Support Limited Context Of Helm (AST-106346) (#1235)

* support limited context of Helm

* linter fix

* fix index error

* update extractor version

* update go.sum file

Author: cx-miryam-foifer

go.mod

@@ -4,7 +4,7 @@ go 1.24.4
 
 require (
 	github.com/Checkmarx/containers-resolver v1.0.15
-	github.com/Checkmarx/containers-types v1.0.7
+	github.com/Checkmarx/containers-types v1.0.9
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.2
 	github.com/Checkmarx/manifest-parser v0.1.0
@@ -41,7 +41,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
-	github.com/Checkmarx/containers-images-extractor v1.0.14
+	github.com/Checkmarx/containers-images-extractor v1.0.17
 	github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
 	github.com/DataDog/zstd v1.5.6 // indirect

go.sum

@@ -63,14 +63,14 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Checkmarx/containers-images-extractor v1.0.14 h1:ehGaOupkSbowq7LhiOG+bSuif9cyRuW+LNYFNPF3JKY=
-github.com/Checkmarx/containers-images-extractor v1.0.14/go.mod h1:/oMzTVB9exQNec/xfnVOtu752hRd223SOQt54JvGWUA=
+github.com/Checkmarx/containers-images-extractor v1.0.17 h1:lzisdh50nR5yzTjTkT9r9dlHHI7aC72XTGjTp35KqHM=
+github.com/Checkmarx/containers-images-extractor v1.0.17/go.mod h1:hRXOiq6Vw2QiIuxIqV+6+osMk0vvIpoMdTMLyz9OfE8=
 github.com/Checkmarx/containers-resolver v1.0.15 h1:cm4d6vYWi6G9J9vnAw+dWcMsJwEFMo+anCHVaSp0nMQ=
 github.com/Checkmarx/containers-resolver v1.0.15/go.mod h1:9mdw8elUHj9NO9+ejjuuuCByfxvx9mG+JTJxDLi9ubM=
 github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 h1:9ah0rruMGgRiug/bD/JJDSrDqEqS7sKGVdc5sqbkwk8=
 github.com/Checkmarx/containers-syft-packages-extractor v1.0.13/go.mod h1:EFeB4//lO4KMVj9+eMg6z5jnO9F1e1T4jUoIcx0/19M=
-github.com/Checkmarx/containers-types v1.0.7 h1:SZUB8S//yFc1WlgLbw33conN5eR9CLv+DTewxMGVp7M=
-github.com/Checkmarx/containers-types v1.0.7/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA=
+github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs=
+github.com/Checkmarx/containers-types v1.0.9/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63/go.mod h1:MI6lfLerXU+5eTV/EPTDavgnV3owz3GPT4g/msZBWPo=
 github.com/Checkmarx/gen-ai-wrapper v1.0.2 h1:T6X40+4hYnwfDsvkjWs9VIcE6s1O+8DUu0+sDdCY3GI=

internal/services/realtimeengine/containersrealtime/containers-realtime.go

@@ -105,7 +105,7 @@ func parseContainersFile(filePath string) ([]types.ImageModel, error) {
 		return nil, errors.Errorf("directory does not exist: %s", scanPath)
 	}
 
-	files, envVars, _, err := extractor.ExtractFiles(scanPath)
+	files, envVars, _, err := extractor.ExtractFiles(scanPath, false)
 	if err != nil {
 		return nil, errors.Wrap(err, "error extracting files")
 	}
@@ -199,11 +199,14 @@ func (c *ContainersRealtimeService) buildContainerImageResults(responseImages, i
 
 func mergeImagesToResults(listOfImages []wrappers.ContainerImageResponseItem, result ContainerImageResults, images *[]types.ImageModel, filePath string) ContainerImageResults {
 	for _, respImg := range listOfImages {
-		locations := getImageLocations(images, respImg.ImageName, respImg.ImageTag)
+		locations, specificFilePath := getImageLocations(images, respImg.ImageName, respImg.ImageTag)
+		if specificFilePath == "" {
+			specificFilePath = filePath
+		}
 		containerImage := ContainerImage{
 			ImageName:       respImg.ImageName,
 			ImageTag:        respImg.ImageTag,
-			FilePath:        filePath,
+			FilePath:        specificFilePath,
 			Locations:       locations,
 			Status:          respImg.Status,
 			Vulnerabilities: convertVulnerabilities(respImg.Vulnerabilities),
@@ -213,23 +216,27 @@ func mergeImagesToResults(listOfImages []wrappers.ContainerImageResponseItem, re
 	return result
 }
 
-func getImageLocations(images *[]types.ImageModel, imageName, imageTag string) []realtimeengine.Location {
+func getImageLocations(images *[]types.ImageModel, imageName, imageTag string) (location []realtimeengine.Location, filePath string) {
 	for i, img := range *images {
 		if img.Name == imageName+":"+imageTag || img.Name == imageName+"@"+imageTag {
 			location := convertLocations(&img.ImageLocations)
+			filePath := ""
+			if len(img.ImageLocations) > 0 {
+				filePath = img.ImageLocations[0].Path
+			}
 			*images = append((*images)[:i], (*images)[i+1:]...)
-			return location
+			return location, filePath
 		}
 	}
-	return []realtimeengine.Location{}
+	return []realtimeengine.Location{}, ""
 }
 
 // splitToImageAndTag splits the image string into name and tag components.
 func splitToImageAndTag(image string) (imageName, imageTag string) {
 	// Split the image string by the last colon to separate name and tag
 	lastColonIndex := strings.LastIndex(image, ":")
 
-	if lastColonIndex == len(image)-1 {
+	if lastColonIndex == len(image)-1 || lastColonIndex == -1 {
 		return image, "latest" // No tag specified, default to "latest"
 	}
 

test/integration/containers-realtime_test.go

@@ -38,7 +38,6 @@ func TestContainersRealtimeScan_PositiveDockerfile_Success(t *testing.T) {
 }
 
 func TestContainersRealtimeScan_EmptyDockerfile_SuccessWithEmptyResponse(t *testing.T) {
-	t.Skip("Skipping this test till the RT api for containers will deploy to DEU ENV")
 	configuration.LoadConfiguration()
 	args := []string{
 		"scan", "containers-realtime",