Merge pull request #1228 from Checkmarx/bug/containers-custom-images-delete-from-config-002

Containers custom images delete and path fixed and version upgrade (AST-105294)

Author: cx-anurag-dalke

go.mod

@@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli
 go 1.24.4
 
 require (
-	github.com/Checkmarx/containers-resolver v1.0.15
+	github.com/Checkmarx/containers-resolver v1.0.19
 	github.com/Checkmarx/containers-types v1.0.9
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.2
@@ -42,7 +42,7 @@ require (
 	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
 	github.com/Checkmarx/containers-images-extractor v1.0.17
-	github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 // indirect
+	github.com/Checkmarx/containers-syft-packages-extractor v1.0.15 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
 	github.com/DataDog/zstd v1.5.6 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect

go.sum

@@ -65,10 +65,10 @@ github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Checkmarx/containers-images-extractor v1.0.17 h1:lzisdh50nR5yzTjTkT9r9dlHHI7aC72XTGjTp35KqHM=
 github.com/Checkmarx/containers-images-extractor v1.0.17/go.mod h1:hRXOiq6Vw2QiIuxIqV+6+osMk0vvIpoMdTMLyz9OfE8=
-github.com/Checkmarx/containers-resolver v1.0.15 h1:cm4d6vYWi6G9J9vnAw+dWcMsJwEFMo+anCHVaSp0nMQ=
-github.com/Checkmarx/containers-resolver v1.0.15/go.mod h1:9mdw8elUHj9NO9+ejjuuuCByfxvx9mG+JTJxDLi9ubM=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.13 h1:9ah0rruMGgRiug/bD/JJDSrDqEqS7sKGVdc5sqbkwk8=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.13/go.mod h1:EFeB4//lO4KMVj9+eMg6z5jnO9F1e1T4jUoIcx0/19M=
+github.com/Checkmarx/containers-resolver v1.0.19 h1:OqPJq3dL0vv8BC2Qco6/VTqmg1Jurk32Yf/bW9cZuq8=
+github.com/Checkmarx/containers-resolver v1.0.19/go.mod h1:UwT3Z+rf6RZv1voMt1xtEctWguhQrzHk1dhEb0Dl5fY=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.15 h1:yM7Plt86oL47Kijr1fwsrWwuACNTwWgxZSZ/lifXTlk=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.15/go.mod h1:Jr3dQVFslMCJ+8orsF1orFn05cO3mprUy5b43yn0IIM=
 github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs=
 github.com/Checkmarx/containers-types v1.0.9/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=

internal/commands/scan.go

@@ -1122,7 +1122,8 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma
 	containerMapConfig[resultsMapType] = commonParams.ContainersType
 	containerConfig := wrappers.ContainerConfig{}
 
-	initializeContainersConfigWithResubmitValues(resubmitConfig, &containerConfig)
+	containerResolveLocally, _ := cmd.Flags().GetBool(commonParams.ContainerResolveLocallyFlag)
+	initializeContainersConfigWithResubmitValues(resubmitConfig, &containerConfig, containerResolveLocally)
 
 	fileFolderFilter, _ := cmd.PersistentFlags().GetString(commonParams.ContainersFileFolderFilterFlag)
 	if fileFolderFilter != "" {
@@ -1141,7 +1142,7 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma
 		containerConfig.ImagesFilter = imageTagFilter
 	}
 	userCustomImages, _ := cmd.Flags().GetString(commonParams.ContainerImagesFlag)
-	if userCustomImages != "" {
+	if userCustomImages != "" && !containerResolveLocally {
 		containerImagesList := strings.Split(strings.TrimSpace(userCustomImages), ",")
 		for _, containerImageName := range containerImagesList {
 			if containerImagesErr := validateContainerImageFormat(containerImageName); containerImagesErr != nil {
@@ -1156,7 +1157,7 @@ func addContainersScan(cmd *cobra.Command, resubmitConfig []wrappers.Config) (ma
 	return containerMapConfig, nil
 }
 
