Merge branch 'main' into feature/sca-triage

cx-rahul-pidde · web-flow · commit 7c04d55113c8 · 2025-12-12T23:55:39.000+05:30
diff --git a/internal/commands/root.go b/internal/commands/root.go
@@ -215,6 +215,7 @@ func NewAstCLI(
 		prWrapper,
 		learnMoreWrapper,
 		tenantWrapper,
+		jwtWrapper,
 		chatWrapper,
 		policyWrapper,
 		scansWrapper,
diff --git a/internal/commands/scan.go b/internal/commands/scan.go
@@ -1371,9 +1371,12 @@ func isScorecardRunnable(isScsEnginesFlagSet, scsScorecardSelected bool, scsRepo
 
 func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, scsLicensingV2, hasRepositoryHealthLicense,
 	hasSecretDetectionLicense, hasEnterpriseSecretsLicense bool) (map[string]interface{}, error) {
-	scsEnabled := scanTypeEnabled(commonParams.ScsType)
-	scsScorecardAllowed := isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense, scsEnabled)
-	scsSecretDetectionAllowed := isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense, scsEnabled)
+	scsEnabled := isScsEnabled(scsLicensingV2)
+	if !scsEnabled {
+		return nil, nil
+	}
+	scsScorecardAllowed := isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense)
+	scsSecretDetectionAllowed := isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense)
 	if !scsScorecardAllowed && !scsSecretDetectionAllowed {
 		return nil, nil
 	}
@@ -1429,18 +1432,26 @@ func addSCSScan(cmd *cobra.Command, resubmitConfig []wrappers.Config, scsLicensi
 	return scsMapConfig, nil
 }
 
-func isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense, hasScsLicense bool) bool {
+func isScsEnabled(scsLicensingV2 bool) bool {
+	if scsLicensingV2 {
+		return scanTypeEnabled(commonParams.ScsType) || scanTypeEnabled(commonParams.SecretDetectionType) ||
+			scanTypeEnabled(commonParams.RepositoryHealthType)
+	}
+	return scanTypeEnabled(commonParams.ScsType)
+}
+
+func isScsScorecardAllowed(scsLicensingV2, hasRepositoryHealthLicense bool) bool {
 	if scsLicensingV2 {
 		return hasRepositoryHealthLicense
 	}
-	return hasScsLicense
+	return true
 }
 
-func isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense, hasScsLicense bool) bool {
+func isScsSecretDetectionAllowed(scsLicensingV2, hasSecretDetectionLicense, hasEnterpriseSecretsLicense bool) bool {
 	if scsLicensingV2 {
 		return hasSecretDetectionLicense
 	}
-	return hasScsLicense && hasEnterpriseSecretsLicense
+	return hasEnterpriseSecretsLicense
 }
 
