finish tests

jfrog · Nov 24, 2024 · 9b5fade · 9b5fade
1 parent e6beaee
commit 9b5fade
Show file tree

Hide file tree

Showing 15 changed files with 243 additions and 121 deletions.
diff --git a/commands.go b/commands.go
@@ -106,7 +106,7 @@ func Exec(command FrogbotCommand, commandName string) (err error) {
 	waitForUsageResponse()
 
 	if err != nil && usage.ShouldReportUsage() {
-		if reportError := xsc.ReportError(frogbotDetails.ServerDetails, err, "frogbot"); reportError != nil {
+		if reportError := xsc.ReportError(frogbotDetails.XrayVersion, frogbotDetails.XscVersion, frogbotDetails.ServerDetails, err, "frogbot"); reportError != nil {
 			log.Debug(reportError)
 		}
 	} else {

diff --git a/go.mod b/go.mod
@@ -29,7 +29,10 @@ require (
 	github.com/CycloneDX/cyclonedx-go v0.9.0 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v1.1.2 // indirect
+	github.com/VividCortex/ewma v1.2.0 // indirect
+	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/beevik/etree v1.4.0 // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
 	github.com/c-bata/go-prompt v0.2.5 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
@@ -95,6 +98,7 @@ require (
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/urfave/cli v1.22.16 // indirect
+	github.com/vbauerster/mpb/v8 v8.8.3 // indirect
 	github.com/xanzy/go-gitlab v0.110.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -119,13 +123,13 @@ require (
 )
 
 // attiasas:xsc_to_xray
-replace github.com/jfrog/jfrog-cli-security => github.com/attiasas/jfrog-cli-security v0.0.0-20241121124418-9bd0b000b72f
+replace github.com/jfrog/jfrog-cli-security => github.com/attiasas/jfrog-cli-security v0.0.0-20241124080606-40f6d08e258b
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 
 // replace github.com/jfrog/build-info-go => github.com/jfrog/build-info-go dev
 
 // attiasas:transition_xsc_url
-replace github.com/jfrog/jfrog-client-go => github.com/attiasas/jfrog-client-go v0.0.0-20241121131417-9397a6b53b0a
+replace github.com/jfrog/jfrog-client-go => github.com/attiasas/jfrog-client-go v0.0.0-20241121140610-2b71c4552d15
 
 // replace github.com/jfrog/froggit-go => github.com/jfrog/froggit-go dev
diff --git a/go.sum b/go.sum
@@ -22,10 +22,12 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
-github.com/attiasas/jfrog-cli-security v0.0.0-20241121124418-9bd0b000b72f h1:5YmNXTUSWU6xsURHcNtxYmFDzVRAAEdhEFoulyOdvVM=
-github.com/attiasas/jfrog-cli-security v0.0.0-20241121124418-9bd0b000b72f/go.mod h1:HAFgna7us55OkVIGYDDKkgZq+DaBBtyTSPs0Jq2pi4U=
-github.com/attiasas/jfrog-client-go v0.0.0-20241121131417-9397a6b53b0a h1:chZmFC/H9GmzrwXetVVNnGLGCi2iuun3YSFC+XoxCvc=
-github.com/attiasas/jfrog-client-go v0.0.0-20241121131417-9397a6b53b0a/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU=
+github.com/attiasas/jfrog-cli-security v0.0.0-20241124080606-40f6d08e258b h1:sTHSQry6DTMI8p7XX+PrLs/oleOLbjdcsYHVn66sWd0=
+github.com/attiasas/jfrog-cli-security v0.0.0-20241124080606-40f6d08e258b/go.mod h1:k4ks2Zq7aU+6Sz6MTTW6tQmMiX1QmQt8GWfzoz6EFBg=
+github.com/attiasas/jfrog-client-go v0.0.0-20241121140610-2b71c4552d15 h1:0NWisTlqXXw8SKvSHFAzkJOYked437OspjLzVWWoX8Q=
+github.com/attiasas/jfrog-client-go v0.0.0-20241121140610-2b71c4552d15/go.mod h1:1a7bmQHkRmPEza9wva2+WVrYzrGbosrMymq57kyG5gU=
+github.com/beevik/etree v1.4.0 h1:oz1UedHRepuY3p4N5OjE0nK1WLCqtzHf25bxplKOHLs=
+github.com/beevik/etree v1.4.0/go.mod h1:cyWiXwGoasx60gHvtnEh5x8+uIjUVnjWqBvEnhnqKDA=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=

diff --git a/scanpullrequest/scanpullrequest.go b/scanpullrequest/scanpullrequest.go
@@ -26,7 +26,9 @@ const (
 	analyticsScanPrScanType = "PR"
 )
 
-type ScanPullRequestCmd struct{}
+type ScanPullRequestCmd struct {
+	XrayVersion string
+}
 
