Merge branch 'main' into other/elchanan/oss-realtime-location-structure

cx-elchanan-arbiv · web-flow · commit 095c5026199a · 2025-06-10T16:30:27.000+03:00
diff --git a/internal/commands/result.go b/internal/commands/result.go
@@ -306,6 +306,7 @@ func resultShowSubCommand(
 		"Cancel the policy evaluation and fail after the timeout in minutes",
 	)
 	resultShowCmd.PersistentFlags().Bool(commonParams.IgnorePolicyFlag, false, "Do not evaluate policies")
+	_ = resultShowCmd.PersistentFlags().MarkHidden(commonParams.IgnorePolicyFlag)
 	resultShowCmd.PersistentFlags().Bool(commonParams.SastRedundancyFlag, false,
 		"Populate SAST results 'data.redundancy' with values '"+fixLabel+"' (to fix) or '"+redundantLabel+"' (no need to fix)")
 	resultShowCmd.PersistentFlags().Bool(commonParams.ScaHideDevAndTestDepFlag, false, scaHideDevAndTestDepFlagDescription)
@@ -1022,7 +1023,6 @@ func runGetResultCommand(
 		sastRedundancy, _ := cmd.Flags().GetBool(commonParams.SastRedundancyFlag)
 		agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
 		scaHideDevAndTestDep, _ := cmd.Flags().GetBool(commonParams.ScaHideDevAndTestDepFlag)
-		ignorePolicy, _ := cmd.Flags().GetBool(commonParams.IgnorePolicyFlag)
 		waitDelay, _ := cmd.Flags().GetInt(commonParams.WaitDelayFlag)
 		policyTimeout, _ := cmd.Flags().GetInt(commonParams.PolicyTimeoutFlag)
 
@@ -1050,7 +1050,7 @@ func runGetResultCommand(
 
 		var policyResponseModel *wrappers.PolicyResponseModel
 		if !isScanPending(string(scan.Status)) {
-			policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scan, ignorePolicy, agent, waitDelay, policyTimeout)
+			policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scan, agent, waitDelay, policyTimeout)
 			if err != nil {
 				return err
 			}
diff --git a/internal/commands/root.go b/internal/commands/root.go
@@ -12,6 +12,7 @@ import (
 	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers/bitbucketserver"
+	"github.com/checkmarx/ast-cli/internal/wrappers/configuration"
 	"github.com/pkg/errors"
 
 	"github.com/checkmarx/ast-cli/internal/wrappers"
@@ -95,20 +96,23 @@ func NewAstCLI(
 	rootCmd.PersistentFlags().String(params.TenantFlag, params.Tenant, params.TenantFlagUsage)
 	rootCmd.PersistentFlags().Uint(params.RetryFlag, params.RetryDefault, params.RetryUsage)
 	rootCmd.PersistentFlags().Uint(params.RetryDelayFlag, params.RetryDelayDefault, params.RetryDelayUsage)
+	rootCmd.PersistentFlags().String(params.ConfigFilePathFlag, "", "Path to the configuration file")
 
 	rootCmd.PersistentFlags().Bool(params.ApikeyOverrideFlag, false, "")
 
 	_ = rootCmd.PersistentFlags().MarkHidden(params.ApikeyOverrideFlag)
 