 func validateScanTypes(cmd *cobra.Command, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) error {
diff --git a/internal/commands/scan_test.go b/internal/commands/scan_test.go
@@ -3453,21 +3453,13 @@ func TestIsScsScorecardAllowed(t *testing.T) {
 		name                       string
 		scsLicensingV2             bool
 		hasRepositoryHealthLicense bool
-		hasScsLicense              bool
 		expectedAllowed            bool
 	}{
 		{
-			name:            "scsLicensingV2 disabled and has scs license",
+			name:            "scsLicensingV2 disabled",
 			scsLicensingV2:  false,
-			hasScsLicense:   true,
 			expectedAllowed: true,
 		},
-		{
-			name:            "scsLicensingV2 disabled and does not have scs license",
-			scsLicensingV2:  false,
-			hasScsLicense:   false,
-			expectedAllowed: false,
-		},
 		{
 			name:                       "scsLicensingV2 enabled and has repository health license",
 			scsLicensingV2:             true,
@@ -3484,7 +3476,7 @@ func TestIsScsScorecardAllowed(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			actualAllowed := isScsScorecardAllowed(tt.scsLicensingV2, tt.hasRepositoryHealthLicense, tt.hasScsLicense)
+			actualAllowed := isScsScorecardAllowed(tt.scsLicensingV2, tt.hasRepositoryHealthLicense)
 			assert.Equal(t, tt.expectedAllowed, actualAllowed)
 		})
 	}
@@ -3496,28 +3488,18 @@ func TestIsScsSecretDetectionAllowed(t *testing.T) {
 		scsLicensingV2              bool
 		hasSecretDetectionLicense   bool
 		hasEnterpriseSecretsLicense bool
-		hasScsLicense               bool
 		expectedAllowed             bool
 	}{
 		{
-			name:                        "scsLicensingV2 disabled and has scs and enterprise secrets license",
+			name:                        "scsLicensingV2 disabled and has enterprise secrets license",
 			scsLicensingV2:              false,
 			hasEnterpriseSecretsLicense: true,
-			hasScsLicense:               true,
 			expectedAllowed:             true,
 		},
 		{
-			name:                        "scsLicensingV2 disabled and has enterprise secrets but does not have scs license",
-			scsLicensingV2:              false,
-			hasEnterpriseSecretsLicense: true,
-			hasScsLicense:               false,
-			expectedAllowed:             false,
-		},
-		{
-			name:                        "scsLicensingV2 disabled and has scs license but does not have enterprise secrets license",
+			name:                        "scsLicensingV2 disabled but does not have enterprise secrets license",
 			scsLicensingV2:              false,
 			hasEnterpriseSecretsLicense: false,
-			hasScsLicense:               true,
 			expectedAllowed:             false,
 		},
 		{
@@ -3536,7 +3518,7 @@ func TestIsScsSecretDetectionAllowed(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			actualAllowed := isScsSecretDetectionAllowed(tt.scsLicensingV2, tt.hasSecretDetectionLicense, tt.hasEnterpriseSecretsLicense, tt.hasScsLicense)
+			actualAllowed := isScsSecretDetectionAllowed(tt.scsLicensingV2, tt.hasSecretDetectionLicense, tt.hasEnterpriseSecretsLicense)
 			assert.Equal(t, tt.expectedAllowed, actualAllowed)
 		})
 	}
diff --git a/internal/commands/util/tenant.go b/internal/commands/util/tenant.go
@@ -11,7 +11,7 @@ import (
 	"github.com/spf13/cobra"
 )
 
-func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper) *cobra.Command {
+func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "tenant",
 		Short: "Shows the tenant settings",
@@ -27,7 +27,7 @@ func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper)
 			`,
 			),
 		},
-		RunE: runTenantCmd(wrapper),
+		RunE: runTenantCmd(wrapper, jwtWrapper, featureFlagsWrapper),
 	}
 	cmd.PersistentFlags().String(
 		params.FormatFlag,
@@ -40,7 +40,7 @@ func NewTenantConfigurationCommand(wrapper wrappers.TenantConfigurationWrapper)
 	return cmd
 }
 