-func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Config, containerConfig *wrappers.ContainerConfig) {
+func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Config, containerConfig *wrappers.ContainerConfig, containerResolveLocally bool) {
 	for _, config := range resubmitConfig {
 		if config.Type != commonParams.ContainersType {
 			continue
@@ -1178,7 +1179,7 @@ func initializeContainersConfigWithResubmitValues(resubmitConfig []wrappers.Conf
 			containerConfig.ImagesFilter = resubmitImagesFilter.(string)
 		}
 		resubmitUserCustomImages := config.Value[ConfigUserCustomImagesKey]
-		if resubmitUserCustomImages != nil && resubmitUserCustomImages != "" {
+		if resubmitUserCustomImages != nil && resubmitUserCustomImages != "" && !containerResolveLocally {
 			containerConfig.UserCustomImages = resubmitUserCustomImages.(string)
 		}
 	}
@@ -1702,7 +1703,7 @@ func getUploadURLFromSource(cmd *cobra.Command, uploadsWrapper wrappers.UploadsW
 
 		if isSingleContainerScanTriggered() && containerResolveLocally {
 			logger.PrintIfVerbose("Single container scan triggered: compressing only the container resolution file")
-			containerResolutionFilePath := filepath.Join(directoryPath, containerResolutionFileName)
+			containerResolutionFilePath := filepath.Join(directoryPath, ".checkmarx", "containers", containerResolutionFileName)
 			zipFilePath, dirPathErr = util.CompressFile(containerResolutionFilePath, containerResolutionFileName, directoryCreationPrefix)
 		} else if isSingleContainerScanTriggered() && containerImagesFlag != "" {
 			logger.PrintIfVerbose("Single container scan with external images: creating minimal zip file")

internal/commands/scan_test.go

@@ -1854,12 +1854,13 @@ func TestAddContainersScan_WithCustomImages_ShouldSetUserCustomImages(t *testing
 func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testing.T) {
 	// Define test cases
 	testCases := []struct {
-		name                 string
-		resubmitConfig       []wrappers.Config
-		expectedCustomImages string
+		name                    string
+		resubmitConfig          []wrappers.Config
+		containerResolveLocally bool
+		expectedCustomImages    string
 	}{
 		{
-			name: "When UserCustomImages is valid string, it should be set in containerConfig",
+			name: "When UserCustomImages is valid string and ContainerResolveLocally is false, it should be set in containerConfig",
 			resubmitConfig: []wrappers.Config{
 				{
 					Type: commonParams.ContainersType,
@@ -1868,7 +1869,21 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin
 					},
 				},
 			},
-			expectedCustomImages: "image1:tag1,image2:tag2",
+			containerResolveLocally: false,
+			expectedCustomImages:    "image1:tag1,image2:tag2",
+		},
+		{
+			name: "When UserCustomImages is valid string and ContainerResolveLocally is true, it should not be set in containerConfig",
+			resubmitConfig: []wrappers.Config{
+				{
+					Type: commonParams.ContainersType,
+					Value: map[string]interface{}{
+						ConfigUserCustomImagesKey: "image1:tag1,image2:tag2",
+					},
+				},
+			},
+			containerResolveLocally: true,
+			expectedCustomImages:    "",
 		},
 		{
 			name: "When UserCustomImages is empty string, containerConfig should not be updated",
@@ -1880,7 +1895,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin
 					},
 				},
 			},
-			expectedCustomImages: "",
+			containerResolveLocally: false,
+			expectedCustomImages:    "",
 		},
 		{
 			name: "When UserCustomImages is nil, containerConfig should not be updated",
@@ -1892,7 +1908,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin
 					},
 				},
 			},
-			expectedCustomImages: "",
+			containerResolveLocally: false,
+			expectedCustomImages:    "",
 		},
 		{
 			name: "When config.Value doesn't have UserCustomImages key, containerConfig should not be updated",
@@ -1902,7 +1919,8 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin
 					Value: map[string]interface{}{},
 				},
 			},
-			expectedCustomImages: "",
+			containerResolveLocally: false,
+			expectedCustomImages:    "",
 		},
 	}
 
@@ -1913,7 +1931,7 @@ func TestInitializeContainersConfigWithResubmitValues_UserCustomImages(t *testin
 			containerConfig := &wrappers.ContainerConfig{}
 
 			// Call the function under test
-			initializeContainersConfigWithResubmitValues(tc.resubmitConfig, containerConfig)
+			initializeContainersConfigWithResubmitValues(tc.resubmitConfig, containerConfig, tc.containerResolveLocally)
 
 			// Assert the result
 			assert.Equal(t, tc.expectedCustomImages, containerConfig.UserCustomImages,