAParams, wrapperParams)
 			if (err != nil) != ttt.wantErr {
-				t.Errorf("executeVorpalScan() error = %v, wantErr %v", err, ttt.wantErr)
+				t.Errorf("executeASCAScan() error = %v, wantErr %v", err, ttt.wantErr)
 				return
 			}
 			if ttt.wantErr && err.Error() != ttt.wantErrMsg {
-				t.Errorf("executeVorpalScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
+				t.Errorf("executeASCAScan() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
 			}
 			if !reflect.DeepEqual(got, ttt.want) {
-				t.Errorf("executeVorpalScan() got = %v, want %v", got, ttt.want)
+				t.Errorf("executeASCAScan() got = %v, want %v", got, ttt.want)
 			}
 		})
 	}
 }
 
-func Test_runScanVorpalCommand(t *testing.T) {
+func Test_runScanASCACommand(t *testing.T) {
 	tests := []struct {
 		name       string
 		sourceFlag string
@@ -108,14 +108,14 @@ func Test_runScanVorpalCommand(t *testing.T) {
 			want:       nil,
 		},
 		{
-			name:       "Test with valid fileSource Flag and vorpalUpdateVersion flag set false ",
+			name:       "Test with valid fileSource Flag and ASCAUpdateVersion flag set false ",
 			sourceFlag: "data/python-vul-file.py",
 			engineFlag: false,
 			want:       nil,
 			wantErr:    false,
 		},
 		{
-			name:       "Test with valid fileSource Flag and vorpalUpdateVersion flag set true ",
+			name:       "Test with valid fileSource Flag and ASCAUpdateVersion flag set true ",
 			sourceFlag: "data/python-vul-file.py",
 			engineFlag: true,
 			want:       nil,
@@ -127,16 +127,16 @@ func Test_runScanVorpalCommand(t *testing.T) {
 		t.Run(ttt.name, func(t *testing.T) {
 			cmd := &cobra.Command{}
 			cmd.Flags().String(commonParams.SourcesFlag, ttt.sourceFlag, "")
-			cmd.Flags().Bool(commonParams.VorpalLatestVersion, ttt.engineFlag, "")
+			cmd.Flags().Bool(commonParams.ASCALatestVersion, ttt.engineFlag, "")
 			cmd.Flags().String(commonParams.FormatFlag, printer.FormatJSON, "")
-			runFunc := RunScanVorpalCommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
+			runFunc := RunScanASCACommand(&mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 			err := runFunc(cmd, []string{})
 			if (err != nil) != ttt.wantErr {
-				t.Errorf("RunScanVorpalCommand() error = %v, wantErr %v", err, ttt.wantErr)
+				t.Errorf("RunScanASCACommand() error = %v, wantErr %v", err, ttt.wantErr)
 				return
 			}
 			if ttt.wantErr && err.Error() != ttt.wantErrMsg {
-				t.Errorf("RunScanVorpalCommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
+				t.Errorf("RunScanASCACommand() error message = %v, wantErrMsg %v", err.Error(), ttt.wantErrMsg)
 			}
 		})
 	}

internal/commands/asca/asca_test.go

@@ -0,0 +1,51 @@
+package asca
+
+import (
+	"os"
+	"testing"
+
+	"gotest.tools/assert"
+
+	ascaconfig "github.com/checkmarx/ast-cli/internal/commands/asca/ascaconfig"
+	"github.com/checkmarx/ast-cli/internal/services/osinstaller"
+)
+
+func TestInstallOrUpgrade_firstInstallation_Success(t *testing.T) {
+	err := firstInstallation()
+	assert.NilError(t, err, "Error on first installation of asca")
+	fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath())
+	assert.Assert(t, fileExists, "Executable file not found")
+	fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath())
+	assert.Assert(t, fileExists, "Hash file not found")
+}
+
+func firstInstallation() error {
+	os.RemoveAll(ascaconfig.Params.WorkingDir())
+	_, err := osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+	return err
+}
+
+func TestInstallOrUpgrade_installationIsUpToDate_Success(t *testing.T) {
+	err := firstInstallation()
+	assert.NilError(t, err, "Error on first installation of asca")
+	_, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+	assert.NilError(t, err, "Error when not need to upgrade")
+}
+
+func TestInstallOrUpgrade_installationIsNotUpToDate_Success(t *testing.T) {
+	err := firstInstallation()
+	assert.NilError(t, err, "Error on first installation of asca")
+	changeHashFile()
+	_, err = osinstaller.InstallOrUpgrade(&ascaconfig.Params)
+	assert.NilError(t, err, "Error when need to upgrade")
+	fileExists, _ := osinstaller.FileExists(ascaconfig.Params.ExecutableFilePath())
+	assert.Assert(t, fileExists, "Executable file not found")
+	fileExists, _ = osinstaller.FileExists(ascaconfig.Params.HashFilePath())
+	assert.Assert(t, fileExists, "Hash file not found")
+}
+
+func changeHashFile() {
+	content, _ := os.ReadFile(ascaconfig.Params.HashFilePath())
+	content[0]++
+	_ = os.WriteFile(ascaconfig.Params.HashFilePath(), content, os.ModePerm)
+}

