Merge branch 'main' into feature/get-states-custom-flag

Author: cx-rahul-pidde

.github/workflows/release.yml

@@ -30,7 +30,7 @@ permissions:
 
 jobs:
   build:
-    runs-on: macos-13
+    runs-on: macos-15
     env:
       AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
       APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}

go.mod

@@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli
 go 1.24.11
 
 require (
-	github.com/Checkmarx/containers-resolver v1.0.27
+	github.com/Checkmarx/containers-resolver v1.0.28
 	github.com/Checkmarx/containers-types v1.0.9
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.3
@@ -48,8 +48,8 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
-	github.com/Checkmarx/containers-images-extractor v1.0.20
-	github.com/Checkmarx/containers-syft-packages-extractor v1.0.22 // indirect
+	github.com/Checkmarx/containers-images-extractor v1.0.21
+	github.com/Checkmarx/containers-syft-packages-extractor v1.0.23 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
 	github.com/DataDog/zstd v1.5.6 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect

go.sum

@@ -65,12 +65,12 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Checkmarx/containers-images-extractor v1.0.20 h1:PGTtBMsjF77HrTtnmzzVGywFkuUtXfc/PBo46kMYORw=
-github.com/Checkmarx/containers-images-extractor v1.0.20/go.mod h1:HyzVb8TtTDf56hGlSakalPXtzjJ6VhTYe9fmAcOS+V8=
-github.com/Checkmarx/containers-resolver v1.0.27 h1:fEZkgQR+PLyIOunLRQAzofUX97I9qKGG9gAoKNI4ajw=
-github.com/Checkmarx/containers-resolver v1.0.27/go.mod h1:zxQja33k9SvDXG7eWq03U8WxkHIu/XchzjXsoKfhDFY=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.22 h1:5zzTrAgKOiqFvAwSS0DRmWyWuKK66jXj54wc8xroObQ=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.22/go.mod h1:OPGYISPnKtVFl2mZrClErv83ZLjUPKjdQQsXLmx++oY=
+github.com/Checkmarx/containers-images-extractor v1.0.21 h1:SEo4FyxUZnOkZnHqdpqDLcztHj/1IyEkvAnlTNBsNOA=
+github.com/Checkmarx/containers-images-extractor v1.0.21/go.mod h1:HyzVb8TtTDf56hGlSakalPXtzjJ6VhTYe9fmAcOS+V8=
+github.com/Checkmarx/containers-resolver v1.0.28 h1:FikNmHIAYqJ1G1qHixASDUjJirl+Dp635TuMYq/RfUY=
+github.com/Checkmarx/containers-resolver v1.0.28/go.mod h1:X6KwE/vFIDlgyBZKnkhRGitt65hWCZp0sdvgNTRyvSw=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.23 h1:qP4OBlCVF6BbOO0gzcoOzAtfdx7+M1kU3OsY2xBvy8E=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.23/go.mod h1:OPGYISPnKtVFl2mZrClErv83ZLjUPKjdQQsXLmx++oY=
 github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs=
 github.com/Checkmarx/containers-types v1.0.9/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=

internal/commands/auth.go

@@ -5,6 +5,7 @@ import (
 	"log"
 
 	"github.com/MakeNowJust/heredoc"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/google/uuid"
@@ -38,7 +39,7 @@ type ClientCreated struct {
 	Secret string `json:"secret"`
 }
 
-func NewAuthCommand(authWrapper wrappers.AuthWrapper) *cobra.Command {
+func NewAuthCommand(authWrapper wrappers.AuthWrapper, telemetryWrapper wrappers.TelemetryWrapper) *cobra.Command {
 	authCmd := &cobra.Command{
 		Use:   "auth",
 		Short: "Validate authentication and create OAuth2 credentials",
@@ -110,13 +111,13 @@ func NewAuthCommand(authWrapper wrappers.AuthWrapper) *cobra.Command {
 			`,
 			),
 		},
-		RunE: validLogin(),
+		RunE: validLogin(telemetryWrapper),
 	}
 	authCmd.AddCommand(createClientCmd, validLoginCmd)
 	return authCmd
 }
 