-func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper) func(cmd *cobra.Command, args []string) error {
+func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper, jwtWrapper wrappers.JWTWrapper, featureFlagsWrapper wrappers.FeatureFlagsWrapper) func(cmd *cobra.Command, args []string) error {
 	return func(cmd *cobra.Command, args []string) error {
 		tenantConfigurationResponse, errorModel, err := wrapper.GetTenantConfiguration()
 		if err != nil {
@@ -52,10 +52,16 @@ func runTenantCmd(wrapper wrappers.TenantConfigurationWrapper) func(cmd *cobra.C
 		if tenantConfigurationResponse != nil {
 			format, _ := cmd.Flags().GetString(params.FormatFlag)
 			tenantConfigurationResponseView := toTenantConfigurationResponseView(tenantConfigurationResponse)
+
+			licenseDetails, err := jwtWrapper.GetLicenseDetails(featureFlagsWrapper)
+			if err == nil {
+				tenantConfigurationResponseView = appendLicenseDetails(tenantConfigurationResponseView, licenseDetails)
+			}
+
 			if format == "" {
 				format = defaultFormat
 			}
-			err := printer.Print(cmd.OutOrStdout(), tenantConfigurationResponseView, format)
+			err = printer.Print(cmd.OutOrStdout(), tenantConfigurationResponseView, format)
 			if err != nil {
 				return err
 			}
@@ -76,3 +82,17 @@ func toTenantConfigurationResponseView(response *[]*wrappers.TenantConfiguration
 	}
 	return tenantConfigurationResponseView
 }
+
+func appendLicenseDetails(responseView interface{}, licenseDetails map[string]string) interface{} {
+	tenantConfigurationResponseView := responseView.([]*wrappers.TenantConfigurationResponse)
+
+	for key, value := range licenseDetails {
+		licenseEntry := &wrappers.TenantConfigurationResponse{
+			Key:   key,
+			Value: value,
+		}
+		tenantConfigurationResponseView = append(tenantConfigurationResponseView, licenseEntry)
+	}
+
+	return tenantConfigurationResponseView
+}
diff --git a/internal/commands/util/tenant_test.go b/internal/commands/util/tenant_test.go
@@ -8,41 +8,41 @@ import (
 )
 
 func TestTenantConfigurationHelp(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--help"})
 	err := cmd.Execute()
 	assert.Assert(t, err == nil)
 }
 
 func TestTenantConfigurationJsonFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "json"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to json")
 }
 
 func TestTenantConfigurationListFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "list"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to list")
 }
 
 func TestTenantConfigurationTableFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "table"})
 	err := cmd.Execute()
 	assert.NilError(t, err, "Tenant configuration command should run with no errors and print to table")
 }
 
 func TestTenantConfigurationInvalidFormat(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	cmd.SetArgs([]string{"utils", "tenant", "--format", "MOCK"})
 	err := cmd.Execute()
 	assert.Assert(t, err.Error() == mockFormatErrorMessage)
 }
 
 func TestNewTenantConfigurationCommand(t *testing.T) {
-	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{})
+	cmd := NewTenantConfigurationCommand(mock.TenantConfigurationMockWrapper{}, &mock.JWTMockWrapper{}, &mock.FeatureFlagsMockWrapper{})
 	assert.Assert(t, cmd != nil, "Tenant configuration command must exist")
 }
diff --git a/internal/commands/util/utils.go b/internal/commands/util/utils.go
@@ -35,6 +35,7 @@ func NewUtilsCommand(
 	prWrapper wrappers.PRWrapper,
 	learnMoreWrapper wrappers.LearnMoreWrapper,
 	tenantWrapper wrappers.TenantConfigurationWrapper,
+	jwtWrapper wrappers.JWTWrapper,
 	chatWrapper wrappers.ChatWrapper,
 	policyWrapper wrappers.PolicyWrapper,
 	scansWrapper wrappers.ScansWrapper,
@@ -76,7 +77,7 @@ func NewUtilsCommand(
 
 	learnMoreCmd := NewLearnMoreCommand(learnMoreWrapper)
 
-	tenantCmd := NewTenantConfigurationCommand(tenantWrapper)
+	tenantCmd := NewTenantConfigurationCommand(tenantWrapper, jwtWrapper, featureFlagsWrapper)
 
 	maskSecretsCmd := NewMaskSecretsCommand(chatWrapper)
 
