diff --git a/cli/docs/flags.go b/cli/docs/flags.go index 49da9c4a..b16c2f74 100644 --- a/cli/docs/flags.go +++ b/cli/docs/flags.go @@ -215,7 +215,7 @@ var commandFlags = map[string][]string{ StaticSca, XrayLibPluginBinaryCustomPath, AnalyzerManagerCustomPath, AddSastRules, }, CurationAudit: { - CurationOutput, WorkingDirs, Threads, RequirementsFile, InsecureTls, useWrapperAudit, UseIncludedBuilds, SolutionPath, DockerImageName,IncludeCachedPackages, + CurationOutput, WorkingDirs, Threads, RequirementsFile, InsecureTls, useWrapperAudit, UseIncludedBuilds, SolutionPath, DockerImageName, IncludeCachedPackages, }, GitCountContributors: { InputFile, ScmType, ScmApiUrl, Token, Owner, RepoName, Months, DetailedSummary, InsecureTls, diff --git a/cli/scancommands.go b/cli/scancommands.go index 2a79a73b..3d13b13a 100644 --- a/cli/scancommands.go +++ b/cli/scancommands.go @@ -22,7 +22,7 @@ import ( flags "github.com/jfrog/jfrog-cli-security/cli/docs" auditSpecificDocs "github.com/jfrog/jfrog-cli-security/cli/docs/auditspecific" enrichDocs "github.com/jfrog/jfrog-cli-security/cli/docs/enrich" - maliciousScanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/maliciousscan" + // maliciousScanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/maliciousscan" mcpDocs "github.com/jfrog/jfrog-cli-security/cli/docs/mcp" auditDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/audit" buildScanDocs "github.com/jfrog/jfrog-cli-security/cli/docs/scan/buildscan" @@ -76,15 +76,15 @@ func getAuditAndScansCommands() []components.Command { Category: securityCategory, Action: EnrichCmd, }, - { - Name: "malicious-scan", - Aliases: []string{"ms"}, - Flags: flags.GetCommandFlags(flags.MaliciousScan), - Description: maliciousScanDocs.GetDescription(), - Arguments: maliciousScanDocs.GetArguments(), - Category: securityCategory, - Action: MaliciousScanCmd, - }, + // { + // Name: "malicious-scan", + // Aliases: []string{"ms"}, + // Flags: flags.GetCommandFlags(flags.MaliciousScan), + // Description: maliciousScanDocs.GetDescription(), + // Arguments: maliciousScanDocs.GetArguments(), + // Category: securityCategory, + // Action: MaliciousScanCmd, + // }, { Name: "build-scan", Aliases: []string{"bs"}, diff --git a/maliciousscan_test.go b/maliciousscan_test.go index 2633b36e..78d211b5 100644 --- a/maliciousscan_test.go +++ b/maliciousscan_test.go @@ -1,111 +1,112 @@ package main import ( - "path/filepath" - "strconv" - "strings" - "testing" +// "strconv" +// "strings" +// "testing" - "github.com/stretchr/testify/assert" +// "path/filepath" - "github.com/jfrog/jfrog-cli-core/v2/common/format" - securityTests "github.com/jfrog/jfrog-cli-security/tests" - securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils" - securityIntegrationTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils/integration" - "github.com/jfrog/jfrog-cli-security/tests/validations" +// "github.com/stretchr/testify/assert" +// securityTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils" +// "github.com/jfrog/jfrog-cli-security/tests/validations" + +// "github.com/jfrog/jfrog-cli-core/v2/common/format" +// securityTests "github.com/jfrog/jfrog-cli-security/tests" +// securityIntegrationTestUtils "github.com/jfrog/jfrog-cli-security/tests/utils/integration" ) -type maliciousScanCommandTestParams struct { - WorkingDirsToScan []string - Format format.OutputFormat - Threads int - MinSeverity string -} +// type maliciousScanCommandTestParams struct { +// WorkingDirsToScan []string +// Format format.OutputFormat +// Threads int +// MinSeverity string +// } -func getMaliciousScanCmdArgs(params maliciousScanCommandTestParams) (args []string) { - args = []string{"malicious-scan"} - if len(params.WorkingDirsToScan) > 0 { - args = append(args, "--working-dirs="+strings.Join(params.WorkingDirsToScan, ",")) - } - if params.Format != "" { - args = append(args, "--format="+string(params.Format)) - } - if params.Threads > 0 { - args = append(args, "--threads="+strconv.Itoa(params.Threads)) - } - if params.MinSeverity != "" { - args = append(args, "--min-severity="+params.MinSeverity) - } - return args -} +// func getMaliciousScanCmdArgs(params maliciousScanCommandTestParams) (args []string) { +// args = []string{"malicious-scan"} +// if len(params.WorkingDirsToScan) > 0 { +// args = append(args, "--working-dirs="+strings.Join(params.WorkingDirsToScan, ",")) +// } +// if params.Format != "" { +// args = append(args, "--format="+string(params.Format)) +// } +// if params.Threads > 0 { +// args = append(args, "--threads="+strconv.Itoa(params.Threads)) +// } +// if params.MinSeverity != "" { +// args = append(args, "--min-severity="+params.MinSeverity) +// } +// return