 // Run ScanPullRequest method only works for a single repository scan.
 // Therefore, the first repository config represents the repository on which Frogbot runs, and it is the only one that matters.
@@ -91,16 +93,19 @@ func scanPullRequest(repo *utils.Repository, client vcsclient.VcsClient) (err er
 		pullRequestDetails.Target.Owner, pullRequestDetails.Target.Repository, pullRequestDetails.Target.Name))
 	log.Info("-----------------------------------------------------------")
 
-	analyticsService := utils.AddAnalyticsGeneralEvent(nil, &repo.Server, analyticsScanPrScanType)
-	defer func() {
-		analyticsService.UpdateAndSendXscAnalyticsGeneralEventFinalize(err)
-	}()
+	// analyticsService := utils.AddAnalyticsGeneralEvent(nil, &repo.Server, analyticsScanPrScanType)
+	// defer func() {
+	// 	analyticsService.UpdateAndSendXscAnalyticsGeneralEventFinalize(err)
+	// }()
 
 	// Audit PR code
-	issues, err := auditPullRequest(repo, client, analyticsService)
+	issues, err := auditPullRequest(repo, client)
 	if err != nil {
 		return
 	}
+	// if analyticsService.ShouldReportEvents() {
+	// 	analyticsService.AddScanFindingsToXscAnalyticsGeneralEventFinalize(issues.CountIssuesCollectionFindings())
+	// }
 
 	// Output results
 	shouldSendExposedSecretsEmail := issues.SecretsExists() && repo.SmtpServer != ""
@@ -130,7 +135,7 @@ func toFailTaskStatus(repo *utils.Repository, issues *utils.IssuesCollection) bo
 }
 
 // Downloads Pull Requests branches code and audits them
-func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient, analyticsService *xsc.AnalyticsMetricsService) (issuesCollection *utils.IssuesCollection, err error) {
+func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient) (issuesCollection *utils.IssuesCollection, err error) {
 	scanDetails := utils.NewScanDetails(client, &repoConfig.Server, &repoConfig.Git).
 		SetXrayGraphScanParams(repoConfig.Watches, repoConfig.JFrogProjectKey, len(repoConfig.AllowedLicenses) > 0).
 		SetFixableOnly(repoConfig.FixableOnly).
@@ -141,12 +146,27 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient,
 	if scanDetails, err = scanDetails.SetMinSeverity(repoConfig.MinSeverity); err != nil {
 		return
 	}
+	scanDetails.XrayVersion = repoConfig.XrayVersion
+	scanDetails.XscVersion = repoConfig.XscVersion
+
+	scanDetails.MultiScanId, scanDetails.StartTime = xsc.SendNewScanEvent(
+		scanDetails.XrayVersion,
+		scanDetails.XscVersion,
+		scanDetails.ServerDetails,
+		utils.CreateScanEvent(scanDetails.ServerDetails, nil, analyticsScanPrScanType),
+	)
+
+	totalFindings := 0
+
+	defer func() {
+		xsc.SendScanEndedEvent(scanDetails.XrayVersion, scanDetails.XscVersion, scanDetails.ServerDetails, scanDetails.MultiScanId, scanDetails.StartTime, totalFindings, err)
+	}()
 
 	// If MSI exists we always need to report events
-	if analyticsService.GetMsi() != "" {
-		// MSI is passed to XrayGraphScanParams, so it can be later used by other analytics events in the scan phase
-		scanDetails.XrayGraphScanParams.MultiScanId = analyticsService.GetMsi()
-	}
+	// if analyticsService.GetMsi() != "" {
+	// 	// MSI is passed to XrayGraphScanParams, so it can be later used by other analytics events in the scan phase
+	// 	scanDetails.XrayGraphScanParams.MultiScanId = analyticsService.GetMsi()
+	// }
 
 	issuesCollection = &utils.IssuesCollection{}
 	for i := range repoConfig.Projects {
@@ -155,11 +175,9 @@ func auditPullRequest(repoConfig *utils.Repository, client vcsclient.VcsClient,
 		if projectIssues, err = auditPullRequestInProject(repoConfig, scanDetails); err != nil {
 			return
 		}
+		totalFindings += projectIssues.CountIssuesCollectionFindings()
 		issuesCollection.Append(projectIssues)
 	}
-	if analyticsService.ShouldReportEvents() {
-		analyticsService.AddScanFindingsToXscAnalyticsGeneralEventFinalize(issuesCollection.CountIssuesCollectionFindings())
-	}
 	return
 }
 

diff --git a/scanpullrequest/scanpullrequest_test.go b/scanpullrequest/scanpullrequest_test.go
@@ -19,6 +19,7 @@ import (
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/froggit-go/vcsutils"
 	coreconfig "github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/jfrog/jfrog-cli-security/cli"
 	"github.com/jfrog/jfrog-cli-security/utils/formats"
 	"github.com/jfrog/jfrog-cli-security/utils/formats/sarifutils"
 	"github.com/jfrog/jfrog-cli-security/utils/jasutils"
@@ -635,11 +636,14 @@ func testScanPullRequest(t *testing.T, configPath, projectName string, failOnSec
 	params, restoreEnv := utils.VerifyEnv(t)
 	defer restoreEnv()
 