-func validLogin() func(cmd *cobra.Command, args []string) error {
+func validLogin(telemetryWrapper wrappers.TelemetryWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		clientID := viper.GetString(params.AccessKeyIDConfigKey)
 		clientSecret := viper.GetString(params.AccessKeySecretConfigKey)
@@ -125,6 +126,19 @@ func validLogin() func(cmd *cobra.Command, args []string) error {
 			authWrapper := wrappers.NewAuthHTTPWrapper()
 			authWrapper.SetPath(viper.GetString(params.ScansPathKey))
 			err := authWrapper.ValidateLogin()
+
+			uniqueID := wrappers.GetUniqueID()
+			if uniqueID != "" {
+				telemetryErr := telemetryWrapper.SendAIDataToLog(&wrappers.DataForAITelemetry{
+					UniqueID: uniqueID,
+					Type:     "authentication",
+					SubType:  "authentication",
+				})
+				if telemetryErr != nil {
+					logger.PrintIfVerbose("Failed to send telemetry data: " + telemetryErr.Error())
+				}
+			}
+
 			if err != nil {
 				return errors.Errorf("%s", err)
 			}

internal/commands/predicates.go

@@ -1,11 +1,16 @@
 package commands
 
 import (
+	"fmt"
+	"sort"
 	"strings"
 	"time"
 
+	"encoding/json"
+
 	"github.com/MakeNowJust/heredoc"
 	"github.com/checkmarx/ast-cli/internal/commands/util/printer"
+	"github.com/checkmarx/ast-cli/internal/logger"
 	"github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers"
 	"github.com/pkg/errors"
@@ -112,8 +117,8 @@ func triageShowSubCommand(resultsPredicatesWrapper wrappers.ResultsPredicatesWra
 	triageShowCmd.PersistentFlags().String(params.SimilarityIDFlag, "", "Similarity ID")
 	triageShowCmd.PersistentFlags().String(params.ProjectIDFlag, "", "Project ID")
 	triageShowCmd.PersistentFlags().String(params.ScanTypeFlag, "", "Scan Type")
+	triageShowCmd.PersistentFlags().StringSlice(params.VulnerabilitiesFlag, []string{}, "SCA Vulnerabilities details")
 
-	markFlagAsRequired(triageShowCmd, params.SimilarityIDFlag)
 	markFlagAsRequired(triageShowCmd, params.ProjectIDFlag)
 	markFlagAsRequired(triageShowCmd, params.ScanTypeFlag)
 
@@ -137,6 +142,7 @@ func triageUpdateSubCommand(resultsPredicatesWrapper wrappers.ResultsPredicatesW
 				--scan-type <SAST|IAC-SECURITY>
 		`,
 		),
+
 		RunE: runTriageUpdate(resultsPredicatesWrapper, featureFlagsWrapper, customStatesWrapper),
 	}
 
@@ -147,9 +153,8 @@ func triageUpdateSubCommand(resultsPredicatesWrapper wrappers.ResultsPredicatesW
 	triageUpdateCmd.PersistentFlags().Int(params.CustomStateIDFlag, -1, "Specify the ID of the states that you would like to apply to this result")
 	triageUpdateCmd.PersistentFlags().String(params.CommentFlag, "", "Optional comment")
 	triageUpdateCmd.PersistentFlags().String(params.ScanTypeFlag, "", "Scan Type")
+	triageUpdateCmd.PersistentFlags().StringSlice(params.VulnerabilitiesFlag, []string{}, "SCA Vulnerabilities details")
 
-	markFlagAsRequired(triageUpdateCmd, params.SimilarityIDFlag)
-	markFlagAsRequired(triageUpdateCmd, params.SeverityFlag)
 	markFlagAsRequired(triageUpdateCmd, params.ProjectIDFlag)
 	markFlagAsRequired(triageUpdateCmd, params.ScanTypeFlag)
 
@@ -165,38 +170,48 @@ func runTriageShow(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper) f
 		similarityID, _ := cmd.Flags().GetString(params.SimilarityIDFlag)
 		scanType, _ := cmd.Flags().GetString(params.ScanTypeFlag)
 		projectID, _ := cmd.Flags().GetString(params.ProjectIDFlag)
-
+		vulnerabilityDetails, _ := cmd.Flags().GetStringSlice(params.VulnerabilitiesFlag)
 		projectIDs := strings.Split(projectID, ",")
 		if len(projectIDs) > 1 {
 			return errors.Errorf("%s", "Multiple project-ids are not allowed.")
 		}
 