 	// This monitors and traps situations where "extra/garbage" commands
 	// are passed to Cobra.
-	rootCmd.PersistentPreRun = func(cmd *cobra.Command, args []string) {
+	rootCmd.PersistentPreRunE = func(cmd *cobra.Command, args []string) error {
 		PrintConfiguration()
+		err := configuration.LoadConfiguration()
 		// Need to check the __complete command to allow correct behavior of the autocomplete
 		if len(args) > 0 && cmd.Name() != params.Help && cmd.Name() != "__complete" {
 			_ = cmd.Help()
 			os.Exit(0)
 		}
+		return err
 	}
 	// Link the environment variable to the CLI argument(s).
 	_ = viper.BindPFlag(params.AccessKeyIDConfigKey, rootCmd.PersistentFlags().Lookup(params.AccessKeyIDFlag))
@@ -124,6 +128,7 @@ func NewAstCLI(
 	_ = viper.BindPFlag(params.AgentNameKey, rootCmd.PersistentFlags().Lookup(params.AgentFlag))
 	_ = viper.BindPFlag(params.OriginKey, rootCmd.PersistentFlags().Lookup(params.OriginFlag))
 	_ = viper.BindPFlag(params.IgnoreProxyKey, rootCmd.PersistentFlags().Lookup(params.IgnoreProxyFlag))
+	_ = viper.BindPFlag(params.ConfigFilePathKey, rootCmd.PersistentFlags().Lookup(params.ConfigFilePathFlag))
 	// Key here is the actual flag since it doesn't use an environment variable
 	_ = viper.BindPFlag(params.DebugFlag, rootCmd.PersistentFlags().Lookup(params.DebugFlag))
 	_ = viper.BindPFlag(params.InsecureFlag, rootCmd.PersistentFlags().Lookup(params.InsecureFlag))
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -1893,9 +1893,8 @@ func runCreateScanCommand(
 			}
 
 			agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)
-			ignorePolicy, _ := cmd.Flags().GetBool(commonParams.IgnorePolicyFlag)
 			policyTimeout, _ := cmd.Flags().GetInt(commonParams.PolicyTimeoutFlag)
-			policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scanResponseModel, ignorePolicy, agent, waitDelay, policyTimeout)
+			policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scanResponseModel, agent, waitDelay, policyTimeout)
 			if err != nil {
 				return err
 			}
@@ -1922,7 +1921,7 @@ func runCreateScanCommand(
 		// verify break build from policy
 		if policyResponseModel != nil && len(policyResponseModel.Policies) > 0 && policyResponseModel.BreakBuild {
 			logger.PrintIfVerbose("Breaking the build due to policy violation")
-			return errors.Errorf("Policy Violation - Break Build Enabled. To bypass the policy evaluation and continue with the build, you can use the `--ignore-policy` flag.")
+			return errors.Errorf("Policy Violation - Break Build Enabled.")
 		}
 		return nil
 	}
diff --git a/internal/params/flags.go b/internal/params/flags.go
@@ -156,6 +156,7 @@ const (
 	ScaPrivatePackageVersionFlag = "sca-private-package-version"
 	ScaHideDevAndTestDepFlag     = "sca-hide-dev-test-dependencies"
 	LimitFlag                    = "limit"
+	ConfigFilePathFlag           = "config-file-path"
 
 	// INDIVIDUAL FILTER FLAGS
 	SastFilterFlag  = "sast-filter"
diff --git a/internal/services/policy-management.go b/internal/services/policy-management.go
@@ -13,11 +13,10 @@ import (
 
 var noPolicyEvaluatingIDEs = []string{commonParams.EclipseAgent, commonParams.JetbrainsAgent, commonParams.VSCodeAgent, commonParams.VisualStudioAgent}
 
-func HandlePolicyEvaluation(cmd *cobra.Command, policyWrapper wrappers.PolicyWrapper, scan *wrappers.ScanResponseModel,
-	ignorePolicy bool, agent string, waitDelay, policyTimeout int) (*wrappers.PolicyResponseModel, error) {
+func HandlePolicyEvaluation(cmd *cobra.Command, policyWrapper wrappers.PolicyWrapper, scan *wrappers.ScanResponseModel, agent string, waitDelay, policyTimeout int) (*wrappers.PolicyResponseModel, error) {
 	policyResponseModel := &wrappers.PolicyResponseModel{}
 