args +// } -func runMaliciousScan(t *testing.T, params maliciousScanCommandTestParams) (string, error) { - cleanUp := securityIntegrationTestUtils.UseTestHomeWithDefaultXrayConfig(t) - defer cleanUp() - return securityTests.PlatformCli.RunCliCmdWithOutputs(t, getMaliciousScanCmdArgs(params)...) -} +// func runMaliciousScan(t *testing.T, params maliciousScanCommandTestParams) (string, error) { +// cleanUp := securityIntegrationTestUtils.UseTestHomeWithDefaultXrayConfig(t) +// defer cleanUp() +// return securityTests.PlatformCli.RunCliCmdWithOutputs(t, getMaliciousScanCmdArgs(params)...) +// } -func TestMaliciousScan(t *testing.T) { - testCases := []struct { - name string - format format.OutputFormat - projectPath string - expectedIssues int - }{ - { - name: "Malicious scan with findings (Simple JSON)", - format: format.SimpleJson, - projectPath: filepath.Join("projects", "jas", "jas", "malicious"), - expectedIssues: 1, - }, - { - name: "Malicious scan without findings (Simple JSON)", - format: format.SimpleJson, - projectPath: filepath.Join("projects", "empty_project", "python_project_with_no_deps"), - expectedIssues: 0, - }, - } - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - fullProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), tc.projectPath) - _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, fullProjectPath) - defer cleanUp() +// func TestMaliciousScan(t *testing.T) { +// testCases := []struct { +// name string +// format format.OutputFormat +// projectPath string +// expectedIssues int +// }{ +// { +// name: "Malicious scan with findings (Simple JSON)", +// format: format.SimpleJson, +// projectPath: filepath.Join("projects", "jas", "jas", "malicious"), +// expectedIssues: 1, +// }, +// { +// name: "Malicious scan without findings (Simple JSON)", +// format: format.SimpleJson, +// projectPath: filepath.Join("projects", "empty_project", "python_project_with_no_deps"), +// expectedIssues: 0, +// }, +// } +// for _, tc := range testCases { +// t.Run(tc.name, func(t *testing.T) { +// fullProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), tc.projectPath) +// _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, fullProjectPath) +// defer cleanUp() - params := maliciousScanCommandTestParams{ - Format: tc.format, - } - output, err := runMaliciousScan(t, params) - assert.NoError(t, err) +// params := maliciousScanCommandTestParams{ +// Format: tc.format, +// } +// output, err := runMaliciousScan(t, params) +// assert.NoError(t, err) - validationsParams := validations.ValidationParams{ - Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{MaliciousCode: tc.expectedIssues}, - }, - } - if tc.expectedIssues == 0 { - validationsParams.ExactResultsMatch = true - } - validations.ValidateCommandOutput(t, output, tc.format, validationsParams) - }) - } -} +// validationsParams := validations.ValidationParams{ +// Vulnerabilities: &validations.VulnerabilityCount{ +// ValidateScan: &validations.ScanCount{MaliciousCode: tc.expectedIssues}, +// }, +// } +// if tc.expectedIssues == 0 { +// validationsParams.ExactResultsMatch = true +// } +// validations.ValidateCommandOutput(t, output, tc.format, validationsParams) +// }) +// } +// } -func TestMaliciousScanWithWorkingDirs(t *testing.T) { - maliciousProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "jas", "jas", "malicious") - _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, maliciousProjectPath) - defer cleanUp() +// func TestMaliciousScanWithWorkingDirs(t *testing.T) { +// maliciousProjectPath := filepath.Join(filepath.FromSlash(securityTests.GetTestResourcesPath()), "projects", "jas", "jas", "malicious") +// _, cleanUp := securityTestUtils.CreateTestProjectEnvAndChdir(t, maliciousProjectPath) +// defer cleanUp() - params := maliciousScanCommandTestParams{ - WorkingDirsToScan: []string{"."}, - Format: format.SimpleJson, - } - output, err := runMaliciousScan(t, params) - assert.NoError(t, err) +// params := maliciousScanCommandTestParams{ +// WorkingDirsToScan: []string{"."}, +// Format: format.SimpleJson, +// } +// output, err := runMaliciousScan(t, params) +// assert.NoError(t, err) - validationsParams := validations.ValidationParams{ - Vulnerabilities: &validations.VulnerabilityCount{ - ValidateScan: &validations.ScanCount{MaliciousCode: 1}, - }, - } - validations.ValidateCommandOutput(t, output, format.SimpleJson, validationsParams) -} +// validationsParams := validations.ValidationParams{ +// Vulnerabilities: &validations.VulnerabilityCount{ +// ValidateScan: &validations.ScanCount{MaliciousCode: 1}, +// }, +// } +// validations.ValidateCommandOutput(t, output, format.SimpleJson, validationsParams) +// }