-		predicatesCollection, errorModel, err = resultsPredicatesWrapper.GetAllPredicatesForSimilarityID(
-			similarityID,
-			projectID,
-			scanType,
-		)
-
-		if err != nil {
-			return errors.Wrapf(err, "%s", "Failed showing the predicate")
-		}
-
-		// Checking the response
-		if errorModel != nil {
-			return errors.Errorf(
-				"%s: CODE: %d, %s",
-				"Failed showing the predicate.",
-				errorModel.Code,
-				errorModel.Message,
-			)
-		} else if predicatesCollection != nil {
-			err = printByFormat(cmd, toPredicatesView(*predicatesCollection))
+		if strings.EqualFold(strings.ToLower(strings.TrimSpace(scanType)), params.ScaType) {
+			if len(vulnerabilityDetails) == 0 {
+				return errors.Errorf("%s", "Failed showing the predicate. Vulnerabilities are required for SCA triage")
+			}
+			scaPredicates, err := resultsPredicatesWrapper.GetScaPredicates(vulnerabilityDetails, projectID)
+			if err != nil {
+				return errors.Wrapf(err, "%s", "Failed showing the predicate")
+			}
+			err = printByFormat(cmd, toScaPredicateResultView(scaPredicates))
 			if err != nil {
 				return err
 			}
+			return nil
+		} else {
+			predicatesCollection, errorModel, err = resultsPredicatesWrapper.GetAllPredicatesForSimilarityID(similarityID, projectID, scanType)
+			if err != nil {
+				return errors.Wrapf(err, "%s", "Failed showing the predicate")
+			}
+			// Checking the response
+			if errorModel != nil {
+				return errors.Errorf(
+					"%s: CODE: %d, %s",
+					"Failed showing the predicate.",
+					errorModel.Code,
+					errorModel.Message,
+				)
+			} else if predicatesCollection != nil {
+				err = printByFormat(cmd, toPredicatesView(*predicatesCollection))
+				if err != nil {
+					return err
+				}
+			}
+
+			return nil
 		}
 
-		return nil
 	}
 }
 
@@ -211,38 +226,124 @@ func runTriageUpdate(resultsPredicatesWrapper wrappers.ResultsPredicatesWrapper,
 		scanType, _ := cmd.Flags().GetString(params.ScanTypeFlag)
 		// check if the current tenant has critical severity available
 		flagResponse, _ := wrappers.GetSpecificFeatureFlag(featureFlagsWrapper, wrappers.CVSSV3Enabled)
+		vulnerabilityDetails, _ := cmd.Flags().GetStringSlice(params.VulnerabilitiesFlag)
+
 		criticalEnabled := flagResponse.Status
 		if !criticalEnabled && strings.EqualFold(severity, "critical") {
 			return errors.Errorf("%s", "Critical severity is not available for your tenant.This severity status will be enabled shortly")
 		}
-
 		var err error
 		state, customStateID, err = determineSystemOrCustomState(customStatesWrapper, featureFlagsWrapper, state, customStateID)
 		if err != nil {
-			return err
+			return errors.Wrapf(err, "%s", "Failed updating the predicate")
 		}
 
-		predicate := &wrappers.PredicateRequest{
+		predicate, err := preparePredicateRequest(vulnerabilityDetails, similarityID, projectID, severity, state, customStateID, comment, scanType)
+		if err != nil {
+			return errors.Wrapf(err, "%s", "Failed updating the predicate")
+		}
+		_, err = resultsPredicatesWrapper.PredicateSeverityAndState(predicate, scanType)
+		if err != nil {
+			return errors.Wrapf(err, "%s", "Failed updating the predicate")
+		}
+		return nil
+	}
+}
+
+func preparePredicateRequest(vulnerabilityDetails []string, similarityID, projectID, severity, state string, customStateID int, comment, scanType string) (interface{}, error) {
+	scanType = strings.ToLower(scanType)
+	scanType = strings.TrimSpace(scanType)
+	if strings.EqualFold(scanType, Sca) {
+		state = transformState(state)
+		payload, err := prepareScaTriagePayload(vulnerabilityDetails, comment, state, projectID)
+		if err != nil {
+			return nil, err
+		}
+		return payload, nil
+	} else {
+		payload := &wrappers.PredicateRequest{
 			SimilarityID: similarityID,
 			ProjectID:    projectID,
 			Severity:     severity,
 			Comment:      comment,
 		}
-
 		if state != "" {
-			predicate.State = &state
+			payload.State = &state
 		} else {
-			predicate.CustomStateID = &customStateID
+			payload.CustomStateID = &customStateID
 		}
+		return payload, nil
+	}
+}
 