internal/commands/vorpal/vorpalconfig/vorpal-linux-amd.go → internal/commands/asca/ascaconfig/asca-linux-amd.go

@@ -1,6 +1,6 @@
 //go:build linux && amd64
 
-package vorpalconfig
+package ascaconfig
 
 import (
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"

internal/commands/vorpal/vorpalconfig/vorpal-linux-arm.go → internal/commands/asca/ascaconfig/asca-linux-arm.go

@@ -1,6 +1,6 @@
 //go:build linux && (arm64 || arm)
 
-package vorpalconfig
+package ascaconfig
 
 import (
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"

internal/commands/vorpal/vorpalconfig/vorpal-mac-amd.go → internal/commands/asca/ascaconfig/asca-mac-amd.go

@@ -1,6 +1,6 @@
 //go:build darwin && amd64
 
-package vorpalconfig
+package ascaconfig
 
 import (
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"

internal/commands/vorpal/vorpalconfig/vorpal-mac-arm.go → internal/commands/asca/ascaconfig/asca-mac-arm.go

@@ -1,6 +1,6 @@
 //go:build darwin && arm64
 
-package vorpalconfig
+package ascaconfig
 
 import (
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"

internal/commands/vorpal/vorpalconfig/vorpal-windows.go → internal/commands/asca/ascaconfig/asca-windows.go

@@ -1,6 +1,6 @@
 //go:build windows
 
-package vorpalconfig
+package ascaconfig
 
 import (
 	"github.com/checkmarx/ast-cli/internal/services/osinstaller"

internal/commands/policymanagement/policy.go

@@ -104,7 +104,7 @@ func isPolicyEvaluated(
 		return false, nil, err
 	}
 	if errorModel != nil {
-		log.Fatalf(fmt.Sprintf("%s: CODE: %d, %s", failedGetting, errorModel.Code, errorModel.Message))
+		return false, nil, fmt.Errorf("%s: CODE: %d, %s", failedGetting, errorModel.Code, errorModel.Message)
 	} else if policyResponseModel != nil {
 		if policyResponseModel.Status == evaluatingPolicy {
 			log.Println("Policy status: ", policyResponseModel.Status)

internal/commands/project.go

@@ -433,6 +433,9 @@ func runGetProjectByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd
 		if errorModel != nil {
 			return errors.Errorf("%s: CODE: %d, %s", services.FailedGettingProj, errorModel.Code, errorModel.Message)
 		} else if projectResponseModel != nil {
+			resp := GetProjectByName(projectResponseModel.Name, projectsWrapper)
+
+			projectResponseModel.Groups = resp.Groups
 			err = printByFormat(cmd, toProjectView(*projectResponseModel))
 			if err != nil {
 				return err
@@ -442,6 +445,21 @@ func runGetProjectByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd
 	}
 }
 
+func GetProjectByName(projectName string, projectsWrapper wrappers.ProjectsWrapper) wrappers.ProjectResponseModel {
+	resp, err := services.GetProjectsCollectionByProjectName(projectName, projectsWrapper)
+	if err != nil {
+		return wrappers.ProjectResponseModel{}
+	}
+
+	for i := range resp.Projects {
+		project := &resp.Projects[i]
+		if project.Name == projectName {
+			return *project
+		}
+	}
+	return wrappers.ProjectResponseModel{}
+}
+
 func runGetBranchesByIDCommand(projectsWrapper wrappers.ProjectsWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		var branches []string