-	if ignorePolicy || slices.Contains(noPolicyEvaluatingIDEs, agent) {
+	if slices.Contains(noPolicyEvaluatingIDEs, agent) {
 		logger.PrintIfVerbose("Skipping policy evaluation")
 		return policyResponseModel, nil
 	}
diff --git a/internal/services/policy-management_test.go b/internal/services/policy-management_test.go
@@ -22,7 +22,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 		cmd:           &cobra.Command{},
 		policyWrapper: policyWrapper,
 		scan:          scanResults,
-		ignorePolicy:  false,
 		waitDelay:     1,
 		policyTimeout: 1,
 	}
@@ -39,7 +38,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				cmd:           commonArgs.cmd,
 				policyWrapper: commonArgs.policyWrapper,
 				scan:          commonArgs.scan,
-				ignorePolicy:  commonArgs.ignorePolicy,
 				agent:         params.DefaultAgent,
 				waitDelay:     commonArgs.waitDelay,
 				policyTimeout: commonArgs.policyTimeout,
@@ -53,7 +51,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				cmd:           commonArgs.cmd,
 				policyWrapper: commonArgs.policyWrapper,
 				scan:          commonArgs.scan,
-				ignorePolicy:  commonArgs.ignorePolicy,
 				agent:         params.EclipseAgent,
 				waitDelay:     commonArgs.waitDelay,
 				policyTimeout: commonArgs.policyTimeout,
@@ -67,7 +64,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				cmd:           commonArgs.cmd,
 				policyWrapper: commonArgs.policyWrapper,
 				scan:          commonArgs.scan,
-				ignorePolicy:  commonArgs.ignorePolicy,
 				agent:         params.VSCodeAgent,
 				waitDelay:     commonArgs.waitDelay,
 				policyTimeout: commonArgs.policyTimeout,
@@ -81,7 +77,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				cmd:           commonArgs.cmd,
 				policyWrapper: commonArgs.policyWrapper,
 				scan:          commonArgs.scan,
-				ignorePolicy:  commonArgs.ignorePolicy,
 				agent:         params.VisualStudioAgent,
 				waitDelay:     commonArgs.waitDelay,
 				policyTimeout: commonArgs.policyTimeout,
@@ -95,7 +90,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				cmd:           commonArgs.cmd,
 				policyWrapper: commonArgs.policyWrapper,
 				scan:          commonArgs.scan,
-				ignorePolicy:  commonArgs.ignorePolicy,
 				agent:         params.JetbrainsAgent,
 				waitDelay:     commonArgs.waitDelay,
 				policyTimeout: commonArgs.policyTimeout,
@@ -112,7 +106,6 @@ func TestHandlePolicyEvaluation(t *testing.T) {
 				tc.args.cmd,
 				tc.args.policyWrapper,
 				tc.args.scan,
-				tc.args.ignorePolicy,
 				tc.args.agent,
 				tc.args.waitDelay,
 				tc.args.policyTimeout,
diff --git a/internal/wrappers/configuration/configuration.go b/internal/wrappers/configuration/configuration.go
@@ -139,10 +139,7 @@ func LoadConfiguration() error {
 		}
 		fullPath := usr.HomeDir + configDirName
 		verifyConfigDir(fullPath)
-		viper.AddConfigPath(fullPath)
-		configFile := "checkmarxcli"
-		viper.SetConfigName(configFile)
-		viper.SetConfigType("yaml")
+		viper.SetConfigFile(fullPath + "/checkmarxcli.yaml")
 		_ = viper.ReadInConfig()
 	}
 	return nil
diff --git a/test/integration/configuration_test.go b/test/integration/configuration_test.go
@@ -73,3 +73,39 @@ func TestSetConfigProperty_EnvVarConfigFilePath(t *testing.T) {
 	err, _ = executeCommand(t, "configure", "set", "--prop-name", "cx_client_id", "--prop-value", "example_client_id")
 	assert.NilError(t, err)
 }
+
+func TestLoadConfiguration_ConfigFilePathFlag(t *testing.T) {
+	err, _ := executeCommand(t, "configure", "show", "--config-file-path", filePath)
+	assert.NilError(t, err)
+}
+
+func TestLoadConfiguration_ConfigFilePathFlagValidDirectory(t *testing.T) {
+	err, _ := executeCommand(t, "configure", "show", "--config-file-path", "data")
+	assert.ErrorContains(t, err, "The specified path points to a directory, not a file.")
+}
+
+func TestLoadConfiguration_ConfigFilePathFlagFileNotFound(t *testing.T) {
+	err, _ := executeCommand(t, "configure", "show", "--config-file-path", "data/nonexistent_config.yaml")
+	assert.ErrorContains(t, err, "The specified file does not exist.")
+}
+
+func TestSetConfigProperty_ConfigFilePathFlag(t *testing.T) {
+	err, _ := executeCommand(t, "configure", "set", "--prop-name", "cx_client_id", "--prop-value", "dummy-client_id", "--config-file-path", filePath)
+	assert.NilError(t, err)
+
+	content, err := os.ReadFile(filePath)
+	assert.NilError(t, err)
+	assert.Assert(t, strings.Contains(string(content), "dummy-client_id"))
+
+	err, _ = executeCommand(t, "configure", "set", "--prop-name", "cx_client_id", "--prop-value", "example_client_id", "--config-file-path", filePath)
+	assert.NilError(t, err)
+}
+
+func TestLoadConfiguration_ConfigFilePathFlagFileWithoutPermission(t *testing.T) {
+	if err := os.Chmod(filePath, 0000); err != nil {
+		t.Fatalf("failed to set file permissions: %v", err)
+	}
+	defer os.Chmod(filePath, 0644)
+	err, _ := executeCommand(t, "configure", "show", "--config-file-path", filePath)
+	assert.ErrorContains(t, err, "Access to the specified file is restricted")
+}