-		_, err = resultsPredicatesWrapper.PredicateSeverityAndState(predicate, scanType)
+func transformState(state string) string {
+	state = strings.ToLower(strings.TrimSpace(state))
+	switch state {
+	case strings.ToLower(params.ToVerify):
+		return wrappers.ToVerify
+	case strings.ToLower(params.URGENT):
+		return wrappers.Urgent
+	case strings.ToLower(params.NotExploitable):
+		return wrappers.NotExploitable
+	case strings.ToLower(params.ProposedNotExploitable):
+		return wrappers.ProposedNotExploitable
+	case strings.ToLower(params.CONFIRMED):
+		return wrappers.Confirmed
+	}
+	return ""
+}
+
+func prepareScaTriagePayload(vulnerabilityDetails []string, comment, state, projectID string) (interface{}, error) {
+	if len(vulnerabilityDetails) == 0 {
+		return nil, errors.Errorf("Vulnerabilities details are required.")
+	}
+	scaTriageInfo := make(map[string]interface{})
+	for _, vulnerability := range vulnerabilityDetails {
+		vulnerabilityKeyVal := strings.Split(vulnerability, "=")
+		err := validateVulnerabilityDetails(vulnerabilityKeyVal)
 		if err != nil {
-			return errors.Wrapf(err, "%s", "Failed updating the predicate")
+			return nil, err
 		}
+		scaTriageInfo[strings.TrimSpace(vulnerabilityKeyVal[0])] = strings.TrimSpace(vulnerabilityKeyVal[1])
+	}
 
-		return nil
+	if scaTriageInfo["packageName"] == nil && scaTriageInfo["packagename"] == nil {
+		return nil, errors.Errorf("Package name is required")
 	}
+	if scaTriageInfo["packageVersion"] == nil && scaTriageInfo["packageversion"] == nil {
+		return nil, errors.Errorf("Package version is required")
+	}
+	if scaTriageInfo["packageManager"] == nil && scaTriageInfo["packagemanager"] == nil {
+		return nil, errors.Errorf("Package manager is required")
+	}
+
+	scaTriageInfo["projectIds"] = []string{projectID}
+	actionInfo := make(map[string]interface{})
+	actionInfo["actionType"] = params.ChangeState
+	actionInfo["value"] = state
+	actionInfo["comment"] = comment
+	scaTriageInfo["actions"] = []map[string]interface{}{actionInfo}
+	b, err := json.Marshal(scaTriageInfo)
+	if err != nil {
+		logger.PrintIfVerbose(fmt.Sprintf("Failed to serialize vulnerabilities %s", scaTriageInfo))
+		return nil, errors.Errorf("Failed to prepare SCA triage request")
+	}
+	payload := wrappers.ScaPredicateRequest{}
+	err = json.Unmarshal(b, &payload)
+	if err != nil {
+		logger.PrintIfVerbose(fmt.Sprintf("Failed to deserialize vulnerabilities %s", string(b)))
+		return nil, errors.Errorf("Failed to prepare SCA triage request")
+	}
+	return payload, nil
+}
+
+func validateVulnerabilityDetails(vulnerability []string) error {
+	if len(vulnerability) != params.KeyValuePairSize {
+		return errors.Errorf("Invalid vulnerabilities. It should be in a KEY=VALUE format")
+	}
+	return nil
 }
+
 func determineSystemOrCustomState(customStatesWrapper wrappers.CustomStatesWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper, state string, customStateID int) (string, int, error) {
 	if !isCustomState(state) {
 		return state, -1, nil
@@ -304,6 +405,41 @@ type predicateView struct {
 	CreatedAt    time.Time `format:"name:Created at;time:01-02-06 15:04:05"`
 }
 
+type scaPredicateResultView struct {
+	VulnerabilityID string    `format:"name:Vulnerability ID"`
+	PackageName     string    `format:"name:Package Name"`
+	PackageVersion  string    `format:"name:Package Version"`
+	PackageManager  string    `format:"name:Package Manager"`
+	Comment         string    `format:"name:Comment"`
+	State           string    `format:"name:State"`
+	CreatedBy       string    `format:"name:Created By"`
+	CreatedAt       time.Time `format:"name:Created at;time:01-02-06 15:04:05"`
+}
+
+func toScaPredicateResultView(scaPredicateResult *wrappers.ScaPredicateResult) []scaPredicateResultView {
+	view := []scaPredicateResultView{}
+	if len(scaPredicateResult.Actions) > 0 {
+		for _, action := range scaPredicateResult.Actions {
+			view = append(view, scaPredicateResultView{
+				VulnerabilityID: scaPredicateResult.Context.VulnerabilityID,
+				PackageName:     scaPredicateResult.Context.PackageName,
+				PackageVersion:  scaPredicateResult.Context.PackageVersion,
+				PackageManager:  scaPredicateResult.Context.PackageManager,
+				Comment:         action.Message,
+				State:           action.ActionValue,
+				CreatedBy:       action.UserName,
+				CreatedAt:       action.CreatedAt,
+			})
+		}
+	}
+
+	sort.Slice(view, func(i, j int) bool {
+		return view[i].CreatedAt.After(view[j].CreatedAt)
+	})
+
+	return view
+}
+
 func toPredicatesView(predicatesCollection wrappers.PredicatesCollectionResponseModel) []predicateView {
 	projectPredicatesCollection := predicatesCollection.PredicateHistoryPerProject