Change IsAllowedEngine func to return true when packageEnforcementEnabled is false (AST-76112) (#951)

* Change IsAllowedEngine func to return true when packageEnforcementEnabled is set to false because that means that user has license for everything

* remove unneeded feature flag call to package enforcement enabled

* revert las commit

* add the fix prefix to branch name as valid prefix in the pr linter

* add unitest

* code owners

* change test name

* resolve conversation

* resolve conversation

* fix bfl test

---------

Co-authored-by: AlvoBen <alvo@post.bgu.ac.il>

Author: cx-ben-alvo

.github/workflows/pr-linter.yml

@@ -23,7 +23,7 @@ jobs:
             exit 1
           fi
           
-          if ! [[ "$PR_BRANCH" =~ ^(bug|feature|other)/ ]]; then
+          if ! [[ "$PR_BRANCH" =~ ^(bug|fix|feature|other)/ ]]; then
             echo "::error::Branch name must start with 'bug/' or 'feature/' or 'other/'."
             exit 1
           fi

CODEOWNERS

@@ -2,4 +2,4 @@
 # Each line is a file pattern followed by one or more owners
 
 # Specify the default owners for the entire repository
-*       @OrShamirCM @AlvoBen
+*       @AlvoBen @greensd4 @miryamfoiferCX

internal/services/asca_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	errorconstants "github.com/checkmarx/ast-cli/internal/constants/errors"
+	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/checkmarx/ast-cli/internal/wrappers/grpcs"
 	"github.com/checkmarx/ast-cli/internal/wrappers/mock"
 	"github.com/stretchr/testify/assert"
@@ -130,3 +131,20 @@ func TestCreateASCAScanRequest_EngineRunningAndDefaultAgentAndNoLicense_Success(
 	assert.Nil(t, wrapperParams.ASCAWrapper.HealthCheck())
 	_ = wrapperParams.ASCAWrapper.ShutDown()
 }
+
+func TestCreateASCAScanRequest_whenCheckLicenseWithPackageEnforcementFFOff_shouldSuccess(t *testing.T) {
+	port, err := getAvailablePort()
+	if err != nil {
+		t.Fatalf("Failed to get available port: %v", err)
+	}
+
+	mock.Flag = wrappers.FeatureFlagResponseModel{Name: wrappers.PackageEnforcementEnabled, Status: false}
+
+	wrapperParams := AscaWrappersParam{
+		JwtWrapper:          wrappers.NewJwtWrapper(),
+		FeatureFlagsWrapper: &mock.FeatureFlagsMockWrapper{},
+		ASCAWrapper:         grpcs.NewASCAGrpcWrapper(port),
+	}
+	err = checkLicense(false, wrapperParams)
+	assert.Nil(t, err)
+}

internal/wrappers/jwt-helper.go

@@ -67,16 +67,18 @@ func getJwtStruct() (*JWTStruct, error) {
 // IsAllowedEngine will return if the engine is allowed in the user license
 func (*JWTStruct) IsAllowedEngine(engine string, featureFlagsWrapper FeatureFlagsWrapper) (bool, error) {
 	flagResponse, _ := GetSpecificFeatureFlag(featureFlagsWrapper, PackageEnforcementEnabled)
-	if flagResponse.Status {
-		jwtStruct, err := getJwtStruct()
-		if err != nil {
-			return false, err
-		}
+	if !flagResponse.Status {
+		return true, nil
+	}
+
+	jwtStruct, err := getJwtStruct()
+	if err != nil {
+		return false, err
+	}
 
-		for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines {
-			if strings.EqualFold(allowedEngine, engine) {
-				return true, nil
-			}
+	for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines {
+		if strings.EqualFold(allowedEngine, engine) {
+			return true, nil
 		}
 	}
 	return false, nil

test/integration/bfl_test.go

@@ -33,7 +33,7 @@ func TestRunGetBflWithInvalidScanIDandQueryID(t *testing.T) {
 	err, _ := executeCommand(
 		t, "results", "bfl",
 		flag(params.ScanIDFlag), "123456",
-		flag(params.QueryIDFlag), "abcd",
+		flag(params.QueryIDFlag), "1",
 		flag(params.FormatFlag), "json")
 
 	assertError(t, err, "Failed getting BFL: CODE: 5002, Failed getting BFL")