diff --git a/internal/commands/util/utils_test.go b/internal/commands/util/utils_test.go
@@ -22,6 +22,7 @@ func TestNewUtilsCommand(t *testing.T) {
 		nil,
 		mock.LearnMoreMockWrapper{},
 		mock.TenantConfigurationMockWrapper{},
+		&mock.JWTMockWrapper{},
 		mock.ChatMockWrapper{},
 		nil,
 		nil,
diff --git a/internal/params/flags.go b/internal/params/flags.go
@@ -292,6 +292,7 @@ const (
 	APISecurityType                = "api-security"
 	AIProtectionType               = "AI Protection"
 	CheckmarxOneAssistType         = "Checkmarx One Assist"
+	CheckmarxOneStandAloneType     = "Standalone"
 	ContainersType                 = "containers"
 	APIDocumentationFlag           = "apisec-swagger-filter"
 	IacType                        = "iac-security"
diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go
@@ -1,6 +1,7 @@
 package wrappers
 
 import (
+	"strconv"
 	"strings"
 
 	commonParams "github.com/checkmarx/ast-cli/internal/params"
@@ -23,6 +24,7 @@ type JWTStruct struct {
 
 type JWTWrapper interface {
 	GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (allowedEngines map[string]bool, err error)
+	GetLicenseDetails(featureFlagsWrapper FeatureFlagsWrapper) (licenseDetails map[string]string, err error)
 	IsAllowedEngine(engine string) (bool, error)
 	ExtractTenantFromToken() (tenant string, err error)
 	CheckPermissionByAccessToken(requiredPermission string) (permission bool, err error)
@@ -76,6 +78,30 @@ func (*JWTStruct) GetAllowedEngines(featureFlagsWrapper FeatureFlagsWrapper) (al
 	return getDefaultEngines(scsLicensingV2Flag.Status), nil
 }
 
+func (*JWTStruct) GetLicenseDetails(featureFlagsWrapper FeatureFlagsWrapper) (licenseDetails map[string]string, err error) {
+	licenseDetails = make(map[string]string)
+
+	jwtStruct, err := getJwtStruct()
+	if err != nil {
+		return nil, err
+	}
+
+	assistEnabled := false
+	standaloneEnabled := false
+	for _, allowedEngine := range jwtStruct.AstLicense.LicenseData.AllowedEngines {
+		if strings.EqualFold(allowedEngine, commonParams.CheckmarxOneAssistType) ||
+			strings.EqualFold(allowedEngine, commonParams.AIProtectionType) {
+			assistEnabled = true
+		} else if strings.EqualFold(allowedEngine, commonParams.CheckmarxOneStandAloneType) {
+			standaloneEnabled = true
+		}
+	}
+
+	licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled)
+	licenseDetails["scan.config.plugins.standalone"] = strconv.FormatBool(standaloneEnabled)
+	return licenseDetails, nil
+}
+
 func getJwtStruct() (*JWTStruct, error) {
 	accessToken, err := GetAccessToken()
 	if err != nil {
diff --git a/internal/wrappers/mock/jwt-helper-mock.go b/internal/wrappers/mock/jwt-helper-mock.go
@@ -1,6 +1,7 @@
 package mock
 
 import (
+	"strconv"
 	"strings"
 
 	"github.com/checkmarx/ast-cli/internal/params"
@@ -75,3 +76,19 @@ func (j *JWTMockWrapper) IsAllowedEngine(engine string) (bool, error) {
 func (j *JWTMockWrapper) CheckPermissionByAccessToken(requiredPermission string) (permission bool, err error) {
 	return true, nil
 }
+
+func (j *JWTMockWrapper) GetLicenseDetails(featureFlagsWrapper wrappers.FeatureFlagsWrapper) (licenseDetails map[string]string, err error) {
+	licenseDetails = make(map[string]string)
+
+	assistEnabled := (j.CheckmarxOneAssistEnabled != CheckmarxOneAssistDisabled) || (j.AIEnabled != AIProtectionDisabled)
+	licenseDetails["scan.config.plugins.cxoneassist"] = strconv.FormatBool(assistEnabled)
+
+	standaloneEnabled := true
+	licenseDetails["scan.config.plugins.standalone"] = strconv.FormatBool(standaloneEnabled)
+
+	for _, engine := range engines {
+		licenseDetails[engine] = "true"
+	}
+
+	return licenseDetails, nil
+}
