diff --git a/cli/scancommands.go b/cli/scancommands.go index fe553370..3b8df7fe 100644 --- a/cli/scancommands.go +++ b/cli/scancommands.go @@ -197,7 +197,13 @@ func EnrichCmd(c *components.Context) error { func ScanCmd(c *components.Context) error { if len(c.Arguments) == 0 && !c.IsFlagSet(flags.SpecFlag) { return pluginsCommon.PrintHelpAndReturnError("providing either a argument or the 'spec' option is mandatory", c) + } else if len(c.Arguments) > 1 { + // If a non-existing flag was provided AFTER the provided source_pattern - it will be captured as another argument. Since 'scan' command + // Expects only a single argument, we use this check to verify all provided flags are valid. + // If a non exiting flag was provided BEFORE the source_pattern, the CLI will return an error before reaching this point. + return pluginsCommon.PrintHelpAndReturnError(utils.GetCliTooManyArgsErrorMessage(len(c.Arguments)), c) } + serverDetails, err := createServerDetailsWithConfigOffer(c) if err != nil { return err diff --git a/scans_test.go b/scans_test.go index 818bbb9c..4b80b162 100644 --- a/scans_test.go +++ b/scans_test.go @@ -79,6 +79,46 @@ func TestXrayBinaryScanSimpleJsonWithProgress(t *testing.T) { }) } +// This test verifies the correctness of a use case in 'scan' command, where a user provides the command's arguments before the command's flags, and there is an incorrect flag. +// Since the library that parses the command expects the flags to be provided before the arguments, it cannot recognize a wrongly provided flag when the order is reversed. +// This test checks the fix for this issue. +func TestXrayBinaryScanWithIncorrectFlagsAfterArgs(t *testing.T) { + testCases := []struct { + name string + flagsBeforeArgs bool + }{ + { + name: "flags before args", + flagsBeforeArgs: true, + }, + { + name: "args before flags", + flagsBeforeArgs: false, + }, + } + + callback := commonTests.MockProgressInitialization() + defer callback() + integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) + binariesPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "binaries", "*") + watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High) + defer deleteWatch() + + for _, test := range testCases { + t.Run(test.name, func(t *testing.T) { + var args []string + if test.flagsBeforeArgs { + args = []string{"scan", "--watch=" + watchName, binariesPath} + } else { + args = []string{"scan", binariesPath, "--watch=" + watchName} + } + + err := securityTests.PlatformCli.Exec(args...) + assert.Error(t, err) + }) + } +} + func testXrayBinaryScan(t *testing.T, format string, withViolation bool) string { integration.InitScanTest(t, scangraph.GraphScanMinXrayVersion) binariesPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "binaries", "*") diff --git a/utils/utils.go b/utils/utils.go index 4832daed..64c080ce 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -235,3 +235,10 @@ func DumpContentToFile(fileContent []byte, scanResultsOutputDir string, scanType } return } + +// This is a general error message for the CLI commands. +// Because of how command parsing is handled, improperly specified flags may be misinterpreted as arguments. +// Therefore, these flags will not go through the command's flags verifications, and will not be caught as incorrect flags. +func GetCliTooManyArgsErrorMessage(numberOfArguments int) string { + return fmt.Sprintf("Too many arguments provided (%d in total).\nSome flags may be incorrectly specified, causing them to be misinterpreted as arguments and ignored. Please verify that all flags are valid.", numberOfArguments) +}