+	xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&params)
+	assert.NoError(t, err)
+
 	// Create mock GitLab server
 	server := httptest.NewServer(createGitLabHandler(t, projectName))
 	defer server.Close()
 
-	configAggregator, client := prepareConfigAndClient(t, configPath, server, params)
+	configAggregator, client := prepareConfigAndClient(t, xrayVersion, xscVersion, configPath, server, params)
 	testDir, cleanUp := utils.CopyTestdataProjectsToTemp(t, "scanpullrequest")
 	defer cleanUp()
 
@@ -722,7 +726,7 @@ func TestVerifyGitHubFrogbotEnvironmentOnPrem(t *testing.T) {
 	assert.NoError(t, err)
 }
 
-func prepareConfigAndClient(t *testing.T, configPath string, server *httptest.Server, serverParams coreconfig.ServerDetails) (utils.RepoAggregator, vcsclient.VcsClient) {
+func prepareConfigAndClient(t *testing.T, xrayVersion, xscVersion, configPath string, server *httptest.Server, serverParams coreconfig.ServerDetails) (utils.RepoAggregator, vcsclient.VcsClient) {
 	gitTestParams := &utils.Git{
 		GitProvider: vcsutils.GitHub,
 		RepoOwner:   "jfrog",
@@ -739,7 +743,7 @@ func prepareConfigAndClient(t *testing.T, configPath string, server *httptest.Se
 
 	configData, err := utils.ReadConfigFromFileSystem(configPath)
 	assert.NoError(t, err)
-	configAggregator, err := utils.BuildRepoAggregator(client, configData, gitTestParams, &serverParams, utils.ScanPullRequest)
+	configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, gitTestParams, &serverParams, utils.ScanPullRequest)
 	assert.NoError(t, err)
 
 	return configAggregator, client

diff --git a/scanrepository/scanmultiplerepositories.go b/scanrepository/scanmultiplerepositories.go
@@ -15,8 +15,11 @@ type ScanMultipleRepositories struct {
 
 func (saf *ScanMultipleRepositories) Run(repoAggregator utils.RepoAggregator, client vcsclient.VcsClient, frogbotRepoConnection *utils.UrlAccessChecker) (err error) {
 	scanRepositoryCmd := &ScanRepositoryCmd{dryRun: saf.dryRun, dryRunRepoPath: saf.dryRunRepoPath, baseWd: saf.dryRunRepoPath}
+
 	for repoNum := range repoAggregator {
 		repoAggregator[repoNum].OutputWriter.SetHasInternetConnection(frogbotRepoConnection.IsConnected())
+		scanRepositoryCmd.XrayVersion = repoAggregator[repoNum].XrayVersion
+		scanRepositoryCmd.XscVersion = repoAggregator[repoNum].XscVersion
 		if e := scanRepositoryCmd.scanAndFixRepository(&repoAggregator[repoNum], client); e != nil {
 			err = errors.Join(err, e)
 		}

diff --git a/scanrepository/scanmultiplerepositories_test.go b/scanrepository/scanmultiplerepositories_test.go
@@ -4,19 +4,21 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp"
 	"github.com/go-git/go-git/v5/plumbing/protocol/packp/capability"
 	"github.com/jfrog/frogbot/v2/utils"
 	"github.com/jfrog/froggit-go/vcsclient"
 	"github.com/jfrog/froggit-go/vcsutils"
+	"github.com/jfrog/jfrog-cli-security/cli"
 	"github.com/stretchr/testify/assert"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
 )
 
 var testScanMultipleRepositoriesConfigPath = filepath.Join("..", "testdata", "config", "frogbot-config-scan-multiple-repositories.yml")
@@ -28,6 +30,9 @@ func TestScanAndFixRepos(t *testing.T) {
 	_, restoreJfrogHomeFunc := utils.CreateTempJfrogHomeWithCallback(t)
 	defer restoreJfrogHomeFunc()
 
+	xrayVersion, xscVersion, err := cli.GetJfrogServicesVersion(&serverParams)
+	assert.NoError(t, err)
+
 	baseWd, err := os.Getwd()
 	assert.NoError(t, err)
 
@@ -57,7 +62,7 @@ func TestScanAndFixRepos(t *testing.T) {
 	}()
 
 	utils.CreateDotGitWithCommit(t, testDir, port, testRepositories...)
-	configAggregator, err := utils.BuildRepoAggregator(client, configData, &gitTestParams, &serverParams, utils.ScanMultipleRepositories)
+	configAggregator, err := utils.BuildRepoAggregator(xrayVersion, xscVersion, client, configData, &gitTestParams, &serverParams, utils.ScanMultipleRepositories)
 	assert.NoError(t, err)
 
 	var cmd = ScanMultipleRepositories{dryRun: true, dryRunRepoPath: testDir}