Original file line number	Diff line number	Diff line change
`@@ -1893,9 +1893,8 @@ func runCreateScanCommand(`
`1893`	`1893`	`}`
`1894`	`1894`
`1895`	`1895`	`agent, _ := cmd.Flags().GetString(commonParams.AgentFlag)`
`1896`		`- ignorePolicy, _ := cmd.Flags().GetBool(commonParams.IgnorePolicyFlag)`
`1897`	`1896`	`policyTimeout, _ := cmd.Flags().GetInt(commonParams.PolicyTimeoutFlag)`
`1898`		`- policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scanResponseModel, ignorePolicy, agent, waitDelay, policyTimeout)`
	`1897`	`+ policyResponseModel, err = services.HandlePolicyEvaluation(cmd, policyWrapper, scanResponseModel, agent, waitDelay, policyTimeout)`
`1899`	`1898`	`if err != nil {`
`1900`	`1899`	`return err`
`1901`	`1900`	`}`
`@@ -1922,7 +1921,7 @@ func runCreateScanCommand(`
`1922`	`1921`	`// verify break build from policy`
`1923`	`1922`	`if policyResponseModel != nil && len(policyResponseModel.Policies) > 0 && policyResponseModel.BreakBuild {`
`1924`	`1923`	`logger.PrintIfVerbose("Breaking the build due to policy violation")`
`1925`		- return errors.Errorf("Policy Violation - Break Build Enabled. To bypass the policy evaluation and continue with the build, you can use the `--ignore-policy` flag.")
	`1924`	`+ return errors.Errorf("Policy Violation - Break Build Enabled.")`
`1926`	`1925`	`}`
`1927`	`1926`	`return nil`
`1928`	`1927`	`}`
Original file line number	Diff line number	Diff line change
`@@ -139,10 +139,7 @@ func LoadConfiguration() error {`
`139`	`139`	`}`
`140`	`140`	`fullPath := usr.HomeDir + configDirName`
`141`	`141`	`verifyConfigDir(fullPath)`
`142`		`- viper.AddConfigPath(fullPath)`
`143`		`- configFile := "checkmarxcli"`
`144`		`- viper.SetConfigName(configFile)`
`145`		`- viper.SetConfigType("yaml")`
	`142`	`+ viper.SetConfigFile(fullPath + "/checkmarxcli.yaml")`
`146`	`143`	`_ = viper.ReadInConfig()`
`147`	`144`	`}`
`148`	`145`	`return nil`